Australian regulators weekly wrap — Monday, 28 November 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. FAR (Parliament): an unedifying week in Parliament, as Labor agreed with the Greens last minute to include $1M fines for Accountable Persons in the FAR legislation without any consultations. Only the great lobbying work of Anna Bligh and the ABA caused the Government to rethink its deal with the Greens — the legislation has now been pulled from the Parliamentary agenda. It is bloody-minded and excessive, as are the fines for ancillary liability, given the principles-based breadth of the regime, lack of guidance/case law and regulatory hawkishness now. Pure politics, and bad policymaking which impacts people’s lives – both the Green and Labor should be ashamed of the debacle.
  2. ‘Earning’ crypto products (ASIC): ASIC has commenced civil penalty proceedings in the Federal Court against fintech company Block Earner alleging it provided unlicensed financial services in relation to its crypto-asset based products and that it operated an unregistered managed investment scheme. ASIC alleges that the Earner Product had ‘Terms of Use’ where the consumer, in acquiring, investing in or using the Earner Product, deposits or ‘lends’ money (‘lend’ being the expression used in the Terms) to Block Earner, and Block Earner undertakes to repay that money. Block Earner posed the question “How is fixed yield generated?’” on its website under ‘Frequently Asked Questions’ (FAQs). Block Earner initially answered by stating “Block Earner is able to generate returns by pooling customer funds and lending it to our trusted partners, who are all vetted in accordance with our risk policy, thereby receiving a favourable yield rate.” The Terms provided that by using the Earner Product, consumers ‘lend’ the crypto assets (into which their AUD has been converted) to Block Earner, in return for daily interest which was paid in the same crypto-asset ‘loaned’ to Block Earner. Critically, users also agreed to grant Block Earner all rights and title to those crypto assets, for Block Earner to use at its sole discretion during the term of the ‘loan’. That is, they had not control over the assets — they were in Block Earner’s control. The crypto currency industry is in a difficult position until further clarity on the regulatory framework is put forward. Until then, the outcome of this case (which is covered in more detail in our article here), will be signficant.
  3. Crypto assest reporting framework (OECD): the Organisation for Economic Co-operation and Development has published its report on the Crypto-Asset Reporting Framework (CARF) and Amendments to the Common Reporting Standard (CRS) after undertaking public consultation. The CARF has been developed as a global framework providing for the automatic exchange of tax information on transactions involving crypto assets. The new rules are very broad — they should capture more participants than are current held under CRS. The definition of Crypto-Assets targets those assets that can be held and transferred in a decentralised manner, without the intervention of traditional financial intermediaries, including certain stablecoins, derivatives issued in the form of a Crypto-Asset and certain non-fungible tokens. Entities or individuals that provide services effecting exchange transactions in Crypto-Assets as a business for or on behalf of customers would be considered “Reporting Crypto-Asset Service Providers” under the CARF, and need to report transactions and conduct due diligence on users under CARF (it is similar to FATCA / CRS in this regard). The start date is unknown — Treasury needs to implement these changes in legislation, and likely within 2023.
  4. Buy now, pay later (Treasury): BNPL products are not regulated under the Credit Act because they fall under the exemptions available to certain types of credit in the National Credit Code. Long the bete noir of consumer advocacy groups, who argue that BNPL’s exclusion from responsible lending obligations can lead to poor consumer outcomes, the Government has released an options paper seeking views on three broad options that aim to provide a regulatory foundation for BNPL. The three options are: 1) strengthening the BNPL Industry Code plus an affordability test; 2) limited BNPL regulation under the Credit Act, including licensing and scalable unsuitability test; 3) regulation of BNPL under the Credit Act. I suspect the middle road will be taken, but in any case it looks like there will be some form of credit checks which will apply to BNPL sector in the near future.
  5. Breach reporting (ASIC): ASIC has released a breach reporting API for submitting reports under the regime. The API provides a machine-to-machine interface solution to submit these notifications. The API will make it easier for high-volume users by removing the need to manually input information into ASIC’s form. You can read the specifications here, which I am excited about for personal reasons given the software we created for this purpose (see the Gadens breach manager here).

Thought for the future: “Laws are like sausages, it is better not to see them being made” Otto von Bismarck (1815–1898).

Australian regulators weekly wrap — Monday, 21 November 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Crypto custody (Treasury): Treasury has announced that there will be custody rules introduced for digital assets in 2023. The exclusive in this AFR article (link here), provides that Treasury will open consultations to safeguard crypto custody arrangements and regulate exchanges next year, following the current “token-mapping” consultation process. For more detail on what the custody arrangements are likely to look like, see our article here.
  2. Privacy (Parliament): the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 has passed Parliament. It increases the maximum penalties for serious or repeated privacy breaches from the current $2.22 million to whichever is the greater of: $50 million; three times the value of any benefit obtained through the misuse of information; or, 30 per cent of a company’s adjusted turnover in the relevant period. It also provides the Australian Information Commissioner with greater powers to resolve privacy breaches and quickly share information about data breaches to help protect customers. These quick fix changes come ahead of an overall of the Privacy Act next year, after the AG’s review.
  3. UCT (Parliament): the Treasury Laws Amendment (More Competition, Better Prices) Bill 2022 has passed Parliament. It amends the Competition and Consumer Act 2010 and Australian Securities and Investments Commission Act 2001 to establish a civil penalty regime prohibiting the use of, and reliance on, unfair contract terms in standard form contracts, and expands the class of contracts that are covered by the unfair contract terms. This is a big one — no longer will unfair contract terms be simply void, instead there will be penalties attached. Start reviewing those contracts now! (We have developed a comprehensive table to assist that review if it will assist — email me for a copy.)
  4. Federal corruption body (Parliament): the Albanese government’s national anti-corruption commission. A committee made up of politicians from several parties and both houses of parliament have been examining the proposal and on Thursday afternoon gave unanimous support for the bill. Labour is keen to push the legislation through, so the commission can commence operations mid way through 2022. Still no public hearings though — both major parties have held firm on that one!
  5. Blockchain stock market (ASX): the Australian Securities Exchange (ASX) has axed the blockchain-based system it had hoped would underpin its CHESS core system replacement, and will head back to the drawing board. The ASX has said that there are “there are significant technology, governance and delivery challenges that must be addressed”. It is a setback, as noted by ASIC which stated “ASX’s announcement marks a significant setback to the replacement of critical national infrastructure for Australia’s cash equity markets and now brings into sharp focus the longevity of the existing CHESS platform…ASX has failed to demonstrate appropriate control of the program to date, and this has undermined legitimate expectations that the ASX can deliver a world-class, contemporary financial market infrastructure”. It is a shame, and hopefully the sharp works from the regulators (and wasted $250M +) will encourage ASX to do better next time. We need a replacement for the aging CHESS system.

