A pandemic, rising cyber and climate risk, and the third anniversary of the banking Royal Commission — new ASIC chair Joe Longo has a challenging to-do list as he attempts to deliver an overdue regulatory reset. He will deliver a special presentation for the Australian Governance Summit in March in Melbourne.
Joe Longo proudly describes his family heritage as “the classic immigrant story”. In 1950, his father, Ernesto, emigrated from the village of Predazzo in Northern Italy to reunite with his brother — a former prisoner of war — on the other side of the world, in Sydney. Ernesto later moved to Perth and opened a fruit and vegetable shop with his wife, Maria. When Joe and his brother Dominic left school, they were the first members of the family to go to university.
“That was a really important expectation of our parents and grandparents,” says Longo. “They never had the opportunity to be educated as we were. So it was always a great aspiration of the family. The key values my parents taught me were hard work, respect for others, respect for the family and do your best.’’
Most importantly, they also taught him humility, a trait he has treasured throughout his working life. “When you are called upon to make difficult decisions and judgements, and form views, it is helpful to be grounded and proportionate in your approach,” he says “A good litigator brings an objective mind and approach whatever the issue and is able to step back from the situation and be dispassionate. Public life also carries a special obligation of fairness and proportionality. There are expectations of people who regulate and enforce to do so in a manner that is fair and proportionate. I’m in this job to advance the public interest.”
Contemporary public life also carries intense public scrutiny. Longo’s appointment as chair of the Australian Securities and Investments Commission (ASIC) in April 2021 came as the nation’s top corporate regulator looked to reset. Already under intense pressure to respond to 2019 banking Royal Commission findings that it was weak on enforcement, and in the midst of a pandemic, in 2020 ASIC was rocked by an expenses scandal that that saw his predecessor James Shipton stand aside and deputy chair Daniel Crennan QC resign. An independent review into ASIC governance arrangements and its approval of payments made to them as part of relocation packages ultimately cleared them of misconduct and raised questions about internal processes.
In January 2021, Shipton also resigned. However, the review saw ASIC deputy chair Karen Chester — who lost out to Longo in the race for the chair role — claim that Shipton’s refusal to implement proposed governance changes contributed to the controversy. And after the shock of the pandemic, its new chair has sharper riding instructions from the federal government in its Statement of Expectations of how ASIC will achieve its objectives, carry out its functions and exercise its powers. He must also deal with the new Financial Regulator Assessment Authority (FRAA), which has been briefed to undertake an assessment of ASIC’s effectiveness and capability.
With a different persona to his predecessor, Longo’s appointment was welcomed by many business leaders as signalling a return to the more traditional legal style of former chairs Tony D’Aloisio AM, Tony Hartnell AM and Alan Cameron AO. Now, the 61-year-old Longo must institute a reset after a period of considerable instability for the regulator.
With expectations ASIC will support the nation’s economic recovery from the pandemic, Longo has a challenging set of issues in front of him. How does ASIC reconcile the government’s strategic agenda of supporting economic recovery and needing to be the tough cop on the beat?
Longo says the two are not mutually exclusive — indeed, they are aligned. “ASIC is committed to supporting the government in facilitating economic recovery, and to enforcing the rule of law and good conduct, because doing that is in Australia’s economic interests,” he says.
Company directors are certainly operating in an increasingly complex and rapidly evolving environment, but that said, “Australia is largely very well served by its directors, based on my own experience here and overseas.”
Longo believes that while ASIC must continue to be vigilant in protecting consumers and investors from harm, he wants to relieve regulatory complexity for company directors, review laws covering corporate crime and financial services, end “unnecessary” litigation and encourage more plea bargaining from business.
Eight months into his term, Longo has strong aspirations for ASIC, its staff of more than 1500 and its annual budget of over $471m against a backdrop of rapid technological and social change.
“The regulator I wanted to run from day one was more self-confident and ambitious,’’ he says, adding there was a “note of caution” with the previous administration that impacted staff. “If we want to be more efficient and effective, we have to be more self-confident and ambitious. Getting that balance right is a real focus for me.”
ASIC’s focus needs to be on serious misconduct, where there’s been serious harm caused involving dishonesty or recklessness.
He also has another set of new relationships to manage with the FRAA, chaired by former Macquarie Group CEO Nicholas Moore.
“We are in the early stages of growing a very constructive working relationship with the three FRAA members,” says Longo. “It’s going fine as far as I’m concerned. As the years go by, one of the challenges of the FRAA will be to develop metrics. How do we measure the effectiveness and capability of regulators so that, over time, there can be an objective view.”
