Australian regulators weekly wrap — Monday, 2 May 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Breach reporting (Research): independent research commissioned by Gadens / Lawcadia on the enhanced AFSL / ACL breach reporting regime has been released this week. In summary, this research reveals: a marked increased in breach reporting for AFSL and ACL holders; a suggestion that ACL holders may be lagging behind AFSL holders in reporting; particular increases in breach reporting around misleading & deceptive conduct, and advice-related failures e.g. failure to provide a “general advice warning”widespread acceptance that changes were needed to how financial services organisations identified, assessed, and remediated breaches; broad agreement that the mandated approach is excessive; low level of confidence in the new breach reporting regime meeting its stated objectives, and in ASIC’s ability to administer the new regime effectively and fairly; significant increase in compliance and resourcing costs, and greater adoption of technology solutions to assist meeting obligations; a toll on mental health from a high level of stress and anxiety experienced by legal, risk and compliance professionals who are tasked with planning, implementing and administering the regulatory requirements. You can access the full report, together with the quantitative and qualitative data, here.
  2. Crypto schemes (APRA): the prudential regulator has set out in a letter its initial risk management expectations for all regulated entities that engage in activities associated with crypto-assets, and a policy roadmap for the period ahead. My top read for the week, the letter provides that it expects prudentially regulated entities to: 1) conduct appropriate due diligence and a comprehensive risk assessment before engaging in activities associated with crypto-assets; 2) consider the principles and requirements of Prudential Standard CPS 231 Outsourcing or Prudential Standard SPS 231 Outsourcing when relying on a third party in conducting activities involving crypto-assets; and 3) apply robust risk management controls, with clear accountabilities and relevant reporting to the Board on the key risks associated with new ventures. Fascinating, APRA has said that it plans to in 2022 — 2023: 1) consult on requirements for the prudential treatment of crypto-asset exposures in Australia for ADIs, following the conclusion of the Basel Committee’s current consultation; 2) progress new and revised requirements for operational risk management, covering control effectiveness, business continuity and service provider management. While these requirements will apply to the entirety of an entity’s operations, many will be directly relevant to the management of operational risks associated with crypto-asset activities; and 3) consider possible approaches to the prudential regulation of payment stablecoins. A fantastic development, and very sensible approach adopted by APRA.
  3. Data security (Government): the Government has released a discussion paper focusing on data security policy settings for state and territory governments, industry and the broader economy. The goal is to inform the National Data Security Action Plan’s direction, which aims to improve data security measures and close the gaps that exist in our data settings. The goal is to ensure that governments, businesses and communities are informed and resourced to protect their data, and strengthen security and build resilience in infrastructure that underpins our digital economy. The questions are broad ones, and set out at 29–32 of the paper e.g. “Does Australia need an explicit approach to data localisation”? Early stages for this one, though given the increase in cyber attacks the idea to collectively take Government and private industry on the journey in increasing our data protection settings is a good one. Between this, the SOCI legislation, and the consultation papers focusing on the uplift of the privacy legislation, informational treatment is going to be a defining feature of the regulatory landscape for this decade.
  4. Crypto-criminals (AUSTRAC): the AML / CTF regulator has released two new financial crime guides to help businesses stop ransomware attack payments and the criminal abuse of digital currencies. The guides contain practical information and indicators to help businesses identify and report if a payment could be related to ransomware attacks, or someone could be using digital currencies to commit serious crimes such as money laundering, scams, or terrorism financing e.g. use of chain-hopping — moving from one blockchain to another — in an apparent attempt to obfuscate source or destination of funds or multiple customer accounts are opened with either the same email address, phone number, IP address, residential address, postal address or on-boarding documents. The guide, which an easy read and quite useful , can be accessed here.
  5. Director sentiment (AICD): The Australian Institute of Company Directors’ latest Director Sentiment Index have set out that Directors identified cyber-crime and data security as the number one issue keeping them awake at night — no surprises here. According to the last research I read on the subject (Cost of a Data Breach Report 2021 — Australia | IBM), data breaches cost businesses an average of $3.9 million in 2021, an increase of over 30 per cent from 2020, and the highest average cost in the last 17 years. That is only likely to increase with the proliferation of data, increase in stringency of data protection laws and increase in bad actors seeking to fund activities / achieve nationalistic aims.

Thought for the future: I am very heartened to see APRA and AUSTRAC pragmatically embracing the place that crypto has in the future of our financial services system. Of course, the big game is over at Treasury in its consideration of the CASSPr licence (essentially a mutated AFSL) for crypto players. Getting that right is critical for the industry to thrive — submissions on that licence are due at the end of May 2022, and I’d encourage everyone to take part in shaping what will be a momentous change.