Thought for the future: Spring sitting of Parliament ends on 1 December 2022. Expect the Parliament to push through a number of big pieces of legislation before they break e.g. FAR, CSLR, etc.

Australian regulators weekly wrap — Monday, 14 November 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. FTX (regualtion): the digital assets world has been rocked by the liquidity run on FTX the week, the world’s second largest exchange, and the near buyout by Binance, the world’s largest exchange. While there are various reasons being put forward for the issues facing FTX, in a febrile environment part of the focus is on custody of client assets. As refresher for AFSL businesses, and those wishing to now emulate them: 1) firms must separate client money from their own by keeping it in a different bank account (known as a trust account and most often designated as a s981B or s1017E account). The bank account must be with an Australian bank, an approved foreign bank or a cash management trust; it is impermissible to mix client moneys (s. 1017E of the Act). Only specific types of money can be paid into the client money account, being client money — paid by the client, or on behalf of the client for the benefit of the client; 2) interest on the amount in the account (unless the issuer claims that money, after it is properly disclosed per r. 7.9.08A of the Corporations Regulations 2001 (Cth) — interest made on any investments made in accordance with the Act; 3) firms can invest some client moneys, though there are very specific rules around this which need to be satisfied. Most derivatives providers do this to hedge counterparty risk. Some AFS licensees obtain broad authorisations in their client agreements and product disclosure statements to make withdrawals from client money for any purpose, including as working capital and for proprietary trading; and 4) specific rules apply around when firms can move client money from the trust account and for what purpose (s 1017E(3) of the Act). There are also timeframes. You can read more in our article here, including the practical steps which digital asset firms can take to uplift their custody arrangements.
  2. Crypto scams (ASIC): ASIC has released a guide on how to spot crypto scams. Crypto scams fall into three broad categories, including: scams where you think you’re investing in a genuine asset but it’s a fake crypto exchange, website or app; fake crypto tokens (used to steal your crypto assets), and jobs trading crypto that look legitimate at first glance (but are really money laundering using crypto); or, scams that use crypto-assets to make a payment. It is in response to what ASIC and the ACCC says are a dramatic rise in scams, and advises investors to watch out for things like “The provider withholds investment earnings ‘for tax purposes’” or “The app you’re using or directed to isn’t listed on the Google Play Store or Apple Store”. You can read the helpful guide here.
  3. DDO (ASIC): ASIC deputy Chair Karen Chestor has given a speech amongst heightened DDO enforcement, stating that “Companies need to take a consumer-centric approach across a financial product’s lifecycle. Ultimately, this requires products to be designed and distributed with clear and contemporary consideration of the objectives, financial situation and needs of the consumers being targeted”. She also advised that ASIC’s regulatory focus has now shifted to compliance, and that it will initially focus on sectors at most risk of consumer harm. In this regarding ASIC has a number of targeted surveillances underway across sectors including BNPL, crypto products, credit cards, superannuation and managed investments. ASIC also expects firms to get their TMDs and product governance settings right and have robust and meaningful data to test and monitor these settings. Ms Chester said that firms must collect and understand data about the outcomes of their product distribution and who their products are getting to, and that ASIC will look closely at the way firms do this. Expect a lot more interim stop orders where TMDs do not align with PDSs, or product T&C’s, etc is my take from the speech.
  4. Mandatory disclosure (Climate change): the Investor Group on Climate Change has urged federal treasurer Jim Chalmers and the RBA to quickly mandate climate disclosures, to help companies and investors mitigate risks. The IGCC is an international set of investor networks that represent over two-thirds of Australia’s investment industry (about $100 Trillion). It wil also worth noting that the recent Australian Federal budget allocated $6.2m for Treasury and the Australian Accounting Standards Board to “develop and introduce climate reporting standards for large businesses and financial institutions”. Like many other developed countries around the world have already done, expect these changes to come into being during the next 2 years.
  5. Insurance (ASIC): ASIC has written to insurers warning they should be prepared, proactive, transparent, consumer-centric and responsive in dealing with claims as they face a summer that’s likely to continue the recent heightened pattern of severe weather events. The letter to directors says this summer is set for a continuation of La Nina conditions, with severe weather increasing in severity and frequency. Expectations include that insurers will have adequately resourced and trained teams of claims handlers, complaints managers, assessors and other service providers. In addition, insurers should inform consumers about their policy coverage, including exclusions or optional benefits, when they lodge a claim or make an inquiry, explain the process, provide realistic expectations about progress, facilitate communication between consumers, experts and tradespeople and provide regular updates. ASIC says that it expects insurers will review and refine response processes, continue to invest in systems to accurately record claims information and continue to invest in increased capacity and resources to deal with severe weather events.

