- Privacy reform (AG Department): the Privacy Act Review Report has been released and it is big! In a nutshell, there are more prescriptive privacy rules (while keep the principles-based 13 APPs e.g. non-exhaustive list of technical data and other information that may be categorized as ‘personal information’), greater alignment with GDPR (e.g. new data subject rights such as rights of objection and rights of erasure, and the development of ‘standard contractual clauses’), a specific focus on online services (e.g. ‘privacy by default’ in relation to online privacy settings, and targeted guidance on designing proper consents), and regulators will have more scope to play a more active enforcement role (e.g. new enforcement options for the OAIC to seek civil penalties and issue infringement notices — will it become the new AUSTRAC (?)), powers for the OAIC to create targeted codes of practices, and to undertake inquiries/reviews). Submissions are being accepted until 31 March, and I’d encourage everyone to have a read of the report!
- Credit for rent (ASIC): ASIC has issued an interim stop order on One Card Credit’s Scorebuilder and Safetynet loan product because of deficiencies in the target market determination. ASIC does not consider that the distribution conditions are sufficient to identify and exclude these consumers who cannot afford the minimum repayments without hardship, are financially vulnerable or are living in public housing — despite the TMD stating it excludes those consumers. ASIC also considers that the TMD does not adequately describe the target market as it does not contain specific details about the financial situation or needs of the target market. Aside from the fact that DDO continues to be one of ASIC’s favourite tools (just behind 912A of the CA), it does show the increasing granularity behind ASIC’s use of the tool — broad based statements that certain categories of consumers are excluded are no longer enough, but instead there needs to be sufficient smarts in the distribution conditions to identify them. All of this adds to the existing pressure to continually reviews TMDs, and their surrounding infrastructure — especially where the product has a narrow market…
- Regulatory developments table (ASIC): I know that ASIC publicizes its courts wins quite well (e.g. the massive fine they got against GetSwift this week for breaching continuous disclosure laws), however, I think some of their best work was tucked away in this release. Not the enforcement focus — we know that ASIC is focusing on greenwashing, predatory lending and misleading insurance pricing promises this year — but the cool regulatory calendar at the bottom. The timetable is designed to help industry to better anticipate when ASIC will issue draft or final guidance, or the making of a legislative instrument. I think it is wonderful, and ASIC should be commended for it! Outside of the regulatory instruments, I did pick up on this FAR bit which made me happy: “Note: Subject to the passage of legislation, ASIC will provide guidance on…the implementation of the Financial Accountability Regime, which will be administered jointly with the Australian Prudential Regulation Authority”.
- Disclosure (ASIC): ASIC has reinforced that material business risks should be adequately disclosed in annual reports, to better inform shareholders and prospective investors. ASIC has encouraged investors and advisers to review the additional materials disclosed by 5 entities which were the subject of its targeted surveillance activities (see here), to get a sense of its expectations. One example is around the use of non-International Financial Reporting Standards financial information by WOTSO. A timely update given the Getswift action this week…
- Crown action (AUSTRAC): Australian regulators are having a hard time of it at the moment in terms of the enforcement pressure being placed on them by policymakers e.g. Senate inquiry into ASIC’s effectiveness, which will report in 2024. Now NSW’s Lee J has slammed AUSTRAC for taking too long in its action against Crown, Star and Skycity, memorably stating: “The Congress of Vienna took nine months to talk about the future of Europe, you’ve had 12 months to talk about admissions…It’s already meandered for a year. I just want to know whether the regulator in this case is serious about running the case or not?”. Scathing stuff, and likely to add to the pressure on regulators to conduct quick enforcement actions. We’re still waiting with bated breath on Joe Longo’s reshuffle of ASIC to be more enforcement ready in that regard…
Thought for the week: I am in Canberra on Tuesday, speaking to the Senate on why crypto isn’t legally ‘property’ but instead mere ‘ information’ (so they need to legislate to make that clearer). Anyone interested in the topic, or who has advice for me, please reach out!