Australian regulators weekly wrap — Monday, 25 April 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Litigation funding schemes (ASIC): ASIC has extended the relief from certain dollar disclosures in PDSs for litigation funding schemes in ASIC Corporations (Disclosure in Dollars) Instrument 2016/767 until 1 October 2026. Relief has been extended by ASIC Corporations (Amendment) Instrument 2022/264. The theory is that public disclosure of some categories of information could provide a tactical advantage to opposing parties in class actions and may not be in the interests of scheme members, which makes sense.
  2. Central bank crypto currencies (BIS): emerging market economy central banks have increasingly engaged in projects related to central bank digital currencies (CBDCs). The stage of their engagement — research, pilot or launch — varies according to differences in country circumstances, including the availability of digital infrastructure, their focus among different policy objectives, and the attendant motivations and concerns. The Bank of International Settlements has released papers from the central banks of these economies which explored issues such as: the main objectives of introducing CBDCs; the guiding principles of CBDC design and data governance; challenges of CBDCs for monetary policy, financial intermediation and financial stability; the implications of CBDCs on financial inclusion; and the cross-border aspects of CBDCs. A fascinating read, the papers discuss the key motivations for CBDC issuance as well as the primary concerns. Achieving greater payment system efficiency is at the heart of these central banks’ motivations. They also place great emphasis on financial inclusion and are concerned about cyber security risks, potential bank disintermediation and cross-border spillovers.
  3. Fintech collaboration (Treasury): the Australian Treasury and the Monetary Authority of Singapore have signed the Australia-Singapore FinTech Bridge Agreement to strengthen cooperation between the FinTech ecosystems of both countries. The agreement sets out a framework deepen bilateral and multilateral cooperation on FinTech; support the mutual establishment of FinTechs looking to expand in each other’s markets; build on current engagements to strengthen linkages between Australia and Singapore for policy officials, regulators, and industry groups; explore joint innovation projects on emerging issues in FinTech to help the industry navigate through a constantly evolving space, to share information on emerging market trends, and to learn from the experiences in each jurisdiction. Interestingly, in relation to the last point, this includes collaboration in areas such as blockchain and distributed ledger technology, digital identities, cross-border data connectivity, data portability, and the application of FinTech to promote sustainable finance. Since Singapore is a leader in crypto, this can only be to Australia’s benefit.
  4. Compliance failures (ASIC): The Federal Court has ordered Westpac to pay penalties in the amount of $113 million for widespread compliance failures across multiple businesses. The six categories of matter against Westpac concern: 1) Fees for no service — deceased customers: Over a 10-year period, Westpac charged over $10.9 million in advice fees to over 11,800 deceased customers for financial advice services that were not provided due to their death; 2) General insurance: Westpac distributed duplicate insurance policies to over 7,000 customers for the same property at the same time, including 3,899 customers since 30 November 2015, causing customers to pay for two (or more) insurance policies where they had no need for the additional policies; 3) Inadequate fee disclosure: Westpac and related advice businesses charged ongoing contribution fees for financial advice to retail customers without disclosing, or properly disclosing those fees. Over eight years, at least 25,000 customer accounts were charged at least $10.6 million in fees that were not disclosed, or properly disclosed; 4) Deregistered company accounts: Westpac allowed approximately 21,000 deregistered company accounts, holding approximately $120 million in funds, to remain open and continued to charge fees on those accounts. Westpac allowed funds to be withdrawn from these accounts that should have been remitted to ASIC or the Commonwealth i.e. if they were trust property; 5) Debt onsale: Westpac sold consumer credit card and flexi-loan debt to debt purchasers with incorrect interest rates. These interest rates were higher than Westpac was contractually allowed to charge; and, 6) Insurance in super: Westpac subsidiary, BT Funds Management charged members insurance premiums that included commission payments, despite commissions having been banned under the FOFA reforms. A steep penalty, and a reminder of the importance of governace, risk and control frameworks in the aftermath of the Hayne Royal Commission…
  5. Challenger banks (FCA): a review by the UK FCA has found that UK challenger banks need to improve how they assess financial crime risk, with some failing to adequately check their customers’ income and occupation. In some instances, challenger banks did not have financial crime risk assessments in place for their customers. Challenger banks aim to compete with traditional high street banks using smarter technology and more up-to-date IT systems. Many are recent entrants to the UK financial markets, with online only business models and offering financial services through smartphone apps. The review, conducted over 2021, identified a rise in the number of AML/CTF Suspicious Activity Reports reported by challenger banks, raising concerns about the adequacy of these banks’ checks when taking on new customers. Interestingly, it also found some bright spots — for example, innovative use of technology to identify and verify customers at speed.