Thought for the future: two regulatory design trends have dominated since the GFC — personal liability, and principles-based regulatory design. Both are well encapsulated in the Financial Accountability Regime, but you can also see the approach more broadly — like this past week when ASIC emphasized the focus on the prosecution of a responsible manager. Despite not having a framework of personal liability, this was a pretty clear message to the industry…

Australian regulators weekly wrap — Monday, 7 November 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. ASIC inquiry (Parliament): On 27 October 2022, the Parliamentary Joint Committee on Corporations and Financial Services began an inquiry into ASIC’s capacity and capability to respond to reports of alleged misconduct. The committee will call for written submissions in due course. The committee currently intends to table a report in both Houses of the Parliament by June 2024. The underpinning is some court losses ASIC has had, and the compensation scheme of last resort which one senator has stated “With AFCA’s significantly expanded mandate under the proposed compensation scheme, ASIC will be incentivised to undertake even less law enforcement. There will be a reduced incentive for ASIC to enforce the law as it will be able to lean on redress schemes for consumers where it fails to enforce the law”. A really bonehead move by the Senate. ASIC is SUPPOSED to lose cases — that is half of reason how you know they are taking the hard ones. The idea that ASIC has not been aggressive in the past 4 years strikes me as removed from reality…
  2. ASIC / crypto (ASIC): Annual forum for ASIC this week, and it has set out its views on crypto here. In essence, ASIC supports the development of an effective regulatory framework and greater regulatory clarity for this class of products; ASIC will also continue to take enforcement action to disrupt and deter harmful products already in our jurisdiction. ASIC is also working to disrupt scams involving crypto; and, ASIC is collaborating and cooperating with our domestic and international peers. Sometimes you learn more from what is not said that what is said. To be sure, ASIC is hobbled by a lack of regulation in this space, but irrespective of that it appears to me to view crypto wholly in threatening terms which is perspective I think needs to shift.
  3. Sportsbet (AUSTRAC): AUSTRAC has ordered the appointment of external auditors under section 162 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 to assess compliance of two corporate bookmakers, Sportsbet and Bet365. The external auditors must report to AUSTRAC within 180 days of being appointed and will examine Sportsbet’s and Bet365’s compliance with: adopting and maintaining an AML/CTF program that has risk-based systems and controls in place to effectively identify, mitigate and manage money laundering and terrorism financing risks; undertaking an appropriate ML/TF Risk Assessment that considers the risk posed by their customer types, the types of designated services they provide and the methods by which they deliver those designated services; ensuring Sportsbet and Bet365 have a framework through which their Boards and senior management have ongoing oversight of their Part A Programs; and, appropriately monitoring their customers with a view to identifying, mitigating and managing the risk they may reasonably face that the provision of designated services may involve or facilitate money laundering or the financing of terrorism. It is part of AUSTRAC’s broader focus on the gambling industry, which doesn’t look like it will end anytime soon (as shown by its recent investigation into Entain).
  4. Crypto legislation (Parliament): Senator Bragg’s draft Australian legislation on crypto licensing is right in theory i.e. digital assets need regulation to thrive, though needs some drafting surgery in practice to make it more effective. Something more… EU or US like, with a UK jurisprudential underpinning? As Picasso said, ‘Good artists copy, great artists steal’ and we should merrily steal as much as possible from our clever Northern cousins. You can read our short submission on the draft legislation, which has far too broad a definition of digital assets, leaves too much of the heavy lifting to future regulations and doesn’t have sufficient incidental benefits for the Web3 community here.
  5. Greenwashing (ASIC): ASIC has taken its first action for ‘greenwashing’ against listed energy company Tlou Energy Limited. ASIC issues infringement notices in relation to statements and images contained in two ASX announcements made by Tlou which claimed that: electricity produced by Tlou would be carbon neutral; Tlou had environmental approval and the capability to generate certain quantities of electricity from solar power; Tlou’s gas-to-power project would be ‘low emissions’; and. Tlou was equally concerned with producing ‘clean energy’ through the use of renewable sources as it was with developing its gas-to-power project. ASIC considered that Thou either did not have a reasonable basis to make the representations, or that the representations were factually incorrect. The notices are here.

Thought for the future: Crypto exchange Coinbase has petitioned a federal court for permission to file an amicus brief in the ongoing lawsuit between the U.S. Securities and Exchange Commission and Ripple Labs. The SEC sued Ripple at the end of 2020 on allegations it sold XRP as an unregistered security. The exchange highlighted whether the SEC provided “fair notice” prior to bringing its enforcement action, adopting the position that the regulator has not provided clear guidance to businesses in the process. An issue in not just the US, but also in Australia I think…

