Jeff Morris.

Jeff Morris is scathing of ASIC. Photo: Brendan Esposito

It was four years ago this week that one of the now-famous ''ferrets'', the group of colleagues who blew the whistle on the Commonwealth Bank's financial planning scandal, died in his sleep at age 36.

On Wednesday, at one of the group's old haunts, his surviving mates gathered for a beer and reflection on their actions six years ago - actions that caused great personal stress but culminated in this week's bombshell Senate report calling for a royal commission into CBA's financial planning debacle.

<p>

''Then, as now, the cleansing ales brought clarity,'' says Jeff Morris, the ''ferret'' who went public with evidence of widespread misconduct inside CBA's financial planning arm - specifically one of the bank's top financial planners, Don Nguyen, who had worked for it since 1999.

Six years on, Morris remains scathing of the Commonwealth Bank, his former employer, and how it has handled the fallout from the expanding scandal, exposed by a Fairfax Media investigation.

But some of his strongest words are reserved for the Australian Securities and Investments Commission - the so-called watchdog, charged with regulating corporate Australia and policing Australia's corporate laws.

<p>

''ASIC was a complicit non-participant,'' Morris says, ''not interested in taking on the big players, not really interested in doing their job at all.''

Morris is not alone. The landmark Senate inquiry that has spent the past year scrutinising ASIC's performance in the CBA matter appears to agree, as do the bulk of the 480-plus submissions.

They paint a picture of a timid and opaque regulator, a ''toothless tiger'' or ''gummy shark'' when it comes to enforcement.

ASIC, the committee found, is too slow to act, lacks transparency and is too trusting of the big end of town.

''The credibility of the regulator is important for encouraging a culture of compliance,'' it said. ''That ASIC is consistently described as being slow to act or as a watchdog with no teeth is troubling.''

Indeed, for many, this week's explosive decision by the Senate inquiry to call for a royal commission into the CBA epitomises what is fundamentally wrong with ASIC.

An inquiry was required, the committee said, because it was not convinced ASIC should be left to manage the scandal and its clean-up.

''ASIC has shown it is reluctant to actively pursue misconduct within Commonwealth Financial Planning and Financial Wisdom; rather, it appears to accept the information and assurances the CBA provides without question,'' the committee said.

CBA's credibility on the financial planning matter now stands in tatters.

The committee does have some kind words for ASIC - acknowledging that it has ''talented and dedicated employees''.

But the multiple withering statements issued by the Senate committee - a group of powerful senators from across the political spectrum - underscores the need for reform.

For Sean Hughes, immediate past chief executive of New Zealand's Financial Markets Authority and a former ASIC senior executive, ''there's a sense of inevitability that ASIC will need to reposition itself to deliver to changing expectations around its performance and efficiency''.

Hughes says the report is one of three catalysts that could drive significant strategic change for ASIC.

''The committee did acknowledge ASIC's very broad mandate, the clear commitment of its staff and [potentially] unrealistic expectations by some consumers about its mandate as their protector.

''This report may well create a timely opportunity for ASIC to review its regulatory model and its capability to address and respond to emerging risks.''

Hughes argues that addressing the recommendations is the first step in a broader conversation around what kind of regulator and regulatory services the market needs, wants and is willing to pay for.

''Maybe this is the time to debate whether ASIC should and can be a consumer protector. Or should it focus instead on encouraging well-performing markets and sustained economic growth? Can or should ASIC hold the pen for investors before they commit their funds?''

As Melbourne University corporate law expert Ian Ramsay observes, the report is not ''criticism without solution''.

Indeed, the 553-page report, released on Thursday, contains a radical blueprint for how ASIC should be rebuilt into a faster, more aggressive, more transparent regulator - a regulator that is both feared by those who would consider misconduct, and trusted to identify and hunt down wrongdoers - even if it means going head to head with the big end of town.

The 61 recommendations are designed to rebuild public confidence in the regulator, right the wrongs of the CBA scandal, and investigate other financial institutions including Macquarie Private Wealth.

It recommends spinning off ASIC's registry operation - staffed by hundreds of people in rural Victoria - to give it sharper focus. This is a ''no-brainer'', says former senior ASIC officer Pamela Hanrahan, now a securities law expert at Melbourne University.

It calls on a significant increase in the money ASIC has for enforcement - and for the introduction of a user-pays model for sectors the watchdog regulates. Civil and criminal penalties should also be reviewed, with an eye to increasing them, and ASIC's powers over financial planners should be substantially beefed up - including the draconian power to immediately ban planners suspected of ''egregious misconduct causing widespread harm to clients''.

The Senate committee also wants the regulator to make better use of independent advisers, to better review its own performance and to make more information public.

Even ASIC's labyrinthine and out-dated website has been singled out as needing a revamp.

For senator Mark Bishop, the chairman of the Senate inquiry, its recommendations on enforceable undertakings - or EUs - are the most significant for ASIC's future.

In fact, the driving force for the Senate inquiry into ASIC - which kicked off a year ago - was its poor handling of the Commonwealth Bank financial planning scandal and the wash-up with the EU that ASIC had used to try to fix the issue.

EUs are negotiated settlements struck between ASIC and entities that have transgressed - they include no admission of wrongdoing but contain agreed measures the company must meet.

EUs save time and money spent on court actions - but to investors and consumers, they can appear to be a slap on the wrist.

In theory, ASIC monitors the EU to ensure it is being complied with.

But in CBA's case, it emerged that the bank had not complied - which came as a surprise to ASIC.

The committee has called for stronger, more transparent and more closely monitored EUs.

''This regulation would enable the regulator to go in and check [that] the EU is being completed, that organisational change is happening and that culture is changing,'' Senator Bishop says.