Thought for the future: not long now until ASIC first publicly reports on the number of breaches individual firms have made i.e. June 2022! I have spent the weekend looking through the independent research CoreData has put together from over 160 organisations on the numbers of breach reports, types of breach reports and other challenges the regime has thrown up in its first 6 months. For a copy of the report, sign up to the release webinar here on 28 April: https://www.lawcadia.com/blog/breach-reporting-in-australia

Australian regulators weekly wrap — Monday, 18 April 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Margin requirements (APRA): the prudential regulator has made amendments to Prudential Standard CPS 226 Margining and risk mitigation for non-centrally cleared derivatives , by adding the UK’s Prudential Regulation Authority and Financial Conduct Authority to the list of foreign regulators in Attachment D. A small, but important move — we need more equivalence between our financial services regulators in terms of international licensing!
  2. Financial crime guide (AUSTRAC): a new financial crime guide has been released to help organisations to detect and stop suspicious activity related to forced sexual servitude. This form of slavery represents around 30% of slavery cases in Australia, which is horrifying. The guide provides a comprehensive set of financial indicators to help businesses understand, identify and report suspicious financial activity to stop sexual slavery. Of note to me was the emphasis placed on the fact that financial analysis alone can make it difficult to differentiate between legal sex work and illegal sex work, and therefore needs to be used in conjunction with other indicators and information to define and detect the activity. You can read the guide here.
  3. Bankruptcy changes (AFSA): on 6 April 2022, the Attorney-General’s Department announced changes to both the Bankruptcy Regulations 2021 and the Insolvency Practice Rules 2016. Changes have been made to section 102 of the regulations which covers service of documents. The change now ensures documents required or permitted by the Act or the Regulations to be given, sent to, or served on a person can be sent electronically without the need for prior consent from the recipient. This change is effective immediately. There have been 22 amendments made to the rules which include: making trustee registration requirements more flexible introducing more efficiencies, transparency and certainty to creditor meetings; and, ensuring the rules are consistent with similar provisions in the Insolvency Practice Rules (Corporations) 2016. The rules commence on 5 July 2022.
  4. Electronic meetings / execution (Treasury): The Corporations Amendment (Meetings and Documents) Bill 2021 (Cth) has commenced. It amends the the Corporations Act to: permit electronic execution of documents (including deeds); allow for company meetings to be held either at a physical venue or through virtual meetings, or a hybrid combination of the two in select circumstances; and, enable the electronic distribution of meeting-related and ancillary documents. An overdue change, and a welcome one!
  5. AML Advisers (AUSTRAC): AUSTRAC has released updated guidance to help businesses seek advisers who are suitably qualified and experienced to provide products and services for your business. The guidance sets out a number of factors you should consider and address prior to engaging the services of an adviser. AUSTRAC has noted that it is not obligatory to hire an AML/CTF adviser, but if you do decide to engage the services of an adviser, make sure they are a good fit for your business. Interesting it also states “Remember: go for tailored, not off the rack.”

Thought for the future: AUSTRAC’s advice is excellent. AML/CTF is a very technical area of law, and there are big problems if it goes wrong. I do see a lot of churn and burn AML/CTF programs and advice out there, and wonder whether they are in client’s best interests…

Australian regulators weekly wrap — Monday, 11 April 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Capital adequacy (APRA): the prudential regulator has released for consultation the interim reporting standards that will accompany the updated capital adequacy and credit risk capital requirements for authorised deposit-taking institutions. It follows the release in November 2021 of APRA’s new bank capital framework, which was meant to align Australian standards with Basel III requirements. The letter is here, and ADIs can comment up until 7 June 2022.
  2. ‘Technology development (APRA): APRA Chair Wayne Byres gave a speech to the American Chamber of Commerce in Australia, on regulating the technological revolution in finance which was fascinating. He essentially accepted the rise and permanence of crypto currency, noting “Even central banks are conducting pilot exercises to test the use case for central bank digital currencies (CBDCs). Some countries — ranging from the Bahamas to China to Nigeria — have moved beyond pilots to general use…Evolution in the nature of money — from shells, to beads, to gold coins, to privately-issued bank notes, to central bank-issued bank notes, to the electronic bank deposits most of us use today — has in turn shaped how the entire financial system has evolved…CBDCs, digital currencies/stablecoins and crypto-assets have the potential to significantly reshape the financial system. However, there remains significant uncertainty over what a more digital and decentralised financial system will ultimately look like, which new types of money will gain prominence, which products and services will take off, and which will fade away as newer, better alternatives emerge.” I think it is the clearest statement that APRA has made on the subject yet, and was accompanied by the Chair’s views on regulatory design for the future, which he summarised as follows: 1) not charging ahead pretending we have the answers; 2) ensuring that the regulatory agenda is focused on consumer benefits as much as it is on harm prevention; and 3) by trying to work with some key principles for good regulatory design e.g. technology-neutral, utilising principles-based regulation wherever possible, and by working with a whole-of-system perspective. I can cavil with the zeitgeist of principles-based regulation, though I don’t want to take away from what is a insightful, heartening and wholly timely speech. Bravo!
  3. Modern slavery (ABA): the Australian Banking Association has released its first edition working paper on Modern Slavery, bringing together member banks’ knowledge of modern slavery practices in Australia. The first edition working paper focuses on the construction and agriculture sectors and seeks to provide a point of reference for banks to operationalise modern slavery risk identification and management. There are some very helpful case studies in here which assist in highlighting the issues which can arise e.g. a ‘workers as consumers’ business model is where an intermediary creates revenue by charging workers excessive fees for ancillary products and services, such as accommodation, transportation, and equipment. You can read the report here.
  4. Takeovers panel (Treasury): this time last year, the Government announced that it would consult on expanding the role of the Takeovers Panel in control transactions, including potentially giving advance rulings and expanding the Panel’s remit to include members’ schemes of arrangement, with an aim of reducing the time and costs of mergers and acquisitions. In Australia, one of two control transaction processes is typically used to effect a change in corporate control. The first is a takeover bid, governed by the Takeover Rules in Chapter 6 of the Corporations Act 2001 (CA)(this is driven by the bidder, and used in hostile takeovers). The second is the implementation of a scheme of arrangement, a court-approved regime governed by Chapter 5 of the CA (this is drive by the target). As takeover bids can be hostile, with the target company subject to multiple competing takeover bids, disputes often arise. Disputes which arise during the takeover period are heard by the Takeovers Panel, which is a peer review dispute resolution body composed of members with expertise in mergers and acquisitions. Its primary power is to make a declaration of ‘unacceptable circumstances’ to protect the rights of persons or groups (especially shareholders of the target company). Treasury has just released a consultation paper seeking feedback on: the operation of takeovers and schemes generally, and whether they are meeting the broader policy objectives in respect of control transactions in Australian law; the role of the Takeovers Panel and ASIC in regulating takeovers generally; and, the role of the Court, the Takeovers Panel, and ASIC in regulating schemes general. The CP is here, and is open for consultation until June 2022 — giving more powers to the Takeovers Panel is certainly a sensible move in my book, given the speed and efficacy with which it can operate.
  5. SLACIP Act (Parliament): the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) has been passed, and . implements key elements of the Australia’s revised critical infrastructure framework, by seeking to: introduce an obligation for entities responsible for critical infrastructure assets to implement a critical infrastructure risk management program; and, impose enhanced cyber security obligations on entities responsible for critical infrastructure assets which are declared by the Minister of Home Affairs to be ‘systems of national significance’ . It is the second half of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 (SOCI Bill), which was ultimately split into the SLACIP Act and first piece of legislation — the Security Legislation Amendment (Critical Infrastructure) Act 2021 (SLACI Act). A massive uplift to Australia’s cyber security laws, you can read more about these items of legislation in this update here.