And three years since the final report of the banking Royal Commission identified deep failures in ASIC’s governance, conduct and culture, compounded by weak regulatory enforcement, Longo is keen to rule a line under it.
In December, ASIC started civil penalty proceedings in the Federal Court against ANZ for misleading customers and failing to provide promised benefits, its final investigation by ASIC arising from matters considered by the banking Royal Commission. ANZ’s conduct was long-standing and impacted over half a million customers, said the regulator’s new co-deputy chair, Sarah Court FAICD.
“A constant theme of those investigations has been the failure of large financial services entities to honour agreements with customers and to ensure proper processes and systems are in place to prevent widespread compliance failures. ASIC will continue to take enforcement action in relation to misconduct of this nature,” she said.
Does Longo see that the governance, behaviour and culture of business has fundamentally changed, or are there still outstanding issues that need fixing? He is careful with his words. “Some lessons have certainly been learned, but there will inevitably still be instances of poor behaviour that will require action by the regulator,” he says.
A work in progress
“Progress is being made, but I think we’d all acknowledge there will always be issues in the financial services sector that need fixing, and that the system can always be improved, says Longo, urging boards to respond faster. “Good governance and culture require constant and ongoing investment of time and effort by boards and company executives. Compliance breaches happen in all organisations and businesses. ASIC is looking to firms to act faster on breaches and ensure they are given the attention they deserve.
Longo notes that it is important for the overwhelming majority of entities and individuals who do the right thing, to know there is some acknowledgment of that. “And that must include seeing that those who do not do the right thing are likely to be held accountable for it. In several decades working for ASIC or for major corporations, I have observed that, in most cases, a breach is caused not by a company or person intentionally doing the wrong thing, but rather by someone making a mistake or through poor process.”
Good processes and systems are the foundations for better practice, he emphasises. “That’s why I focus on the fundamental importance of companies addressing known system or process deficiencies that cause consumer harm, and not allowing such problems to languish. This requires companies to invest promptly and properly in systems and processes. I also expect companies to acknowledge errors promptly, address them and, where appropriate, let us know.”
Longo’s vision for ASIC starts with technology. He notes there are no better examples of the disruptive digital challenges regulators face around the world than the rise of blockchain and cryptocurrencies, and with them novel organisational structures that go beyond the metrics of traditional companies. Business is also being forced to embrace digital transformation, especially in the wake of COVID-19, which has elevated its importance in the way firms engage with their workforce and external stakeholders.
Over the past decade, ASIC has invested heavily in new technologies and systems as part of its monitoring and supervisory responsibilities, but Longo wants it to do more. In 2017, Joanne Harper was appointed ASIC CIO, and the new chair wants her to spearhead work to make the regulator more digitally enabled, especially in using data and artificial intelligence (AI). Harper and her team are undertaking a review of the principles and philosophies underpinning a new digital platform — and the cost of rolling it out.
“The first step is to figure out what that ambition looks like and what the content of it is,” says Longo. “To make sure it is going to work and is fit for purpose. That’s a lot of work. We work with experts — we are consulting our staff and working with government departments.”
ASIC is working on the review with external consulting firms and the federal government’s Digital Transformation Agency, an executive agency within the Prime Minister and Cabinet portfolio charged with simplifying and speeding up the delivery of government digital services. “Prime Minister Morrison has a special interest in this area,” says Longo. “So there’s a lot of whole-of- government interest in data, digital and cyber.”
He wants to brief Treasurer Josh Frydenberg about the initiative in the first half of 2022, including making any requests for additional funding, which he believes will be necessary.
“You look at what’s going on in the world, if ASIC doesn’t get the digital story right we are at risk of becoming a lot less relevant than we ought to be,” he says. “If we want to be a credible, relevant, active regulator and law enforcement agency we have to be digitally enabled and intelligent. That means investment. It also means cultural change.”
Longo says the skills, attitudes and work practices required of ASIC staff to grasp the new world of data and AI mean there is no longer any place for paper-based manual processes. For instance, more than 450 company financial reports lodged with ASIC each year are still in paper form and not machine-readable, a phenomenon Longo describes as “remarkable”.
“So it actually requires everyone to change the way we work together and the way in which we handle material, data, and the way in which we solve problems and do surveillance,” he says.
Under the federal government’s Budget 2020 Digital Business Plan, ASIC’s business registration function is being transferred over the next three years to the new Australian Business Registry Services under the Australian Tax Office. It will mark a major change in the way business deals with government on administration issues, but ASIC will continue to engage directly with businesses on regulatory and compliance matters. New breach reporting obligations for banks started in October, addressing long-held concerns on the quality and timeliness of breach reporting, borne out in the banking Royal Commission.