Last month, after it became clear that the EU regime had failed dramatically in the CBA case, ASIC took the significant step of imposing conditions on the bank's financial services licences - forcing the bank to review compensation for more than 4000 customers.

ASIC has admitted it was too trusting of the CBA. ''We're reviewing our approach,'' chairman Greg Medcraft said on Friday. ''If we have something like an agreement, it's always going to have to be public from now on. If there's an independent observer … that has to be appointed by us.

''Once we put these enforceable undertakings in place, they actually are a fairly substantial amount of work to monitor them, ongoing.

''So we are thinking about our approach - do we always pursue just an enforceable undertaking or do we simply just go to court?''

It's rethink time.

''WHAT ASIC is, and they don't realise it, is an anachronism, fighting a 1960s concept of costly, prescriptive regulations in an electronic financial services industry that has its fair share of 21st century crooks and toxic products,'' says Geoff Slater, a barrister who has worked on a slew of high-profile corporate collapses.

Perhaps recognising this, the committee has subtly asked the regulator to make sure it has the right people in the right jobs.

One of the recommendations calls on ASIC to examine its ''triage'' system - how it decides which matters to urgently pursue - to ensure its officers have the skills and experience to know when a matter needs attention.

And it has pointed to the need for ASIC to change its culture - so that ''those managing complaints and reports who wish to draw to the attention of senior officers what they perceive as a potentially serious matter are encouraged to do so''.

There is clearly a lack of experience in the wealth management, retail and banking sectors. There have been complaints that some of the commissioners are career bureaucrats with little or no in-house experience in compliance.

But there are questions about how ASIC can lift its performance in the wake of $120 million of budget cuts it must absorb in the next four years. The committee has pushed for a complete overhaul of ASIC's funding system to a ''user-pays'' approach - a system of industry levies designed to reflect the cost of regulating each industry or profession.

It means industries such as the financial planning sector, auditors and insolvency workers will have to pay more.

For instance, auditors cost ASIC about $6 million a year to regulate but only pay a combined $425,000 in fees; Australian Financial Services licensees cost ASIC an estimated $108 million a year to regulate but only pay $3.7 million in fees.

But while the user-pays funding system for regulation sounds fool-proof - make those who generate the work pay for the work - some, including Professor Ramsay, call for caution.

He points to the risk of so-called regulatory capture, when a regulator becomes conflicted, too close to and ''captured'' by the companies and sectors it is supposed to be policing.

One area where ASIC's performance has escaped criticism is in market supervision, where it has claimed regular scalps for insider trading and other crimes.

There, a user-pays system has been in place for four years, since ASIC took over responsibility for market supervision from the Australian Securities Exchange in 2010.

It was a ''fundamental change'', says Doug Clark, from the Australian Stockbrokers Association. Australia's broking firms now pay ASIC $14 million a year to be supervised - and, not surprisingly, the ASA wants the model extended to other groups like financial planners.

''We are not convinced that we are the only regulated entities in the market that should be subject to it,'' Clark says.

It is the scandal-plagued financial planning industry that is the target of several of the inquiry's most significant recommendations - including the plan for ASIC to be able to immediately revoke a financial planning licence.

More broadly, it has called for a review of civil and criminal penalties that can be levied against those who breach the laws that ASIC is supposed to enforce.

THE Senate committee's report raises fundamental questions about the kind of regulator ASIC needs to be. It has called for more checks and balances over ASIC, an organisation known for its lack of transparency.

It suggests creating a pool of ''approved independent experts'' to call on when it has concerns with poor compliance in a specific company.

But it also wants ASIC to be more critical of and honest with itself - proposing, for example, that it conduct an internal review after any court loss, along with an independent review of the investigation.

And there are big recommendations around the very philosophy that underpins how ASIC operates.

They include a call to action for the Murray inquiry, currently engaged in the mammoth task of reviewing Australia's financial system.

Almost 20 years ago, Murray's predecessor, the Wallis inquiry, guided Australia's regulators to a light-touch approach, including the principle of disclosure - that investors should not be protected from risk, but given information about the potential risks and rewards of financial products.

It was the dominant approach during the tenures of ASIC chairmen Jeffrey Lucy and Tony D'Aloisio, who ran ASIC in the decade leading up to the global financial crisis.

But the complex products spruiked in the pre-GFC days - and the more than $73 billion worth of losses suffered by Australians - exposed the short-comings of the disclosure regime.

Even now, despite the lessons of the GFC, financial products are only becoming more complex and opaque, amid doubts about ASIC's ability to regulate this market.

''We are increasingly realising that our regime based on disclosure, in a world of complex products and challenges with financial literacy, is increasingly inadequate,'' says Professor Ramsay.

The ASIC inquiry called on Murray to examine Australia's disclosure-based regime and, crucially, whether it provided for adequate protections for consumers.

And it called on the Murray inquiry to examine whether ASIC should have the ability to ''protect'' unsophisticated investors from unsafe products.

Dr Hanrahan says the ASIC report has issued a clear challenge for the ongoing Murray inquiry.

''Community expectations about the extent to which people are protected as consumers in the financial system are not being met, so the [Murray inquiry] needs to consider that,'' she says.

''It's all very well to say the market should work … but if it's not meeting community expectations about the level of protection then we need to revisit that.''

The report and its findings will prompt some similar soul searching by ASIC's current chairman, Greg Medcraft, and his staff who have seen the organisation's credibility trashed.

After catching up with his fellow whistleblower, Jeff Morris just hopes the report leads to real change. ''As we parted on the footpath, the two surviving Ferrets agreed that the journey we began six years ago has a way to go yet,'' he says.