Thought for the future: ASIC has multiple tough jobs, and one of them is licensing market participants with AFSLs and ACLs. When it allegedly gets that wrong, for example by not establishing someone is of ‘good fame and character’ it can expose the regulator to criticism and financial claims as this article in the Guardian shows. That is why it is critical, when dealing with licensing with the regulator, to get it right the first time. Delays, increased requisitions and potentially refusal can follow if not….

Australian regulators weekly wrap — Monday, 28 March 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

Never miss an update by signing up to receive emails here or by following me on LinkedIn here. You can also access past editions of the Australian regulators weekly wrap by clicking here.

  1. Crypto regulation (Treasury): the Treasury has released its consultation paper on Crypto asset secondary service providers: Licensing and custody requirements (Consultation Paper) raising 32 consultation questions in relation to crypto licensing and custody requirements. The Consultation Paper fulfils the government’s December 2021 commitment in its ‘Transforming Australia’s Payment System’ report, to develop a licensing and custody regime for digital assets, with advice to be provided to Government on policy by mid-2022. The Consultation Paper looks at proposals for a licensing regime for crypto asset secondary service providers (CASSPrs), custody obligations to safeguard private keys and seeks early views on the classification of crypto assets. CASSPrs will be: entirely separate to the AFSL regime; overlap with the key AFSL licensing obligations under s. 912A of the Corporations Act e..g ‘efficiently, honestly and fairly’; include a various recent Corporation Act obligations which sit outside the general licensing regime e.g. anti-hawking; and, adds some weird other thought bubbles, which seem like they have come from the ACCC’s battles with social media platforms e.g. obligation to respond to scams in a timely matter. In my view straight crypto shouldn’t be regulated as a financial product — at least on to this degree since is it broadly analogous to currency (FX providers trading spot do not need an AFSL)— expect me to say more on this in Gadens’ response to the consultation paper. There is so much to cover in this consequential paper, that I can only recommend you read it in full or our detailed article over on it here.
  2. Managed funds (ASIC): ASIC has commenced a surveillance into the marketing of managed funds, to identify the use of misleading performance and risk representations in promotional material. ASIC is scrutinising traditional and digital media marketing of funds, including search engine advertising, targeting retail investors and potentially unsophisticated wholesale investors, such as some retirees. ASIC has stated that it is concerned that, in the current highly volatile and low-yield environment, consumers seeking reliable or high returns are being misled about the performance and risks of the funds they are investing in.
  3. Safe harbour (Treasury): Treasury has released the final report of the Review of the insolvent trading safe harbour. The report concludes that the safe harbour protections offer considerable assistance in encouraging an active turnaround market, particularly for larger companies. However, the the report highlighted concerns as to the relevance and applicability of the safe harbour (and, indeed, the underlying prohibition on insolvent trading) to the SME market. It also recommends a holistic review of the insolvency regime, which I am all for — we are far less agile than our American cousins in this space.
  4. Finfluencers (ASIC): ASIC has published an information sheet about discussing financial products and services online. It outlines how the law applies to social media influencers, and the licensees who use them. In 2021, the ASIC young people and money survey found that 33% of 18–21 year olds follow at least one financial influencer on social media. The survey found a further 64% of young people reported changing at least one of their financial behaviours as a result of following a financial influencer. A timely and prudent update then, ASIC’s information sheet highlights activities where influencers may contravene the law if they are unaware of the legal requirements e.g. general advice; explains issues for influencers to consider e.g. whether an AFS licence is needed; and, reminds AFS licensees who use influencers to undertake the same governance and oversight they would for any other AR. e.g. DDO.
  5. Disinformation laws (Parliament): the Government will introduce legislation this year in an effort to combat harmful disinformation and misinformation online. The legislation will provide the Australian Communications and Media Authority (ACMA) with new regulatory powers to hold tech companies to account for harmful content on their platforms. ACMA will be given new information-gathering powers to incentivise greater platform transparency and improve access to Australia-specific data on the effectiveness of measures to address disinformation and misinformation. In addition, ACMA will be given reserve powers to register and enforce industry codes or make industry standards. A Misinformation and Disinformation Action Group will be established, bringing together key stakeholders across government and the private sector to collaborate and share information on emerging issues and best practice responses. All very interesting, though slightly Orwellian sounding stuff. As always, the devil will be in the detail here…

