Australian regulators weekly wrap — Monday, 24 January 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Exchange traded products (ASIC): ASIC has released Consultation Paper 356 ETP naming conventions: Updates to INFO 230 (CP 356), seeking feedback on proposals to update the guidance in Information Sheet 230 Exchange-traded products: Admission guidelines (INFO 230), on naming conventions for licensed Australian exchanges that admit exchange traded products (ETPs). ETPs are open-ended investment products that are traded on licensed exchanges. ETPs trade and settle like listed share securities and give investors exposure to underlying assets without owning those assets directly. ETPs differ from other listed investment vehicles — for example, listed investment companies and listed investment trusts — because they are open-ended. This means that the number of units on issue may increase or decrease daily depending. ETPs have different structures, features, strategies and risks to other listed products, so ASIC considers that they should be labelled in a way that differentiates them — basic, but sensible stuff in my view. Submissions are due by 3 March 2022.
  2. Privacy reforms (OAIC): I have previous written about the major discussion paper currently being considered to strengthen Australia’s privacy reforms. Among other areas, it seeks feedback on a raft of measures aimed at empowering consumers to take control of their personal information through new rights and enhanced transparency requirements, and establishing a regulatory framework that supports proactive and targeted regulation, strategic enforcement, efficient and more direct avenues of redress for individuals, and appropriate deterrents against mishandling of personal information. The OAIC has just made available its submissions, and it is notable (if not surprising) for how just eager it is to ratchet up the enforcement powers it can utilise. OAIC Commissioner Falk said “We have recommended changes to the Privacy Act enforcement framework to give the OAIC a greater range of effective tools to uphold the law and respond to emerging threats in a proportionate and pragmatic way…This can occur through a simplified civil penalty regime, supported by infringement notices as a quick and cost-effective way to deter non-compliant behaviour without the need for court proceedings.” The OAIC has also been strongly in support of the introduction of a direct right of action and statutory tort of privacy that would give individuals access to additional options to protect their privacy rights. My top read for the week, and definitely an area to watch this year!
  3. Capital reporting (APRA): the prudential regulator has released for consultation an update to the reporting schedule for Reporting Standard ARS 115.0 Capital Adequacy: Standardised Measurement Approach to Operational Risk (ARS 115.0). It simplifies the reporting requirements for authorised deposit-taking institutions by extending the reporting frequency for submissions on ARS 115.0 from quarterly to annually — I doubt they will get any push back on this one…
  4. Market disclosure (ASIC): ASIC will be working with five Government funded regulatory technology entities dealing with the challenges of corporate disclosure. ASIC’s selected challenge, funded by the Department of Industry, Science, Energy, and Resources, explores the potential of using technology to help identify and assess poor market disclosure by listed companies. ASIC’s challenge to these applicants focuses on developing a technology solution to help ASIC analyse corporate disclosures, and other datasets, to identify and assess compliance by listed companies with a range of requirements, including continuous disclosure (price sensitive disclosure) and other disclosure obligations to the market; financial reporting obligations; the prohibition against misleading or deceptive disclosure (such as misleading categorisation of market announcements); and, the prohibition against practices that manipulate the pricing of securities. ASIC is already doing pretty well in this space — it has various algorithms which scan the interest for particular words, and no doubt that capability will only increase with initiatives like this!
  5. SMSF (ASIC): ASIC has issued a warning on self-managed super funds and crypto investments. It said that it has noticed an increase in marketing recommending Australians switch from retail and industry superannuation funds to self-managed superannuation funds so they can invest in a ‘high return’ portfolio, while SMSF trustees are being targeted to invest in crypto-assets. ASIC has said that crypto-assets are a ‘high risk and speculative investment’, and that advice should be sought from a licensed financial adviser before agreeing to transfer superannuation out of a regulated fund into an SMSF. I agree that financial advice should be sought before making any major financial decision regarding superannuation, though crypto assets are just like any other investment to my mind – whether or not they are suitable for a superannuation portfolio and in what proportion depends on individual needs and risk tolerance.

Thought for the future: the UK FCA has identified there is growing competition in retail banking which is driving choice and lower prices for consumers and small businesses, despite the financial impact of the pandemic. The FCA found that, while still strong, ‘there are signs large banks’ historic advantages are starting to weaken, driven by digital innovation and changing consumer behaviour’. An open question, if Australia will follow.

