When most people picture a compliance failure at a brokerage, they imagine rogue traders or insider dealing. The reality in the WealthHub case was far more mundane and, in its own way, far more revealing: a missing alphanumeric field in a data report, repeated across thousands of submissions over nearly a decade.
That gap matters more than it sounds. ASIC’s ability to detect insider trading, market manipulation, and other misconduct depends on millions of data fields being populated correctly by brokers every single day. When those fields are wrong or absent, the entire surveillance architecture that protects your trades degrades. This is not a paperwork problem. It is an infrastructure problem.
Here is how the system actually works, why a single identification field sits at the centre of it, and what the WealthHub case reveals about the obligations every licensed broker carries. The weakest point in market oversight is not the regulator. It is the data.
The infrastructure hiding in plain sight: what regulatory data reporting actually does
Regulatory data reporting is the mandatory, continuous process by which brokers and market participants submit trading and order data to ASIC and market operators such as ASX in near real time. Every order you place passes through this system before it settles.
The distinction that matters is between “audit-ready” data submitted at scale and older, manual processes where reports arrived late and incomplete. Modern electronic markets are fragmented across multiple venues and platforms. In that environment, real-time accuracy is a functional requirement, not a regulatory preference. If the data is delayed or partial, surveillance algorithms cannot do their job.
What the data enables
Complete and accurate reporting gives regulators the structured inputs they need to operate at scale. Specifically, it enables three things:
- Aggregating exposures by counterparty, so regulators can see concentrated risk building across products and accounts
- Spotting connected activity across venues, so patterns that would be invisible on a single exchange become detectable
- Establishing accountability, so every order and trade can be tied back to the entity responsible for it
ASIC requires this data for a stated purpose: detecting insider trading, market manipulation, and other misconduct. The quality of that detection is directly and mechanically dependent on the accuracy of data you never see. Every trade you place moves through a system whose integrity rests on brokers getting these fields right.
Australian market cleanliness rankings depend directly on surveillance inputs of the kind that Intermediary ID data provides: ASIC’s Report 787 methodology measures detectable informed trading using the same transaction-level data infrastructure that breaks down when identification fields are missing or wrong.
When big ASX news breaks, our subscribers know first
What is the Intermediary ID and why does one field carry this much weight?
The Intermediary ID is the AFS licence number assigned to the financial services entity that placed orders and trades through a given market participant’s trading system. Its function is precise: it ties every trade back to a specific licensed intermediary in the execution chain, so regulators can answer the most basic investigative question: which entity placed this order?
When Intermediary ID data is inaccurate or absent, two things break simultaneously.
First, surveillance tools cannot map anomalous trading patterns to the firms behind them. If a cluster of suspicious orders appears across multiple venues, the system needs reliable identifiers to connect the dots. Without them, the pattern may be visible but the responsible party is not.
ASIC’s ability to pursue insider trading detection at scale depends on the same transaction-level data infrastructure described throughout this article: the dedicated insider trading team established in late 2024 operates through surveillance algorithms that require correctly populated identification fields to link suspicious activity across accounts and venues.
Second, industry funding levies cannot be accurately attributed. ASIC uses Intermediary ID data to calculate the levies that fund market supervision. Errors in this field mean some entities pay less than their true market footprint warrants, distorting the cost-sharing model that underpins regulatory resourcing.
When the Intermediary ID field contains errors or is left blank, it can weaken ASIC’s ability to carry out effective market surveillance and, in turn, threaten broader market integrity.
This is not a uniquely Australian mechanism. Globally, regulated markets rely on equivalent identifiers: Legal Entity Identifiers (LEIs) under Europe’s MiFID II/MiFIR framework, and Consolidated Audit Trail (CAT) identifiers under FINRA rules in the United States. Cross-jurisdiction analysis has explicitly found that inconsistent identification standards “inhibit linked risk analysis” and obstruct building a complete market picture.
With accurate Intermediary ID data, regulators can:
- Link suspicious trading patterns to specific licensed entities
- Attribute supervisory costs fairly across the industry
- Build cross-venue investigations that follow the execution chain
Without it, they cannot do any of those things. The Intermediary ID is the accountability anchor of Australian equity market surveillance. When it is missing, misconduct can hide in the gap.