Thought for the future: for crypto and CASSPRs, how does the creation of an entirely new complicated licence regime to be housed within the Corporations Act 2001 (Cth) fit in with the ALRC’s simplification mandate!

Australian regulators weekly wrap — Monday, 21 March 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. CDR extension (Treasury): in January 2022, the Government announced that the Consumer Data Right (CDR) would expand to ‘Open Finance’ as the next sector to be assessed. A massive step for the financial services industry, phase 1 of Open Finance will include the assessment and designation of the non-bank lending sector, merchant acquiring services, and key datasets in the general insurance and superannuation sectors. Treasury has just released a consultation paper which invites feedback on the proposal to expand CDR to non-bank lending for the purpose of informing Treasury’s sectoral assessment report. A broad consultation paper, which does not have too much specifics beyond outlining the benefits of ‘open finance’, it is open for consultation under 12 April 2022.
  2. Financial advice review (Treasury): the Government is undertaking a review into the quality of financial advice. The review is designed to presents an opportunity to assess how the regulatory framework could deliver better outcomes for consumers. Amongst other things, the review will investigate: whether there are opportunities to streamline and simplify regulatory compliance to reduce costs and duplication; how to improve the clarity and availability of documents provided to consumers; and, whether parts of the regulatory framework have created unintended consequences. A report will be provided to the Government by 16 December 2022, and here’s hoping that it will contain some recommendations which help to rehabilitate a severely battered industry!
  3. CCIV (ASIC): ASIC has released a consultation paper seeking industry feedback on its proposed licensing requirements for corporate collective investment vehicles. The licensing requirements will come into effect on 1 July 2022 when the CCIV regime commences — you can learn more about CCIVs, the new challenger to MIS regime, in this article here. CP 360 contains proposals on a range of licensing-related matters, including how ASIC will: assess AFSL applications from corporate directors seeking to operate a CCIV; assess AFS licence applications from persons seeking to provide financial product advice on and/or deal in CCIV securities, and, administer the licensee obligations that will apply to CCIV corporate directors. Overall, the positions taken by ASICare sensible and seek to reduce the licensing burden. For example, AFS licensees will not have to apply to ASIC for a licence variation to provide financial product advice on and/or deal in CCIV securities if: they are licensed to provide financial product advice on and/or deal in securities, since their AFS licence already covers ‘securities’; and, they are licensed to provide financial product advice on and/or deal in ‘interests in managed investment schemes’, and consent to an ASIC initiated licence variation to include ‘securities in a CCIV’. Easily my top read for the week, submissions on CP 360 from close on 14 April 2022.!
  4. Reinsurance (APRA): APRA has released an updated prudential standard to manage risks associated with the growing use of offshore reinsurers by Australian life insurers due to commence from 1 July 2023. APRA now intends to amend LPS 117 to include limits on the recognition of eligible collateral, guarantees and letters of credit as risk mitigants in respect of APRA-approved affiliated offshore reinsurers. The revised LPS 117 includes a reduction in the minimum term for letters of credit to three years from five years. This minimum term must be met in order to be recognised as a risk mitigant for capital purposes.
  5. Market integrity rules (ASIC): ASIC has introduced new market integrity rules aimed at promoting the technological and operational resilience of securities and futures market operators and participants. The new technological and operational resilience rules that apply from 10 March 2023 relate to: change management; outsourcing; information security; business continuity planning; governance and resourcing, and trading controls (market operators only).

