Chair Joe Longo spoke on a panel at the Tech Council of Australia’s Future of Innovation in Australia’s Financial Markets event in Sydney on 21 May. The conversation was moderated by Tech Council of Australia Board Adviser Damian Kassabgi, and included Mariana Paun, Chief Business Resilience Officer, Zepto, and Stuart Munro – Group Executive, Group Strategy, Commonwealth Bank of Australia.

Their discussion followed the Chair’s opening remarks.

Check against delivery

[Start of recorded material at 00:00:00]

Joe Longo: Trying to, you know, be innovative. So the idea I think – I hope that will evolve is that a sandbox would engage I think in a more helpful way with people. So you go from innovation to licensing in a more confident way. And how we do that with the Reserve Bank and other regulators, how that’s resourced, I think that’s a bit of a challenge for the official community and I’m obviously speaking on behalf of ASIC. I think the commissioners and I – the Commission talks about this a lot and I think the Commission’s ambitious in this space … but we can’t do it alone. I think the way to do this is we need to work with Treasury, other regulators and the industry to get a good result.

Damian Kassabgi: Mariana, I’ll go to you because, you know, you have been part of a business. You’ve obviously worked at Block and Afterpay, but at Zepto, you’re at the forefront of a new company doing a new thing that – and you don’t have the advantages of being a large-scale business. You know, what has been the experience for Zepto? First of all, I think it would be great for you to explain what you do and what the company does as you have kind of navigated your regulatory path.

Mariana Paun: Thanks, Damian. First of all, Zepto is a payments infrastructure player in the account to account payments. And then my role at Zepto is chief business resilience officer, which sounds like a big thing. My role evolved from a cybersecurity perspective. So I was initially the head of security and then evolved into a resilience role. So I oversee cybersecurity operations as well as risk and compliance. So we’re looking now at resilience as like an integrated built-in process as opposed to a one off type of engagement and that includes compliance and regulation [inaudible 00:01:53] that. So for Zepto and in the [inaudible 00:01:57] industry when we look at regulation, we look in two lenses. So one is what are the commercial opportunities that we have around that but then we look at the cost and the [inaudible 00:02:07] economics of building an actual product.

So [inaudible 00:02:11] Zepto decided to be the first non-bank [inaudible 00:02:16] institution to the NPP. That was a few years ago that – even before we started building the product, we had to have all our governance in place and we needed to have a lot of security requirements in place. So I joined Zepto in those times and it took me about seven months and $1.5 million to build just the foundation of the security product which has [inaudible 00:02:37] and actually changing how business works. So for us, a sandbox, for example, would have been quite important because we have to make that investment even before we got any [inaudible 00:02:50] on the product or [inaudible 00:02:52].

So that’s one and then we actually use regulation as innovation as well. So we have this scam prevention framework going on, we have a payment liability framework. And what we’ve noticed as a trend in the industry is now that [inaudible 00:03:08] are looking at how can we have more certainty around the payment, not necessarily the – have [inaudible 00:03:15] processed the payment. So we saw a lot of opportunity into building controls to address the requirements of this scam prevention framework and use AI in enhancing the [inaudible 00:03:30] transactions. So we look at it in both ways.

When it comes to the regulation, [inaudible 00:03:37] in our space there is [inaudible 00:03:41] regulation [inaudible 00:03:45]. That was my [inaudible 00:04:24] stop. Before I go into that, just lastly, we need to comply with regulation as a financial institution but also with the requirements of [inaudible 00:04:34] the challenge that we had was more about how do we – five or seven types of regulation and how do we have like a more comprehensive framework and a more – you know, something that we can refer to as opposed to trying to comply and get assurance for several different types of regulation. So that’s somewhere where we are big advocates.

Damian Kassabgi: Yes, and I want to come back to that point but Stuart, you kind of come from this from a very established business that invests in a lot of different areas. When you think about some of the things that Joe spoke about today from a strategic vantage point, how is the CBA thinking about these structural shifts? How many of these technologies, whether it’s, you know, tokenisation, DLT, AI, are you initiating, buying, how are you thinking about strategically across the company?

Stuart Munro: Thanks, Damian. Thanks for having me along. I really appreciate it. I do want to also quickly, if I may, just acknowledge and congratulate Joe on his five years as chair. It’s really important for [inaudible 00:05:40]. Look, I mean I think those [inaudible 00:05:47] in many cases [inaudible 00:05:51] I actually think that [inaudible 00:05:54] I think we’re at a pretty exceptional moment in history. I think we’ll sort of look back at this time, you know, partly actually geopolitics, which is sort of slightly separate from today’s agenda but partly in that context but in particular from a technology perspective with respect to AI and look back at this as a really exceptional period.