Australian regulators weekly wrap — Monday, 31 October 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Financial Accountability Regime (Parliament): as expected, the Senate Committee examining the reintroduced FAR bill has give it the tick of approval, stating “..The committee is of the view that accountability measures, such as the existence of banning powers and deferred remuneration arrangements, will complement existing penalties for entities and accountable persons contained in the Corporations Act. On balance, the committee believes that such measures will effectively guide behaviour and are the final step of implementing the recommendations made by Commissioner Hayne.” Expect it to be passed in its current form, in the Spring sitting, which ends on 1 December 2022. There are still many outstanding issues with the design of the bill, but thank God it was not made worse through the lobbying of the Greens who called it “all carrot, no stick”. Ridiculous.
  2. Breach reporting (ASIC): ASIC has released its much anticipated report on the first year of the new enhanced breach reporting regime. Key stats are as follows: 1) 8,829 initial reports and 2,530 updates were submitted; 2) 6% of the licensee population lodged reports. This is “significantly lower” than expected, and ASIC will be undertaking a range of activities to strengthen compliance with the regime e.g. enforcement; 3) 74% of all reports were lodged by just 23 licensees. These were generally larger licensees; 4) 38% of reports were about credit product lines, followed by general insurance (19%) and deposit taking (10%). 34% of reports were about issues of false or misleading statements about a product, regarding service information or in warning statements, followed by lending (21%), general licensee obligations (19%) and fees and costs (14%). 60% of reports specified a root cause of staff negligence or error, followed by policy breaches. A deeply interestingly read, and one which will no doubt herald ASIC’s great focus in this area, much as it is doing with TMDs now…
  3. Misleading & deceptive conduct / crypto (ASIC): ASIC has commenced civil penalty proceedings in the Federal Court against BPS Financial Pty Ltd (BPS) for allegedly making false, misleading or deceptive representations and engaging in unlicensed conduct in relation to a non-cash payment facility involving a crypto-asset token called Qoin (Qoin). BPS allegedly made false, misleading or deceptive representations in marketing the Qoin token, including through the following statements: consumers who purchased Qoin tokens could be confident that they will be able to exchange them for other crypto-assets or fiat currency; Qoin tokens can be used to purchase goods and services from an increasing number of merchants; the Qoin Facility and/or the Qoin wallet application used to transact Qoin tokens are regulated, registered and/or approved in Australia, and the Qoin Facility and/or BPS are compliant with financial services laws. ASIC alleges that Qoin merchant numbers were declining, however, more importantly in the words of ASIC Deputy Chair Sarah Court “…ASIC is particularly concerned about the alleged misrepresentation that the Qoin Facility is regulated in Australia, as we believe the more than 79,000 individuals and entities who have been issued with the Qoin Facility may have believed that it was compliant with financial services laws, when ASIC considers it was not”. Of course, whether or not that is the case depends on whether the Qoin token was an non cash payment facility. An NCP is a payment not made through the physical delivery of Australian or foreign currency, and is classed as a ‘financial product’ requiring an AFSL. Examples of NCP facilities include stored value cards, electronic cash and direct debit services. ASIC has only released its Originating Process, which does not give an indication of the facts it will rely on to state that Qoin is a NCP (we will have to wait for the affidavit material for that!). The industry will need to wait to see ASIC’s analysis, though presumably it rests on the fact that the design of the Qoin token provides rights to use the asset to make payments at merchants and/exchange for fiat currency. It is an uncomfortable action, and you can read our greater analysis why here.
  4. Privacy laws (Parliament): the Government has introduced legislation (the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022) that will significantly increase maximum penalties under the Privacy Act. A serious or repeated breach of the Australian Privacy Principles could attract a maximum penalty of $2.5 million for individuals or for body corporates an amount equal to the greater of: $50 million (a massive increase over the current maximum of $2.22 million); three times the value of the benefits obtained from the breach; or, if the court cannot determine the total value of those benefits, 30% of adjusted turnover in Australia during the ‘breach turnover period’ (being the longer of 12 months prior to the breach or the period over which the breach occurred). The Government also proposes to introduce new powers for OAIC to obtain information relating to actual or suspected data breaches, so that it can properly assess the particular risks posed by such breaches; allow the OAIC to require organisations to engage an independent adviser to review privacy acts or practices of the organisation and then report to OAIC and/or to publish a statement about a privacy breach and the steps being taken to ensure that it does not happen again; and give the OAIC power to issue infringement notices to persons who refuse to answer a question or produce a document when required under the Act. Expect more funding to flow to the OAIC as well, turning a previously weak regulator into a much stronger one with a hawkish mandate in the wake of the Optus / Medibank hacks.
  5. Privacy (AICD): the Australian Institute of Company Directors and the Cyber Security Cooperative Research Centre has produced Cyber Security Governance Principles addressed to directors to oversee cybersecurity risk and promote a culture of cyber security resilience. My top read for the weeks, it is a really helpful resource which covers governance, regulatory obligations and policies and procedures. Well worth a read!

Thought for the week: the US, EU, UK and Australia are currently struggling with the definition of crypto assets, and what should and should not fall within the definition. This is super important, as it then sets the level of regulation over the industry i.e. whether they are regulated at all, as financial products / securities or something in between. Australia’s only legislation, Sen. Bragg’s private members’ bill, which ends its consultation shortly, has a very broad definition. That legislative breadth, if passed, has real-world competitive impositions. A finer scalpel is needed…