Australian regulators weekly wrap — Monday, 17 January 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Liquidity facility (APRA): APRA has issued a letter to banks announcing the aggregate Committed Liquidity Facility has reduced to $102 billion on 1 January 2022 from $140 billion on 10 September 2021.Since January 2015, those ADIs to which APRA applies the Basel III liquidity standards have been required to hold high-quality liquid assets (HQLA) sufficient to withstand a 30-day period of stress under the liquidity coverage ratio (LCR) requirement. Apart from government securities, the only other significant assets recognised as HQLA are liabilities of the Reserve Bank; namely, banknotes and ES balances. The Basel III standards allow jurisdictions to use an alternative treatment for holdings in the stock of HQLA when there is insufficient supply of HQLA. The Committed Liquidity Facility is the Reserve Bank and APRA’s alternative treatment and, under this arrangement, certain ADIs are able to use a contractual liquidity commitment from the Reserve Bank towards meeting their LCR. The letter is available on the APRA website here.
  2. Claims handling (ASIC): ASIC has issued a useful reminder on the claims handling requirements for consumers. It notes that, from 1 January 2022, persons providing claims handling and settling services are required to hold an Australian financial services (AFS) licence; insurance claimants are entitled to ask whether those who are providing assistance to them in handling claims are licensed; and, ASIC will work with industry to address any challenges they may face in the course of implementing these significant reforms. The update is part of ASIC’s role in educated the public about unscrupulous operators who are acting without an AFS licence, and I think is quite a good piece of work in that regard!
  3. 2021 in review (OAIC): the OAIC has release a helpful infographic covering its activities in 2021. Save for the expect activities e.g. embedding the CDR, the most useful detail to me was the data breach statistics. OAIC has stated that it ensured more than 700 data breaches were notified to individuals, rectified and remedied, finalised Commissioner-initiated investigations on high privacy impact technologies, security and FOI, and finalised more than 2,000 privacy complaints from individuals. That is quite a rise — expect more to come, especially as OAIC gets more capacity.
  4. Financial adviser exam (ASIC): from January 2022, ASIC will take over the administration of the financial adviser exam from the Financial Adviser Standards and Ethics Authority following the commencement of the Financial Sector Reform (Hayne Royal commission Response — Better Advice) Act 2021. Financial advisers who are ‘existing providers’ or new financial advisers must pass the financial adviser exam to comply with the professional standards for financial advisers. Passing this exam is one of the education and training standards specified in section 921B of the Corporations Act 2001. The exam tests the practical application of a financial adviser’s knowledge in the following competency areas: financial advice regulatory and legal requirements, including obligations under Chapter 7 of the Corporations Act, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, the Privacy Act 1988 and the Tax Agent Services Act 2009; financial advice construction — that is, suitability of advice aligned to different consumer groups, incorporating consumer behaviour and decision making; and, applied ethical and professional reasoning and communication, incorporating the Financial Planners and Advisers Code of Ethics 2019 .The first sitting of the financial adviser exam for 2022 commences 17 February 2022, with enrolments ending by 28 January 2022 — good luck for those sitting the exam!
  5. Debt management services (ASIC): a reminder that, in addition to claims handling services, debt management services also require a licence now! ASIC has been quick to point this out recently e.g. in relation to SR & Associates. On 29 April 2021, the National Consumer Credit Protection Amendment (Debt Management Services) Regulations 2021 (now set out in the National Consumer Credit Protection Regulations 2010) were made, which prescribe certain debt management services as a ‘credit activity’ for the purposes of the National Credit Act. Under these amendments, from 1 July 2021, providers of debt management services (including firms offering ‘debt negotiation’ or ‘credit repair’ services) are regulated under the National Credit Act, and are required to obtain an Australian Credit Licence authorisation to provide a debt management service.

Thought for the future: the US SEC is very public about how it financially rewards whistleblowers — see here, for example. We do not have the same system in Australian — though it was considered recently — but I think we can expect ASIC to continue to be active encourage whistleblowers to come forward this year under the new Corporations Act regime.

Australian regulators weekly wrap — Monday, 10 January 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. January changes (Legislation): by way of a quick refresher, new requirements which commence this month include: APS 220 — Credit Risk Management; Financial Services and Credit Panel commences; SP S250 — Insurance in Superannuation; Insurance Claims Handling required AFSL; Financial Compensations Scheme of Last Resort (subject to the bill passing — it is currently with the Senate Legislation Committee, which is due to report on 15 February). After this, we have the Director Identification Number regime (April) and FAR for ADIs (June).
  2. Compliance reports (AUSTRAC): reporting entities need to submit a compliance report to AUSTRAC each year that includes answers to questions about how they have met their anti-money laundering and counter-terrorism financing obligations. The compliance report is a requirement under the AML/CTF Act; there can be penalties for failing to submit a required compliance report. Entities must submit their compliance report between 1 January and 31 March of each year, which means AUSTRAC’s new update on the basics here is a timely reminder!
  3. CPS 511 (APRA): all APRA-regulated entities need to review their existing remuneration frameworks and develop an implementation plan within 18 months of the release of the final version of CPS 511. That occurred in August 2021, so the pressure is on this year to finish what will be the first key deliverable for implementing CPS 511! And matching it with FAR, for banks, insurers and super funds. Whatever is created for CPS 511, whether SFI or non-SFI, will need to be owned by the Accountable Person for HR (most likely) and mesh with responsibilities. We have created a good tabular comparisons of FAR and CPS 511 to assist; do get in touch if you would like a copy.
  4. FAR (Senate): on 25 November 2021, the Senate referred the provisions of the Financial Accountability Regime Bill 2021 to the Economics Legislation Committee for inquiry and report by 15 February 2022. The public hearing has been set down for 27 January 2021 (see here). One hopes that they will see sense, and wind back the ancillary liability provisions — which are poorly constructed and were not consulted upon. Given this this amendment was allegedly a Labor one, and the composition of the Committee is majority Labor these days (see here), I am not holding my breath…
  5. AML / CTF chances (AUSTRAC): The Anti-Money Laundering and Counter-Terrorism Financing Rules Amendment Instrument 2021 (№3) d commenced on 14 December 2021, and inserts Chapters 79 and 80 to, and amends Chapter 48 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (№1). Chapter 79 sets out the special circumstances in which a reporting entity may carry out the applicable customer identification procedure in respect of a customer, after commencing to provide a designated service described in item 1 of table 1 in subsection 6(2) of the AML/CTF Act i.e. opening an account. Chapter 80 allows the AUSTRAC CEO to make AML/CTF Rules to exclude specific things from being a stored value card (SVC). Chapter 48 includes exemptions of specified designated services relating to salary packaging administration services.