And I mean, maybe just to sort of illustrate, I know there’ll be many in the room who’ll be extremely familiar with that technology and how quickly it’s moving. One of the things I sort of look at to try and illustrate the speed and scale and breadth of adoption is you look at sort of an Anthropic, for example, and if you look at, for example, their revenue, use that as a proxy for the breadth of adoption and the extent of adoption across the economy and these are all public numbers, right. From December 23 to December 25, they grew 100x. And in the three months from December 25 to March this year, they grew another three times and if you’re growing at three times a quarter times four quarters, to the power of four, they’d be growing at a rate at the moment of 80 times per year. And we’ve never seen growth that fast before of companies of that sort of size and scale.

Making it sort of very relevant to today, I think the financial – from my understanding, is the financial services industry would be the second largest consumer uptake, second only to the tech industry. And that’s a global figure for Anthropic and I’ve seen the charts and it literally goes for – it is technically an exponential but it looks vertical on a chart when you sort of do a two or three year time horizon. So I think that is extremely transformative, we’re very, very focused on that [inaudible 00:07:39]. I think then you’re at the point on, you know, digital assets and tokenisation, the world’s moved a long way in the last five years in that space as well.

I mean, partly even around just creating a level of regulatory certainty globally but also in Australia and I sort of – I think about – and there’s been a lot of coverage on, I’m sure people will be familiar with, the GENIUS Act in the US, which basically sets the – I think it lays the foundations for a rich and growing stable coin space. The Clarity Act, which comes soon, is sort of all other digital assets and I think with that foundation, we’ll see a lot more innovation. And then in Australia we’ve sort of got parallels, right. We’ve almost done it in reverse order, the Digital Assets Act that’s in and I think we’ve got the payments licensing regime comes soon after, which is really the stable coin. And so we’re doing – we see that as a sort of dual moment for those parts of the financial sector as well and sort of what that might mean [inaudible 00:08:46].

Damian Kassabgi: Appreciate that. Joe, you know, the constant debate and you’ve addressed some of it, is this constant tension between new innovation, doing things in either a grey space or a regulatory uncertain space or a space that hasn’t been fully defined yet. It may covered through the sandbox but the regulators’ view what it does has a huge impact in relation to the confidence of the industry, the confidence to innovate and the confidence to build in that kind of zone when things haven’t actually been created or finalised. You will have seen it in buy now, pay later. We’re seeing it now with the crypto industry.

There is always this space before legislation or there’s this space before clarity or there’s this space before – and maybe the sandbox covers it but, you know, one of the things before your time at ASIC, people who have been at Block for a long time, you know, saw the stock price drop by $200 million in a day through a very, very public ASIC inquiry into buy now, pay later. Now, ASIC was fast to move and how fast to help solve it but also these types of impacts are seen by some of the newer players and the impact on the market is real, the impact on the market, on the confidence of innovation is real. So, you know, where you do have players like the CBA, who are very well equipped to resource regulatory oversight, how do you think about those grey spaces and how do they fit into the sandbox?

Joe Longo: There is no magic bullet here. I gave a speech last year at the ABA conference about AI in banks and the biggest – I think in terms of the whole economy, let’s just take that as an example, all the banks and we’re obviously represented here today by the CBA, have an extraordinary opportunity and are investing very significantly in these technologies to provide a better service to their customers. At the end of the day, this came out through the conference, were a couple of themes. One, Australians, I don’t know whether this data has started to change but certainly as of 12 months ago, people shouldn’t assume that the Australians, people that we’re all here to serve and work with, families, trust AI. They don’t. Levels of trust are a bit low I think. So I think that’s a whole of economy, whole of sector issue. Now, if that data is still correct then I think that’s a problem.

So at conferences like this, we can be very ambitious about the opportunities of these technologies and I personally am. I’m very excited by them. We were talking about agentic AI before the panel started. But we’ve got to bring people along. It’s not good enough if the products are brilliant and amazing if people don’t trust them. And that concept of trust is absolutely fundamental. And there are so many things in our society where we rely on technology and consumers in the community, they’re happy. They’ve grown to trust it. So I think that’s on all of us.

