Australian regulators weekly wrap — Monday, 25 October 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Blockchain (Senate): the Senate Select Committee on Australia as a Technology and Financial Centre has released its final report. There are some exciting recommendations — read them here (my top read for the week)— including: 1) establishing a market licensing regime for Digital Currency Exchanges, including capital adequacy, auditing and responsible person tests under the Treasury portfolio; 2) establishing a new Decentralised Autonomous Organisation company structure; 3) establishing a custody or depository regime for digital assets with minimum standards under the Treasury portfolio; 4) undertaking a token mapping exercise to determine the best way to characterise the various types of digital asset tokens in Australia; and 5) having the Anti-Money Laundering and Counter-Terrorism Financing regulations clarified to ensure they are fit for purpose, and do not undermine innovation. These recommendations are innovative and sensible in my view, and will assist Australia is becoming a blockchain leader if it fully embraces them — fingers crossed!
  2. CPS 511 (APRA): CPS 511, which comes into effect from 1 January 2023, is designed to strengthen remuneration practices across all APRA-regulated entities. It introduces heightened requirements on remuneration and accountability aimed at creating more balanced incentive structures, promoting financial resilience and supporting better outcomes for customers. (It needs to be linked with FAR, which it is currently not consistent with — but that is a whole other issue.) The final Prudential Practice Guide CPG 511 Remuneration has been released by APRA and sets out guidance and examples for: strengthening incentives for individuals to prudently manage the risks they are responsible for; implementing appropriate consequences for poor risk outcomes; and, improving oversight, transparency and accountability on remuneration. If you haven’t already, start thinking about CPS 511 implementation now as it is going to be a big one across 2022!
  3. Advice sector and compensation (AFCA): the draft Compensation Scheme of Last Resort (CSLR) legislation is coming out soon. It will facilitate the payment of limited compensation to eligible consumers who have received a determination for compensation from the AFCA which remains unpaid. The currently proposed scope of the CSLR treats complaints about losses arising from the sale, distribution and operation of managed investment schemes and financial products and the provision of financial advice differently. In response, AFCA intends to provide clarity to the advice sector and consumers on how it currently deals with and categorises these complaints. The tricky issue is determining which financial firm is responsible i.e. the issuer or the adviser (both of whom need an AFSL) for responding to a particular type of complaint and where the responsibility may lie for specific conduct. AFCA will be issuing an interim fact sheet and consulting with relevant stakeholders, including the financial advice industry, about a more formal approach document soon.
  4. AGMs and electronic executions (Treasury): whatever your politics, it is clear Treasurer Frydenberg’s Treasury is a hard working one! The Government has introduced into parliament the The Corporations Amendment (Meetings and Documents) Bill 2021 which will permanently allow companies to use technology to meet regulatory requirements under the legislationMore particularly, it will allow companies and registered schemes to hold virtual meetings, distribute meeting‑related materials and validly execute documents. These reforms build on recently renewed temporary relief, which will remain in place until 31 March 2022. A great development, now lets turn to electronic executions of documents!
  5. IAL (ASIC): ASIC has launched civil penalty proceedings in the Federal Court against Insurance Australia Limited (IAL), alleging that IAL engaged in misleading or deceptive conduct and made false or misleading representations to some NRMA Insurance customers by stating that customers were eligible for certain discounts on renewal of their home and motor insurance policies and then failing to apply those discounts. ASIC claims IAL increased the gross insurance premiums that would apply to those customers to ensure that their net premiums after the discounts did not fall below a certain level. As a result, the full discounts were not passed on to customers, and impacted NRMA Insurance renewals between March 2014 and November 2019 and affected at least 596,000 customers, in respect of 705,000 separate insurance policies, approximately 1,785,000 times. The affected customers did not receive promised discounts totaling around $60 million. A good case to watch, particularly as s. 12DA of the ASIC Act creates havoc for entities struggling under the new breach reporting regime…

Thought for the future: this month has been tricky navigating the new breach reporting regime —many more beaches are getting reported for ‘misleading & deceptive conduct’ and ‘material loss & damage (which is determined from the customers’ perspective). There is also a lot of confusion between ‘core’ and ‘deemed significant’ provisions, so this flow chart may assist AFSL and ACL holders navigating the new regime.

