Business Insight

Complaints under the spotlight: ASIC’s public IDR reporting heightens accountability for financial firms

By Chris Baker and Felicity Healy

24 March 2026

Share Share
Print
corridor with lights
Share
Print

    Complaints under the spotlight: ASIC’s public IDR reporting heightens accountability for financial firms

    In an era of heightened regulatory scrutiny and evolving consumer expectations, financial services firms are facing increasing pressure to demonstrate that their governance frameworks deliver real outcomes.

    ASIC's sustained focus on complaints handling over recent years has now culminated in the publication of a dashboard displaying dynamic firm-level internal dispute resolution (IDR) data: Internal dispute resolution data dashboard | ASIC. For the first time, complaints data is positioned as a publicly visible measure of conduct, governance effectiveness and consumer outcomes.

    ASIC’s IDR dashboard represents a significant step change in transparency, providing visibility of complaints volumes, response timeframes and resolution outcomes broken down by firm, product, outcome and issue. In parallel, regulators are increasingly using complaints data as a key supervisory and enforcement input, supported by enhanced data analytics and expanded information-sharing powers.

    For firms, the message is clear: in order to stay ahead of regulatory oversight and enforcement, complaints handling frameworks must do more than simply comply on paper. Given the level of oversight the dashboard will provide, it will be important to ensure that complaints handling processes operate effectively in practice, with clear evidence of ongoing testing, refinement and continuous improvement. Where material risks are identified there will be an increased expectation that firms deploy resources to meet key metrics and more broadly, community expectations.

    Increased transparency and accountability around firm-level IDR data

    • ASIC has published firm-level internal dispute resolution (IDR) data, consistent with the transparency applied to Australian Financial Complaints Authority's (AFCA) External Dispute Resolution (EDR) reporting. The IDR dashboard was made available to the public from Wednesday, 18 March 2026.
    • IDR metrics are be visible to the public at large including consumers, media, regulators and other stakeholders, creating a direct reputational dimension to complaints handling performance. For the first time, it will be possible to draw direct comparisons across competitors, heightening competitive pressures.
    • This push for greater transparency and accountability around complaints handling places significant pressure on firms to improve their compliance and consumer outcomes in an effort to reduce potential reputational damage. Slippage in a firm's performance in comparison to other financial firms will not only increase the likelihood of regulatory scrutiny and oversight but also the possibility of class actions where systemic issues are much more easily identified and harm can be demonstrably assessed and measured.

    Regulators are scanning complaints data for key risk indicators (KRIs)

    • Australia’s prudential and conduct regulators have substantially lifted their data analytics capability over multiple years. Using sophisticated analytical tools, regulators can now detect patterns, anomalies and emerging risks across large datasets, often identifying systemic issues before firms themselves become aware of them.
    • Complaints data is now routinely used to identify key risk indicators (KRIs), including product design flaws, service failures, governance weaknesses and control breakdowns.
    • Legislative developments have also expanded information-sharing mechanisms between regulators, enabling complaints data to be viewed alongside other supervisory intelligence to support a more coordinated enforcement response. Regulators are more frequently working together to allocate resources across common priorities and share the enforcement burden.

    To stay ahead of regulatory intervention, firms need to undertake frequent testing of internal data and revaluation of the appropriate reporting of their performance by proactively interrogating complaints data to identify trends, outliers and emerging risks, rather than relying on retrospective or ad hoc analysis. Firms that fail to match the regulator's analytical rigour risk being confronted with systemic issues they have not yet identified, leaving them on the back foot when responding to regulatory inquiries or enforcement action.

    Complaints data analysis underpins ASIC’s FY 26 enforcement priorities

    • Complaints handling sits squarely within ASIC’s enduring enforcement priorities, particularly in relation to member services, consumer harm and systemic misconduct given that it is frequently an early warning sign of systemic risks.
    • ASIC has recently focused on superannuation trustees, examining how complaints data is used to identify and address delays in death benefit payments – highlighting that delays in complaints handling can compound distress and trauma for already vulnerable consumers. The manner in which complaints are dealt with is often see as a test of a good corporate culture.
    • More broadly, there is increasing alignment between ASIC’s enforcement priorities and risk signals commonly found in complaints data, including:
      • misconduct with a high risk of consumer harm;
      • systemic compliance failures within large financial institutions;
      • identification of poor practices across industries at large;
      • exploitation of First Nations customers and customers experiencing vulnerability (CEV).

    In an increasingly litigious regulatory environment, a financial firm's ability to identify and rectify issues which emerge from complaints will be important for demonstrating that the organisation has a mature risk culture and able to act quickly when things go wrong. Those firms which fail to make an investment in assessing and resolving complaints at pace, will find themselves the target of increased supervision, regulatory action and litigation more broadly.

    What you need to do

    Now is a critical time for firms to strengthen control over their complaints handling processes and extract meaningful insights from their complaints data. Regulators are already interrogating complaints data with a level of sophistication that many firms have not yet matched. Waiting to be told about systemic issues, rather than identifying them first, exposes firms to enforcement action, remediation costs and reputational damage.

    Following significant regulatory pressure to improve complaints handling practices, financial firms have worked to lift compliance with regulatory expectations and obligations, however institutions need to go further to demonstrate practical compliance. 

    Firms should consider the following actions:

    1. Conduct a gap analysis of current complaints data analytics capabilities against regulatory expectations and leading practice.
    2. Implement proactive monitoring and reporting mechanisms to identify trends, outliers and emerging systemic risks in real time.
    3. Establish clear escalation pathways to ensure complaints insights inform product design, risk management and governance decisions.
    4. Stress-test complaints handling frameworks against the metrics that are publicly visible on the IDR dashboard, and address any gaps as a matter of urgency.
    5. Testing the quality of reporting and the pathways for escalation within the organisation.

    Conclusion

    The publication of firm-level IDR data marks a clear inflection point. Complaints handling will increasingly be judged not just by regulators, but by consumers, investors and the market at large.

    Firms that treat complaints as a narrow compliance obligation risk falling behind, both in regulatory engagement and public perception. More critically, firms that do not interrogate their own data to the same standard as regulators risk being surprised by systemic issues they should have identified first. By contrast, those that invest in robust complaints governance, meaningful data analytics and closed-loop feedback mechanisms can use complaints as a strategic asset, staying ahead of the regulator and demonstrating a genuine commitment to consumer outcomes.

    There is a clear opportunity to shift from reactive to proactive. Rather than viewing complaints handling as a compliance exercise, firms can derive meaningful insights from their complaints data to drive continuous improvement, informing product design, service delivery and customer experience, while reducing regulatory and reputational risk.

    Other authors: Eleanor Pollock, Executive

    This publication is a joint publication from Ashurst Australia and Ashurst Risk Advisory Pty Ltd, which are part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    Ashurst Australia (ABN 75 304 286 095) is a general partnership constituted under the laws of the Australian Capital Territory.

    Ashurst Risk Advisory Pty Ltd is a proprietary company registered in Australia and trading under ABN 74 996 309 133.

    The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.

    For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    This material is current as at 24 March 2026  but does not take into account any developments to the law after that date. It is not intended to be a comprehensive review of all developments in the law and in practice, or to cover all aspects of those referred to, and does not constitute legal advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent legal advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.

    Key Contacts