So from a regulatory perspective, I think part of our job is one is to understand these technologies and be brought along. And secondly, to be helpful and more than helpful, to make sure that as these – whatever innovations as developed, that there’s a reasonably clear pathway in terms of what the licensing and the legal requirements are. But most of all, it’s got to be safe. And I think we all know that some of these technologies, even the experts don’t know how they actually work and sometimes there are unforeseen or unintended consequences. So we have to move fast but we have to move carefully.

The only other thing I would say, again from an ASIC perspective, I want to be frank with everybody about this, these technologies are developing so quickly, that’s a real challenge for the regulator. I mean, it is. We have a broad remit, we have a lot of issues to deal with, we have an existing law to administer. We want to encourage innovation but a lot of these technologies require a lot of investment of time and effort to understand them and that’s the other thing we were talking about before the panel started. Increasingly at ASIC we’re investing in our staff to say, come on, we need to spend time on this. So there are various other factors but that’s what we’re dealing with. So we want to move fast but we’ve got to move in a way that brings people along and builds trust and [inaudible 00:13:35].

Damian Kassabgi: I think you raise a good point about trust and I think when you’re an early stage business, you don’t understand those dynamics in the same kind of way. And maybe what, you know, the industry can – well, sometimes what the industry does do and some of the things that – part of the reason that the Tech Council was created was to help industry think about its own rules before even presenting it to a regulator, that there are some systems that not only comply with rules but are in built, whether it’s new technology and certainly that was the case for buy now, pay later. Zepto might be worth just going through the fact that if you’re doing real time payments, people expect the same security and protections that they would get with a credit card if you’re doing bank to bank.

So I know Zepto did a lot of work on creating rules before that and I think there’s probably one thing a conversation with ASIC as to how early stage organisations can give ASIC the data, show them, you know, what the outcomes are of the product, what the intention is of the product in ways that allow ASIC to digest and make a judgment early and quickly. Because, you know, it is a valley of death sometimes when you’re in this grey space and all the investors or the customers are seeing is that well this is not legal yet or it’s not real yet or it’s not allowed yet or it doesn’t have the authority from the government to actually act. And it kind of impacts the business from an international perspective as well. Mariana, can I just go to you and consider – just chat about how you’ve thought about your rules? You know, maybe even before regulation had started.

Mariana Paun: I think I can actually do a bit of an arch because I was at Afterpay in 2018 as the first hire in the security team. So that was quite a bit of a challenge. So I think the company was about 150 people at that time, probably 80 engineers. And we had two security people and that was, you know, I would say like we’re very hands on, working alongside engineers and that [inaudible 00:15:36]. If I reflect now in my current team, we have seven people, a company of 85 people, and I reflect back to the risk and compliance team, 20 per cent of the company is in resilience or compliance or security.

So I think the focus for these types of environments has changed a bit over the last 10 years and the regulation, that we need to face the internal rules and what to follow are a bit more stringent and there’s a lot of assurance. So this is where we are looking at capabilities like AI to almost 10x our capabilities in terms of how we can address that. But also when it comes to our internal rules, it’s important for us because we are dealing with money, we are dealing with personal information, so this is not only us complying with the regulation, this is us actually protecting ourselves as well because there is money at risk. So we embed that in our product at the moment. It does slow down sometimes but we’ve seen through the lack of cybersecurity incidents, for example, at Afterpay as well as Zepto and we haven’t had any major incidents. That investment pays off long term.

Damian Kassabgi: Stuart, you know, CBA is obviously under a lot of prudential and regulatory scrutiny. Probably invest more in compliance than maybe any other business in the country. How does that impact the pace of change and the pace of investment and the pace of ambition for your technology when we think about the landscape and, you know, what advice does a large organisation have when you hear smaller organisations, you know, 10 to 20% of headcount are focused on compliance and making sure they’re doing the right thing?

Stuart Munro: Yes, thanks, Damian. Look, I actually need to pick up on a point that got raised before on trust. I want to come back to that in a moment if I may. But yes, look, it’s definitely true. I mean, I think we are under a high level of sort of scrutiny and oversight. I think that’s entirely appropriate for – you know, we’re a very large part of the Australian economy and to use an APRA phrase, the prudential regulator’s phrase, sort of systemically important for the country. You know, we can create enormous harm when we get things wrong.