Australian regulators weekly wrap — Monday, 18 October 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. DI system (Treasury): the Federal Government has released an exposure draft of the Trusted Digital Identity BillIt elates to the expansion of the “DI System”, which facilitates the creation of Digital Identity for individuals and allows businesses to use it for approved verification purposes. A Digital Identity only needs to be created once, is voluntary and enables individuals to access various secure services online; it is current used for governmental services e.g. tax and medicare in MyGov. The draft legislation covers the expansion, maintenance and regulation of the DI System and puts two systems into effect: The Trusted Digital Identity Framework (TDIF) accreditation scheme — this covers providers of identity related services and stipulates the requirements for accreditation of entities, including in relation to privacy, fraud protection, security, and identity proofing; and, The trusted digital identity system — this is the current DI System and entities accredited under the TDIF accreditation scheme, and customers for the digital identity services, will be able to access it. There will be an independent oversight authority with responsibility for governing the two schemes, and which will be responsible for deciding which entities are allowed to be onboarded. In part, this will be based on a ‘fit and proper’ person test. It is an exciting development, and the possibilities are broad — from better AML / CTF compliance to fraud prevention to mortgage VOI compliance.
  2. Whistleblowing policies (ASIC): ASIC has written to a number of companies urging improvement in whistleblowing policies following a review it conducted. ASIC reviewed a select sample of whistleblower policies — 102 in total — and is concerned the majority of those policies did not fully address the relevant requirements. Its conclusion was that whistleblowers may not know how they are protected, or feel unsure about how to speak up. This could lead to entities missing opportunities to identify and address potential misconduct at an early stage, in addition to cross-stitching with other issue detection frameworks e.g. complaints handling. ASIC’s letter to companies: reminds entities of their obligation to have a whistleblower policy that reflects the strengthened whistleblower protection regime that started on 1 July 2019; identifies where policies in its sample fell short; and highlights what entities can do to improve their policies. ASIC said that it saw policies which: a) did not list all the categories of people to whom a whistleblower can report misconduct and qualify for protection under the Corporations Act — instead, some policies limited the information to the entities’ preferred reporting channels; b) inaccurately referred to obsolete requirements for whistleblowers to identify themselves or make disclosures in good faith or without malice in order to qualify for protection; c) and, omitted or inaccurately described one or more of the protections available to whistleblowers under the Corporations Act. All great insights!
  3. Ransomware plan (Home Affairs): the Minister for Home Affairs has unveiled a ‘new and comprehensive’ Ransomware Action Plan. Key aspects, from my review are that: a) there will be mandatory ransomware incident reporting to the Government — this will only apply to businesses with turnover exceeding $10 million per year; b) legislative reform to ensure law enforcement agencies can investigate and seize ransomware payments in cryptocurrency; c) a stand-alone offence for all forms of cyber extortion; criminalising the buying or selling of malware for the purposes of undertaking computer crimes; d) criminalising the act of dealing with stolen data knowingly obtained in the course of committing a separate criminal offence; and, an aggravated offence for cybercriminals seeking to target critical infrastructure. While the Plan is great – cyber crimes are on the rise, and many businesses are choosing to pay — the Plan to me seems to be more focused on imperfect cures rather than prevention…
  4. ASIC annual report (ASIC): ASIC’s latest annual report is out. Key highlights for me were — unsurprisingly — the focus ASIC has put into new RGs including new design and distribution obligations, breach reporting obligations and the deferred sales model for add-on insurance, which have come into effect recently. Secondly, ASIC has has also stressed that it has continued to build its enforcement capability, securing $189 million in civil penalties and increasing new criminal litigation by 28%. We are seeing that approach in full action currently and that is unlikely to change.
  5. Diversa (ASIC): ASIC has commenced civil penalty proceedings against Diversa Trustees Limited, a super trustee. It alleges that between March 2019 and December 2020, Diversa or its representatives: a) were aware that ASIC was investigating a business run by financial adviser Mr Nizi Bhandari for contraventions of the law; b) despite its knowledge of these matters, did not take adequate action and continued to allow Mr Bhandari to put clients into Diversa’s superannuation product; and c) continued to allow the payment of fees from the superannuation fund to Mr Bhandari. ASIC alleges that the OneVue company group acted on behalf of Diversa and facilitated Mr Bhandari putting clients into Diversa products. ASIC also alleges that Diversa did not act efficiently, honestly and fairly because it failed to provide proper oversight of the activities of OneVue nor take appropriate action regarding the activities of Mr Bhandari. Sharp stuff in my view — that is, the super trustee become aware of an ASIC investigation for a representative and should have taken action on that basis. It is further proof of ASIC’s focus on outsourcing, as it is the second case taken by ASIC against a professional trustee for conduct by outsourced service providers following enforcement action against Tidswell.

Thought for the future: ASIC’s review of WB policies and feedback is a great initiative, and hopefully we will see more of it. It gives excellent granular feedback on the corporate regulators’ focus and how to improve, outside of an enforcement process. Braithwaite’s regulatory pyramid in action!

Australian regulators weekly wrap — Monday, 11 October 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Breach reporting for ACLs (ASIC): ASIC has issued a consolidated update to credit licence holders who are dealing with the new breach reporting regime. It has noted that licensees should already be registered on the ASIC Registration Portal for their annual industry funding obligations. However, individuals responsible for submitting reportable situations on behalf of their licensee may need to create a portal account and be given access to the licensees they represent. ASIC has encouraged licensees to organise portal access for relevant employees as soon as possible. The portal’s frequently asked questions page has guidance on how to invite someone to connect to a licensee in the portal. ASIC has also given guidance to industry on how to comply, including updating Regulatory Guide 78 Breach reporting by AFS licensees and credit licenseesfrequently asked questions and information for submitting reportable situations to the ASIC Regulatory Portal.
  2. Interest rate buffers (APRA): the prudential regulator has increased the minimum interest rate buffer it expects banks to use when assessing the serviceability of home loan applications. APRA has told lenders it expects they will assess new borrowers’ ability to meet their loan repayments at an interest rate that is at least 3.0 percentage points above the loan product rate. This compares to a buffer of 2.5 percentage points that is commonly used by ADIs today. One to remember when designing RG 209 compliance frameworks. APRA’s letter is here.
  3. Royal commission reforms (Treasury): Treasury has noted the additional reforms which are now in operation, and matched them to Royal Commission reforms, including: 1) strengthening the unsolicited selling (anti-hawking) provisions, including for superannuation and insurance products, to prevent pressure selling to consumers (Recommendations 3.4 and 4.1); 2) introducing a deferred sales model for add-on insurance products, to promote informed purchasing decisions and prevent inappropriate sales of those products (Recommendation 4.3); 3) replacing the duty of disclosure regime with a duty to take reasonable care not to make a misrepresentation, ensuring valid claims cannot be declined for inadvertent failures to disclose information by consumers (Recommendation 4.5); 4) strengthening breach reporting requirements for financial service licensees in the Corporations Act 2001 and introducing a breach reporting regime for credit licensees under the National Consumer Credit Protection Act 2009 (Recommendation 1.6, 2.8, 2.9 and 7.2); 5) requiring Australian financial services and credit licensees to provide reference checks, ensuring consistent practices throughout the industry for sharing relevant employment information about financial advisers and mortgage brokers (Recommendation 2.7); and, 6) implementing the new DDO to help consumers obtain more appropriate financial products by requiring issuers of financial products to determine an appropriate target market for these products, followed by issuers and distributors being required to sell their products accordingly. We covered these ones in more detail in last week’s wrap. A big month ahead!
  4. Scams (ACCC): the ACCC is urging people to be extra vigilant about scams after Australians reported a record $211 million in losses to scams so far this year, an 89 per cent increase compared to the same period last year. The losses, reported between 1 January and 19 September, have already surpassed the $175.6 million reported to the ACCC’S Scamwatch across all of last year. Most of these losses are from phone based scams, which accounted for over $63.6 million (31 per cent) of the losses. Additionally, of the 213,000 reports that Scamwatch received so far this year, 113,000 were about phone scams. I have received more than a few of these myself!
  5. Class action returns (Treasury): the Government has released for consultation exposure draft legislation to set caps on the distribution of class action proceeds in proceedings involving a litigation funder. If progressed, the legislation would implement key recommendations of the Parliamentary Joint Committee on Corporations and Financial Services in its report on litigation funding and the regulation of the class action industry. Courts would be empowered to approve or vary the share of proceeds to which members of the scheme are entitled to ensure the distribution is fair and reasonable. In making this determination, courts would be supported by independent experts at the funder’s expense. The draft legislation would establish a rebuttable presumption that a return to the general members of a class action litigation funding scheme of less than 70 per cent of their gross proceeds is not fair and reasonable. Finally, the draft legislation would require plaintiffs to consent to become members to a class action litigation funding scheme before funders can impose their fees or commission on them. This will encourage ‘book building’, which has gone the way of the dinosaur recently given the preference for open class actions. Don’t expect partisan support on this one, and watch out for the fireworks ahead given the political, business/consumer and legal divides over this hot button issue.