“We’re working with the banks to make it easier for them to upload breach reports onto our platform,” says Longo. “No-one wants to file a spreadsheet or form anymore.”
He says the bottom line of his technology vision is that there will be a direct benefit for business in ASIC becoming more digitally enabled. “They want those dealings to be efficient and seamless, and beneficial to them being able to comply at a lower cost. We’re asking business to do all these things, so we should make it easy to do it,” he says, noting the upcoming Financial Accountability Regime will also help to embed a culture of accountability for conduct.
Macquarie and Lendlease director, AICD board member and former partner at King & Wood Mallesons Nicola Wakefield Evans FAICD — who worked extensively with Longo when he was at Deutsche Bank — applauds his initial focus on improving the digital capabilities of the regulator. “I would like ASIC and other regulators to become more like Service NSW,” she says of the agency within the NSW Department of Customer Service that provides full online access to government services. “They have set the gold standard in how to use technology to make people’s lives easier.”
The regulator I wanted to run from day one was more self-confident and ambitious.
Chipping away at complexity
In mid-October — just released from Melbourne’s lockdown, which forced him to run the regulator virtually from his apartment for three months — Longo met with the AICD. His message was simple: he wants to reduce the regulatory complexity that makes it harder for directors to do their jobs. “Most directors, most of the time, are trying to do the right thing, will take advice and are running good businesses,” he says. “It doesn’t mean they aren’t going to lose money or make mistakes. The real challenge, for directors and ASIC, is that for some reason we haven’t made it much easier for directors to do that. The reason for that is complexity.”
In his sights are laws governing corporate crime and Chapter 7 of the Corporations Act 2001, which deals with the provision of financial services. While ASIC has also formally dropped the “why not litigate?” mantra of Shipton’s regime, Longo says he remains “absolutely committed” to dealing with corporate misconduct involving dishonesty or recklessness. However, his discretion will manifest in making more use of enforceable undertakings, which Longo himself introduced when he was ASIC’s national director of enforcement (1996– 2000) before heading abroad with Deutsche Bank.
Enforceable undertakings allow transgressors to negotiate a settlement with a regulator without an admission of wrongdoing. In 2019, banking Royal Commissioner Kenneth Hayne AC QC questioned the deterrent effect of enforceable undertakings where the entity failed to acknowledge what it did was wrong, and where there was no judicial determination to confirm to the market that the conduct was wrong.
ASIC chair James Shipton (second from right) during a Parliamentary Joint Committee on Corporations and Financial Services hearing in 2019
ASIC has notably entered into enforceable undertakings in recent years with the Commonwealth Bank and ANZ over their alleged practice of charging fees for no service and their distribution of retail superannuation products. In CBA’s case, this was over its alleged involvement in manipulating the bank bill swap rate.
“The agreements they used to have with companies were really useful and are a key part of a regulator’s tool kit — you can get change quickly,” says Wakefield Evans. “When you go through litigation, you are both on the defensive. You don’t talk to each other because there is legal action afoot. Of course, they should litigate when they have to, especially when there are serious breaches of legislation. But they should be able to step back and think what is the right strategy for a particular situation.”
From November 2021, all Australian company directors will be required to register a digital ID with the federal government as part of its efforts to minimise fraud and illegal activity. The director ID is a unique 15-digit identifier that company directors are required to set up online. The change has been strongly supported by the AICD and Longo believes it could be a “game changer” in helping the regulator combat phoenix activity used by rogue directors to avoid paying a company’s outstanding debts. “It will be much easier for us and the authorities to track directors who’ve been involved in entities that have become insolvent, left a trail of creditors behind them and tried to start up another company.”
Longo studied law at the University of Western Australia, graduated with honours and started his corporate law career at Parker & Parker in Perth (later Herbert Smith Freehills). His 38-year career included his first stint at ASIC, a Masters of Laws at Yale, practice in New York, and 17 years in various roles with Deutsche Bank.
Longo had returned to Perth and was working as a partner specialising in global banking and financial regulation at Herbert Smith Freehills when he was approached by the Treasurer to head ASIC. Frydenberg had also worked at Deutsche Bank before being elected to federal parliament.
As general counsel at Deutsche, based in Hong Kong and London, Longo was chair of the reputational risk committee and had experience with investigations across multiple jurisdictions and enforcement activity in financial services.
Wakefield Evans, also a member of the Takeovers Panel, says his first-hand international experience in dealing with global regulators will be an important asset to ASIC. “He has worked his whole life in financial services in different roles and is someone with very relevant experience.”