Australian regulators weekly wrap — Monday, 24 October 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Crypto stop orders (ASIC): ASIC has just issued an interim stop order on Holon (its tenth to date), which offers various crypto funds to retail investors, on the basis that it thinks that Holon has not appropriately considered the features and risks of the funds in determining their target markets. Holon cannot issue interests in, give a PDS for or provide general advice to retail clients recommending investments in its crypto funds. Each of Holon’s funds are invested in an individual crypto-asset — bitcoin, ether and filecoin. ASIC has said that “Crypto-assets are highly volatile and complex, making concentrated investments in individual crypto-assets very risky and speculative. Investors are likely to experience significant price volatility and deep negative returns in periods of asset price decline.” In its PDSs, Holon has disclosed the risk that assets in the Funds could face a total loss of value. However, ASIC does not consider that the PDS with its risk factors matches the target market. This includes investors with a potentially medium, high or very high risk and return profile who are intending to use the fund as a satellite component (up to 25%) of their investment portfolio; and those intending to use the fund as a solution/standalone component (75–100%) of their investment portfolio. Two difficulties arise here. The first, is that this is arguably a finer line of judgment ASIC is exercising than in previous interim stop orders. Second, unlike derivatives, equities, bonds and other financial products, there is not the same level of information to test for fund managers e.g. PDSs. I don’t much like this one — I think ASIC has overstepped, and you can read more in our article here.
  2. Key legislation (Parliament): the Senate Economics Legislation Committee has requested an extension for its report to 24 October 2022 for the following items of legislation: Financial Accountability Regime Bill 2022Financial Sector Reform Bill 2022Financial Services Compensation Scheme of Last Resort Levy Bill 2022; and, Financial Services Compensation Scheme of Last Resort Levy (Collection) Bill 2022. Expect them to get approval, and be passed by 1 December 2022 i.e. end of Spring sitting.
  3. Annual review (AFCA): AFCA has released its annual report for FY 21–22. Key statistics are: 72,358 complaints received. Up 3% on 2020–21; 71,152 complaints closed. Down 4% on 2020–21; the average time to close a complaint was 72 days; 17,826 open cases. Up 9% on 2020–21; $207,733,327 in compensation was provided to consumers through AFCA’s dispute resolution processes. Most interestingly to me, AFCA stated that its investigation into systemic issues resulted in payments of more than $18M. One I have seen in practice increasingly…
  4. Scams (ASIC): ASIC is alerting investors about a suspicious website, appasiccoin.org, using crypto to scam Australians. The operators of the website mislead investors by claiming its investments are endorsed by ASIC. The operators also do not have an Australian financial services licence. You can see the website here — it is safe to click on (though obviously don’t invest!) — and I think it is a great call out by ASIC. Which has me thinking. ASIC should create a list of scam websites like the UK FCA does, which can be checked at any time. You can see the FCA’s list here, which is a great permanent tool I used to use all the time.
  5. Financial crime academy (AUSTRAC): Commonwealth Bank of Australia and Griffith University have established an academy to focus on financial crime, which has been applauded by AUSTRAC. The Academy will offer financial crime investigation and compliance programs. Combatting financial crime is a growing specialisation, and one which is impacted by a shortage of skilled workers in Australia; Griffith has always been a leader in financial crime research and practical subjects, so it is great development for our industry.

Thought for the future: I do feel somewhat sorry for Kim Kardashian getting a US $1.3M fine for promoting a crypto token, EthereumMax, outside securities laws (which require disclosure of the sum paid to promote the security). That token is a security over in the US, but bitcoin is not according to the US SEC. A bit like here where a derivative or MIS product is a financial product, but other cryptocurrencies are not… for now. Hopefully we can get some clarity soon, once the Albanese Government finishes its token mapping project (the Bragg bill is not our answer, for anyone wondering).

Australian regulators weekly wrap — Monday, 17 October 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. FAR and breach reporting (ASIC): I attended the Credit Law Conference earlier in the week, where ASIC Commissioner Sean Hughes provided an update on the Financial Accountability Regime (FAR) and breach reporting. My key notes are: the Financial Accountability Regime Bill 2022 has bipartisan support. Final reading expected after October 2022; the Commissioner indicated that there would be a focus on driving operating culture and standards of accountability; ASIC/APRA are looking to adopt a ‘one touch’ approach on enforcement and supervision; there is a portal being built for uploading documents and reporting, among and other relevant functions. Otherwise, on the breach reporting front, ASIC has been surprised that some entities do not appear to be reporting any breaches. A report on breach reporting statistics is anticipated within the next fortnight but will not be naming names. You can read in full the Commissioner’s speech here.
  2. Data breaches (Parliament): in the wake of the Optus hacking scandal, the Telecommunications Regulations 2021 will be amended to allow telecommunications companies to better coordinate with financial institutions, the Commonwealth, and states and territories, to detect and mitigate the risks of cyber security incidents, frauds, scams and other malicious cyber activities. The amendments will enable telecommunications companies to temporarily share approved government identifier information (such as drivers licence, Medicare and passport numbers of affected customers) with regulated financial services entities to allow them to implement enhanced monitoring and safeguards for customers affected by the data breach. Telecommunications companies will also be able to share identifiers to assist Commonwealth, and state and territory agencies, to detect and assist in preventing fraud. The proposed changes will also allow for increased fraud detection in the broader financial services sector through existing industry mechanisms to report fraudulent transactions, such as fraud information exchanges.
  3. Internet sweeps (ACCC): the webpage sweeps for breaches of the law are increasing — I see quite a number of them from ASIC where they have detected potentially unlicensed activity. The ACC does the same, and has announced it will launch two internet sweeps to identify misleading environmental and sustainability marketing claims and fake or misleading online business reviews. At least 200 company websites will be reviewed in the sweep for misleading environmental claims across a range of targeted sectors including energy, vehicles, household products and appliances, food and drink packaging, cosmetics, clothing and footwear. At the same time, the ACCC will conduct a separate internet sweep of about 100 businesses targeting fake or misleading online reviews and testimonials. The ACCC will publish the findings of the sweeps once they are collated and analysed, and I for one am very interested — these internet sweeps represent an increasing part of the future of financial services regulation.
  4. ASIC Annual Report (ASIC): ASIC has released its annual report for 2021–22. Not too much in here that we didn’t already know e.g. increased enforcement and investment, thought a useful summary of the changes ASIC is bedding down from last year. These include: design and distribution obligations; the new breach reporting regime; the hawking prohibition; and, the deferred sales model aimed at improving consumer outcomes in the add-on insurance market. The report also restates ASIC’s plans for the next period, including focusing on greenwashing claims, crypto investment scams, and an intensified focus on the superannuation industry.
  5. RACQ (APRA): APRA has required RACQ Insurance and RACQ Bank to develop and implement a comprehensive, APRA-approved, risk transformation program. It comes after APRA identified significant weaknesses in RACQ’s risk governance during a prudential review undertaken this year, including around risk and compliance framework and practices, capability and capacity challenges within the risk functions, unclear accountabilities and an immature risk culture. Interestingly, RACQ is required to engage a third party to provide independent assurance over the delivery of the risk transformation program and provide periodic reporting to APRA, and assign accountability under the BEAR for successful delivery of the risk transformation program to an appropriate, named executive.