Thoughts for the future: the challenge behind the new breach reporting regime is that any civil penalty provision / most criminal penalty provisions across any item of legislation in Australia are ‘deemed significant’ breaches which need to be reported (good luck trying to knock out a civil penalty breach on the basis it does not touch on a ‘core obligation’ e.g. ‘efficiently, honestly and fairly’) More information is set out in this short article we prepared. The difficulty is in identifying whether a particular issue —say an advertising mistake — is contradictory to one or more of these provisions, which means considering all of the potentially applicable legislation unless you have a tool (for those struggling with the new regime, we have created a platform to assist here.) I suspect the answer is a combination of more resources, more tech and more framework assets e.g. spreadsheets of civil penalties / obligations registers.

Australian regulators weekly wrap — Monday, 4 October 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

This week, to mark a big month in financial services regulatory regimes, we are confirming the key reforms which start this month.

  1. Breach reporting (ASIC): the new breach reporting obligations implement recommendations from the Financial Services Royal Commission, and are included in the Financial Sector Reform (Hayne Royal Commission Response) Act 2020. These obligations require AFSL and ACL holders to self-report specific matters to ASIC, and allow ASIC to detect non-compliance behaviours early and take action where appropriate. The primary shift under this new regime is to a more expansive scope of ‘reportable situations’ (i.e. matters that must immediately be reported to ASIC), and the introduction of ‘deemed significant breaches’. Largely gone will be the days of subjective assessments of ‘significance’ of a particular issue, with the decision of whether a matter is reportable to ASIC or not hinging on that assessment. There is far more prescriptive rigour around what is reportable to ASIC now. ‘Deemed significant’ breaches, which must be reported to ASIC irrespective of the number of customers affected, the quantum of loss, or broader impact to compliance frameworks, include: 1) breaches that constitute the commission of an offence and the commission of the offence is punishable on conviction by a penalty that may include imprisonment for three months or more if the offence involves dishonesty, or 12 months or more in any other case; 2) breaches of a civil penalty provision (if the provision is not exempted under the regulations; 3) for AC licensees, breaches that constitute a contravention of a key requirement under s111 of the National Credit Code; 4) breaches that amount to misleading or deceptive conduct; or 5) breaches that result, or are likely to result, in material loss or damage to clients. An obligation to report the breach to ASIC within 30 calendar days is automatically triggered if any ‘deemed significant breach’ occurs, such as conduct that amounts to contravention of a relevant civil penalty provision or commission of a relevant offence. More information is here and you can see a demo of our revamped breach reporting tool here.
  2. Anti-hawking (ASIC): there is a new general prohibition of offers to sell or issue financial products which are made in the course of, or because of, ‘unsolicited contact’. The general prohibition will apply to all kinds of financial products, including insurance. It does not apply to credit products e.g. home loans, although especial care needs to be taken as they are often bundled with financial products e.g. mortgage protection insurance. Unsolicited contact is any contact which is not in response to a member’s request and which is made by telephone, in face-to-face meetings or by any other form which creates an expectation of an immediate response. Contact is not unsolicited contact if it is response to a positive, clear and informed member request and it relates to a financial product which the member has specifically requested or which a reasonable person would consider to be reasonably within the scope of the request. The hawking laws also give customers the power to specify how they can be contacted and withdraw or vary a request at any time, meaning that member has full control over the form of the contact and can stop the contact from continuing if they are no longer interested in the relevant financial product or no longer wish to be contacted for any other reason. For more detail, please see the regulatory guide here. (Firms should also not forget about the deferred add-on insurance regime, which also commence in October 2021. The deferred sales model introduces a mandatory four-day pause between the sale of a principal product or service and the sale of add-on insurance. You can read more here.)
  3. Design & distribution (ASIC): the DDO regime will affect almost every part of the financial services industry, from banks, credit provides, superannuation providers and insurers. The regime imposes obligations on issuers and distributors in relation to the design and distribution of retail financial products. Issuers of financial products must: • make publicly available target market determinations in relation to retail financial products; • review the target market determination as required to ensure it remains appropriate; • keep records of the person’s decision in relation to the new regime; and • notify ASIC of any significant dealings in a product that are not consistent with the product’s target market determination. Distributors of financial products are obliged to: • not engage in retail product distribution of a product without a target market determination; • not engage in retail product distribution of a product where a target market determination may no longer be appropriate; • take reasonable steps so that retail product distribution conduct is consistent with the target market determination; • collect information specified by the issuer and complaints related to a product and provide both to the issuer; and • notify the issuer of a product of any significant dealings in the product that are not consistent with the products target market determination. ASIC will have powers to enforce the DDO regime, including the powers to request necessary information and issue stop orders to prohibit specified conduct in relation to financial products. ASIC will also be able to utilise its product intervention powers when a financial product is likely to result in significant consumer detriment. There are also civil and criminal penalties that apply to the contravention of the regime. For more detail, please see here.
  4. Complaints (ASIC): under the new RG 271, the very broad definition of ‘complaint’ set out in AS/NZS 10002:2014 is adopted: “[An expression] of dissatisfaction made to or about an organization, related to its products, services, staff or the handling of a complaint, where a response or resolution is explicitly or implicitly expected or legally required.” Under this definition, the following expressions of dissatisfaction are complaints· posts on a social media channel or account owned or controlled by the financial firm that is the subject of the post, where the author is both identifiable and contactable, and complaints about a matter that is the subject of an existing remediation program or about the remediation program itself. ASIC’s new internal complaints handling mechanism, which needs to be cross-stitched to the new breach reporting regime: 1) introduces reduced timeframes for responding to complaints, including superannuation complaints e.g. 24 hours to acknowledge a complaint; 2) sets out what information firms must include in written IDR responses to allow consumers to decide whether to escalate their complaint; 3) sets new timeframe requirements for customer advocate reviews of appeals against IDR decisions; and 4) gives guidance about how firms can deal with representatives who are not acting in consumers’ best interests. For more detail, you can go to the new regulatory guide here.
  5. Reference checking (ASIC): the Financial Sector Reform (Hayne Royal Commission Response) Act 2020 introduces obligations on AFS licensees and Credit licensees to comply with an ASIC Protocol in relation to reference checking. The ASIC Protocol sets out obligations for licensees to undertake a reference check and share information on an individual seeking to be employed or authorised as a financial adviser or mortgage broker. The requirement requires sharing about the performance history of financial advisers and mortgage brokers — focusing on compliance, conduct and risk management. You can access the ASIC Protocol here.

