Royal Commission demands central enforcement database for ASIC, APRA

The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry banking has recommended key regulators the Australian Prudential Regulatory Authority (APRA) and the Australian Securities and Investments Commission (ASIC) establish a new common database to better catch malfeasance in the sector.

In a blunt assessment of the two regulators’ lack of coordination of key information surrounding institutional miscreancy, Commissioner Kenneth Hayne cautioned that co-regulation of the Banking Executive Accountability Regime (BEAR) will need far better technology resources to give regulators easier and faster access to each others’ dealings.

Specifically, Hayne has recommended that a new “statutory obligation to co-operate” be formalised between ASIC and APRA to mandate information sharing of breach notifications. The new database will be the beating heart of that sharing mandate.

The law should be amended to oblige each of APRA and ASIC to:
•     co-operate with the other;

•     share information to the maximum extent practicable; and

•     notify the other whenever it forms the belief that a breach in respect of which the other has enforcement responsibility may have occurred.

“The mandatory sharing of information should mean that over time a substantial corpus of material will be collected and available – in as close to real time as technology allows – to each regulator,” Hayne said.

“If properly designed and maintained, the shared database of information should become a valuable tool for the shared and individual work of ASIC and APRA.”

The report also recommends that the information sharing mandate be formalised through “a joint memorandum setting out how they intend to comply with their statutory obligation to co-operate.”

“The memorandum should be reviewed biennially and each of ASIC and APRA should report each year on the operation of and steps taken under it in its annual report.”

The call for the creation of a new common database between the regulators follows years of controversy over how ASIC allows access to its massive records holdings that the Abbott government had wanted to sell-off to a private operator.

While that bid was scuttled by erstwhile Prime Minister Malcolm Turnbull, the lack of connectivity to create a common picture between regulators has been a persistent theme for several inquiries and probes into scandals and failures hitting financial services sector dating back to the Wallis inquiry and HIH collapse probe.

“Information-sharing arrangements are not novel,” Hayne observed dryly.

“A ready example may be found in governing legislation of the Australian Crime Commission (ACC). The ACC is responsible for carrying out operations and investigations of potential relevance to many law enforcement agencies, both state and Federal. Information sharing is therefore critical to its task.”

The nexus for the common architecture is the recommendation that “each regulator be subject to a requirement to notify the other whenever it forms the belief, based on information available to it, that a breach may occur, or may have occurred, in respect of which the other regulator has enforcement responsibility.”

In simple terms, the recommendation means that when a suspected transgression comes to the attention of one regulator, the other automatically gets a sniff of what may be coming down the line.

Hayne also took a swing at information silos and data hoarding, saying that the idea of restrictive regulatory ownership needs to be superseded by what can be done with the information.

“More is required to ensure that as far as possible, information gaps are closed. A change in both mindset and legislation is required. Rather than proceeding from a premise that certain information belongs to APRA or to ASIC, the preferable position is for information to be deemed to be ‘financial regulator information’,” Hayne said.

The Commissioner added that the APRA and ASIC Acts should be changed to reflect this and enable the creation of the new database.

“I suspect the most efficient way of storing that information will be in a shared database,” Hayne said.

“But consideration will need to be given to the mechanics of the system, including how each regulator can be best made aware that documents have been uploaded to the database.”

While the Commissioner observed that not everything and all records may be suitable for sharing, he said these “must be the exception and not the rule.”

“The mandatory sharing of information should mean that over time a substantial corpus of material will be collected and available – in as close to real time as technology allows – to each regulator,” Hayne said.

“If properly designed and maintained, the shared database of information should become a valuable tool for the shared and individual work of ASIC and APRA.”

Twin peaks, one system

With the report only just released, the government and Treasurer Josh Frydenberg have, as expected, said the government will “take action” on all of the 76 Royal Commission recommendations.

With an early Budget already slated before a tipped May election, the odds of Treasury scoring a commitment of extra funding to build the new repository are short because a failure to do so would open the government to strong criticism.

In terms of vendors, records management and enterprise content specialists could be the big winners given the financial system and government’s long relationship with stalwarts like TRIM that have been a staple of government and regulated industries.

Analytics, regtech and AI providers are also likely to get in a lather as the creation of a new single cube opens obvious opportunities to drill, slice and dice centralised information.

Irrespective of who scores the work, Hayne rammed home the point that bifurcated regulation and information management has hit it’s use-by date.

“Formalised co-ordination and co-operation between the regulators can no longer be an aspiration. It must become a reality,” Hayne said.

“Co-ordination and co-operation will facilitate quicker detection of misconduct and allow for more timely enforcement action.”