So if, you know, the most extreme versions would be if we see a large bank fail, which thankfully we haven’t seen in this country for well over a hundred years. But that was the norm actually in the back end of the 1800s. That would be terrible for, you know, actually the taxpayers and government but also for depositors and everyone. So it’s entirely appropriate that we are held to a very high standard on those sorts of things, I think it sort of comes with the territory. But much of that doesn’t come just from sort of regulation or laws. Actually that’s entirely in our interest to make sure that those things don’t happen as well.

I mean, I think a lot about sort of trust and reputation. It’s reputationally extremely damaging when we make a mistake or sort of screw up or something goes wrong and so it’s for that reason that we try do things well, to a high quality, and I think we get then held to a very high standard by our regulators, which as I say, is appropriate. I think there’s, you know, certainly on the margin there will be areas where we’re trying to do new things and different things. That can always be challenging I think for – you know, as it is for smaller companies and for larger ones as well. I mean, there’s certain laws, for example, where there can be civil or criminal penalties associated with missing a single report that should’ve been filed that didn’t go, all those sort of things. And in new spaces it means that there’s, in financial services, a high level of oversight and scrutiny. Sometimes in those areas it means that the bar to get a pilot out is much higher or it can be much higher and actually good to hear Joe talking about the regulatory sandbox and sort of looking at that space.

You know, certainly I think in – it’s great that we have one, by the way, in Australia but one of the – it’s certainly used to very high effect in – well, in Australia but to even higher efficacy in some other markets, the UK and Singapore. One of the odd things about our scheme actually is that regulated institutions can’t participate in, which is a bit of a quirk. And so –

Damian Kassabgi: Even if it’s a new product, even if it’s a new type of product?

Stuart Munro: Correct.

Damian Kassabgi: Separate to the licence though?

Stuart Munro: Yes, correct. And so we – you know, that’s not to suggest that we don’t have good access to our regulators to be able to – to sort of try and work through some of those issues but it’s actually very similar to a startup actually when you’re trying to do something entirely new. Maybe the final point I’ll make, actually, just because you referenced the percentage of staff focused on compliance and those sorts of things. I mean, and again, these figures are in the public domain already. We would have – you would call it 50,000 people. We have the largest operational area within the bank is in the economic crime space, financial crime, fraud, scams. We have the best part of 4,000 people working full-time on that. That’s 8% of our workforce. So it’s – even the small version of that, where it might be 10% of the workforce, that actually scales the whole way up from what we see. Bringing it back to the point on trust, it’s so central to any successful business but certainly financial services [inaudible 00:21:38]. I’ll switch it off. [inaudible 00:21:43]. Sorry, it’s a time [inaudible 00:21:48].

Damian Kassabgi: No worries. Okay. So we’ll just speak up for this last section. [inaudible 00:22:16]. All right. Well, let’s see how we go. We’ll get some questions from the audience as well. I’m keen for the audience to be involved and don’t be shy with your questions. I’ve got a couple of more for the panel before we go there. But, Joe, just to get very practical, we’ve spoken about the sandbox, you know. As you lead, you know, and if you could redesign one thing about ASIC, if you had the ability to either re-organise, get funding, what would it be to help you get the information you need from industry, especially early-stage industry, to make the job more effective?

Joe Longo: Well, one specific idea that I’ve actually mentioned publicly, which I think would make a real difference, is that if we had the resources and organisational capability, not just us, but certainly say with the Reserve Bank, whom I see as a critical partner in a lot of this, is to be able to say to a start-up or an entity that has an idea and give them a person at the regulator that they can deal with throughout the journey.

So I think one of the challenges is that you might give your presentation to us at early stages and it’s sort of at a fairly generalised level. And the sort of support I would like ASIC to be able to provide, and I know the commissioners have talked about this, if we could get the resources and be able to create the capability, is that you imagine a world when you’re a start-up and you’re given an individual at ASIC, a senior individual or senior enough to be able to deliver the agency to the process, then I think that would give the start-up confidence. “Oh, they’re paying attention, they understand my business, they understand what I’m trying to achieve.” And on the ASIC side, or I’ll call it the regulatory side, whoever’s running things will have the confidence that there’s someone who understands that business and who’s trying to deliver the agency to it.

