Australian regulators weekly wrap Monday 13 September 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

1. Breach reporting (ASIC):the corporate regulator has released the new RG 78 to apply from 1 October 2021 for the new breach reporting regime. The primary shift under this new regime, which applies to both AFSL and ACL holders, is to a more expansive scope of reportable situations (i.e. matters that must immediately be reported to ASIC), and the introduction of deemed significant breaches. Largely gone will be the days of subjective assessments of significance of a particular issue, with the decision of whether a matter is reportable to ASIC or not hinging on that assessment. There is far more prescriptive rigour around what is reportable to ASIC now. The new RG 78 explains: what licensee holders must report to ASIC (see Section B); when and how they must report to ASIC, including information about how ASIC deal with the reports we receive and the information we will publish about your reports (see Section C); and, ASICs expectations and guidance about compliance systems (see Section D). (The last one is particularly important, as deemed significant breaches include a huge raft of civil penalties across legislation my team has spent the last 6 months alone compiling them all!) It is a large guide, and does nothing to limit what will be an extremely onerous regime change you can read a summary of the changes in this briefinghere(my top read for the week).
2. ASIC enforcement (ASIC):We love litigation, say new ASIC chiefswas theAFR headingon 3 September 2021. In the interview, ASIC Chair Joe Longo and Commissioner Sarah Court made very clear that: 1) they see significant challenges ahead of them in terms of enforcing compliance with the law one of the more jarring sentences was that the depth of compliance problems in the financial services sector is breathtaking; and 2) they will be pushing more litigation from ASIC, albeit in more targeted areas. My read of all this is that we wont see ASIC stray into policy-type decisions or cases (think responsible lending), which is consistent with the Treasurers direction to ASIC covered in the ARWW a fortnight ago, and we will see ASIC using more of the appreciable regime advantages it has been given to conduct more litigation. Think the penalties legislation of 2019 which made 912A an offence, mortgage brokers BID regime, new breach reporting regime and FAR in 2023. In effect, a more enforcement happy regulator, though with less of the big cases we saw under Tony DAloisio and to a lesser extent Shipton (not Medcraft).
3. AML/CTF (AUSTRAC):the AML/CTF regulator released four new Australian banking sector money laundering and terrorism financing risk assessments. The four assessments examine the threats criminals pose to Australias major banks, other domestic banks, foreign subsidiary banks and foreign bank branches operating in Australia. A sobering read, AUSTRAC assesses the threat of ML/TF facing Australias major banks as high, and more importantly that that the major banks are subject to a high level of inherent ML/TF vulnerability. It is a fascinating read, which should prompt banks and non-bank lenders to revisit their AML / CTF policy, program and procedures. AUSTRAC had this to say: Major banks have a mixed record of applying risk mitigation strategies. On one hand, major banks make significant investments to counter ML/TF risk, engage regularly with AUSTRAC, and some entities have undergone or are undergoing an uplift in their AML/CTF systems, controls and policies. On the other hand, there have been significant and systemic deficiencies detected in the subsector over recent years. Governance and assurance around AML/CTF compliance has been identified as a particular concern, and risk mitigation strategies are not always applied consistently across a reporting entity.
4. Safe harbour (Treasury): In 2017, Parliament enacted theTreasury Laws Amendment (2017 Enterprise Incentives ?2) Act 2017. The amendments introduced a safe harbour for company directors from personal liability for insolvent trading if the company is undertaking a restructure. As part of the 202122 Budget, the Government announced that it would commence an independent review into the insolvent trading safe harbour, to ensure that the safe harbour provisions remain fit for purpose and its benefits can extend to as many businesses as possible the consultationhas just been released, and closes on 1 October 2021. My sense, given how willing the Government is to kickstart the post COVID-19 economy by tinkering with insolvency law, is that the provisions will be expanded. Good news for debtors, and more challenges for creditors essentially!
5. Climate assessment (APRA):the prudential regulator has published an information paper outlining the purpose, design and scope of the Climate Vulnerability Assessment (CVA) that is underway with Australias largest five banks. Along with itsdraft prudential guidance on climate risk, which closed for consultation on 31 July 2021, the CVA forms the bulk of APRAs efforts to help its regulated entities understand and manage the financial risks associated with climate change. You can read the paperhere, which sets out that the three key objectives of the CVA are to assess potential financial exposure to climate risk; to understand how banks may adjust business models and implement management actions in response to different scenarios; and to foster improvement in climate risk management capabilities. The report sets out the criteria it will be assessing, including the types of climate risks considered, scope (geographic and financial exposures) of the assessment, climate scenarios, and the timeframe.

Thought for the future:once you have your AFSL or ACL permissions, they are yours forever right? Perhaps not, if ASIC follows a UK FCA development. The FCA has new powers to remove a firms unused permissions from the Financial Services register more quickly. It says incorrect or outdated permissions on the Financial Services Register can mislead consumers about the level of protection offered by a firm or give credibility to a firms unregulated activities. One to watch in case it comes to Australia