In just the first few months of the current financial year, ASIC has already pulled in more than $300 million in penalties and fines, mainly from financial services companies. This amount is more than it has ever collected in any previous full year. The tally is dominated by the $240 million against ANZ for serious misconduct, but the real message is aimed squarely at all boardrooms: when governance fails, the regulator is willing and able to extract eye‑watering sanctions against companies and their directors.
For insurance brokers, this enforcement surge is a clear signal that directors face a materially higher risk of being drawn into investigations, civil actions and potentially criminal proceedings in 2026 – and that D&O programs written for a softer regulatory era may no longer be fit for purpose.
ASIC’s enforcement priorities for 2026 – predatory credit, superannuation schemes, greenwashing, cyber governance and financial reporting – map almost directly on to D&O exposures. The ANZ penalty might sit at the extreme end of the spectrum, but the underlying themes are familiar: systemic failures, prolonged harm to customers and late remediation.
In that environment, the question for brokers is no longer whether clients carry D&O cover. It is whether that cover is structured to respond from the moment ASIC’s interest becomes apparent, not only when formal proceedings are commenced.
Louise Lumley (pictured), executive assurance underwriting manager at Arch Insurance Australia, warns that early‑stage regulatory activity is still a blind spot in many programs. “We recommend that clients, with the support of their brokers, ensure their D&O coverage includes both investigations and pre-investigations,” she said.
Lumley warned that policyholders may otherwise find their insurance policy only covers costs after a formal investigation begins, leaving “prior reasonable expenses” uninsured.
For directors suddenly facing ASIC notices, interviews or voluntary information requests, those “prior reasonable expenses” can quickly become material. If they sit outside the wording, personal balance sheets are exposed before indemnity is even triggered.
ASIC’s record penalty haul is also a reminder that scale matters – both in terms of enforcement and insurance. Larger institutions and more complex groups provide more potential claimants, more documents, more regulators and longer investigations. That translates directly into higher defence costs and greater risk of limits being exhausted.
“It goes without saying that the larger a business and turnover, the larger the risk,” said Lumley. “Insurers and brokers must collaborate closely to ensure appropriate cover matched to a client’s specific risk profile is provided.”
Some of the insurance and risk questions brokers should consider include:
The spike in regulatory activity will also test policy wordings in ways many clients haven’t previously experienced. Greenwashing, cyber failures and complex product mis‑selling sit at the intersection of multiple exclusions, definitions and endorsements – particularly around cyber, conduct and prior knowledge.
Lumley stressed that brokers can no longer treat this language as boilerplate. “All parties need to have a clear understanding of the exclusions that apply to D&O policies, noting that some coverage restrictions may be contained within the policy definitions,” she said.
That understanding is critical in three fast‑moving areas:
From a broker’s perspective, 2026 will reward those who lean into this detail. The record enforcement numbers ASIC has already chalked up this year are unlikely to be a one‑off; they reflect a regulator that has found both the appetite and the legal footing to push harder.