Thought for the future: I understand why APRA has brought RACQ’s remediation program under BEAR. Obviously, this places personal liability for the success of the remediation project on that person, so is quite a big deal and not something we have seen from APRA before in terms of utilising the BEAR regime…

Australian regulators weekly wrap — Monday, 10 October 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Crypto report (Parliament): I have now spent a bit of time on the new crypto bill. By way of reminder, on 19 September 2022, Senator Andrew Bragg released a draft private member’s bill, entitled the Digital Assets (Market Regulation) Bill 2022 (Bill). Under the Bill, a licence is required to carry out the following activities in Australia: operate a digital asset exchange; provide a digital asset custody service; or, issue stablecoins. For the protection of national security and in the interests of transparency, the Bill imposes a reporting requirement on banks facilitating the e-Yuan. The Bill takes place against the Token Mapping exercise the Government is engaged in, and the RBA’s CBDC pilot. My unstructured thoughts are set out below: 1) It will certainly serve the aim of increasing the pressure on the Albanese Government, who are focusing their energies on token mapping when really Australian crypto businesses need clear rules. As a country we’re losing ground to the US, UK and Singapore while we’re dithering. Legal purists and academics love token mapping, but industry just needs certainty. Now. 2) That said, it is a poorly drafted bill for a number of reasons: a) first, it leaves too much of the heavy lifting to future regulations which would be left to Treasury or ASIC. There is always a balance between principles-based rules and prescriptive ones — this bill is so principles-based, however, it is difficult to extract much meaning from beyond the fact that multiple new licences will be required; 2) second, there are a number of confusing factors (e.g. will the definition of “Digital Assets Exchange” capture crypto brokers who have different business models and requirements)? That is unclear. Does it capture NFTs? It seems so, and this is very different to financial markets (and shouldn’t be regulated as such). That is because the definition of “digital asset” is broad and differs to the Treasury proposed definition for the CASSPr regime by removing concepts relating to the ownership of assets being substantially affected by cryptographic proof. 3) third, there are fundamental structural issues raised during the past consultation which have not been addressed (e.g. a brand-new licence which essentially mutates the existing AFSL). Why not modify the existing one, being a known commodity? Also, what does the “fair, orderly and transparent operation” of digital asset exchanges even mean? These are crypto assets — we are not talking about the ASX here… 4) fourth, Bragg has taken from the US Lummis/Gillibrand bill. Interestingly, over in the US, if Lummis-Gillibrand becomes law, all stablecoin tokens in circulation (in the US) must be 100% backed by US dollars, US government debt or other assets that fall in the same category. Bragg proposes that our stablecoins can be backed by Aussie dollars or another foreign currency. Also similar is the fact that, stablecoin issuers will have to meet capital adequacy requirements while also ensuring that stablecoin holders can always exchange their coins for an equivalent cash amount. This keeps the door open for banks and other financial institutions to produce and use stablecoins for payments; 5) fifth, there is an equivalence section for operators who hold foreign licences. We can probably expect to see regulatory arbitrage here, as there is obviously an advantage to setting up in jurisdictions with lower thresholds to entry e.g. lower capital requirements. This is not uncommon as is in some sectors. How this will work for custody service providers, who also need a licence, is very unclear under the legislation. Many current crypto operators have custody in the US or other parts of the world. Will they need to set up operations in Australia to continue to service our jurisdiction? What does custody even mean in this context? Is crypto data or property — we haven’t said yet, but other jurisdictions such as the UK have put in the hard yards. In summary, it is a political bill which is designed to advance the discussions around crypto regulation — which is a good thing, while the Albanese Government is myopically focusing on token mapping — but a poor piece of policymaking which a critical industry deserves better on. The legislation will be difficult and expensive for the industry to absorb by virtue of the multiple new licensing requirements, capital requirements, and very broad undefined principles-based elements. It is a blunt trauma instrument, when we need a scalpel to separate the good from the bad operators and encourage the fledgling industry against its global competition. My preference in the coming period would be for there to be enough constructive engagement with all of the industry to identify the aspects of their models that are clearly in need of an uplift, give them time to get that uplift right, without negatively affecting them during a recession.
  2. Debanking (Treasury): Council of Financial Regulators’ released a paper on potential policy responses to address the problem of de‑banking in Australia. The Treasury is now considering the following proposals made by them: 1. collect de-banking data; 2. introduce transparency and fairness measures i.e. there is little opportunity for businesses and individuals to seek review of the banks’ decisions; 3. advise the major banks of the Government’s expectation that they provide guidance on their risk tolerance and requirements to the affected sectors ; 4. consider funding capability uplift within the affected sectors — targeted guidance, outreach and education by AUSTRAC and other agencies on regulatory compliance should help uplift the compliance processes of businesses in the affected sectors, particularly small enterprises. All well and good, but one key way to reduce the serious impact of debanking is to push forward with the RBA’s CBDC projects. See here.
  3. Misleading & deceptive conduct (ASIC): ASIC has launched legal action against Latitude Finance Australia and Harvey Norman Holdings Ltd over the promotion of interest free payment methods. From January 2020 to August 2021, advertisements promoting ‘no deposit’, ‘interest free’ payment methods over a specified term for purchases at Harvey Norman were allegedly misleading because: 1) they did not disclose that consumers could only use the interest free payment method if they applied for and used a Latitude GO Mastercard; and 2) they failed to adequately disclose establishment fees and monthly account service fees. A interesting development, and one sure to be watched closely — fees are not interest in my view, and it is fine to conditionally advertise i.e. interest free only if certain conditions are met. I do understand where ASIC is coming from though, as while the advertisement may be technically correct the surrounding context may make it misleading. In Australian Competition and Consumer Commission v TPG Internet Pty Ltd, the Court clarified that the central question is whether the impugned conduct, viewed as a whole, has a sufficient tendency to lead a person exposed to the conduct into error (that is, will they form an erroneous assumption or conclusion about the matter). As additional guidance, and because is such an important topic, from my readings the Courts have also indicated that: (a) conduct is likely to mislead or deceive if there is a real/not remote chance or possibility of it doing so;(b) it is not necessary to prove an intention to mislead or deceive; (c) it is unnecessary to prove that the conduct in question actually deceived or mislead anyone; (d) it is not sufficient if the conduct merely caused confusion though ; and (e) if the conduct in question is directed to the public (or a section of the public), the Court will consider the likely effect on an ordinary and reasonable person in the relevant class to whom the conduct is directed. So ASIC has some very broad grounds to play within here, in conducting its action…
  4. Insolvency laws (Treasury): the Parliamentary Joint Committee on Corporations and Financial Services began an inquiry into corporate insolvency in Australia. The terms of reference is quite broad, covering everything from how recent reforms are going, to the impact of COVID-19 to whether we need to change unfair preference laws. A lot of tinkering with the insolvency laws in recent years, which is wholly unsurprisingly given the economic circumstances caused by COVID-19. Expect things to swing more in debtors’ favour as a recession looms..
  5. Outsourcing (APRA): APRA has released a paper on how super trustees can improve management of outsourcing arrangement. APRA’s review, conducted between February 2019 and October 2021, involved an in-depth review of the management of outsourcing arrangements across a sample of 10 retail superannuation trustees. APRA’s key observations focus on three areas: 1) trustees’ assessment of service providers’ value-for-money. APRA found that some trustees had scoped their benchmarking activities too narrowly, and consequently missed the opportunity to understand, challenge and improve the value to members obtained from certain outsourcing arrangements. A common pitfall APRA observed was for benchmarking exercises to focus on justifying existing costs and service standards, rather than seeking to challenge the status quo; 2) trustees’ measurement and monitoring of service providers’ performance. ASIC found that the best examples of this area had detailed reporting e.g. regular/timely/reliable, access insights via discussion e.g. insightful, succinct commentary and robust governance processes e.g. monitoring and oversight; and 3) trustees’ oversight of service providers. APRA noticed that most value is gained when the trustee office can effectively challenge and influence the trustee’s service providers. This relies on the office having an appropriate mandate and the necessary skills and capability.