Thought for the future: October will be a ‘pitiless’ month for licensees (I am sticking with my AFR language). For clients and potential clients reading this and thinking ‘I am not ready’; my firm’s practice group has a wealth of precedential material e.g. policies, procedures and controls built up over the last 6 + months. I appreciate that there is a great deal on, so please do reach out if we can help you expedite your compliance!

Australian regulators weekly wrap — Monday, 27 September 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Anti-hawking provision (ASIC): ASIC has finally released its guidance (RG 38) setting out its expectations on the the hawking provisions in s992A and 992AA of the Corporations Act 2001 (Cth). Under these hawking prohibitions, a person must not, in the course of, or because of, an unsolicited contact with a retail client: offer financial products for issue or sale; or, request or invite the client to ask or apply for financial products. Working out what constitutes an unsolicited contact is harder than it appears, as it could be contact by telephone, face-to-face, or any other real-time interaction in the nature of a discussion or conversation to which the consumer did not consent. The guide explains how to comply with the hawking prohibition contained in s992A, and does contain a lot of useful clarifications. For example, the prohibition in s992A(1) applies to the making of offers, requests or invitations, not to the sale or issue that may result. It is not a defence that a consumer had or was given time after an offer, request or invitation to consider whether to proceed, nor that the consumer was ultimately not issued or sold the product. For those organisations affected e.g. lenders who also offer insurance products, now is the time to start to work on those anti-hawking policies.
  2. Financial advisers (ASIC): ASIC Chair Joe Longo has delivered a speech in which he has acknowledged the challenges facing financial advisers, and that the unmet financial advice needs of Australians. Without delving into the detail of financial advisers’ express challenges (of which I am very empathetic, as there are many!) and ASIC’s role (which is fairly well known) what took my interest is: 1) the focus ASIC intends to take in this area from a proactive standpoint i.e. not just enforcement; and 2) some of the areas it will be looking to improve in. For example, Mr Longo said: “We’re looking at creating a Financial Adviser Hub on our website so the relevant content is easier for you to find. We’re also looking at adding extra guidance in the form of an example Statement of Advice, and an Information Sheet about Records of Advice.” It is a positive change of tone for a critical Australian industry that has been badly scarred in recent years.
  3. Policy agenda (APRA): the prudential regulator has released a letter providing an updated schedule of policy priorities for the remainder of 2021. It has said that its decision to reprioritise its annual policy agenda, released back in February 2021, intends to enable APRA-regulated entities to focus on implementing key policy reforms, as well as managing the impacts of COVID-19. The finalisation of climate risk and operational resilience guides are probably the biggest ones which I espied.
  4. Insurance in super (APRA): APRA is updating SPS 250 Insurance in Superannuation (SPS 250) and draft Prudential Practice Guide SPG 250 Insurance in Superannuation (SPG 250) to respond to concerns raised in the Hayne Royal Commission concern super fund meeting their obligations to prudently select, monitor and manage insurers. It intends to issue the final standard and guidance in the coming months, with the revised SPS 250 will be effective from 1 July 2022. For now, it has set out its expectations in a letter to the industry. There are three key elements: 1) in addition to maintaining the requirement for independent certification for related party insurance arrangements, APRA intends to include a provision in SPS 250 for APRA to require an RSE licensee to obtain an independent certification; 2) APRA intends to require that RSE licensees’ insurance management frameworks include consideration of any contractual terms and business practices that may indicate conflicts and/or ‘priority and privilege’; and 3)APRA intends to require RSE licensees to consider whether any ‘priority and privilege’ provisions in insurance arrangements are affecting the insurance outcomes for members. You can read the full letter here.
  5. Privacy: Australian information access commissioners and ombudsmen have published an authoritative statement to promote the proactive release of information. They have been designed to target government agencies to encourage and authorise the proactive release of information and promote open government, citing ‘inconsistent levels of access to valuable and important information from government. This is particularly evident in the differences in proactive release of information between jurisdictions’. Some of the key principles include ‘information held by government and public institutions is a public resource’ and ‘a culture of transparency within government is everyone’s responsibility’. My top read for the week – and an initiative I thoroughly agree with — you can read the statement here.