Longo believes Australia can learn from other regulators around the world especially in global regulatory response to rapidly evolving technologies such as cryptocurrency. Specifically, he says, Australia can learn from the UK’s penalty imposition regime, which provides discounts for those who cooperate with the regulator.
“I’m often asked why [people] should cooperate with the regulator,” he says. “The market would like additional guidance to the benefits of cooperation — and what cooperation looks like.’’
Longo adds that while a non-lawyer can competently run ASIC, legal training certainly doesn’t hurt. “One of our core functions is law enforcement and litigation — and the regulatory aspects of our work are equally complex. Not having a legal background can be a disadvantage and [it] is a good thing [to have] if you want to be chair of ASIC.”
However, Wakefield Evans downplays this need. “It just needs to be the person with the right skills with broad experience,” she says. “I like the fact that Joe has had international experience. We tend to be a bit insular in Australia. Even though he is a lawyer, he has had a lot more experience than [many] lawyers of his generation.”
Longo says his operating style and approach will be markedly different to Shipton’s, pointedly noting, “there’s no point denying” that ASIC has come through “fundamental governance issues” in the past 18 months. Longo wants to run a totally collegiate commission.
Longo says he is already working well with the new co-deputy chair, Court, who moved across from the Australian Competition and Consumer Commission to work alongside Chester. “It’s a team sport, but I’m the accountable authority, I chair the commission,” he says. “But there are six commissioners and we work together. It is in the public interest that we work in a collegiate manner and make efficient decisions that are understood by the staff and the market.”
It is on this latter point that Longo wants to make a mark over his five-year term. He believes the general public needs to better understand what the regulator does — but more importantly, the reasoning behind the actions it takes.
“What ASIC does is quite complicated and diverse,” he says. “So it’s important for the general community — across all the sectors we regulate — to understand what we’re doing and why we’re doing it. It’s an area I plan to spend more time on.”
Joe Longo says he has been stunned by the rapid evolution of cryptocurrencies over the past six months, as Bitcoin and Ethereum have been joined by platforms such as Cardano, Binance and Solana. All are largely unregulated.
Longo stresses the regulator has no place in stopping new products coming onto the market and notes that there is only so much ASIC can do to regulate cryptocurrency under current legislation. “We have tried to be responsive to the market demand for ASIC to be involved in facilitating some regulated environment within which people can get exposed to crypto,” he says. “But there is a strong message to consumers and investors to be careful. These assets are actually code — we have a lot to learn about them. They are traded through a range of portals of which we have little control.”
Longo believes no single agency is going to be the answer to regulating crypto. “A role will be played by everyone — ASIC, the RBA, the ACCC, AUSTRAC and the ATO,” he says.
His crypto team within ASIC is taking a keen interest in Decentralised Autonomous Organisations (DAOs), a group governance structure built around cryptocurrencies. “I’m fascinated by them,” he says. “They remove the need for centralised governments by human beings. How would a regulator think about a DAO? The short answer is we have a long way to go. Unlike a company where you can talk to the directors, a DAO doesn’t have a formal legal character — it is basically a bunch of smart contracts, AI and blockchain technology taking the place of human beings. If the government wants to recognise DOAs in a way that it doesn’t at the moment, that will pose interesting policy questions.”
The Crown affair
Longo also notes the issues emerging, resulting from the Victorian Government’s appointment of Stephen O’Bryan QC as special manager overseeing Crown Melbourne, following recommendations from the Royal Commission into Crown Melbourne Casino Operator and Licence.
“We’re entering a new and very interesting time in corporate law,” he says. “For example, Justice Finkelstein [Commissioner Ray Finkelstein AO QC] in the Crown situation, made the recommendation of a special manager — someone who can oversee the affairs of a corporation that hasn’t been doing the right thing. We don’t have such a concept under the Corporations Act 2001.”
Longo says it echoes the idea of US corporate compliance monitors. “There is this question of how do we get companies to do what we want them to do, short of having a prosecution or having litigation? Clearly, for serious misconduct, there has to be consequences and penalties.
“From an enforcement perspective, in addition to the courts having the power to impose significant pecuniary penalties, I see a role for mechanisms that enable the courts and regulators to grapple with the challenges and complexities involved in compelling or encouraging companies to address governance, systems or process failures. This requires sustained attention by boards, over which some form of court or regulatory oversight could be beneficial. The use of monitors in the US come to mind and... the use of skilled person reports in the UK to review the effectiveness of firms’ systems, controls and risk management.”
Joe Longo will speak at the Australian Governance Summit 2022, Melbourne, 2–3 March.
Already a member?
Login to view this content