Thought for the future: determining whether a firm does / doe not need a financial services license is tricky at the best of times. With scams increasing, the UK FCA’s approach of proactively identifying and publishing unauthorized firms and individuals and publishing a warning list (see here) is a great idea, and one I hope to see in Australia before long.

Australian regulators weekly wrap — Monday, 3 January 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Foreign financial services providers (Treasury): the Federal Treasury has released exposure draft legislation implementing AFSL relief options for foreign financial service providers (FFSPs). In the 2021‑22 Budget, the Government announced as part of the Global Talent Attraction package that it would consult on options to provide regulatory relief for FFSPs and options to create a fast track licensing process for those that wish to establish more permanent operations in Australia. The exposure draft legislation seeks to introduce: 1) the comparable regulator exemption, which exempts FFSPs authorised to provide financial services in a comparable regime from the requirement to be licensed when dealing with wholesale clients; 2) the professional investor exemption, which exempts FFSPs that provide financial services from outside Australia to professional investors from the requirement to be licensed in Australia; and 3) an exemption from the fit and proper person assessment to fast track the licensing process for FFSPs authorised to provide financial services in a comparable regulatory regime. An sensible solution to reduce red tape, the consultation and draft legislation can be found here.
  2. Critical infrastructure bill (DHA): on 2 December 2021, the Government gained more powers to take action in relation to cyber security incidents affecting ‘critical infrastructure assets’ (which encompasses the financial services sector), including the power to compulsorily obtain information, make directions and to permit the Australian Signals Directorate to take direct action in relation to those assets. It also contains provisions that require entities that own or operate ‘critical infrastructure assets’ to notify Government of critical cyber security incidents within very sharp time frames (12 hours!)— these rules are presently subject to consultation. You can read more about the reforms, which will need to be cross-stitched to exist OAIC obligations, here.
  3. AML Induction (AUSTRAC): AUSTRAC’s proactive engagement with the industry can be patchy — at least via its website, so it was great to see a release of a number of helpful materials to assisting reporting entities on 13 December 2021. It highlighted the rollout of the induction workshops to introduce new reporting entities to AML/CTF compliance, which cover: 1) AML/CTF fundamentals: an overview of the AML/CTF framework and program requirements such as customer identification procedures, ongoing customer due diligence and transaction reporting; 2) risk assessments: an in-depth look at how reporting entities can identify, mitigate and manage risks such as money laundering, terrorism financing and other serious crimes. In this workshop, AUTRAC also demonstrates how to conduct an ML/TF risk assessment; and, 3) quality reporting: a detailed explanation of entities’ reporting obligations and why these are important. This workshop also provides tips on what quality reporting looks like and what to avoid. Together with general feedback on the compliance reports it receives, I think the monthly workshop is a wonderful initiative from AUSTRAC. You can sign-up here.
  4. Engagement (ASIC / APRA): ASIC and APRA have published their annual update on engagement between the two regulators. There is not too much to the release of their report, which can be viewed here; collaborating on loan deferrals / hardship, strengthening their enforcement co-ordination and focusing on super were key highlighted areas. The biggest thing I took from the update was that ASIC and APRA are working together “…to develop the framework for jointly administrating the FAR to enable collaboration and coordination, and to minimise duplication, in areas of joint regulatory interest.” No doubt ASIC is very keen to get its hands on FAR, which will dramatically increases its powers. If breach reporting was the biggest game in town in 2021, then FAR will certainly eclipse it in 2022 and 2023.
  5. FAR (Parliament): the FAR Bill was considered by the Senate Standing Committee for the Scrutiny of Bills on 24 November 2021 and referred to the Senate Economics Legislation Committee the next day, to produce a report on 15 February, 2022. Submissions can be made, and given the last minute introduction of broad ancillary liability provisions which were not consulted upon, and are broadly constructed, we will be making a submission pushing back on them. Wish us luck!

Thought for the future: filing submissions on draft legislation can feel like a Sisyphean task at times — I have lost track of how many submissions I have filed on FAR, for example. Given the magnitude of the legislative changes affecting financial services institutions, and the time it takes to pare back inefficient laws, it is a critical task in my view. Small changes make big differences, and 2022 will be just as important as 2021 in this respect.