Thought for the future: the proposed review of trailing commissions for mortgage brokers that came after the Hayne Royal Commission will not go ahead, as the government said there was no systemic evidence of broker misconduct or consumer detriment stemming from the current remuneration structure. A good move in my view — Commissioner Hayne had some good, some neutral and some bad ideas and the sooner policymakers accept that the better…

Australian regulators weekly wrap — Monday, 14 March 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Youpla Group (ASIC): very unusual. Following the liquidation of one funeral fund, ASIC has written to the directors of Youpla Group to ask them to take immediate and public action to address concerns about the financial viability of ACBF 1, ACBF Plan and ACBF Community. Youpla manages four entities that provide funeral insurance products nationwide and ASIC said it had concerns about the other three funds. In particular, ASIC was concerned about members of ACBF 1, ACBF Plan and ACBF Community continuing to pay premiums when they may get little benefit from these products in the future. Administrators were appointed yesterday, however, the public intervention by ASIC into the financial position of a business is strange (and quite sharp).
  2. Corporate governance priorities (ASIC): ASIC Chair Joe Longo gave a speech at the AICD Australian Governance Summit on ASIC’s corporate governance priorities. He singled out: 1) governance failures relating to non-financial risk that result in significant harm to consumers and investors e.g. directors failing to identify and manage the risk attaching to a company’s business activities; failing to ensure that appropriate resources are allocated to deal with risks; or failing to respond to indicators that risks are not being properly managed; 2) cyber governance and resilience failures. Mr Longo referred to the proceedings brought by ASIC against RI Advice Group, where wherin ASIC allegs that it failed to have adequate policies, systems and resources to appropriately manage risk in respect of cyber security and cyber resilience; and, 3) egregious governance failures or misconduct resulting in corporate collapse. This includes instances where company money, or money belonging to company creditors, is misapplied or misappropriated. He also singled out other issues relating to non-financial risk that ASIC is considering, being include cyber resilience and climate-related disclosure, including misleading marketing or ‘greenwashing’ by listed entities.
  3. Liquidity (APRA): APRA has released a discussion paper to ADIs and other interested stakeholders advising of APRA’s post-implementation review of the Basel III liquidity reforms. The Basel III liquidity reforms were introduced eight years ago in Australia, with the commencement of the revised Prudential Standard APS 210 Liquidity in 2014. The two core measures of the reforms, the Liquidity Coverage Ratio and the Net Stable Funding Ratio, became effective from 2015 and from 2018 respectively. The LCR requires banks to hold high quality liquid assets at least equal to an estimate of short-term net cash outflows under a stress scenario, to build resilience to liquidity shocks. The NSFR requires banks to maintain an amount of available stable funding at least equal to their required stable funding, to promote sustainable funding structures. The consultation paper seeks to determine how efficiently and effectively the Liquidity Coverage Ratio and Net Stable Funding Ratio are achieving their objectives. The discussion paper requests responses by 14 April 2022.
  4. ePayments (ASIC): ASIC has published a report, Report 718: Response to submissions on CP 341 Review of the ePayments Code: Further consultation (REP 718), on updates to the ePayments Code. REP 718 follows the release in May 2021 of Consultation Paper 341 Review of the ePayments Code: Further consultation (CP 341), which sought feedback on proposed updates to the Code. The ePayments Code provides important consumer protections in relation to electronic payments, including ATM, EFTPOS, credit and debit card transactions, online payments, and internet and mobile banking. For example, there is a general principle in the Code that banking customers will not be liable for unauthorised transactions on their accounts if they have taken reasonable steps to protect their accounts. ASIC’s report also relates primarily to updates in the following areas of the Code: compliance monitoring and data collection; mistaken internet payments; unauthorised transactions; complaints handling; and, facility expiry dates. ASIC’s present aim is to publish an updated Code in April 2022. A transition period of 12 months will apply.
  5. CDR (Treasury): Treasury and the Data Standards Body are seeking input on the development of rules and standards to implement the CDR in the telecommunications sector. While CDR is supposed to be sector agnostic, and the general rules for CDR will be adhered as set out in the paper e.g. rules relating to eligible data recipients or dispute resolution or privacy standards, the paper seeks to identify areas where sector-specific rules and standards are needed to effectively apply the regime to telecommunications entities, and to design these in a way that is aligned with existing sectoral arrangements, seeking to minimise costs for participants. The consultation paper, which is open for feedback until 29 March 2022, is available here.

Thoughts for the future: 21 May 2022 is the latest the Federal election can be held. The following bills are awaiting passage before the election: Financial Accountability Regime Bill 2021; Corporations Amendment (Meetings and Documents) Bill 2022; National Consumer Credit Protection Amendment (Supporting Economic Recovery) Bill 2020; Financial Services Compensation Scheme of Last Resort Levy Bill 2021. Expect to see many get through at the end of March, when both houses sit again — a number of these bills have partisan support e.g. FAR and CSLR.