How ASIC’s Market Integrity Rules create the obligation framework
What the rules require
ASIC’s Market Integrity Rules are the binding ruleset that establishes accurate and complete regulatory data reporting as a fundamental and ongoing obligation for market participants. These are not guidelines or aspirations. They are enforceable rules, and the distinction matters for how breaches are assessed.
The key structural principle is that these are outcome obligations. If the reports a firm submits are wrong or incomplete, the rules have been breached regardless of intent, regardless of whether the error was systemic or manual, and regardless of whether the underlying trades were themselves legitimate. You do not get credit for trying. You are judged on what the data actually says.
Obligations under these rules are also continuous. A systemic or technical error that persists for years constitutes a breach on every day it occurs, not a single historical event. That distinction dramatically increases the weight of long-running failures.
How ASIC monitors and enforces compliance
ASIC does not set these rules and walk away. It actively communicates and reinforces them through its Market Integrity Updates. Issue 130, published in September 2021, put all market participants on formal notice of their duty to submit accurate and complete regulatory data, including correctly populated Intermediary ID fields, leaving no room for any licensed firm to plead ignorance.
When breaches are identified, the Markets Disciplinary Panel (MDP) is the body empowered to adjudicate them. The MDP sits at the enforcement end of a system designed to treat data-quality failures as seriously as trading misconduct.
Three core principles define the framework:
- Outcome obligation: the accuracy of submitted data is what matters, not the effort behind it
- Continuous obligation: every day of non-compliance is a separate breach
- Actively monitored: ASIC reminds, reviews, and enforces, and the MDP adjudicates
For you, as an investor evaluating a broker, this means regulatory reporting compliance is not a one-time certification. It is an ongoing operational standard. Firms with weak data governance systems carry a genuine and measurable compliance risk that can surface at any time.
The WealthHub case: ten years of a missing field
Throughout a period running from 28 July 2014 to 31 October 2024, WealthHub submitted order and trade reports in which the Intermediary ID field was either absent or carried incorrect data.
That is approximately ten years of defective data flowing into the surveillance system.
The reports went to market operators including ASX. The failures were not isolated incidents or one-off errors. They were systemic and sustained, which is precisely the characterisation that elevates a data-quality problem from a clerical oversight to a serious regulatory breach.
The Markets Disciplinary Panel (MDP) adjudicated the case. The timeline is worth sitting with: the breach period began in 2014 and continued through October 2024, meaning it persisted for more than three years after ASIC’s September 2021 Market Integrity Update explicitly reminded firms of their Intermediary ID obligations.
| What the rules required | What WealthHub submitted | Consequence |
|---|---|---|
| Accurate Intermediary ID (AFS licence number) in every order and trade report | Omitted or incorrect Intermediary ID across thousands of submissions over approximately ten years | Compromised ASIC’s surveillance capability and distorted industry funding levy calculations |
| Continuous compliance with Market Integrity Rules, including after ASIC’s September 2021 reminder | Failures persisted from 28 July 2014 to 31 October 2024, continuing more than three years after the public reminder | MDP adjudication; breach treated as systemic misconduct, not clerical error |
The case illustrates three practical lessons. Data accuracy is an outcome obligation: the rules were breached because the data was wrong, full stop. Obligations are continuous: every day of incorrect reporting was a separate breach. And regulators will act on infrastructure-level failures without waiting for downstream harm to materialise.
The Petra Capital case illustrates the same outcome obligation principle at work: a software update that corrupted client identifiers across 14,741 trades produced a $205,350 MDP penalty, with the panel confirming that carelessness satisfies the breach threshold for data reporting obligations just as completely as deliberate misconduct.
For you, the duration is the signal. Firms with poor data governance can remain non-compliant for years before enforcement catches up. When it does, the cumulative nature of continuous breaches makes the outcome significantly more serious.
Australia in global context: how other regulators treat reporting accuracy
ASIC’s enforcement approach in the WealthHub case is not an outlier. It sits within a globally consistent regulatory posture: reporting accuracy is independently enforceable, regardless of whether any specific investor was directly harmed.
