Public Relations Reputation Management Crisis Management

The Science of Crisis Communication: Proactive and Reactive Strategies

Crisis communication—typically a reactive and intense endeavour executed with anxiety and haste. You may find yourself in a situation where you haven't fully planned what to say, b...

Public Relations Reputation Management Financial Services Protect

Navigating Regulatory Waters: Friend or Food? How To Stay Ahead in Financial Services

The following content is part of our fortnightly newsletter eDMs "Take A Beat Thursday" and was originally sent out on February 8th. If you'd like to join the list and get these in...



The following content is part of our fortnightly newsletter eDMs "Take A Beat Thursday" and was originally sent out on February 8th. If you'd like to join the list and get these insights live and as they happen, subscribe to receive these emails

Does the regulator see you as friend or food?

Here’s one way to not become their prey


Screenshot 2024-02-08 at 10.56.26 am

Start your stop watch… here’s this fortnight’s 5 minute crunch.

Love them or hate them, ASIC and APRA are big in our world and probably yours. The ASX is also, if you work in a listed company. Let’s call them the 3 As. I mean that respectfully of course. 

There’s something many of you are missing

I’m going to go out on a limb and suggest you have a significant opportunity (which most of your competitors have missed) to be better prepared for regulator engagement. 

When I refer to “regulator engagement” I mean anything from a headline-grabbing media announcement of a multi-million dollar greenwashing litigation which hurts your brand and your personal reputation, through to a mildly worded guidance to the whole industry.

Here’s why you can be better prepared:

  • The regulators now publish their enforcement priorities ahead of time, publicly
  • Their engagement with you (a regulated entity) usually follows (to the experienced observer) one of a small number of standard paths
  • Most regulated entities fail to see this and to plan their response well enough

Warnings and signals aplenty, but who’s listening?

Honestly, Australia’s finance regulators almost always snarl at you, their regulated entities, or deliver some form of the “tap on the shoulder before a punch in the face” warning. How do we know? Thanks to the size and experience of our team, and over some 25 years, we’ve seen this across the industry as we’ve worked with a wide range of former employers and many client engagements. Across businesses, we see the same patterns of enforcement actions, and market signalling ahead of changes to those patterns.

Clients often don’t see the same signs that we do. So our role is to assess the landscape, give advice, help our clients predict and prepare for the most likely or damaging scenarios and carefully choose their own path.

That path should include three key steps:

1. Paying closer attention to the specific wording of public regulator statements of intent and guidance. These are carefully chosen and sometimes deceptively simple. 

2. Scenario planning and preparation for any specific and known regulator action. This means any time you’ve been contacted directly. Here is one of the biggest reasons you’re going to end up in the news in a bad way: you didn’t consider and plan for ALL (and there are never very many) scenarios. In fact we often see senior executives and legal counsel ignoring probable outcomes. 

3. Several “walk-throughs” or tabletop exercises to be “response ready”. This is essential when you have a live matter. It’s also plain smart right now when APRA have just been clear they expect you to do better on organisational resilience, specifically your ability to deal with cybersecurity risks, threats and crises.

Download our free PDF checklist to strengthen your cybersecurity resilience and improve your organisation's readiness to handle a cyber crisis.

Here are three simple actions that may be irksome but are essential: 

  • CPS 230 Compliance: Evaluate and update your crisis management frameworks, making certain they align seamlessly with CPS 230 requirements.
  • Enhance Communication Protocols: Review and update crisis communication plans. Ensure that communication channels are well-established, both internally and externally.
  • Training and Simulation Exercises: Regularly conduct crisis simulation exercises to assess the effectiveness of your crisis response team. 

You may think you’re doing these things… but most organisations are NOT running simulations that genuinely stress-test the plans, processes and teams’ skills and then improve them. As a result, that lack of crisis capability - pure skill and practised responses - leads to worse outcomes whether the crisis came from a cyberthreat, corporate scandal, climate event or was created by the regulator themselves.


Are you really hearing or just listening?

Yes, APRA last week said some things they’ve been saying for a while. Don’t ignore that. Act on it. My guess is they’re repeating this because they see what we see: inadequate response to their other messages. 


Last year ASIC did what they said they would. In November 2022 and for the first time, they published their enforcement priorities for the year ahead. Some folk I know (yes, maybe you, even if you don’t remember this) dismissed ASIC's year ahead priorities as “not relevant to us” and were then hammered. 


Just last week APRA did the same in their Interim Policy and Supervision Update. The good news is that much of this list is easy to understand, can be knocked over before June 30 and will reduce a host of risks that would hurt you and your career.

Cynical of me but true.

Specifically, APRA have called out several whopping gaps that we also see, and that are very fixable.

So here’s the smart thing to do this year. READ, re-read, and share the regulator’s guidance internally, along with at least one news article that shows how ASIC totally roasted another brand in 2023 after a clearly telegraphed industry punch. If you search “greenwashing + ASIC” then “ASIC enforcement priorities” it should do the trick.

Then, if there’s only one thing you can get done by June 30 it's to practise under somewhat real circumstances.

Why? Because, like swimming, you can’t learn that stuff from YouTube or Google alone. And because crisis response is a team sport, you want that practise to be with all the other people and teams and resources you’ll eventually need in a real crisis.


BlueChip Communication is Australia's leading financial services communication firm. We use strategy, marketing & communication to help financial services leaders and brands protect and grow their reputation, impact and revenue.

Take a beat Thursday is our fortnightly newsletter, we focus on the following in every email: 

  • We make this 100% about you and your success. 
  • We will always share one insight from our 30 years of advisory experience.
  • You’ll get actionable insights linked to current events and relevant to financial services.

To get these insights live and as they happen, subscribe to join the list.

New call-to-action
how to drive your fame agenda

Stay up
to date

Marketing insights you’ll want to read.

Sign up for our newsletter

Stay up
to date

Marketing insights you’ll want to read.

Sign up for our newsletter