Thought for the week: APRA and ASIC are very consistent with their media releases. AUSTRAC’s last media release was on 17 August 2021. I understand it is a smaller regulator, with less resources, but given the high focus on AML/CTF at the moment and the complexity of the regulatory system it oversees, my sense is that we should expect a little more engagement!

Australian regulators weekly wrap — Monday, 20 September 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Licensing update (ASIC): ASIC has released a report outlining key issues, new and proposed changes to its licensing processes, and other work it has undertaken that affects licensees. Between July 2020 and June 2021, ASIC received 1,883 AFSL and ACL applications (an increase from 1,346 the previous year). The increase was mainly due to the licensing reforms relating to insurance claims handling and debt management services. AFSL applications alone were up 40%. ASIC approved 458 new AFSLs and ACLs (compared to 394 last year). ASIC also approved 537 variation applications by existing licensees (the same as last year). In addition to AFS and credit licence approvals, 391 AFS and ACL applications were withdrawn or rejected for lodgement, one was refused, 563 licences were cancelled and 23 suspended. My top read for the week for practitioners in the licensing space (we have done / are doing about 20 ourselves in 2021), you can read the report here.
  2. BBSW securities (RBA): the Reserve Bank is introducing new eligibility criteria for securities to be accepted as collateral in the Reserve Bank’s market operations. Floating rate notes and marketed asset-backed securities issued on or after 1 December 2022 that reference BBSW must include robust fallback provisions. All self-securitisations, regardless of the date of issue, must include robust fallback provisions. Eligibility criteria for FRNs and marketed asset-backed securities issued before 1 December 2022 are unchanged. However, issuers should consider including robust fallbacks for such securities, depending on their length of time to maturity, as a matter of prudent risk management. More detail is here, and this will come as no surprise — ASIC and APRA have been banging the drum about the change over from BBSW from quite some time now.
  3. Design & distribution (ASIC): ASIC has released additional information for advice licensees and financial advisers who are authorised representatives to help them prepare for the commencement of the design and distribution obligations on 5 October 2021. The fact sheet is here, and contains quite useful summarised information which complements RG 274. For example, it clarifies that advice licensees and financial advisers are exempt from meeting the reasonable steps obligation when providing personal advice but not when providing general advice. The exemption from the reasonable steps obligation applies when personal advice is provided because, in these circumstances, the adviser is providing advice tailored to the consumer’s individual circumstances. Given the amount of TMDS that financial advisers (and credit reps) will be receiving at the moment from issuers, the distilled information is quite timely.
  4. Criminal actions (ASIC): the corporate regulator has brought criminal charges against CBA, for the mis-selling of consumer credit insurance. The charges relate to allegations that between 2011 and 2015, CBA made false or misleading representations to customers that the insurance policies had uses or benefits to those customers when part or all the benefits were not available. It has also brought criminal charges against ME bank, again for misleading & deceptive. The charges relate to letters issued by ME Bank to home loan customers between September 2016 and September 2018, which ASIC alleges made false and misleading representations about: customers’ relevant annual interest rates; and/or, the minimum repayment to be paid after the fixed-rate period expired; and/or the minimum repayment to be paid after the interest-only rate period expired. ASIC also alleges that, between December 2016 and February 2018, ME Bank failed to give written notice to home loan customers that their annual interest rates and minimum repayment amounts were changing after their interest-only rate and/or fixed-rate period expired. The actions are notable for the fact that ASIC considers it can satisfy the higher burden of proof require to maintain criminal charges, and the aggressiveness — such litigation is rare. Somewhat ominous as well given the new breach reporting regime commencing in October specifically makes misleading & deceptive conduct a ‘deemed significant’ breach. For more detail, read here.
  5. Tax treaties (Treasury): the Government will expand Australia’s tax treaty network to enter into 10 new and updated tax treaties by 2023, building on Australia’s existing network of 45 bilateral tax treaties. The aim is to improve tax system integrity through the establishment of a bilateral framework of cooperation on the prevention of tax evasion, the collection of tax debts and rules to address tax avoidance, and is supposed to cover about 80% of foreign investment in Australia. Read this as another of Treasury’s interventions, together with insolvency reform, and attempts to roll back onerous responsible lending regulation on the credit sector to improve Australia’s economic bounce back from COVID-19. Consultation is open until 31 October 2021.