Australian regulators weekly wrap — Monday, 13 December 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Payments system (Treasury): Treasury is planning to legislate “the largest reforms to our payments systems in a quarter of a century”. The overhaul of the payments system will provide protections for consumers who make purchases on their mobile phones, use buy now, pay later platforms, and invest in cryptocurrency. Most of the reforms are not expected to be settled until various agencies consult and report back to the government at the end of 2022. In relation to payments, by mid-2022 the Government will have: 1) set out a strategic longer-term plan for the payments system, developed with industry and reviewed annually; 2) settled the details of additional powers for the Treasurer to set payment system policy; and 3) determined the changes necessary to modernise payments system legislation to accommodate new and emerging payment systems, including consideration of BNPL and digital wallets. In relation to crypto, by mid-2022 the Government will have: 1) completed consultation on the establishment of a licencing framework for Digital Currency Exchanges to provide greater confidence in the trading of crypto assets; 2) finalised consultation on a custody or depository regime for businesses that hold crypto assets on behalf of consumers so that investors have greater confidence in the safe keeping of these assets; 3) received advice from the Council of Financial Regulators, working with other relevant agencies, on the underlying causes and policy responses to the complex issue of de-banking. By end-2022 the Government will have: 1) settled the framework to replace the current one-size-fits-all payment licensing arrangements with a functionally based framework adopting graduated, risk-based regulatory requirements; 2) received a report from the Board of Taxation on an appropriate framework for the taxation of digital transactions and assets; 3) undertaken a mapping exercise of existing crypto currencies and tokens to better inform consumers and others of the risks and benefits that arise; 4) examined the potential of so-called Decentralised Autonomous Organisations and how they can be incorporated into Australia’s legal and financial regulatory frameworks. I think this is a necessary, comprehensive and bold approach — the possibilities for crypto are endless, and the Government’s embrace of it is a wise move. It will position Australia well in the future world; the consultation paper is easily my top read for the week!
  2. Cyber resilience (ASIC): ASIC released its latest report on the cyber resilience of firms operating in Australia’s financial markets. Report 716 Cyber resilience of firms in Australia’s financial markets: 2020–21 provides an update on organisations’ cyber resilience in the two years since the publication of Report 651. In summary, there has been a small improvement in the cyber resilience of firms operating in Australia’s financial markets, the increase of 1.4% falls far short of the 14.9% improvement targeted for the period. The shortfall is the combined result of overly ambitious targets, escalation in the cyber threat environment and disruptions caused by the pandemic. ASIC has encouraged all firms to consider the report for managing these risks, and stated that failure to invest in supply chain risk management could lead to significant consumer harm that might warrant ASIC investigation and action.
  3. Clearing rules (ASIC): following the global financial crisis, the G20 committed to reforming over-the-counter (OTC) derivatives markets. One of the key commitments made was to require all standardised OTC derivative transactions to be cleared through central counterparties. These reforms were directed towards improving transparency, mitigating systemic risk, and protecting against market abuse in OTC derivatives markets. On 3 January 2013, legislation providing a framework to implement these G20 commitments in Australia came into effect. This allowed ASIC to make rules imposing central clearing requirements for certain products within interest rate derivative classes determined by the Minister. Since the ASIC Derivative Transaction Rules (Clearing) 2015 were implemented, there have been international efforts to transition away from certain benchmark rates that are used in a range of financial instruments, including interest rate derivative contracts. ASIC has released a consultation paper to outline its proposed approach to amending the product scope of the rules to reflect changes in OTC derivative markets that will have taken place by 3 January 2022. It is proposing to remove products that reference certain discontinuing benchmarks and replace them with contracts that reference replacement near risk-free rates selected for each currency. Responses are due by 24 January 2022, and you can read the consultation paper here.
  4. Project Atom (RBA): research into the use of distributed ledger technology (DLT) and digital financial assets is advancing rapidly. The use of DLT and smart contracts has the potential to deliver benefits in the form of greater efficiency, transparency, liquidity and accessibility in asset markets, as well as enable the issuance of new forms of money, such as central bank digital currency (CBDC). A private research project examined the potential use and implications of a wholesale form of CBDC, with a focus on: how access to a tokenised CBDC could be extended to a wider range of wholesale market participants than just commercial banks; the potential benefits of integrating tokenised CBDC with a digital asset in the form of a tokenised syndicated loan on interoperable DLT platforms; and, how an enterprise-grade version of the Ethereum blockchain platform could address some of the technical limitations in the public version of Ethereum. The report, which can be found here, identified that digitisation of syndicated loans on a DLT platform could provide significant efficiency gains and reduce operational risk by replacing highly manual and paper-based processes related to the origination and servicing of these facilities. Moreover, integrating a tokenised CBDC on the same blockchain platform enabled instantaneous delivery-versus-payment settlement of the loan drawdown, novation and repayment, and the smart contract functionality of DLT could potentially also be used to ‘program’ the automatic execution and settlement of more complex multi-stage and multi-party transactions involving conditions and interdependencies.
  5. ASIC review (FRAA): the first Financial Regulator Assessment Authority (FRAA) review will be a targeted assessment of ASIC’s effectiveness and capability in strategic prioritisation, planning and decision-making, ASIC’s surveillance function, and ASIC’s licensing function. The FRAA, which was created after the Hayne Royal Commission, is tasked with reviewing and reporting on the effectiveness and capability of ASIC and the Australian Prudential Regulation Authority. The FRAA will provide its report to Government by the end of July 2022. The consultation paper is here, and submissions are due by 28 January 2022.

Thought for the future: Australia’s embrace of crypto at a Governmental and private enterprise level is heartening. It will place us well to lead the changes in the financial system that are inevitable — the 4 trillion worldwide crypto market is not going anywhere. We need carefully calibrated, practical and forward thinking regulation to protect and encourage its growth, which appears to be the early indication from the Government.

