On 17 September 2024, Joe Longo, Chair of the Australian Securities and Investments Commission (ASIC), spoke at the Australian Compliance Institute Annual Conference. His speech, titled “Effective Compliance: Perspectives from the Regulator,” highlighted the increasing significance of compliance professionals in the changing regulatory environment. Longo emphasised the importance of adherence in addressing new challenges, particularly in cybersecurity, where the risks associated with data breaches and cyberattacks have increased.
Longo affirmed the need for strong compliance frameworks built on ethics, integrity, and trust. He urged compliance professionals to adopt a strategic approach that harmonises organisational practices with legal requirements and cultivates a culture that focuses on cybersecurity. Longo identified the importance of building a culture based on integrity, ethics, and trust to achieve effective compliance. He urged compliance professionals to remain vigilant, continuously improve their skills, and promote transparent communication with their boards to effectively navigate the evolving regulatory landscape.
Boosting cybersecurity measures
Compliance professionals play a key strategic function in ensuring strong cybersecurity measures in both the public and private sectors. During his address at the Australian Compliance Institute Annual Conference, Joe Longo outlined the critical role of compliance in safeguarding data and tackling the rising risks from cyber-attacks.
Longo underlined that compliance professionals do more than just meet regulatory obligations; they actively foster a culture of integrity, trust, and ethical behaviour. “It’s the compliance professional’s job to not only meet legal obligations but to create an ethical culture,” Longo noted during his address.
As technology progresses, cyber risks pose significantly increased threats. A KPMG global survey shows that 36% of compliance officers prioritise cybersecurity as their top area for improvement, outlining the urgent need for organisations to adopt proactive cybersecurity measures. In today’s digital landscape, compliance teams must grasp and foresee new cyber threats like ransomware and data breaches, which can disrupt operations and undermine confidence in public institutions.
Navigating expanding compliance demands
As the regulatory environment changes, compliance professionals face increasing challenge. Longo stressed the significant challenges that cybersecurity poses, noting that compliance officers now confront a wider range of responsibilities. “The items stacked on the compliance professional’s desk have dramatically multiplied,” Longo remarked, pointing out the growing demands of overseeing cybersecurity, data privacy, and Environmental, Social, and Governance (ESG) reporting responsibilities.
Incorporating ESG compliance into regulatory frameworks adds an additional layer of complexity. Longo emphasised the importance of mandatory climate-related reporting obligations and the need for organisations to maintain a strong focus on cybersecurity. Cybersecurity and ESG compliance intersect, requiring secure and transparent data management, which adds layers of complexity to the regulatory landscape.
Compliance officers should take a proactive approach to risk management, as poor data security can lead to regulatory violations and damage to reputation. Longo highlighted that the increasing digital presence of public institutions amplifies the necessity for robust cybersecurity measures. Compliance teams comply with legal requirements and protect the infrastructure that supports digital services.
Strengthening cybersecurity governance
Longo addresses the challenges that public sector compliance teams face, particularly in governance and oversight related to cybersecurity. He reiterated that compliance professionals do more than just handle operations; they also engage in strategic dimensions. Compliance teams should be prepared to assist boards in recognising cybersecurity risks promptly, handling them efficiently, and maintaining a proactive approach.
Public institutions must develop stronger frameworks that incorporate cybersecurity risk management into wider regulatory compliance initiatives. Longo emphasised the importance of “asking the right questions” in a compliance-focused strategy for cybersecurity. This includes questions like: What responsibilities do we have? What measures will ensure compliance with these responsibilities? Are our practices in line with legal standards and ethical principles? These play a vital part in protecting against potential breaches that could undermine public trust.
Longo stressed the need for consistent reporting and accountability, highlighting the key part compliance professionals play in monitoring the integrity of cybersecurity frameworks. “Good advice and good service from you will protect the organisation from financial and non-financial risks,” he noted, underscoring that compliance demands continuous diligence, especially given the growing threats.
AI driving compliance solutions
Longo emphasised how artificial intelligence (AI) and emerging technologies significantly affect compliance and cybersecurity. As AI-driven systems integrate more into public institutions, concerns about data security, privacy, and ethical implementation emerge. AI analyses extensive datasets and detects trends instantaneously, offering exceptional prospects for enhancing compliance practices while introducing considerable risks. Longo stresses that “AI can enhance risk detection, but it can also amplify risks if not properly managed.”
AI systems may inadvertently incorporate biases, leading to unfair outcomes, or operate in unclear ways that reduce transparency. Financial markets face particularly urgent issues, as improper use of AI can undermine their integrity. In these contexts, ASIC actively examines the deployment of AI to ensure compliance with ethical standards and regulatory requirements. Longo’s speech highlighted that while AI can automate many compliance functions, establishing robust regulatory frameworks is essential to prevent misuse and ensure it strengthens, rather than undermines, public trust in digital systems.
As we look ahead, new technologies like AI will bring a mix of opportunities and challenges to compliance practices. As regulatory expectations grow more complex, organisations must maintain agile and future-proof compliance frameworks. As new digital risks emerge, organisations will increasingly prioritise ethical governance, transparency, and security, turning compliance into a strategic necessity instead of just a regulatory obligation.