Speech by Commissioner Cathie Armour at the Financial Review CFO Live summit, Monday 6 December 2021.

Check against delivery

Good morning everyone and welcome. I’d like to thank the AFR for inviting me to speak to you today. It is certainly a foreign, yet welcome change, to be speaking to you from behind a lectern, instead of in front of a camera. After many months of lockdowns, it’s fantastic to finally engage in person.

Let me begin by acknowledging the Traditional Owners ongoing connection to, and custodianship of the lands we’re meeting on today, and to pay my respects to elders past and present.

Given the amount of change we’ve all experienced since the beginning of the COVID-19 pandemic, I thought it’d be an appropriate time to take a look at the changing environment for listed companies more broadly, and how this impacts CFOs.

We know companies have adapted to ensure business continuity and operational resilience during the pandemic. They have adapted at a time when they’ve also needed to deal with an increasing demand for technology and innovation – a demand accelerated by the pandemic itself.

ASIC has also adapted. Last year we adjusted our priorities and altered some of our regulatory initiatives that were not time-critical, to give you time to focus on the impacts of the pandemic. Some of these changes included an initial no-action position on annual general meetings, and temporary relief to facilitate ‘low doc’ capital raisings and to provide extra time for filing financial reports.

Today, in keeping with the theme of change, I will discuss how the makeup of investors has changed, perhaps irreversibly, during the pandemic, and the risks and opportunities that come with it. Second, I will look at issues that I believe should be on every CFOs’ agenda for 2022. In the interests of time, I will limit myself to five:

1. climate change disclosure
2. cyber resilience
3. continuity of trading and operations in markets
4. digital financial reports
5. a smooth LIBOR transition.

Makeup of investors has changed

First, let’s look at the influx of retail investors into our markets since the onset of COVID-19. On average, retail daily turnover in ASX-listed equity markets is now around $2.6 billion and accounts for approximately 16% of daily turnover. This is an increase from around 10% of pre-COVID levels.

We have also seen strong growth in account openings by retail investors in the last 12 months and in reactivated accounts. In addition to increased investments in equity and other exchange-traded products, retail investors are diversifying their portfolios and investing in over-the-counter derivatives, contracts for difference, margin FX and crypto products.

ASIC recently released information for product issuers and market operators on how to meet their current regulatory obligations for crypto-asset exchange-traded products and other investment products.

As highlighted in the final report from the Senate Select Committee on Australia as a Technology and Financial Centre, there is more to be done to update Australia’s regulatory framework for crypto assets. There is also more to be done to counter the significant increase in threats and vulnerabilities that sit alongside the opportunities and benefits that new technology can bring.

New products, services and innovations are emerging to support this growing retail investor base, including trading apps and low-cost broking, making it easier and cheaper to access markets both in Australia and overseas.

The way in which retail investors access information is also changing. Many Australians are turning to social media platforms and often financial influencers, or ‘finfluencers’, for advice – some of whom may be unlicensed to provide such advice.

This is important for CFOs. With a growing cohort of retail investors on your share registers and interested in investing in finacial products you issue, how best can you communicate with these investors?

For some listed companies, finfluencer collaborations may seem like a fast, effective way to promote your securities to investors. If you’re approached by a finfluencer seeking to collaborate, or you’re considering reaching out to one, make sure you do your due diligence as they may be contributing to your regulatory risks.

We’ve also seen a recent increase in social media being used in blatant attempts to manipulate the market, including to promote pump-and-dump activity. This is most prevalent in listed securities that may have a small market capitalisation, a limited free float, are thinly traded, and have a concentrated share ownership.

While ASIC encourages increased levels of investment by retail investors, we want this to occur in a safe and sustainable way that maintains market integrity.

To this end, ASIC is:

• monitoring retail investment trends and marketing of products
• enhancing our surveillance capability of social media to quickly identify pump-and-dump activity and unlicensed advice
• engaging with peer international regulators – many of whom are observing similar issues
• engaging with social media platforms and moderators, and reviewing our guidance on discussion forums
• reviewing the settings for new products and activity, like payment for order flow.