Australian regulators weekly wrap — Monday, 29 November 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Litigation funding (Treasury): the Government’s legislation to cap litigation funder’s fees to 30% (see here), has narrowly passed the House. The draft legislation provides judges with additional powers to approve or vary the share of proceeds to ensure the distribution is fair and reasonable, with litigation funders to pay for independent experts used by a court. The fate of the legislation is still uncertain though — it needs to pass a divided Senate, where at least 2 Senators have said they will withhold support…
  2. MLC action (ASIC): ASIC has applied to the Federal Court seeking civil penalties from MLC for insurance policy and service failures allegedly caused by poor systems and controls. ASIC has alleged that from 1999-November 2020, MLC failed to: 1. pay a life insurance benefit, known as a ‘rehabilitation bonus benefit’, to 297 eligible customers who were undergoing rehabilitation following an insured injury or disability; 2. update its definition of ‘Severe Rheumatoid Arthritis’ in a timely way, resulting in 12 customers suffering from Severe Rheumatoid Arthritis being denied insurance cover and MLC having to update the definition in over 190,000 insurance policies; 3. notify over 800 customers that their annual premiums had increased, their premiums were overdue, or that their insurance policies had been cancelled or lapsed; and 4. fully refund premiums to over 260,000 customers who had cancelled their loan insurance policies or paid out their loans. ASIC has alleged that as a consequence of these failures, MLC has breached its obligations as a financial services provider (s912A(1)(a) Corporations Act), its duty to act with utmost good faith in the handling of claims (s13(1) Insurance Contract Act), engaged in misleading and deceptive conduct (s1041H Corporations Act; s12DA, s12DB ASIC Act) and has accepted payment without intending or being able to supply as ordered (s12DI ASIC Act). On these bases, ASIC is seeking declarations, pecuniary penalties and other relief against MLC and estimated that the insurer has benefitted from the conduct to an amount tallying $17 million. MLC has since advised that it has remediated customers impacted by the alleged conduct. It is the second major action against insurers in as many months (see the IAL action in our past ARWW here), and coincides with some strong public and personal exhortations by ASIC (see below).
  3. Pricing reviews (ASIC): ASIC has publicly (and privately, in some cases) directed general insurers to review their pricing systems and controls, including to ensure that customers get the discounts they are promised in full. The corporate regulator wants insurers to take urgent steps to ensure they can and do meet the pricing promises they make. It has said that this may require insurers to update legacy IT systems and make improvements across compliance, governance, and culture. It has said: “Where there are failures, or empty promises about price discounts, ASIC will use the full range of regulatory tools available to protect consumers — including enforcement action.” Some heavy handed action by ASIC here, and on top of a time of serious regulatory and compliance burdens on GIs.
  4. Remediation guidance (ASIC): the corporate regulator has released an expanded regulatory guide to consult on the way licensees should conduct remediations to return money owed to consumers. Happily, it has a reasonable consultation date — 11 February 2022. This is going to be necessary, as the guide is very broad and (as most ASIC materials as there days) heavily principles-based. There are 9 principles in this guide that licensees need to follow, for example “Be timely without sacrificing quality consumer outcomes”. With AFCA waiting in the wings for a bigger role in licensee remediation (per Commissioner Hayne’s recommendation, God help us!), spending time on this RG consultation over the Christmas break will pay dividends in the long run and we intend to do so. It is also important as it is guiding ASIC’s thinking for licencing requirements, as it has stated that “Proactive remediation upon discovery of misconduct or other failures is necessary for licensees to achieve good outcomes for their consumers and comply with their licensing obligations to act efficiently, honestly and fairly.”
  5. CDR (OAIC): the CDR gives consumers greater control over their consumer data. It enables a consumer to direct a data holder to provide their CDR data to an accredited data recipient, in a CDR compliant format. An audit of the big four banks has found they are generally handling consumer data under the Consumer Data Right in an open and transparent way with good privacy practices in place. The OAIC can assess or audit whether CDR entities are maintaining and handling CDR data in accordance with the privacy safeguards and CDR Rules (that relate to privacy or confidentiality).The OAIC’s first privacy assessment examined how the initial CDR data holders are complying with Privacy Safeguard 1, which requires providers to have a policy describing how they manage consumer data, and to implement internal practices, procedures and systems to ensure compliance. It is going to be very useful for those who are preparing for CDR, including the general insurers who are in the midst of their preparations and will have their own challenges e.g. common definitions and a focus on pricing decisions.

Thought for the future: I understand the need for enforcement action, and regulator guided reviews and ad hoc demands. The latter can take into account other matters though, including ASIC 2021’s Strategic Priorities: “Driving industry readiness and compliance with standards set by law reform initiatives (including the Financial Accountability Regime, reforms in superannuation and insurance, breach reporting, and the design and distribution obligations)”. There are only so many different fronts Risk, Regulatory and Legal teams can meaningfully work on at any one time…