Thought for the future: the US regulatory system is, from one perspective, clever insofar as it uses industry itself to assist regulators. An example is paying whistleblowers for successful outcomes. The Securities and Exchange Commission said the total amount of payouts made to whistleblowers had topped $1 billion after the financial watchdog issued its second-largest ever award to a person for flagging wrongdoing — one person this week was paid a combined $110 million for information and assistance that led to successful enforcement actions by the SEC and other entities. Australia has considered, but rejected this route. It has, however, included a ‘dobbing’ obligation under the new enhanced breach reporting regime commencing in October 2021. That is, AFSL and ACL holders are required to report breaches about other licence holders to ASIC. It will be very new for us, and I suspect quite culturally challenging — especially, for multi AFSL and ACL organisations.Liam Hennessy

Australian regulators weekly wrap — Monday, 13 September 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Breach reporting (ASIC): the corporate regulator has released the new RG 78 to apply from 1 October 2021 for the new breach reporting regime. The primary shift under this new regime, which applies to both AFSL and ACL holders, is to a more expansive scope of ‘reportable situations’ (i.e. matters that must immediately be reported to ASIC), and the introduction of ‘deemed significant breaches’. Largely gone will be the days of subjective assessments of ‘significance’ of a particular issue, with the decision of whether a matter is reportable to ASIC or not hinging on that assessment. There is far more prescriptive rigour around what is reportable to ASIC now. The new RG 78 explains: what licensee holders must report to ASIC (see Section B); when and how they must report to ASIC, including information about how ASIC deal with the reports we receive and the information we will publish about your reports (see Section C); and, ASIC’s expectations and guidance about compliance systems (see Section D). (The last one is particularly important, as ‘deemed significant breaches’ include a huge raft of civil penalties across legislation — my team has spent the last 6 months alone compiling them all!) It is a large guide, and does nothing to limit what will be an extremely onerous regime change — you can read a summary of the changes in this briefing here (my top read for the week).
  2. ASIC enforcement (ASIC): “We love litigation, say new ASIC chiefs” was the AFR heading on 3 September 2021. In the interview, ASIC Chair Joe Longo and Commissioner Sarah Court made very clear that: 1) they see significant challenges ahead of them in terms of enforcing compliance with the law — one of the more jarring sentences was that the depth of compliance problems in the financial services sector is “breathtaking”; and 2) they will be pushing more litigation from ASIC, albeit in more targeted areas. My read of all this is that we won’t see ASIC stray into policy-type decisions or cases (think responsible lending), which is consistent with the Treasurer’s direction to ASIC covered in the ARWW a fortnight ago, and we will see ASIC using more of the appreciable regime advantages it has been given to conduct more litigation. Think the penalties legislation of 2019 which made 912A an offence, mortgage brokers’ BID regime, new breach reporting regime and FAR in 2023. In effect, a more enforcement happy regulator, though with less of the big cases we saw under Tony D’Aloisio and to a lesser extent Shipton (not Medcraft).
  3. AML/CTF (AUSTRAC): the AML/CTF regulator released four new Australian banking sector money laundering and terrorism financing risk assessments. The four assessments examine the threats criminals pose to Australia’s major banks, other domestic banks, foreign subsidiary banks and foreign bank branches operating in Australia. A sobering read, AUSTRAC assesses the threat of ML/TF facing Australia’s major banks as high, and more importantly that that the major banks are subject to a high level of inherent ML/TF vulnerability. It is a fascinating read, which should prompt banks and non-bank lenders to revisit their AML / CTF policy, program and procedures. AUSTRAC had this to say: “Major banks have a mixed record of applying risk mitigation strategies. On one hand, major banks make significant investments to counter ML/TF risk, engage regularly with AUSTRAC, and some entities have undergone or are undergoing an uplift in their AML/CTF systems, controls and policies. On the other hand, there have been significant and systemic deficiencies detected in the subsector over recent years. Governance and assurance around AML/CTF compliance has been identified as a particular concern, and risk mitigation strategies are not always applied consistently across a reporting entity.”
  4. Safe harbour (Treasury) : In 2017, Parliament enacted the Treasury Laws Amendment (2017 Enterprise Incentives №2) Act 2017. The amendments introduced a safe harbour for company directors from personal liability for insolvent trading if the company is undertaking a restructure. As part of the 2021–22 Budget, the Government announced that it would commence an independent review into the insolvent trading safe harbour, to ensure that the safe harbour provisions remain fit for purpose and its benefits can extend to as many businesses as possible — the consultation has just been released, and closes on 1 October 2021. My sense, given how willing the Government is to kickstart the post COVID-19 economy by tinkering with insolvency law, is that the provisions will be expanded. Good news for debtors, and more challenges for creditors essentially!
  5. Climate assessment (APRA): the prudential regulator has published an information paper outlining the purpose, design and scope of the Climate Vulnerability Assessment (CVA) that is underway with Australia’s largest five banks. Along with its draft prudential guidance on climate risk, which closed for consultation on 31 July 2021, the CVA forms the bulk of APRA’s efforts to help its regulated entities understand and manage the financial risks associated with climate change. You can read the paper here, which sets out that the three key objectives of the CVA are to assess potential financial exposure to climate risk; to understand how banks may adjust business models and implement management actions in response to different scenarios; and to foster improvement in climate risk management capabilities. The report sets out the criteria it will be assessing, including the types of climate risks considered, scope (geographic and financial exposures) of the assessment, climate scenarios, and the timeframe.