These areas will continue to hold ASIC’s focus in 2022.

CFO agenda for 2022

I will now turn to the five issues that I believe should be on every CFOs agenda for 2022, starting with climate change.

1. Climate change disclosure

One of the significant changes in our markets over recent years is the increase in demand for environmental, social and governance (or ESG) products and information, particularly those relating to climate change risks and opportunities.

In 2020 alone, the ‘responsible investment’ market grew to almost A$1.3 trillion, increasing 30% since 2019. Over recent years, there has been much focus on the specific issue of climate risk.

We believe climate change is a systemic risk for our financial system. As a result, we have all observed that investors require listed companies to disclose meaningful and useful information to enable the physical and transitional risks of climate change to be priced so that capital can be allocated efficiently.

Reflecting these trends, early last month, the International Financial Reporting Standards (IFRS) Foundation trustees announced the establishment of the International Sustainability Standards Board (ISSB) at COP26 in Glasgow. The ISSB will develop sustainability standards for financial reporting. It is working first to meet the urgent demand for transparent and comparable reporting on climate-related matters with the aim of publishing a climate standard in 2022.

On the home front, ASIC is focusing on ensuring that climate-related disclosures by listed companies comply with the law by being decision-useful for investors and support our objective of fair and efficient markets overall. In other words, do public statements about a company’s approach to climate-related risks match what they are doing in practice? Our objective is to ensure the strategy being promoted – be it about climate change or ESG more broadly – matches what is done in practice.

If misleading and deceptive behaviour is identified, ASIC will be guided by the seriousness, pattern and nature of misconduct. Our action may include:

• engaging with listed companies – or with licencees (including responsible entities or superanuation trustees) if the conduct relates to an investment product
• providing guidance or publishing investor education to assist current and prospective investors.

We may also consider enforcement action in egregious circumstances.

ASIC’s surveillance activity on climate-related disclosure by listed companies since 2018 has focused on monitoring the continued evolution of reporting standards by listed companies applying the framework developed by the Task Force on Climate-related Financial Disclosures (TCFD). We have examined statutory disclosures by listed companies, such in operating and financial reviews, and other disclosure documents. We encourage all listed companies to:

• assess climate risks to their business
• maintain strong and effective corporate governance in this area
• ensure that legal obligations are complied with, such as directors’ duties and annual reporting requirements
• provide meaningful and useful voluntary disclosures to the market. The recommendations of the TCFD provide a useful framework for this.

At an international level, we’ll continue to contribute to the IOSCO Sustainable Finance Taskforce, which is actively engaging with the newly established ISSB. We are also keeping a close eye on approaches taken by international regulators – particularly those such as the UK and New Zealand, which have announced their intention to legislate mandatory climate change disclosures. We will engage closely with listed companies and investor groups throughout 2022 as the ISSB climate standard develops and mandatory reporting rules are introduced in other markets.

2. Cyber resilience

Second on my list is cyber resilience. Today, we released our 2021 report on the cyber resilience of firms operating in Australia’s financial markets. The report provides an update on organisations’ cyber resilience capabilities in the two years since the publication of ASIC’s last cyber resilience report.

Our findings indicate that while there has been a small, but steady, improvement in the management of cyber security risk across Australia’s financial market firms, the increase of 1.38% falls far short of the almost 15% improvement targeted for the period.

However, the discrepancy between the actual and targeted improvements can’t be pinned entirely on the fallout from the pandemic. In fact, the unrelenting escalation in the cyber-threat environment, coupled with overly ambitious targets, have also contributed to the difference between actual and targeted cyber resilience.

Interestingly, small and mid-sized firms are continuing to close the gap on larger firms. While the cyber maturity of many smaller firms improved, larger firms have demonstrated decreased confidence in their cyber resilience.