Australian regulators weekly wrap — Monday, 15 November 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Climate change (APRA/RBA): the prudential regulator and RBA have published a joint statement on the actions they are taking to ensure financial institutions and the financial system are prepared to respond to the financial risks of climate change. The main ones are: 1) integrating climate-related risks into financial stability monitoring and micro-supervision e.g. APRA is leading a bottom-up supervisory climate vulnerability assessment exercise with the five largest Australian banks under its supervisio; 2) analysing the effect of climate-related risks on the macroeconomy and financial stability e.g. the RBA will conduct analysis to monitor the implications of climate change and related mitigation policies for the economy; 3) building awareness and intellectual capacity and encouraging knowledge sharing — both APRA and the RBA will continue to draw attention to the financial stability and macroeconomic consequences of climate change, including through speeches and by publishing analytical work on climate change; and 4) integrating sustainability factors into their own operations. You can read the statement here.
  2. Financial services / climate change (UK): last week we covered the fact that the UK is enshrining in legislation the requirement for major companies to disclose climate related actions which is a major development. From then, the UK’s Chancellor has announced that the UK will be the world’s first net zero financial centre. Over $130 trillion — 40% of the world’s financial assets — will now be aligned with the climate goals in the Paris Agreement, thanks to climate commitments from financial services firms. The Chancellor set out new requirements for UK financial institutions and listed companies to publish net zero transition plans that detail how they will adapt and decarbonise as the UK moves towards to a net zero economy by 2050. Further, he outlined new UK climate finance projects funded from the UK’s international climate finance commitment to help developing countries to fund green growth and adapt to the changing climate. Some excellent global leadership from the UK here.
  3. Records of advice (ASIC): ASIC has released an information sheet on records of advice (ROA) and three ROA examples to provide clarity to financial advisers and advice licensees on their obligations when using ROAs to provide personal advice to retail client. An ROA is a simple record that confirms the advice provided by an advice licensee or an adviser. The ROA is quite similar to a Statement of Advice (SOA) but shorter and less formal. It is often given to existing clients to confirm changes to, or implementation of, advice that has been provided in a previous SOA. Advisers can use an ROA instead of giving a client an SOA in four separate advice situations: 1) further advice when an SOA has previously been provided; 2) no buy or sell product advice; 3) small investment advice i.e. under $15K; and 4) COVID-19 advice under the transitional rules approved by ASIC. You can see one of the examples in relation to an annotated life insurance product here, which I think is a really great initiative by ASIC and really useful. Bravo!
  4. ESG (IFRS): the IFRS Foundation is a not-for-profit, public interest organisation established to develop a single set of high-quality, understandable, enforceable and globally accepted accounting and sustainability disclosure standards — IFRS Standards — and to promote and facilitate adoption of the standards. The IFRS Foundation Trustees announced the creation of a new standard-setting board — the International Sustainability Standards Board (ISSB). The ISSB is designed to meet investors’ increasing demands for good quality, transparent, reliable and comparable reporting by companies on climate and other environmental, social and governance (ESG) matters. The intention is for the ISSB to deliver a comprehensive global baseline of sustainability-related disclosure standards that set out information about companies’ sustainability-related risks and opportunities. Together with the COP26 climate disclosures being legislated, it is a positive development.
  5. Clearview AI (OAIC): OAIC and the UK’s Information Commissioner’s Office opened a joint investigation into the personal information handling practices of Clearview AI Inc in July 2020. The investigation focused on the company’s use of data scraped from the internet and the use of biometrics for facial recognition. The joint investigation — which is an increasing phenomenon — was conducted in accordance with the Australian Privacy Act 1988 and the UK Data Protection Act 2018. It was also conducted under the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement and the MOU between the OAIC and ICO.OAIC found that Clearview breached privacy law, and ordered it to stop collecting images from websites and destroy data collected in the Australia. Clearview’s actions fell “well short of Australians’ expectations” and carried “significant risk of harm to individuals, including vulnerable groups such as children and victims of crime, whose images can be searched on Clearview AI’s database”, Information Commissioner Angelene Falk said. From reading the facts of the case, Clearview are fortunate we do not have our new privacy laws in place yet otherwise there would be serious fines to contend with…

Thought for the future: it feels good reading about the changes to reporting for climate change and ESG matters, and the strengthening of the privacy laws next year — both are matters which have been socially important for many years and were due an upgrade in terms of meaningful regulation. Expect more to come in 2022, and a cross-stitching with current regimes e.g. FAR and breach reporting.

Australian regulators weekly wrap — Monday, 8 November 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Crypto (ASIC): ASIC has released information sheet (INFO 225) to assist the comprehension of obligations under the Corporations Act 2001 and the Australian Securities and Investments Commission Act 2001 if: 1) a firm is is involved with crypto-assets such as cryptocurrency, tokens or stablecoins, whether there are elements that are decentralised or not; or 2) a firm is considering raising funds through an initial coin offering. A quite helpful summary guide, if dense, and my top read for the week, it covers the following self-explanatory aspects: Part A: What should you consider when offering crypto-assets?Part B: What is misleading or deceptive conduct in relation to a crypto-asset or an ICO?Part C: When could a crypto-asset or an ICO be or involve a financial product?Part D: When could a crypto-asset trading platform become a financial market?Part E: What should you consider when offering retail investors exposure to crypto-assets via a regulated investment vehicle?Part F: How do overseas categorisations of crypto-assets translate to the Australian context? The main thing to my mind when dealing with crypto is whether or not they need an Australian Market Licence e.g. if users can buy / sell crypto which is a financial product or AFSL e.g. for crypto derivatives, unless they thread the needle very finely in terms of their commercial activities — the state of regulation is unsatisfactory at this stage. With CBA jumping into the crypto market this week, and a concerted push in the Senate for Australia to be a leader in this space, my sense is that more regulation is likely to follow soon.
  2. Advisers (ASIC): ASIC’s responsibilities in respect of the financial advice industry will be broadened under the Better Advice Act from 1 January 2022. The impact of the legislation will: expand the role of the Financial Services and Credit Panel by providing it with its own functions and powers, including powers to address less serious misconduct; wind up the Financial Adviser Standards and Ethics Authority and transfer the administration of the financial adviser exam to ASIC; introduce a single registration and disciplinary system for financial advisers who provide tax (financial) advice services; and, require all financial advisers to be registered from 1 January 2023. Hopefully not too much administration burden will be placed on advisers already struggling under the weight of the October 2021 regime changes…
  3. Debanking (AUSTRAC): AUSTRAC has noted that over the past decade, the range of businesses impacted by a loss or limitation of access to banking services has expanded. Money transfer (remitters), digital currency exchanges, not-for-profit organisations (NPO) and financial technology (FinTech) businesses are disproportionally facing bank account closures given a number of factors, including risk, profitability and compliance with anti-money laundering and counter-terrorism financing requirements. At a time of heightened AML / CTF risk for AUSTRAC’s enforcement activities, it has nonetheless stated that “These businesses vulnerable to exploitation [e.g. remittance businesses] should not automatically have their accounts closed simply to avoid managing risk…Although the decision to close an account may remain a necessary risk control, AUSTRAC considers with appropriate systems and processes in place, banks should be able to manage high risk customers, including those operating remittance services, digital currency exchanges, not-for-profit organisations (NPO) and financial technology (FinTech) businesses.” Correct for AUSTRAC to say this, but what would be more helpful is practical relief to ease the burden placed on banks in banking these customers.
  4. Climate reporting (UK): the UK will become first G20 country to make it mandatory for Britain’s largest businesses to disclose their climate-related risks and opportunities, in line with Taskforce on Climate-related Financial Disclosures (TCFD) recommendations. This new legislation will require firms to disclose climate-related financial information, with rules set to come into force from April 2022.
  5. Class actions (Treasury): The Corporations Amendment (Improving Outcomes for Litigation Funding Participants) Bill 2021 (Cth) has been introduced to Parliament. The Bill will allow Courts approve or vary the method for distributing claim proceeds to non-members of the scheme, to ensure the distribution is fair and reasonable in light of the interests of scheme members, and establish a rebuttable presumption that the distribution of claim proceeds is not fair and reasonable if more than 30 per cent is to be paid to entities who are not scheme members, including funders and lawyers. It will also require plaintiffs to consent to become members of a class action litigation funding scheme before funders can impose their fees or commission on them — the days of massive open class actions are history. Finally, the Bill will enhance the role of independent experts, to support the courts in assessing proposed litigation funding fees and ensure that the interests of class members are properly represented.

