The Australian Securities and Investments Commission (ASIC) needs a “substantial uplift” to its IT and data capabilities and to its approach to introducing new systems, after highly-troubled CRM and data lake projects, a review has found.
The review by the Financial Regulator Assessment Authority (FRAA), published late Thursday, found that just 34 percent of ASIC staff believe the regulator has “appropriate technology to identify and prioritise threats and harms, and opportunities and innovations”.
The FRAA is a relatively new oversight authority set up in the wake of the finance royal commission.
Its review also found an agency where internal thinking is predominantly short-term; where new technology systems are designed and implemented without leadership support or staff involvement; and that is suffering the impacts of “long-term underinvestment” in IT and data capability.
The FRAA said ASIC was largely aware of the problems.
The regulator has several strategies - including a new ‘digital strategy 2030’ - targeting a capability uplift, and “intends to work with government to obtain the necessary funding.”
“There is confidence and support at senior levels of ASIC in the ability of newly or recently hired data and technology leaders to deliver on ASIC’s capability uplift strategies,” the FRAA said.
However, to create any real uplift, “The commission and ASIC’s senior leaders will need to lead this cultural shift to realise the benefits,” the FRAA said.
“Improved data, analytics and technology capabilities would support ASIC to better identify and act on emerging harms, set strategic priorities, create efficiencies, lower the regulatory burden, and deliver a digital stakeholder experience,” the reviewers said.
ASIC chair Joe Longo backed the findings.
“We need to keep pace in an environment of accelerated change in order to be a confident and ambitious regulator,” he said in a statement.
“I welcome the FRAA’s recommendations which align closely with my priorities for ASIC.”
CRM troubles
The review uncovered red flags in the way ASIC handled recent technology projects that had met with a frosty reception from staff.
One of these was a customer relationship management (CRM) system that had attracted considerable “negative sentiment” among staff.
The system was meant to enable staff in ASIC’s surveillance operations “to record compulsory requests for information”, and “view all interactions with an entity in a single location and assess whether the same or similar information is already available.”
“Surveillance at ASIC refers to the review of entities, individuals, products, practices, transactions or industry sectors, to identify misconduct or harm, understand or influence behaviours, drive compliance or promote good consumer or investor outcomes,” FRAA added.
But staff were scathing of the new system.
“The new ASIC CRM system is viewed by ASIC staff as an obstacle to effective surveillances,” the FRAA found.
“ASIC staff reported that the poor user interface and design of the new CRM system make tracking, reporting and coordinating surveillance activities difficult and time-consuming.
“Only 22 percent of ASIC staff agreed that their surveillance activities are supported by an easy-to-use information management system.
“There was broad feedback from ASIC staff members in the survey, focus groups and interviews around the inadequacy of the CRM system, it being described as time-consuming and overly cumbersome.”
Data lake hampered by ‘literacy’ and a lack of data
The review also found a data lake project that “has not been widely used by ASIC surveillance staff”.
This appeared to be less to do with the technology; the FRAA said the problems with the project were “in part due to the limited volume of data currently available on the platform, as well as lack of analyst skill and familiarity with the platform”, suggesting additional data literacy training is needed.
“ASIC notes that it is in the process of connecting its systems and data into the platform, and that analysts’ skills are expected to improve over time,” the reviewers found.
“ASIC has indicated that increasing the subject areas covered by data in the data lake, as well as increasing data literacy generally, are key priorities of the commission.”
New approach to change needed
The review found a sizable disconnect between the way ASIC staff experienced the introduction of new systems and the perceived effectiveness of the investments by executives.
“ASIC’s leadership needs to ensure staff members are engaged early and often to scope, plan and execute new technology to ensure the user experience is considered and tested,” the FRAA said.
“Nonetheless, ASIC’s commission, executive directors and senior executive leaders believe ASIC has demonstrated its ability to translate data and technology investments to date into business outcomes and improvements.”
To really change, however, ASIC will need to shift away from a destructive pattern of thinking that is in part driven by the way it is funded.
The FRAA found an “undue focus on day-to-day regulatory concerns at the expense of longer term structural and strategic considerations.”
That translated to technology systems that underwhelmed, and to concerns among staff that the regulator had blind spots in crucial “emerging” technology areas.
The FRAA quoted comments from a staff survey that “ASIC lacks the industry expertise to really understand what industry is doing.”
“As a result, surveillances typically only find the obvious problems, the more nuanced, technical problems (for example, ones flowing out of use of Big Data and Artificial Intelligence as well as blockchain) are missed.”
Across ASIC staff, only 29 percent agreed “they have access to expertise in ‘emerging areas”; 33 percent disagreed “and the remainder [were] neutral”.
A major case for change
“For ASIC to remain effective, credible and relevant as Australia’s market conduct regulator into the future, ASIC requires further investments in skilled technology and data specialists and modern technology platforms, analytical tools and digital capabilities,” the FRAA concluded.
“Alongside such investments it is essential that ASIC focuses on the cultural settings necessary to support the benefits of an uplift in these capabilities.”
The reviewer said ASIC had “comparatively lower annual technology spend than some other domestic public sector agencies and international market conduct regulators.”
“The FRAA considers that ASIC’s immediate demands may have resulted in this underinvestment.
“It is also a function of ASIC’s capital expenditure budget which is set by government, with limited flexibility to reallocate its operational expenditure budget to capital expenditure,” the authority wrote.
The FRAA backed “ASIC’s ambition to become a digitally enabled and data-informed regulator and is supportive of ASIC prioritising this in its allocation of internal resources.”
It added that “additional funding and government support will be necessary if ASIC is to achieve its ambition given the historic underinvestment in technology and the resulting technology debt.”
In a statement, assistant treasurer and minister for financial services Stephen Jones made no mention of additional funding.
He instead “encouraged ASIC to consider these recommendations.”
.jpg&h=140&w=231&c=1&s=0)
