ASIC’s Enforcement Momentum: Why governance and risk management demand attention
11 March 2026
)
ASIC’s latest enforcement outcomes (July and December 2025) send a clear message: the regulator is active, persistent, and increasingly focused on best practice governance and risk management.
During the six‑month period, ASIC commenced 23 civil proceedings; the Courts imposed a record $349.8 million in civil penalties; and the Commonwealth Director of Public Prosecutions laid 93 criminal charges. Overall, ASIC commenced 123 new investigations.
The data confirms that ASIC is deploying its full enforcement toolkit—civil, criminal, and administrative—in matters involving financial services, markets, and corporate governance misconduct. The regulator is identifying and pursuing systemic risk and governance issues across all sectors.
Individual accountability and governance remain in focus
For boards and executives, the most important signal lies beyond headline penalty numbers. ASIC reports that, during this period, 61 individuals were removed or restricted from providing financial services or credit, and 16 directors were either disqualified or removed. Governance failures are not being viewed as internal organisational issues. Enforcement outcomes increasingly reflect the expectation that directors and senior executives demonstrate effective oversight, challenge and control.
Investigations today, enforcement action tomorrow
With more than 200 investigations still underway, we expect the volume of enforcement actions to continue to grow. In our experience working on a range of forensic matters, issues escalate where risk management frameworks are poorly embedded across an organisation, documentation is weak or lacking, and accountability is unclear.
ASIC’s latest outcomes reinforce several key priorities for boards and their executives:
Governance must be demonstrable, not theoretical
Boards should require clear evidence that governance frameworks are operating effectively in practice, not just that policies exist. For example, ASIC scrutiny often focuses on whether risk committees actively challenge management decisions, whether issues are documented in minutes, and whether identified control weaknesses are assigned to owners and remediated.Risk ownership must be clear and documented
Regulatory investigations frequently expose blurred or unstructured accountability, particularly where risks cut across business lines. Practical examples include unclear ownership of compliance breaches between product, legal and operations teams, or reliance on unwritten assumptions about who is responsible for escalation and decision making.Early escalation is critical
Delays in escalating emerging issues can significantly worsen outcomes once ASIC becomes involved. In practice, matters such as repeated customer complaints, whistleblower reports, control failures or audit findings should be escalated early, rather than managed at a business-level unit. Patterns and trends can quickly become systemic issues.Prepare for scrutiny, not only compliance
ASIC’s approach increasingly tests how boards and executives respond under pressure, including their decision-making, culture and challenges. An ability to demonstrate informed oversight and decision-making during a crisis is key.
Consistent with the themes outlined in McGrathNicol's Forecast 2026, ASIC’s latest enforcement outcomes highlight that misconduct risk is being driven by cultural weaknesses and governance failures. Against a backdrop of regulatory scrutiny of directors’ duties, boards and executives must move beyond baseline compliance to proactively strengthen governance, accountability and risk management frameworks in the year ahead.
Source data: Summary of enforcement outcomes: July to December 2025 | ASIC