Thought for the future: from what I am seeing, under the new AFSL / ACL breach reporting regime, the most common ‘deemed significant’ breach reported to ASIC is misleading & deceptive conduct under s. 12DA of the ASIC Act, followed by ‘material loss and damage’ to consumers. That is unsurprising, as s. 12DA is a strict liability provision where you do not need to have misled the consumer in order for it to be satisfied e.g. an incorrect fee statement quickly corrected arguably still triggers the section. There is room, in my view, for a practical risk based approach (though some lawyers will take a different view). My sense is that more regulatory departments will take a risk-based view as time passes, given the practical burden of the regime…

Australian regulators weekly wrap — Monday, 2 November 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. FAR (Treasury): Treasury has introduced the final tranche of legislation to implement the Hayne Royal Commission recommendations, including Financial Accountability Regime, which is designed to extend the Banking Executive Accountability Regime to all APRA‑regulated entities. In essence, FAR requires financial services firms to identify senior individuals by a mixture of prescriptive and principles-based guidance e.g. directors / C-suite executives have them record their responsibilities in ‘accountability statements’, and then conduct those responsibilities by reference to certain broad obligations e.g. they need to act with ‘integrity, honesty and due care, skill and diligence’. If they do not, then the corporation and individual can be subject to sanctions e.g. disqualification for the individual. FAR also imposes remuneration conditions, including the deferral of up to 40% of variable remuneration for four years as hostage against executives’ good behaviour. The draft legislation was released in July 2021 (read our summary here), and had a number of issues with it which we lobbied the Government on. For example, the breadth of the end-to-end product role, breadth of the regulatory directions power and double jeopardy elements (please contact us if you would like a copy of our submission to Treasury). We are spending the weekend going over the new legislation, and identifying the changes and impacts for our key clients (a number of whom we are assisting with FAR already)— please get in touch if you wish to know more!
  2. Compensation scheme of last resort (Treasury): Treasury has also released legislation which establishes the Compensation Scheme of Last Resort. The scheme will facilitate the payment of limited compensation to eligible consumers who have received a determination for compensation from the AFCA which remains unpaid. They will be eligible to receive up to $150,000 in compensation for personal advice, credit intermediation, securities dealing and credit provision where AFCA has ruled in their favour, and the licensee has not paid e.g. because of insolvency.
  3. ASIC Corporate Report (ASIC): ASIC has released a report which provides an update on its work undertaken between 1 July and 30 September 2021. There is no new information in here, though a good run down of its focus in recent times, including all the enforcement work it has been doing. For example, focus on addressing consumer harms in insurance i.e. TPD policies, and penalty on sale of travel insurance policies i.e. Allianz. It also covers the recent actions against ME Bank and NAB for misleading and deceptive conduct — expect that area to be a continuing theme with the new breach reporting regime — and Westpac for failing to act in clients’ best interests. The overall theme is one of many and varied enforcement action, with most signs pointing to that continuing in the short to medium term.
  4. Freedom Insurance (ASIC): ASIC has commenced civil penalty proceedings against Keith Cohen, the former Managing Director of Freedom, and Robert Oayda, a former Quality Control manager, in relation to sales incentive programs offered by Freedom Insurance Pty Ltd (in liquidation). Mr Cohen and Mr Oayda allegedly were involved in decisions that saw sales agents qualify for overseas holidays if they reached certain sales targets and a Vespa scooter if they made the most sales. ASIC alleges these incentives influenced the sales agents’ conduct and made driving the sale their focus, rather than customer needs. It is seeking declarations, civil penalties, injunctions and disqualification orders against Mr Cohen, and declarations and injunctions against Mr Oayda. A longstanding issue for ASIC, conflicted remuneration cases are likely to increase in my view given the new mortgage brokers’ BID regime expansive prohibitions.
  5. Privacy reform (Treasury): Treasury has released the exposure draft of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 and a Discussion Paper on the review of the Privacy Act. Together, they represent big leaps forward in the privacy space, as the legislation establishes a framework for the development of a binding Online Privacy Code that would stipulate how social media services, data brokerage services and large online platforms should comply with the existing broad Australian Privacy Principles and also impose some additional compliance obligations on those organisations; it strengthens the enforcement options available to the Commissioner, by mirroring the maximum civil penalties available under the Privacy Act with those that apply under the Australian Consumer Law; and, it amends the extraterritorial application of the Privacy Act to foreign organisations by removing existing “Australian link” test. The Discussion Paper is going to continue the privacy reform agenda in big way, as it proposes changes to the definition of “personal information” to broaden its scope; stricter requirements to “anonymise” rather than merely “de-identify” information before it is no longer subject to the legislation; an enhanced transparency and consent obligation; new requirements to ensure that personal information is collected, used and disclosed in a way that is “fair and reasonable” taking into account individual expectations, the sensitivity of the information concerned, foreseeable risks that may arise, and other legislated factors; new rights for individuals to object to the collection, use or disclosure of their information and to request the erasure of that information in certain circumstances; a right for individuals to object to any collection, use or disclosure of personal information for direct marketing purposes; and, a wider range of enforcement options for the Information Commissioner, including the ability to apply for lower civil penalties or issue infringement notices for less serious breaches, as well as direct rights of actions for individuals in certain circumstances. The Discussion paper also proposes an industry funding model for the Information Commissioner, including a statutory levy that would apply to entities which operate in a high privacy risk environment. Some significant changes which have been a longtime coming!