Thought for the future: once you have your AFSL or ACL permissions, they are yours forever right? Perhaps not, if ASIC follows a UK FCA development. The FCA has new powers to remove a firm’s unused permissions from the Financial Services register more quickly. It says incorrect or outdated permissions on the Financial Services Register can mislead consumers about the level of protection offered by a firm or give credibility to a firm’s unregulated activities. One to watch in case it comes to Australia…

Australian regulators weekly wrap — Monday, 30 August 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Corporate plan (APRA): APRA has released its new corporate plan until 2025, focusing key action items to: 1) preserve the resilience of banks, insurers and superannuation funds, with a continuing focus on financial strength; cyber risks; governance, risk-culture, remuneration and accountability; and implementing the Government’s Your Future, Your Super reforms; 2) modernise the prudential architecture to ensure it is effective and accessible, less burdensome for entities, and more adaptable to the rapidly evolving financial sector; and, 3) better enable data-driven decision-making. There is some detail in there, for example around adopting the latest regulatory tools, techniques and practices in areas such as specialist regulatory services, enforcement actions, transparency and resolution. APRA’s updates always strike me as abstract and full of trendy compliance lingo to the point of unhelpfulness — they are getting better, though this update probably could have been greatly condensed.
  2. CPS 220 (APRA): APRA has released Prudential Practice Guide APG 220 Credit Risk Management (APG 220), which is new APRA guidance to assist ADIs in making prudent lending decisions and meeting their requirements under the new prudential standard, APS 220 Credit Risk Management. APS 220 requires an ADI to implement a credit risk management framework that is appropriate to its size, business mix and complexity. The framework must include a credit risk appetite statement, credit risk management strategy, credit risk policies and processes, a credit risk management function, a management information system and an independent review process. The key changes are around APRA’s expectations for: the role of the Board in managing credit risk, aligning with the requirements in APS 220; sound credit assessment and approval processes, including providing examples where some additional flexibility could be considered prudent; and, the use of automated valuation methods, including examples for the prudent development of scorecards and use of risk controls.
  3. Corporate Plan (ASIC): ASIC’s Corporate Plan 2021–25 outlines its priorities over the next four years. It is sharper than APRA’s in terms of practical detail, and outlines four strategic priorities: promoting economic recovery — including through better and more efficient regulation, facilitating innovation, and targeting regulatory and enforcement action to areas of greatest harm; reducing risk of harm to consumers exposed to poor product governance and design, and increased investment scam activity in a low-yield environment; supporting enhanced cyber resilience and cyber security among ASIC’s regulated population, in line with the whole-of-government commitment to mitigating cyber security risks; and, driving industry readiness and compliance with standards set by law reform initiatives (including the Financial Accountability Regime, reforms in superannuation and insurance, breach reporting, and the design and distribution obligations). The last one is absolutely critical. DDO and breach reporting come into effect in October 2021, and are going to be a large adaption for everyone in the industry.
  4. Unfair contract terms (Treasury): time to refresh those opinion letters, the Government is strengthening protections for consumers and small businesses against unfair contract terms through newly released draft exposure legislation; the wonderfully name Treasury Laws Amendment (Measures for a later sitting) Bill 2021: Unfair contract terms reforms. The draft make UCTs unlawful and give courts the power to impose a civil penalty; provide more flexible remedies to a court when it declares a contract term unfair by giving courts the power to determine an appropriate remedy, rather than the term being automatically void; providing that the remedies available for ‘non-party consumers’ also apply to ‘non-party small businesses’; and, creating a rebuttable presumption provision for UCTs used in similar circumstances; increase the eligibility threshold for the protections from less than 20 employees to less than 100 employees, and introduce an annual turnover threshold of less than $10 million as an alternative threshold for determining eligibility; and, removing the requirement for the upfront price payable under a contract to be below a certain threshold in order for the contract to be covered by the UCT protections. This is a big development, and escalates the risk around UCT provisions in financing and other contracts.
  5. Statement of intention (ASIC): the Treasurer has released a Statement of Expectations to ASIC. reading between the lines, stay away from policy making (don’t expect any more responsible-lending interventions) and stick to reform implementation and enforcement. It states that: “…the Government expects ASIC to contribute to the Government’s economic goals, including supporting Australia’s economic recovery from the COVID-19 pandemic and work closely with Government and Treasury on the implementation of policy reforms and in its exercise of policy-related functions.”

Thought for the future: one month to go between DDO, breach reporting and internal complaints handling commence. If you have not got your breach reporting frameworks (including ‘deemed obligations’ lists), TMDs and risk governance frameworks and RG 271, now is the time to start.