Concerningly, the level of resilience for supply-chain risks has remained relatively static since 2019 when we released the last report – despite the increasing number of cyber threat actors, sources and types targeting third-party suppliers.

While all firms – large and small – have identified supply-chain risk management as their top priority for the future, going forward, we encourage you to consider applying the good practices identified in the report to the management of these risks.

I recognise that the initial wave of disruption caused by the pandemic in early 2020 meant that firms had to reassess priorities and divert resources to ensure the resilience of critical business activity. I also recognise that some firms had to reallocate resources originally earmarked for enhancing cyber resilience to other efforts. However, the arrival of Omicron has illustrated that continuous disruption is the new reality. Disruptions are, and will continue to be, business-as-usual for the foreseeable future. As such, ASIC expects to see a substantial improvement in the management of cyber security risk across Australia’s financial market firms when we begin to undertake our next cyber resilience review, most likely in late 2022.

3. Continuity of trading and operations

I will now turn to the third issue on my list – continuity of trading and operations in markets.

Central to investors and listed company’s ability to trade is a robust and reliable trading infrastructure. Late last month, we concluded our investigation and consideration of the November 2020 market outage at the ASX. As a result, additional licence conditions have been imposed on three licences held within the ASX Group. Further, we published a report which highlights our expectations of industry to ensure continuity of operations and trading, especially in the event of a future incident.

We expect market operators and participants to implement the measures set out in the report to maintain compliance with their obligations under the law. Critically, these expectations require market participants to have the certainty and ability to trade on alternative venues in the event of a future market outage.

ASIC will be actively evaluating and monitoring the implementation of actions taken in response to the report to ensure that market operators and participants are taking appropriate steps.

4. Digital financial reports

Fourth on my list is the issue of digital financial reports.

High-quality financial reports are crucial to assisting investors make informed decisions. Therefore, both preparers and investors stand to benefit from digital financial reporting.

While digital financial reporting is voluntary in Australia, it’s required in the US, Europe and other international jurisdictions. ASIC and many other regulators have adopted a common tagging system to facilitate comparisons across companies. Providing digital reports has the potential to reduce the cost of capital, make it easier for investors to navigate reports, and provide investors with timely, high quality and consistent financial data in a structured electronic form for analysis.

I encourage CFOs to consider the opportunities to better communicate financial report information to investors using digital financial reports.

5. LIBOR transition in Australia

Last on my list, but by no means least, is LIBOR transition. This issue should also be a focus for all CFOs whose businesses participate in the international capital markets, whether through debt raising and related interest rate swaps, foreign currency hedging or otherwise.

It is important that your firm is ready for the end of the LIBOR benchmark. It potentially impacts all these activities. At the very least, you should have engaged with your financial institutions about changing your documentation whether it be for derivatives or your syndicated loan facilities.

For derivatives, documenting and applying the ISDA IBOR Fallbacks Protocol is important to an orderly transition of LIBOR-referenced derivatives contracts, but you also need to actively consider transitioning your funding arrangements to alternative reference rates. We recommend you take all steps you can to ensure you are operationally ready ahead of the fallback switch.

ASIC expects firms to completely cease offering new LIBOR products after the end of 2021. Firms should also:

• educate staff to ensure new LIBOR contracts are not offered to them, and if you are in financial services, to clients
• have processes and controls to ensure new contracts referencing LIBOR are picked up and escalated before they are finalised
• ask why these contracts are still being written.

For those of you whose interest rate derivative activities are required to be mandatorily cleared, we are consulting on changes to ASIC’s mandatory clearing rules to ensure continuity of the current mandatory clearing policy settings with the LIBOR transition.

Conclusion

In closing, it certainly is a challenging time to be a CFO. Globally, the health and economic picture is mixed. New shocks could emerge at any time. No doubt in all your businesses, you have seen some extraordinary examples of agility, flexibility and responsiveness in recent times. As we begin to think about turning the page on 2021, I am optimistic we can continue to find ways to address the evolving challenges we face.

Thank you.