- Australia (ASIC): Market Integrity Rules make data accuracy an ongoing, outcome-based obligation. The MDP adjudicates breaches as standalone violations, as the WealthHub case demonstrates.
- Europe (MiFID II/MiFIR): Regulators have made data quality a sustained enforcement priority, explicitly framing accurate transaction reporting as “a necessary part of maintaining and strengthening the integrity, resilience, and efficiency of financial markets.”
- United States (SEC/FINRA): “Blue sheet” enforcement actions have repeatedly sanctioned firms for incomplete or inaccurate trade-data submissions as standalone violations, without requiring proof that a specific investor was harmed.
Under MiFID II/MiFIR, European regulators frame data quality as “a necessary part of maintaining and strengthening the integrity, resilience, and efficiency of financial markets.”
The unifying principle across all three jurisdictions is clear: non-compliance with a formal reporting obligation is itself sufficient grounds for enforcement. Regulators do not wait for downstream harm before acting. Studies examining multiple jurisdictions have found that fragmented or inconsistent entity identification standards obstruct linked risk analysis and prevent supervisors from assembling a coherent picture of activity across venues and regulatory regimes.
For you, this global context reframes WealthHub not as a uniquely Australian regulatory outcome but as confirmation that any broker operating in any major regulated market faces the same underlying standard. If your broker has international operations, or if your platform clears through global intermediaries, these equivalent standards apply across the entire execution chain.
The next major ASX story will hit our subscribers first
What brokers with strong data governance actually look like
What good data governance looks like internally
Robust compliance with reporting obligations requires real operational investment. It means systematic data validation processes that catch field-level errors before reports are submitted. It means integration between trading systems and reporting infrastructure so data flows cleanly without manual intervention. It requires ongoing staff training on regulatory requirements and internal audit processes that test reporting accuracy on an ongoing basis, not once a year.
Firms that invest in this infrastructure are better positioned to operate transparently in supervised markets. They are less likely to carry hidden compliance risk that surfaces years later in enforcement action. The connection between operational quality in data management and broader compliance culture is direct: a broker that cannot get a mandatory identification field right consistently is signalling something meaningful about its internal controls.
What you can actually check
You cannot inspect a broker’s data systems directly, but you can look for accessible indicators:
- ASIC register status: Confirm your broker holds a current AFS licence on ASIC’s public register
- Public enforcement history: Check whether the firm or its principals have been the subject of MDP decisions or ASIC enforcement actions
- Regulatory disclosures: Review the firm’s Financial Services Guide and any published compliance statements
- AFS licence currency: Verify the licence has not been suspended, cancelled, or made subject to conditions
- Responsiveness to regulatory updates: Firms that publicly acknowledge and address ASIC Market Integrity Updates demonstrate active compliance engagement
These are not guarantees, but they give you a practical framework for moving beyond fee comparisons when evaluating a broker. The regulatory machinery explained throughout this article connects directly to this decision: a firm’s compliance posture tells you something about how it operates when no one is watching.
This article is for informational purposes only and should not be considered financial advice. Investors should conduct their own research and consult with financial professionals before making investment decisions.
The WealthHub case as a standing lesson in how market oversight actually works
ASIC’s market surveillance infrastructure is only as strong as the data flowing into it. The Market Integrity Rules place an ongoing, outcome-based obligation on every broker to get that data right, and the WealthHub case demonstrates what happens when that obligation goes unmet for a decade.
Market integrity is not protected by enforcement alone. It is sustained by the daily operational discipline of thousands of routine data submissions across the industry. A single identification field, correctly populated, keeps the surveillance chain intact. The same field, missing or wrong, can shield misconduct from detection for years.
As electronic markets grow more fragmented and data volumes increase, the quality of regulatory reporting becomes more, not less, important. The standard ASIC enforces today reflects where international practice is moving, not where it has been. For you, that means the question of whether your broker takes data governance seriously is not abstract. It is the foundation of the market integrity you rely on every time you place a trade.
ASIC’s broader shift toward electronic lodgement standards, including the elimination of 45,000 paper-based submissions annually and a 380% expansion in electronic lodgement options confirmed in REP 830, reflects the same institutional direction: the regulator is investing in the data infrastructure that makes real-time surveillance possible, raising the baseline expectation for all market participants.
—