So I think that’s the one thing I’ve felt. I think there’ll be lots of ideas about how to do it better. We’ve got some great people who have some excellent sandbox experience, but to my mind, to me, that’s a cut-through proposal. It’s resource-intensive. We won’t be able to do that for everybody. But that’s part of ASIC’s ambition. Whether we’ll be able to pull it off, we’ll just have to wait and see. And I’ll just finish by saying I know Brad Jones has been talking a lot. We work very closely with the Reserve Bank through Acacia and I think one of Brad’s points, which I think is absolutely correct, is it’s pretty much a team sport. You cannot do this by yourself. If you’re a start-up, you don’t want to be dealing with the Reserve Bank, dealing with ASIC, dealing with Treasury. You want a whole of government approach and I think this proposal or idea that I’m talking about would deliver that.

Damian Kassabgi: No, appreciate that and I think it’s music to our ears and I think as an industry we’re keen to lead in to see how we can help. I just want to change tack on kind of investment at earlier stage businesses and the ecosystem that we have in Australia. For the last 15 years, when you look back, we didn’t have a VC industry. You know, 15 years ago, there was no Blackbird, Airtree. There was no Canva. Atlassian was at it’s really the early stages. Afterpay is also a big brand name. Zepto is an interesting space because you’re much earlier on in your journey. You’re doing something innovative.

We obviously are in a public debate at the moment around incentives for start-ups and early-stage businesses. Can you give a sense of how many people in your business are on ESOP plans? What it means to not be public yet? How the company thinks about its pay structures? Because although it would be intuitive to many of the people in the tech industry in the room, some of those that are from government may find it interesting just to understand how a private business that hasn’t yet IPO’d structures its ESOPs as well as its incentives to staff.

Mariana Paun: Thanks, Damian. And I think as I was saying earlier, it’s just 85 of us. And when it comes to PayTo for example, we process a very large percentage of the PayTo transactions. So we’re punching above our weight, which means that we actually need to have a very high-performing team as well as very specialised skills. And that requires a lot of money.

So I think when we think about compensation, we think about base salary, but ESOP is a large part of that incentive. So having appropriate regulations associated with that is very important for us to be able to continue to attract that type of talent and to get people invested in the success of the company. If I reflect on my personal journey, like this is the third startup that I’ve joined in Australia, either as the first employee or the first employee in the security team, and that’s been essential to my personal career as well. But I think going back to Zepto, incentive-wise, it’s very important for us. And we rely a lot in attracting talent and then competing with CBA here.

Damian Kassabgi: Say you’re trying to attract someone from the CBA.

Mariana Paun: Well, I have someone in mind [inaudible 00:27:59]. Sorry. But yes, we’ve attracted people, including from Block and CBA and other large companies, but ESOP plays a large part of that, and it gives employees confidence that when the business is growing and the effort that they put in and the commitment that we’re asking from them long-term, they get the benefits associated with that and that’s very important for us.

Damian Kassabgi: Yes, and there’s an equity in workers and employees having a share of the business and I think that’s a very nice thing about the ecosystem that shareholdings and the benefits are not just for investors but those that are getting their hands dirty in the business. Stuart, x15 is CBA’s venture-building business, operating somewhat separately from the core bank but comes under your responsibility. Kind of would love to hear what your reflections are in relation to that particular piece of the CBA, how it’s going, how it kind of thinks about regulatory challenges, but more about what is the strategy with that segment of the business.

Stuart Munro: Yes, thanks, Damian. Look, I think maybe just to pick up on the words you used before in terms of the ecosystem, I mean, that is key in terms of – and I think I mean maybe even to link to some of the regulatory challenges, I think it would have been much easier to go back sort of 20 or 30 years before a lot of this technology. I can sort of draw a nice neat box around different sectors in the economy that are just quite separate. And what we see, which is really a good thing, with technology is sort of the world’s much more connected and there’s a blurring of lines there between – I think it was mentioned in Michael’s speech at the start as well, between sort of technology and the financial sector. But also more broadly other sectors as well.

Frankly, it’s a good thing that we’ve got talent moving from x15 to Zepto. Hopefully we have some moving in the opposite direction from time to time as well. Well, look, that’s a good thing in terms of it’s in the country’s interests that we’ve got a strong and vibrant tech sector and innovation happening right across the economy, including the financial sector, and that requires, you know, start-ups with one or two people. It requires, you know, the investment and the support in general to be able to scale the whole way through so that hopefully we’ve got, you know, CBAs of tomorrow’s. Certainly the sort of Afterpays and Atlassians and Canvas of tomorrow coming from within Australia.