Thought for the future: as part of the FCA’s Consumer Investments Strategy the FCA have said that they want to establish a simplified advice regime for mainstream stocks and shares ISAs where the risks to consumers are relatively low. The same should be done in Australia, where we are suffering from a financial industry decimated in the wake of the Royal Commission. Personal advice needs to be broken down further…

Australian regulators weekly wrap — Monday, 3 October 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Remediation plan (ASIC): ASIC has released its new remediation guidance, RG 277. Mandatory reading for anyone who deals with breach reporting, and fixing the problems that arise up, RG 277: clarifies nine principles for conducting a remediation, which will help licensees comply with their obligations and conduct remediations efficiently, honestly and fairly e.g. “give consumers the benefit of the doubt, and minimise the risk of under-compensation”; provides 28 examples to assist in the practical application of the guide; introduces guidance on the use of assumptions; introduces updated product specific guidance on possible monetary and non-monetary remedies; updates guidance on the use of a low value compensation threshold and payment channels; and, introduces guidance on what to do if a consumer cannot be contacted or paid. I think it is a really useful guidance from ASIC, and will assist in structuring robust remediation plans — expect ASIC to judge any that are put before it against this guide!
  2. CBDC (RBA): the Reserve Bank is collaborating with the Digital Finance Cooperative Research Centre on a research project to explore use cases for a central bank digital currency (CBDC) in Australia. You can read the white paper here. The project will also be an opportunity to further understanding of some of the technological, legal and regulatory considerations associated with a CBDC. I am very excited about the potential for CBDCs, given the proportion of the world which is excluded from the financial services system — CBDCs can overcome that inequality by allowing central banks to transact with consumers directly through their crypto wallets. They can also vastly decrease the cost of the payments system, deal a serious blow to the black economy and assist in innovative capital raising and financing projects. It is an excellent initiative for the RBA. For more detail, see my slides from a conference earlier this month exploring CBDC use for pacific island nations, or this article in The Chainsaw here.
  3. TMDs (ASIC): ASIC has made an interim stop order preventing Australasian Property Investments Limited from offering or distributing the APIL Essential Retail Income Fund to retail investors because of a non-compliant target market determination. The Fund is invested in two shopping centres and is currently raising money to purchase a third shopping centre. The Fund borrows money to support its investment activities and investors in the Fund cannot withdraw their money until April 2029. The target market for the Fund includes investors: looking to invest in commercial properties with the prospect of capital growth and a secure income stream; who are ‘cash rich’ entities or retirees looking for a long-term capital investment along with a monthly return; with a ‘buy and hold’ strategy and do not require immediate access to capital; and, with a need for preservation of capital that accrues capital gains/losses over the lifespan of the investment. ASIC felt that the PDS did not match up with the TMD in the circumstances. While not the first, what interests me is the efficient regulatory strategy of comparing PDSs to TMDs and issuing stop orders where there is sufficient difference. For many organisations which potentially rushed their TMD design heading into 1 October 2021, now is the time to revisit them….
  4. ASIC funding (Treasury): on 8 August 2022, the Government announced a review of the ASIC Industry Funding Model and issued a Terms of Reference to guide the Review. It has released a Discussion Paper to seek stakeholder views on options, examples of potential changes and questions that are designed to examine and address a range of issues set out in the Review’s Terms of Reference. The paper is treacherously dull, though table 2 on page 11 contains a great breakdown of ASIC’s budget and how it is allocating the same. The quantum is increasing faster than inflation — despite the number of entities it regulates decreasing — and a great portion of its budget is going to enforcement (now at a third of all costs!).
  5. Economic Crime (UK): the UK government has published its Economic Crime and Corporate Transparency Bill. The bill follows on from the Economic Crime (Transparency and Enforcement) Act, which was passed earlier this year. The first legislation: allowed the government to move faster when imposing sanctions; created a register of overseas entities (ROE) to target foreign criminals using UK property to launder money; reformed the UK’s unexplained wealth order regime. The new legislation will aim to deliver: reforms to Companies House; reforms to prevent the abuse of limited partnerships; additional powers to seize and recover suspected criminal cryptoassets; reforms to give businesses more confidence to share information to tackle money laundering and other economic crime; and, new intelligence gathering powers for law enforcement and removal of burdens on business. On the AML/CTF front — which costs the UK economy about 100B a year — it increases the power of Companies House to make it a more effective gatekeeper, including new powers to check, remove, or decline information submitted to the register. This includes introducing additional identity verification measures to make it clear who is setting up, managing, and controlling corporate entities. The bill also grants Companies House greater investigation and enforcement powers, including cross-checking and sharing data with other public and private sector bodies and law enforcement.

