Keeping on top of the latest financial services regulatory & compliance trends?
Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.
- Foreign financial services providers (Treasury): the Federal Treasury has released exposure draft legislation implementing AFSL relief options for foreign financial service providers (FFSPs). In the 2021‑22 Budget, the Government announced as part of the Global Talent Attraction package that it would consult on options to provide regulatory relief for FFSPs and options to create a fast track licensing process for those that wish to establish more permanent operations in Australia. The exposure draft legislation seeks to introduce: 1) the comparable regulator exemption, which exempts FFSPs authorised to provide financial services in a comparable regime from the requirement to be licensed when dealing with wholesale clients; 2) the professional investor exemption, which exempts FFSPs that provide financial services from outside Australia to professional investors from the requirement to be licensed in Australia; and 3) an exemption from the fit and proper person assessment to fast track the licensing process for FFSPs authorised to provide financial services in a comparable regulatory regime. An sensible solution to reduce red tape, the consultation and draft legislation can be found here.
- Critical infrastructure bill (DHA): on 2 December 2021, the Government gained more powers to take action in relation to cyber security incidents affecting ‘critical infrastructure assets’ (which encompasses the financial services sector), including the power to compulsorily obtain information, make directions and to permit the Australian Signals Directorate to take direct action in relation to those assets. It also contains provisions that require entities that own or operate ‘critical infrastructure assets’ to notify Government of critical cyber security incidents within very sharp time frames (12 hours!)— these rules are presently subject to consultation. You can read more about the reforms, which will need to be cross-stitched to exist OAIC obligations, here.
- AML Induction (AUSTRAC): AUSTRAC’s proactive engagement with the industry can be patchy — at least via its website, so it was great to see a release of a number of helpful materials to assisting reporting entities on 13 December 2021. It highlighted the rollout of the induction workshops to introduce new reporting entities to AML/CTF compliance, which cover: 1) AML/CTF fundamentals: an overview of the AML/CTF framework and program requirements such as customer identification procedures, ongoing customer due diligence and transaction reporting; 2) risk assessments: an in-depth look at how reporting entities can identify, mitigate and manage risks such as money laundering, terrorism financing and other serious crimes. In this workshop, AUTRAC also demonstrates how to conduct an ML/TF risk assessment; and, 3) quality reporting: a detailed explanation of entities’ reporting obligations and why these are important. This workshop also provides tips on what quality reporting looks like and what to avoid. Together with general feedback on the compliance reports it receives, I think the monthly workshop is a wonderful initiative from AUSTRAC. You can sign-up here.
- Engagement (ASIC / APRA): ASIC and APRA have published their annual update on engagement between the two regulators. There is not too much to the release of their report, which can be viewed here; collaborating on loan deferrals / hardship, strengthening their enforcement co-ordination and focusing on super were key highlighted areas. The biggest thing I took from the update was that ASIC and APRA are working together “…to develop the framework for jointly administrating the FAR to enable collaboration and coordination, and to minimise duplication, in areas of joint regulatory interest.” No doubt ASIC is very keen to get its hands on FAR, which will dramatically increases its powers. If breach reporting was the biggest game in town in 2021, then FAR will certainly eclipse it in 2022 and 2023.
- FAR (Parliament): the FAR Bill was considered by the Senate Standing Committee for the Scrutiny of Bills on 24 November 2021 and referred to the Senate Economics Legislation Committee the next day, to produce a report on 15 February, 2022. Submissions can be made, and given the last minute introduction of broad ancillary liability provisions which were not consulted upon, and are broadly constructed, we will be making a submission pushing back on them. Wish us luck!
Thought for the future: filing submissions on draft legislation can feel like a Sisyphean task at times — I have lost track of how many submissions I have filed on FAR, for example. Given the magnitude of the legislative changes affecting financial services institutions, and the time it takes to pare back inefficient laws, it is a critical task in my view. Small changes make big differences, and 2022 will be just as important as 2021 in this respect.