Look, I think then sort of turning to x15, I mean, maybe a little bit of history for those who don’t know actually. I mean, so x15 is a – we call it sort of a venture builder and scaler and it’s also meant to be a single front door that actually operates, to use your phrase from before, Damian, in the sort of grey space between the huge sort of monolith that is CBA and some of the smaller companies that exist that are really critical to Australia’s future.

I think actually if I go back to – been in this role since 2018, at that time there was actually an article that we really remember, described CBA as arrogant and insular with respect to technology, innovation and just general engagement with the technology community and sort of outside our own walls. And that phrase was actually a little bit of inspiration for trying to obviously sort of change not just the perception but the reality of that, hopefully, across the whole of the group but also particularly with respect to the start-up community. And I think Toby and the team have done a phenomenal job in doing that. Do you want to –

Damian Kassabgi: No, I was going to say, like we know Toby is kind of very visible in the industry and I think that kudos to the CBA for building that out, but also one thing that doesn’t get mentioned is the actual number of software engineers that CBA hires, I think it’s one of the largest in the country.

Stuart Munro: Yes, I mean, I think we have – we’d have 15,000 technologists across the whole group. So a very large number and, you know, of course, in terms of hiring each year, we’re sort of refreshing that as well. It’s a very large inflow of software engineers. You know, x15 is obviously much smaller. It’s a couple hundred people relative to the size of the whole group. It played a particularly important role at that time as well because, you know, I’ll take you back to 2018, that was the low point for the financial services industry and us in particular from a trust and reputation perspective. Good example of like when you get things wrong at scale, the implications of that.

Making sure that we were doing – continuing to innovate, doing that well in one place rather than in a fragmented way across the group. That was also the thinking that sat behind x15. Also at that time, I mean, we had the centre of gravity of the Commonwealth Bank was more in our own data centres rather than in public cloud. We could see the future on that. So x15 sort of cloud the whole way through. A lot of actually the –we’ve done a lot on cloud across the whole of the group in the last five or six years. We tried to sort of almost, instead of trying to have incubating tech over here but not really seeing if it works in the real world, actually we run that through businesses end to end in x15 and there’s a lot of that tech, which is [inaudible 00:33:20] web platform, that we use for sort of all the UX employee user experience.

Actually that’s technology that’s sort of the skeleton of that came from x15 and has then been industrialised in the rest of the group. That continues. We’ve got a handful of quite exciting things that are coming hopefully later this year, which I’ll let the team take the glory for. But it’s still a really important part we need to, you know, exactly to the premise of this whole session. We recognise that we can’t stand still. We need to keep innovating and improving. And that needs to happen across the whole of the group. And also, x15 plays an important role in that as well. Hopefully also engaging well in a way that is not arrogant or insular with the community more broadly.

Damian Kassabgi: Thanks, Stuart. This is Joe’s last public appearance in this kind of setting as chair of ASIC. So we did want to throw it to the floor and hopefully there’s a few questions. We’ve got about 10 minutes for an open mic. There’s one right here.

Audience question: Hello. I’m Piero [inaudible]. How do you think about the complexities, opportunities and risks that are raised from the intersection of emerging trends? So when we look at things like the intersection between stable coin, agentic commerce, when we look at, you know, cybersecurity and AI, things are already happening, but they’re kind of evolving over time, including digital wallets and agentic commerce and all [inaudible 00:35:01]. How do you think about the complexity in terms of regulating, strategising and looking at that not in isolation, but as an intersection between them?

Joe Longo: That’s a big question. The word that comes to my mind is polycrisis. I think we’re living in a world where, to pick up on your word, intersection, where more than ever what’s happening outside of Australia is affecting us in Australia. There’s some very obvious things happening in the Middle East, in Asia, in Europe, with cybersecurity, with technology. So I think the grappling with uncertainty and complexity is just going to increase. And it’s something I think about a lot at ASIC and we’ve engaged in a lot of that ourselves. I’ll give you a recent example of a topic that I think didn’t even exist six weeks ago and that’s the Mythos Anthropic development.

So let’s use that as an example. So one morning you wake up and we have this technology that is able, apparently, to reveal vulnerabilities and that in people’s systems and if it gets into the wrong hands, all of a sudden there could be a bank failure or a utility doesn’t work. So I think the answer to your question, there isn’t a straightforward answer, I think one has to go back to basics. I often get asked, for example, about directors’ duties. I think that the fundamental thing I look for in a successful director is understanding their own business, curiosity about their own business. You might think well that’s pretty obvious but you’d be amazed at the number of people who don’t fully understand their own business and how they make money, where the vulnerabilities are, where the data is, where the systems and processes are weak and strong.