Australian regulators weekly wrap — Monday, 7 February 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Advice update (ASIC): ASIC has released a consultation paper setting out its proposals to update Regulatory Guide 263 Financial Services and Credit Panel (RG 263) to reflect legislative changes in the Financial Sector Reform (Hayne Royal Commission Response — Better Advice) Act 2021. In December 2020, the Government announced that it would expand the operation of the FSCP to give effect to Recommendation 2.10, which called for a single, central disciplinary body to be established for financial advisers. The Better Advice Act gives effect to this recommendation by giving the FSCP its own legislative functions and powers. These functions and powers enable the FSCP to address a range of circumstances and misconduct, including less serious misconduct, by financial advisers. The CP set out the types of matters to be referred to a sitting panel, appeals to decisions and process questions. A sensible move in my opinion-ASIC needs to rely more on industry experience where appropriate / feasible-it is open for submissions until 28 March 2022.
  2. Digital platforms (ACCC): the ACCC will consider whether there is a need for a new regulatory framework to address the competition and consumer concerns identified in digital platform services markets to date. The ACCC released a discussion paper to seek stakeholder views on: whether there is a need for new regulatory tools to address competition and consumer issues in relation to the supply of digital platform services; and, if reform is needed, options for regulatory reform. The discussion paper includes a list of specific questions for stakeholders about these options which are due 1 April 2022. For example, “Do you consider that the CCA and ACL are sufficient to address competition and consumer harms arising from digital platform services in Australia, or do you consider regulatory reform is required?” With such a broad scope, this is one of the bigger consultations happening at the moment!
  3. Climate risk survey (APRA): the prudential regulator has released a cross-industry letter to advise on the purpose and timing of a voluntary climate risk self-assessment survey with medium-to-large APRA-regulated entities. The survey is intended to improve both APRA’s and industry’s understanding of the approaches being taken by APRA-regulated entities to identify, assess and manage climate-related financial risks. In particular, the survey is designed to gather insights on how entities are managing these risks, using APRA’s Prudential Practice Guide CPG 229 Climate Change Financial Risks which it released late last year.
  4. Cyber risk (ACSC): Australian Cyber Security Centre has released an unusual warning, encouraging Australian firms to urgently adopt an enhanced cyber security position. It states that: ‘Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment… Following the attack of Ukraine, there is heightened cyber risk globally, and the threat of cyber attacks on Australian networks, either directly or inadvertently, has increased. While the ACSC has no specific intelligence relating to a cyber attack on Australia, this could change quickly.’ You can read more on the website here — my top read of the week — which is very prudent in my view. In my practice, I am seeing more cyber attacks on financial institutions and OAIC are watching…
  5. Short term credit (ASIC): ASIC has extended Class Order [CO 14/41] for a further two-year period to 1 April 2024. The class order relieves credit providers and lessors from the obligation to provide written notice to consumers about hardship contract variations of 90 days or less. The relief was due to expire on 1 March 2022 and has been extended by ASIC Credit (Amendment) Instrument 2022/81.

Thought for the future: enhanced breach reporting. It is just not achieving the objectives it was created for in my view, and instead increasing the burden on financial services institutions unnecessarily. We have (with Lawcadia), for that reason, commissioned independent research from CoreData to examine the framework and the impact on the industry — it may help in rolling back some of the more onerous provisions. Please get in touch if you wish to participate — naturally all answers are confidential, and it will take 5 mins.

Australian regulators weekly wrap — Monday, 28 February 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

Never miss an update by signing up to receive emails here or by following me on LinkedIn here. You can also access past editions of the Australian regulators weekly wrap by clicking here.

  1. Ransomware (Parliament): on 17 February 2022, the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 was introduced into the House. The bill amends the Criminal Code Act 1995, the Crimes Act 1914 and the Proceeds of Crime Act 2002 to updated criminal offences and procedures to respond to the threat of ransomware. It introduces a standalone cyber extortion offence, which will criminalise the extortive conduct associated with ransomware; an aggravated offence relating to cyber attacks on critical infrastructure assets as defined under the Security of Critical Infrastructure Act 2018; a standalone offence of dealing with data obtained by unauthorised access or modification; and, an aggravated offence criminalising producing, supplying or obtaining data under arrangement for payment. In relation to crypto currency, it extends the powers of existing law enforcement agencies to ensure they have the appropriate capabilities to investigate the use of, and ability to seize, these digital assets. This includes ensuring that existing information gathering powers and freezing orders available in relation to financial institutions are applicable to digital currency exchanges. Interestingly, the Bill does not make the payment of a ransom as such illegal.
  2. Electronic signing (Parliament): the Corporations Amendment (Meetings and Documents) Bill 2021 (Cth) is now in effect. Companies can execute documents in electronic form and using electronic means, and importantly this extends to deed. An individual agent can execute documents (including deeds) on behalf of companies under s. 126. Witnessing and delivery is not required. The agent can also sign documents in electronic form and using electronic means. If a company executes a document through an agent under s. 126, a person will be able to rely on the assumptions in s. 129(3) for dealings and transactions in relation to the company. Sole director companies can use the statutory document execution means — a long overdue, and very welcome change!
  3. CDR (Treasury): on 14 February 2022, Minister Hume announced the commencement of a statutory review on the operation of the Consumer Data Right. The review is initiated under section s. 56GH of the Competition and Consumer Act 2010 and will explore the extent to which implementation of the CDR statutory framework supports the core policy objectives of driving value for consumers, increasing competition within designated sectors, and driving innovation across the data services sector. The terms of reference for the review are here.
  4. General insurance quotes (ASIC): ASIC has remade Class Order [CO 11/842] PDS requirements where a quote for a general insurance product is given, for a further five years. ASIC Corporations (PDS Requirements for General Insurance Quotes) Instrument 2022/66, continues to provide relief to address the practical difficulties for general insurers in giving a PDS to a consumer during a phone call. It facilitates insurance quotes being given to consumers over the phone, enabling consumers to easily compare.
  5. Crypto (UK): the FCA is planning to bring ‘qualifying crypto assets’ into its financial promotions regime. It will adopt the UK government’s definition of ‘qualifying crypto assets’ (as confirmed in its consultation response of 18 January 2022). It should release its rules in mid 2022. The regime will capture local and international promoters, and subject them to the standard requirements which deal with who can issue a promotion, the format and substantive content of materials, and how risk is expressed. Unregulated firms will need to prepare for a higher level of regulation, and operational changes. Interestingly, like in Australia, this will create a somewhat fragmented regulatory structure for crypto firms operating in the UK as this level of regulation does not cover the entire product itself — only a narrow subset such as investments and speculative trade as ‘qualifying crypto assets’.