Australian regulators weekly wrap — Monday, 23 August 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. AUSTRAC portal (AUSTRAC): the AML / CTF regulator is seeking to update its portal. It has just released market feedback on user-expressed priorities, which include as key issues: the design of the suspicious matter reporting report and process (priority issue of 44% of responders); user Experience and User Interface navigation (priority issue of 32% of responders); guidance and support (priority issue of 28% of responders); and, the need for greater automation and introduction of an application programming interface (priority issue of 24% of responders). A really great initiative by AUSTRAC, I think the last is particularly important, and one that other regulators should revisit. I am specifically thinking of ASIC, given the number of breach reports it will be receiving come October…
  2. APRA statement (APRA): Wayne Byres gave an opening Opening Statement to Joint Standing Committee on Trade and Investment Growth last week. In it he outlined APRA’s role i.e. prudential supervision of specific financial institutions and promoting financial system stability in Australia and current focus on climate risk. Interestingly, however, he delved into detail on its approach, stating: “As we supervise financial institutions, APRA generally seeks to avoid overly prescriptive regulation, instead adopting a principles-based approach wherever possible. Given the diversity of institutions that we oversee, we believe a principles-based approach is more cost-effective, enables the application of regulation to be better tailored to individual circumstances, and reduces barriers to innovation.” That is undoubtedly correct, though work pointing out that as APRA/ASIC and other move more in the direction of principles-based regulation there will be increasing interpretational conflicts with the regulated population. See here for a run through the policy, academic and practical position.
  3. ASIC v BOQ (ASIC): the Federal Court has declared several terms within some Bank of Queensland (BoQ) small business contracts unfair. The Court found that the following terms were unfair: unilateral variation clauses which allowed BoQ to vary the terms and conditions of their contracts without giving borrowers advance notice or an opportunity to exit the contract without penalty; event of default clauses which allowed BoQ to unilaterally determine whether a default has occurred as well as call defaults based on events that do not present any material risk to BoQ and without giving borrowers an opportunity to address the issue; indemnification clauses which allowed BoQ to make a claim against a customer for losses caused by BoQ’s mistake, error or negligence; and conclusive evidence clauses which meant that if BoQ issued a certificate stating an amount owing by a customer, that amount would be assumed to be correct unless the customer could prove otherwise. The Court declared the unfair terms void from the start of the contracts and ordered that the unfair terms be replaced with new, fair terms agreed by the parties. The case follows a similar one against Adelaide & Bendigo Bank last year — there is a helpful table in this article to assist you (with the BoQ case) in navigating your loan document UCT reviews!
  4. Super funds (Treasury): Treasury has released a consultation on the financial and auditing requirements draft Bill for superannuation funds. The draft Bill will requires RSE licensees to: prepare and lodge financial reports for each financial year and half-year with ASIC; publish the financial report, directors’ report and auditor’s report for a financial year on the RSE’s website and provide details of how to access these reports with the notice of the annual members meeting; and, provide a copy of the financial reports for a financial year and half-year to members and beneficiaries on request. The draft Bill also amends the requirements for the auditor of an RSE, who will have obligations under both the Corporations Act 2001 and the Superannuation Industry (Supervision) Act 1993. These changes seek to ensure that the auditor, and in certain circumstances, audit firms and audit companies, are subject to stringent eligibility, reporting and independence requirements.
  5. Insolvency prosecutions (ASIC): between 1 January 2021 to 30 June 2021, ASIC prosecuted 124 people in relation to 224 contraventions of the Corporations Act 2001. Those prosecuted were involved in companies that went into liquidation and had registered liquidators appointed and mainly failed to response to information requests. ASIC took action following reports of misconduct being lodged by registered liquidators of the companies. This one surprised me (and perhaps a number of liquidators); ASIC has historically not focused too much on this area, but that all seems to have changed. A good thing in my view!

Thought for the future: following the UK FCA’s business interruption insurance test case, close to £1bn has been paid out to policyholders in interim and final settlements. The UK FCA has released the latest data, which can be accessed here. Noting the similar position in Australia under QBE’s test case, which the High Court recently rejected special leave appeal on (the lower Court of Appeal held that insurers were not able to rely on a policy exclusion which referred to the Quarantine Act 1908. This Act was repealed with the introduction of the new Biosecurity Act 2015), it is worth paying attention to the UK experience for insurers…

Australian regulators weekly wrap — Monday, 16 August 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

Never miss an update by signing up to receive emails here or by following me on LinkedIn here. You can also access past editions of the Australian regulators weekly wrap by clicking here.

  1. Breach reporting (Treasury): the Financial Services Sector Reform (Hayne Royal Commission Response — Breach Reporting and Remediation) Regulations 2021 was issued last week. It removes some — unfortunately not many — civil penalty provisions from the new AFSL breach reporting regime commencing in October 2021 (which we have spent the last 8 months compiling in a huge register). I have summarised them for you in the attached factsheet.
  2. ASIC approach (ASIC): Six reforms arising out of recommendations from the Royal Commission and other inquiries will commence in October. The new laws include design and distribution obligations, restrictions on the unsolicited selling of financial products (hawking), a deferred sales model for add-on insurance products, reference checking and information sharing requirements for financial advisers and brokers, and new requirements around how breaches are reported to ASIC and disputes are managed internally in firms. ASICs has now confirmed that it will adopt a transitional approach in terms of policy i.e. it will not immediately come down hard from an enforcement perspective. ASIC Chair Joe Longo has stated: “ASIC’s initial approach extends to technical or inadvertent breaches, where firms have systems changes underway and act quickly to address problems as they arise. However, where firms are not acting in good faith or where we detect conduct causing actual harm, we will not hesitate to enforce the law.”
  3. Electronic execution (Treasury): the Federal Government has just passed the Treasury Laws Amendment (2021 Measures №1) Bill 2021 (“the Bill”) to facilitate the electronic execution of documents under s127 of the Corporations Act 2001 (Cth). It provides that the fixing of a common seal can be witnessed electronically; a document in physical form may be signed using split execution; a director, secretary or witness may electronically sign a document (or a copy or counterpart of the document); and, a copy or counterpart need not include all signatures. I will be updating our master spreadsheet of the electronic executions laws across various jurisdictions, instruments and entities shortly — look out for that one shortly.
  4. Financial advisers disciplinary body (Treasury): the Financial Sector Reform (Hayne Royal Commission Response — Better Advice) Bill 2021 establishes a single disciplinary body for financial advisers and the requirement that all financial advisers who provide personal financial advice to retail clients be registered. It was introduced into Parliament on 24 June 2021. The Government has released a policy paper seeking feedback on two matters which will be included in regulations to support the single disciplinary body, being the circumstances when ASIC must convene the single disciplinary body to determine a disciplinary matter, and the types of administrative sanctions made against a financial adviser that must be included on the Financial Advisers’ Register. The consultation is open until 20 August 2021.
  5. FAR (Treasury): the consultation for the financial accountability regime has finalised. Hopefully, there will be a number of strong submissions pushing back on some of the more contentious aspects, including the breadth of the product accountability role, the double jeopardy elements and more detail around the interpretation to be applied to the obligations. You can read Gadens’ submission here.

Thought for the future: we are delivering a lot of DDO, breach reporting and FAR presentations at the moment, in preparation for October 2021. Do get in touch if you are interested in learning more!