So I think my best answer to your question is, start at home, make sure you understand your own business, understand your own vulnerabilities, where your data is. And then I think I really like this theme of engagement. The other big theme that I feel strongly about is just being open to everyone, just being curious. It gives you your best chance of avoiding the worst things. If you engage in your own community, stay open, stay curious, then you give yourself a chance, I think, of asking the right questions and maybe even getting the right answer.

Audience question: Hi, it’s Roary from Comm Bank. I’m not an [inaudible 00:37:43], so I guess I’m completely undesirable by Zepto. [inaudible 00:37:47]. Anyways, I loved all the chat and strategising around how we support the Australian startup space, but I think something that happened, unfortunately, recently is a budget change with the CGT because that sparked a very noisy subsector of Australian startups that believe the dream is the exit. And so the same week, for example, that that news got announced, my friend, who’s like a founding engineer at Lorikeet, probably Sydney’s top AI startup, jumped on a plane to London. So with that in mind, how do we think is the best way for us to help keep our talent, our Australian startups here, convince them that this is still their home for them to build it?

Stuart Munro: Hi, Roary. Sounds like we could chat outside [inaudible 00:38:40]. Look, I think that it’s been – I think that particular topic’s been extremely well covered and canvassed in the media and I haven’t been following the blow-by-blow, but my understanding at least will be that we’re in a period of consultation on that. I think I’m not sure it was fully sort of intended in terms of the direction of some of those pieces. And I think, at least from what I’ve read in the papers, that message has been well heard, well delivered, well heard, and I don’t have any particular insights in terms of exactly where it all lands. But it’s a – I think it came up before, like I think that it’s a really tricky space, I think, this [inaudible 00:39:30]. Maybe I’ll finish with one [inaudible 00:39:38].

Yes, I mean, I do certainly have a lot of empathy for the sort of - if you think about, you know, what do we want for the country overall? Do we want the country to continue to grow and prosper and that’d be good for all of us and for our kids and our grandkids. I’ve got a lot of empathy for the sort of starting position, I suppose, which would be the reality is we need to achieve multiple objectives and that clearly a vibrant, you know, rich and vibrant and growing startup community is a huge part of that and sort of a huge part of productivity growth will be new businesses coming and finding new ways and better ways of doing things and making sure that we’ve got the settings right, that Australia remains an attractive place to attract the capital and the people and innovation is hugely important. And that can’t – you know, that has to be, and I think is – it needs to be a continued sort of huge objective.

There’s challenges in the fiscal position overall for the country that, you know, and all of us, we demand a lot of government, actually, in terms of we want a lot of services, we want services to be really high quality. Increasingly, I think, since COVID, we all sort of hope the government will fix and solve all of our problems. So there’s not a lot of give on that side, and it’s a very, very tricky sort of Tetris, and I’m not for a moment suggesting that the answer is to kill the tech and startup community as well. But it’s a very tricky sort of needle to thread, so if there’s any volunteers to be solving public policy questions. Can we take volunteers?

Damian Kassabgi: Thanks for your question, Roary. We will move on. I think it’s just worth acknowledging that from day one the government’s been very explicit that they understand the startup sector’s concern and they’ve kind of put that on the table very, very early and very, very quickly. But, you know, the country has been having a discussion about housing and housing prices. I think the, you know, organisations have very much welcomed the fact that the government wants to create and has been clear in its intentions of creating a carve-out for innovative type or startup type businesses. But, of course, these things are devils in the detail, and the Tech Council has been working very hard in making sure that that detail is as strong as possible for the government. Next. Go ahead.

Audience question: Good morning. I’m going to borrow from the two questions and the two answers. My name is Gitesh. I’m from a company called HCL Technologies. As AI is becoming more prevalent in everything from lending, fraud detection and, you know, customer-centric activities and we are importing a lot of models, how does ASIC see a balance between innovation and trust? That is one. And number two is how can we, based on the questions the gentleman asked, create innovation that addresses Australian specific issues but then can be scaled up? So three questions loaded into one. One is the innovation and trust, the balance between them, the government policies to increase or increase innovation, and third is how can we have an Australian specific solution that [inaudible 00:43:16] and gets scaled up? Joe.