Thought for the future: the regulation of crypto is increasing globally, so much is clear. The US, UK and Australia are all very much feeling their way through the landscape at the moment, and adding pieces of regulation on — there is no wholesale licensing requirements as yet. That is a good thing in my view — overregulation is easy in terms of policy, but not in anyone’s overarching interest.

Australian regulators weekly wrap — Monday, 21 February 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. FAR (Senate Report): the Senate Economics Legislation Committee has completed its report into the Financial Accountability Regime Bill 2021. The Committee has recommended that the bills be passed, complete with civil penalties introduced in the FAR regime (despite appreciable lobbying to the contrary). Both houses sit again in late March 2022, so expect the legislation to go through then. For a practical overview of FAR, and some of the implementation issues affected entities will need to contend with, please do sign up to this webinar on 2 March 2022 here.
  2. Compliance risk (APRA): the prudential regulator has released an information sheet called ‘How to manage compliance risk and stay out of the headlines’ noting that ‘[c]ompliance risk has traditionally been the poor cousin of longer-established risks to financial services organisations, such as credit and market risk. But that’s no longer true.’ Key messages were that well-documented approach to compliance risk management supports an APRA-regulated entity’s operations, and that APRA’s recent work indicates that entities need to: 1) have a clearly defined approach to managing compliance risk; 2) have established processes to support compliance risk management practices; and, 3) specify clear accountability for managing compliance risk. This information sheet is quite timely, as these issues can and should be baked into FAR implementation for organisations.
  3. Opening statement (ASIC): there were a few interesting points in the ASIC Chair’s opening statement to the Senate Economics Legislation Committee Additional Estimates Committee. Leaving aside the expected talk on increased enforcement, Mr. Longo mentioned the establishment of a Regulatory Efficiency Unit (REU) to promote better regulation by removing unnecessary frictions and making it easier for business to get things done. The REU — which is a great idea to me — will identify a set of initiatives this year that aim to improve the efficiency of ASIC’s interactions with its regulated population. He also stated that ESG and crypto and cyber-resilience have been three areas of focus that will ‘no doubt remain of the highest order this year.’ Finally, in what is a nod to the changing face of enforcement, he said that ASIC will be seeking remedies that deliver quicker outcomes, in cases that are chosen more carefully, following investigations that are more timely. Expect that to mean more reliance on ASIC’s new tools e.g. PIP power (and FAR in due course).
  4. Legislative instruments (ASIC): ASIC is seeking industry feedback on proposals to remake relief contained in seven legislative instruments relating to specific financial services disclosure requirements through a consultation paper released today. They relate to PDS in-use notices for employer-sponsored superannuation, product dashboard disclosure, shorter PDSs and PDS obligations for superannuation trustees, IDPS operators and responsible entities of IDPS-like schemes. They also relate to the issuance of Financial Services Guides in time critical situations. Some necessary house cleaning to my mind, on instruments regularly you can read more about these instruments here.
  5. Financial reports (ASIC): between 1 July 2021 and 31 December 2021, ASIC prosecuted seven companies for failing to comply with their obligations to lodge financial reports and hold annual general meetings (AGMs) in the required timeframes. My top read for the week, most of the failures related to periods where financial reports were failed to be reported over the course of years. ASIC has stated that it will continue to prosecute companies that systemically fail to comply with their financial reporting obligations.

Thought for the future: the UK FCA announced a plan in 2021 to be a more ‘innovative, adaptive and assertive, data led regulator’. Since whatever the FCA does, ASIC follows closely, it is worth a look at how the FCA performed in this infographic. One of the interesting points I picked out was the money spent on advising customers on high risk investments, which ASIC itself has done in recent months. I am not entirely comfortable with this — regulators are not commercial or financial advisers, and this feels like quite a subjective foray…