Thought for the future: I think the UK is just such a sophisticated regulatory environment — the reforms this week show it. Operating a company, with all the rights and responsibilities that accrue e.g. limited liability, is a privilege. There should be basic AML / CTF checks conducted to ensure that privilege is not being abused.

Australian regulators weekly wrap — Monday, 26 September 2022

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

  1. Licensing update (ASIC): I attended an ASIC licensing update earlier in the week, and it was fascinating! My notes are in my weekly newsletter, which you can access here (reach out to me if you wish to be on the emailing list). The resourcing, consistency and strategy of the division was discussed, together with other matters. Here is what I found most interesting. Predictably, an issue that arises in licensing when RMs go for multiple roles they must prove they have competence all over again. ASIC is aware of this, and the fact that ASIC holds data over multiple storage areas within in the organisation on individuals. ASIC plan to use AI to aggregate data on individuals to accelerate the process each time an RM or Director needs to be approved, i.e. the information will be pre-populated. This is obviously convenient and logical. Here is the interesting part — the aggregated data on individuals, across all of ASIC’s divisions (eventually), will also be used to assess FAR Accountable Persons. This is something that occurs in the UK where the approved persons regime and senior managers regime, which govern individual accountability and regulation, have been in place a lot longer. It is different for Australians, however…
  2. ‘Best interest’ duty (Court): The Federal Court has imposed a $7.2 million penalty on Dixon Advisory for advice failures. The Court found that on 53 occasions between October 2015 and May 2019, Dixon Advisory was the responsible licensee of six representatives who did not act in the ‘best interests’ of eight clients when they advised these clients to acquire, roll-over or retain interests in the US Masters Residential Property Fund related products. Those representatives did not conduct a reasonable investigation of the clients’ circumstances before providing the advice. In some cases, this inappropriate advice resulted in the client’s self-managed superannuation fund being insufficiently diversified and exposed to risk of capital loss. The Court held: ‘There is no evidence that the (Dixon Advisory) representatives conducted the necessary reasonable investigations into the recommended financial products or any alternative financial products, nor is there evidence that they considered the personal circumstances of the clients.’ A useful case in setting out the benchmark for personal advice duties, the judgment is here.
  3. Superannuation (ASIC): ASIC Commissioner Danielle Press gave a speech to the AIST Conference of Major Superannuation Funds stating that there are three key areas for super funds to be focused on now. 1) capture and harness the data in the super system to better understand the financial future of Australians; 2) how to respond to consumer harms should they emerge, including identifying breaches of the law, internal-dispute resolution mechanisms and improving remediation practices; and 3) trustees’ obligations relating to market integrity. A useful speech, with a sting in the tail at the end. Ms Press stated that “Earlier I said that our principal expectation of super funds remained the same. The other constant — now and over the next five years and beyond — is our willingness to take enforcement action where funds fall foul of the law…I strongly encourage trustees to engage in open and transparent dialogue with ASIC — if there are serious concerns and a civil penalty action against the trustee, this may be taken into consideration by Courts.”
  4. Entain group (AUSTRAC): AUSTRAC has commenced an enforcement investigation into Entain Group, following an extensive supervisory campaign that assessed entities within the corporate bookmakers sector. The investigation will focus on whether Entain has complied with its obligations under the AML/CTF Act, and AUSTRAC’s stated aim is that other corporate bookmakers sector take notice. It is a little odd to me, announcing an investigation, as opposed to a finding. What happens if AUSTRAC finds nothing, but the company has suffered from the bad press in the interim? More interestingly, as a matter of human nature, is there more pressure to find something once you have publicly made the statement?
  5. M&D (ASIC): not so much a regulatory update as a reminder just how serious ASIC takes being told the truth under s.1308(3) of the Corporations Act 2001 (Cth). ASIC alleged that on 12 May 2020, Mr De Oliveira made a false statement on a form lodged with ASIC to voluntarily deregister Shiera Wellbeing Centre. ASIC alleged that Mr De Oliveira falsely declared in the form that Shiera Wellbeing Centre had no outstanding debts, when in fact Shiera Wellbeing Centre had an outstanding debt following an order made by the Queensland Civil and Administrative Tribunal. She was convicted and fined this month.

Thought for the future: A cryptocurrency mixer known as Tornado Cash was sanctioned by the US in August 2022. Tornado Cash is an open-sourced self-executing protocol, which makes it the first time a piece of software rather than a legal entity has been sanctioned. There are a host of legal questions and unintended consequences with this approach, but it is notable for the major development it represents!