Joe Longo: Yes, I’ll be brief. I don’t think it is a balance. Whatever the innovation is, it’s got to deliver trust. You can’t – there’s no, but particularly at scale, I mean, without picking on the banks, the banks have an extraordinary array, complexity of systems and processes to deliver the services to their customers. So when things go wrong, it’s often because of the failure of systems controls, data. So the innovation’s got to work. It’s all very well. It’s got to work. It’s not working if people don’t trust it. I don’t see it as a balance equation.

What I would say though is that it behoves the regulators, ASIC, for today’s purposes, to understand that technology and to understand what the risks are and to be open and curious about where the trade-offs are. And if we get that right, ironically, that builds trust because what erodes trust, lack of accountability, lack of transparency, people not understanding how it works, where do they go if it doesn’t work. So these are the practical questions that successful innovation answers.

Damian Kassabgi: Is there a final question from the floor? Emma from Cboe (Australia) and then we’ll wrap up so we can have some lunch.

Audience question: Thanks very much. It’s Emma from Cboe, which is Australia’s second largest stock exchange. A question for Joe, and firstly I would say, Zepto, when you look to list, we do have a corporate listings licence thanks to ASIC most recently, so I’m happy to take that call. Joe, you have said in public forums that the technology at ASIC itself was something that you looked to improve when you were there. As one of your last public appearances, something you’re proud of within ASIC’s technology that’s been on your watch improved?

Joe Longo: Look, I think that’s of fundamental significance. I’ve said from day one that if we don’t get the technology issue right, it’s an existential risk for us. People might say, oh really? Well, it’s an existential risk for everybody. Any major institution that doesn’t get the technology thing right, they’re not going to survive, are they? So you bring that back to ASIC, and I sort of put it as bluntly as that because the – you know, over the last five years I think we’ve done a lot to address what I would call technology debt, and that’s just good old fashioned systems supporting HR, our payment systems, we’re about to replace our billing system so we can send you all invoices more effectively and get paid more quickly, which is part of the service.

So there’s a technology debt, but the bit where I think ASIC is far more ambitious now than it was five years ago is all of what we’re talking about today. I want ASIC, and ASIC I think will continue to be, we want to be part of that story. But we’re not going to be able to do that unless we are curious and we engage and we do as much as we can to build a successful regulatory sandbox, which I know Kate also feels very strongly about. So I think that’s just going to have to continue. The other challenge, and I think that’s improved, I think we’ve done a lot to embrace some AI technologies ourselves, we’ve done a lot to understand what’s going on in the market. So all of this comes together, I think. So I hope that answers your question. I personally think all things technology and data is frankly everybody’s future and if we don’t navigate that properly, living standards will go down, and we won’t get the outcomes for the community that we all want.

Damian Kassabgi: Joe, you’ve got an illustrious career in the private sector. You came in, did a service for the country in the last five years as Chair of ASIC. Certainly we appreciate what you’ve done and the openness that you’ve engaged the industry with. We certainly see ways that that can be developed and improved over time and want to be your partner as you, you know, and ASIC’s partner, as it thinks about how to engage the data it needs from the industry, how we can train our members to understand the data it needs to be providing you so you can understand its products. But as you leave, we’d just love a reflection on, you know, one thing that you’re proud of, really proud of, two, what advice you give Sarah if she takes your spot, and three, what is next for Joe?

Joe Longo: I think I’ve already mentioned I’m pretty proud of ASIC’s journey over technology and embracing the theme of innovation, that we want to be part of that story. You know, I think also ASIC, if I may say so, and there might be one or two people in the room who have heard me say this before, but I think ASIC will continue to be a modern, confident, ambitious regulator. That’s the kind of regulator that I think ASIC now is. ASIC’s challenge is to not be complacent. Like any institution or organisation in the country that’s, you know, important to the community, you’ve got to keep investing and you’ve got to keep thinking ahead.

If I was to point to one thing, I think ASIC now is far more modern, confident and ambitious. I think the future of ASIC is in good hands with Sarah Court. We’ve worked very closely together for five years. All of the initiatives, themes that you see at ASIC today, she was part of, so I don’t think – no doubt there will be some changes, as there always is under a change of leadership, but I think the broad trajectory of how ASIC is operating, I don’t see that changing. As far as my plans are concerned, a couple of words. Walking. I’ll be doing lots of walking for the rest of the year. I’m not retiring and I hope next year to be busy again. I just don’t know what yet.

Damian Kassabgi: Well, I’d like to thank the panellists, but specifically –

[End of recorded material at 00:49:57]