Thought for the future: Privacy has long been slated for the reform agenda, with the framework lagging the Consumer Law and Corporations Act in terms of its structure and enforcement framework. Post the Hayne Royal Commission Reforms, between privacy and the ALRC’s review of Chapter 7 of the Corporations Act, it does not look like the reforms will slow down much!

Australian regulators weekly wrap — Monday, 25 October 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Blockchain (Senate): the Senate Select Committee on Australia as a Technology and Financial Centre has released its final report. There are some exciting recommendations — read them here (my top read for the week)— including: 1) establishing a market licensing regime for Digital Currency Exchanges, including capital adequacy, auditing and responsible person tests under the Treasury portfolio; 2) establishing a new Decentralised Autonomous Organisation company structure; 3) establishing a custody or depository regime for digital assets with minimum standards under the Treasury portfolio; 4) undertaking a token mapping exercise to determine the best way to characterise the various types of digital asset tokens in Australia; and 5) having the Anti-Money Laundering and Counter-Terrorism Financing regulations clarified to ensure they are fit for purpose, and do not undermine innovation. These recommendations are innovative and sensible in my view, and will assist Australia is becoming a blockchain leader if it fully embraces them — fingers crossed!
  2. CPS 511 (APRA): CPS 511, which comes into effect from 1 January 2023, is designed to strengthen remuneration practices across all APRA-regulated entities. It introduces heightened requirements on remuneration and accountability aimed at creating more balanced incentive structures, promoting financial resilience and supporting better outcomes for customers. (It needs to be linked with FAR, which it is currently not consistent with — but that is a whole other issue.) The final Prudential Practice Guide CPG 511 Remuneration has been released by APRA and sets out guidance and examples for: strengthening incentives for individuals to prudently manage the risks they are responsible for; implementing appropriate consequences for poor risk outcomes; and, improving oversight, transparency and accountability on remuneration. If you haven’t already, start thinking about CPS 511 implementation now as it is going to be a big one across 2022!
  3. Advice sector and compensation (AFCA): the draft Compensation Scheme of Last Resort (CSLR) legislation is coming out soon. It will facilitate the payment of limited compensation to eligible consumers who have received a determination for compensation from the AFCA which remains unpaid. The currently proposed scope of the CSLR treats complaints about losses arising from the sale, distribution and operation of managed investment schemes and financial products and the provision of financial advice differently. In response, AFCA intends to provide clarity to the advice sector and consumers on how it currently deals with and categorises these complaints. The tricky issue is determining which financial firm is responsible i.e. the issuer or the adviser (both of whom need an AFSL) for responding to a particular type of complaint and where the responsibility may lie for specific conduct. AFCA will be issuing an interim fact sheet and consulting with relevant stakeholders, including the financial advice industry, about a more formal approach document soon.
  4. AGMs and electronic executions (Treasury): whatever your politics, it is clear Treasurer Frydenberg’s Treasury is a hard working one! The Government has introduced into parliament the The Corporations Amendment (Meetings and Documents) Bill 2021 which will permanently allow companies to use technology to meet regulatory requirements under the legislationMore particularly, it will allow companies and registered schemes to hold virtual meetings, distribute meeting‑related materials and validly execute documents. These reforms build on recently renewed temporary relief, which will remain in place until 31 March 2022. A great development, now lets turn to electronic executions of documents!
  5. IAL (ASIC): ASIC has launched civil penalty proceedings in the Federal Court against Insurance Australia Limited (IAL), alleging that IAL engaged in misleading or deceptive conduct and made false or misleading representations to some NRMA Insurance customers by stating that customers were eligible for certain discounts on renewal of their home and motor insurance policies and then failing to apply those discounts. ASIC claims IAL increased the gross insurance premiums that would apply to those customers to ensure that their net premiums after the discounts did not fall below a certain level. As a result, the full discounts were not passed on to customers, and impacted NRMA Insurance renewals between March 2014 and November 2019 and affected at least 596,000 customers, in respect of 705,000 separate insurance policies, approximately 1,785,000 times. The affected customers did not receive promised discounts totaling around $60 million. A good case to watch, particularly as s. 12DA of the ASIC Act creates havoc for entities struggling under the new breach reporting regime…

Thought for the future: this month has been tricky navigating the new breach reporting regime —many more beaches are getting reported for ‘misleading & deceptive conduct’ and ‘material loss & damage (which is determined from the customers’ perspective). There is also a lot of confusion between ‘core’ and ‘deemed significant’ provisions, so this flow chart may assist AFSL and ACL holders navigating the new regime.