- Cyber Safety (ASIC): ASIC has urged listed firms to pay attention to cyber risks, noting World Economic Forum released its annual Global Risks Report 2022 and failure of cyber security measures was the number one risk for Australian executives. ASIC’s December 2021 resilience report showed firms operating in Australia’s markets had a small but steady improvement in cyber resilience. However, the increase of 1.4% fell far short of the 14.9% improvement targeted for the period. ASIC Executive Director of Markets, Greg Yanco stated, “ASIC is not seeking to prescribe technical standards or to provide expert guidance on cyber security. Where we consider a firm has not met its cyber risk management obligations, we may consider enforcement action to drive changes in behaviour.” This is illustrated by ASICs proceedings against RI Advice Group.
- Macroprudential Framework (APRA): The prudential regulator has finalised amendments to its prudential framework to give effect to macroprudential policy measures. Under the new requirements, ADIs must be operationally prepared to implement certain macroprudential policy measures, if needed. In particular, banks will need to have systems in place to limit growth in higher risk residential mortgage lending, such as loans at high debt-to-income multiples or high loan-to-valuation ratios. The new requirements take effect from September this year, and foreshadow the recession fears ahead.
- Insolvencies (AFCA): As at 1 June 2022, the AFCA had 2,447 open complaints involving 44 financial firms impacted by insolvency. It is estimated that consumer claims in these complaints total more than $376 million. The complaints have had to be paused because of the firms insolvency. In addition, there were 306 unpaid determinations associated with 28 insolvent firms, involving awards totaling an estimated $14.7 million. Interesting, no doubt, but it is hard not to read into this media release as dog whistling to the newly installed red team to get the Compensation Scheme of Last Resort (which by facilitates the payment of compensation to eligible consumers who have received a determination for compensation from the AFCA which remains unpaid) back on track. The legislation has stalled in Parliament, given it crossed over the election. One would prefer AFCA stick to its knitting, rather than continue its policy advocacy.
- Reprimands & Warnings (ASIC): The requirement for ASIC to give warnings and reprimands to financial advisers in specified circumstances was introduced by the Financial Sector Reform (Hayne Royal Commission Response Better Advice) Act 2021. ASIC has released Information Sheet 270: Warnings and Reprimands (INFO 270) which explains:
- what warnings and reprimands are;
- when ASIC will give a warning or reprimand;
- how ASIC will communicate the giving of a warning or reprimand;
- when and to whom ASIC will provide procedural fairness before giving a warning or reprimand; and
- the advisers right of review of ASICs decision to give a warning or reprimand.
In the examples given, ASIC will consider a warning or reprimand where a financial adviser has, at least twice, been linked to a refusal or failure to give effect to a determination made by AFCA.
- Breach Reporting (ASIC): A broad ranging speech given by Joe Longo after his first year in office, which contains some great insights into the direction and focus of ASIC under his stewardship. In particular, wanting ASIC “to be ambitious and confident in discharging its regulatory and enforcement responsibilities, to serve and advance the public interest.” One matter caught my eye in the speech my top read for the week on breach reporting. There was some interesting discussion on the regulation of crypto assets at the end, though more academic than anything else. ASIC has apparently received over 10,000 submissions through its regulatory portal since October 2021, and expects the number of licensees reporting to increase over time. Mr. Longo also notes some industry groups have raised concerns with Treasury about the legislative policy settings for the breach reporting regime (Gadens included!). Mr Longo has stated that it is ultimately an issue for Government, which is somewhat disappointing. That is technically correct, sure, though ASIC would have a lot of sway in taking the position that the policy setting is not calibrated correctly (which is the case as per our independent research).
Thoughts for the week: The trilemma of regulation, according to Chris Brummer & Yesha Yadav, Fintech and the Innovation Trilemma, Georgetown Law Journal, vol. 107, 235:
When seeking to provide clear rules, maintain market integrity, and encourage financial innovation, regulators have long been able to achieve, at best, only two out of these three goals. That is, if regulators prioritise market safety and clear rulemaking, they do so through broad prohibitions, invariably inhibiting financial innovation. Alternatively, if regulators wish to encourage innovation and provide rules clarity, they must do so in ways that ultimately result in simple, low-intensity regulatory frameworks, increasing risks to market integrity and consumers. Finally, if regulators look to enable innovation and promote market integrity, they must do so through a complex matrix of rules and exemptions, raising compliance costs and disproportionately impacting smaller firms and upstarts.
Which way will crypto regulation go? For my part, hopefully not one which stifles innovation…