Background on ASIC focus on compliance culture

ASIC’s focus on the compliance culture within organisations continues with ASIC’s Media release on Affected consumers to be compensated as ASIC accepts EU from ACE Insurance being the latest example of how ASIC is taking compliance culture very seriously.

ASIC has communicated publicly that it will focus on the compliance culture of Australian Financial Services Licensees and the importance of improving conduct within the financial industry.

ASIC is particularly concerned about compliance culture because it believes it is a key driver of conduct within the financial industry. Bad conduct flourishes, proliferates and may even be rewarded in a bad culture. A good corporate culture uncovers and inhibits bad conduct, and rewards and encourages good conduct.

Given there is a strong connection between poor culture and poor conduct, ASIC considers it to be a key risk area

ASIC defines culture as a set of shared values or assumptions. It reflects the underlying mindset of an organisation and lies at the heart of how an organisation and its staff think and behave. It also shapes and influences people’s attitudes and behaviours towards customers and compliance.

ASIC Deputy Chairman Peter Kell has previously stated “If a licensee has a poor culture of compliance, there are likely to be breaches of the law. Poor culture also undermines customer trust and confidence in a licensee… More broadly sector-wide cultural problems destroy consumer trust and confidence in the whole sector.”

ASIC considers positive culture to be one that supports:

  • doing the right thing; and
  • good outcomes for customers,

and should underpin:

  • every aspect of a business operation;
  • every decision of the business; and
  • the day-to-day conduct of its employees.

Good compliance culture and conduct means not just ensuring compliance with the law and not just avoiding the boundaries or grey areas of the law. It means focusing on and preferring the interests of consumers and investors in the long term.

ASIC Chairman Greg Medcraft stated in June 2015 that ASIC intends to:

  • incorporate culture into its risk-based surveillance reviews;
  • use the surveillance findings to better understand how culture is driving conduct among those we regulate; and
  • communicate to industry and firms where it has a problem with their culture and conduct.

ASIC also encourages boards and management to think about the ‘three Cs’ of good conduct:

  • Communicating from the top on what is expected;
  • Challenging whether the culture is achieving the desired outcome; and
  • Complacency – ensuring there is no complacency.

Our recent experience with ASIC’s compliance culture approach

Our recent experience with ASIC in relation to the review of the compliance culture of an organisation has brought home to us how exposed licensees can be on such matters.

If issues of concern are identified, ASIC is likely to focus on:

  • an organisation’s compliance policies and procedures relevant to the issues, seeking out any gaps;
  • the adequacy of compliance resources dedicated to identifying and managing the relevant issues, having regard to the nature, size and complexity of the licensee; and
  • the adequacy of controls and resources relating to compliance and risk management of the business relevant to the issues, including senior management and board involvement and oversight, having regard to the nature, size and complexity of the business.

The last point is one which gets the licensee’s attention, a fact of which ASIC is well aware. It will be a rare Board or Senior Management that will flawlessly identify and manage key risk indicators and trends to the extent ASIC expects them to.

Significant cost and time loss will be incurred in responding to ASIC investigations and requests for information and interviews with relevant employees (past and present). Of note is the fact that internal reviews on the sufficiency of compliance measures in place may not be protected by legal professional privilege and can be used by ASIC to support an argument that failings did exist.

In the case of insurers, ASIC can also create APRA related issues where matters of compliance culture are identified.

Having regard to the above and our recent experience, we believe it is prudent for licensees to undertake a health check of compliance culture to manage the above risk.

Contact us if you require any assistance.


This document is designed to provide helpful general guidance on some key issues relevant to this topic. It should not be relied on as legal advice. It does not cover everything that may be relevant to you and does not take into account your particular circumstances. It is only current as at the date of release. You must ensure that you seek appropriate professional advice in relation to this topic as well as to the currency, accuracy and relevance of this material for you.

Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners of Radford Lawyers Pty Limited are members of the scheme.