Australia | Publication | October 2022
This article was co-authored with Rex Lee, Marc Kopelowitz, Ella Crowley-Burrows and Joel McKay.
September saw a variety of regulatory changes from ASIC, APRA, AUSTRAC and ACCC in the financial services sector. Meanwhile, ASIC conducted a review into claims made by funds in their marketing material, finding that many did not adequately explain the risk profile of the investment. ASIC also exempted insurers from releasing a cash settlement fact sheet in circumstances of family violence and published the updated remediation advice and its annual licensing report.
September also saw APRA release its plan to ‘modernising the prudential architecture’ which involve opening its consultation period for updating advice on financial and resolution planning. APRA also released its general insurance statistics for the first half of 2022 and updated capital and reporting frameworks following the release of a new Australian Accounting Standard. An updated money laundering and terrorism financing risk assessment on the superannuation sector was also published by AUSTRAC in late-September. The end of the month was dominated by the news of the Optus customer data breach, with APRA and the federal government both responding. The ACCC signalled that it was targeting greenwashing, both in relation to financial products and other consumer products and services.
ASIC’s ongoing surveillance into statements made by managed funds in their marketing materials about their performance and risks has revealed that many include inadequate disclaimers and downplay risks associated with investment.
ASIC communicated concerns to 18 funds which collectively manage $1.4 billion and have noted that the thirteen responsible entities have voluntarily amended or arranged for the amendment of their marketing materials as a result.
ASIC’s Deputy Chair Karen Chester said, “ASIC’s surveillance into marketing of fund performance and risk is ongoing. Where we find poor conduct, we will take prompt action to protect consumers and hold responsible entities, trustees and investment managers to account. We will deploy a range of regulatory interventions, from our recent use of stop orders through to court action where warranted.”
The full media release can be viewed here.
On 26 September 2022, the Federal Government released draft legislation to implement an expanded Consumer Data Right, which would introduce a new channel for consumers to authorise businesses to act on their behalf and initiate actions. The draft legislation draws on the influence of other jurisdictions, such as the United Kingdom, which have successfully implemented similar data regimes.
If passed, the legislation will establish a new consumer data framework which will apply to businesses. We anticipate this will have significant implications for fintech firms and other banking institutions who currently utilise digital finance platforms.
As it stands now, the Consumer Data Right regime operates as an opt-in data sharing service where consumers are able to choose whether to share their data with businesses and are afforded full transparency over who their data is being shared with and the purposes for sharing it. The current Consumer Data Right regime is currently in the process of being rolled out on a sector-by-sector basis. The draft legislation proposes to expand the scheme to allow consumers to instruct third parties to initiate actions based on the insights they receive.
The draft legislation will allow consumers to instruct third parties to:
Treasury has begun its consultation on the exposure draft legislation, which will close on 24 October 2022.
For more information about this announcement, see here.
On 27 September 2022, ASIC published Regulatory Guide 277 Consumer Remediation (RG 277) on 27 September 2022. ASIC has overseen $5.6 billion in remediation for approximately 7 million consumers since 2016, with estimated $1.6 billion still owing to over 2.5 million consumers for failures identified across the financial system.
ASIC Deputy Chair Karen Chester said:
‘The release of our expanded guidance, along with the updated Making it right field guide, delivers licensees all they need to achieve the right remediation outcomes on their own. It explicitly allows the use of assumptions, to help firms address knowledge gaps and accelerate remediation programs in a way that does not disadvantage consumers... the common stumbling block we have seen across remediations is underinvestment in systems. This underinvestment has led to a trifecta of failures. First and foremost, in delivering on promises to consumers, second in identifying the failures and third in being able to remediate consumer loss in a timely way’
RG 277 applies to both AFSL holders and Australian credit licensees and is underpinned by a licensee’s legal obligation to operate efficiently, honestly and fairly. It also embodies ASIC’s practical experience from monitoring remediations. RG 277 was also made in response to requests from the industry for clear guidance on addressing remediations.
In addition to RG 277, ASIC has also released a best practice guide entitled ‘making it right: how to run a consumer centred remediation’ for licensees to help with the designing and implementing of effective remediation practices.
ASIC’s announcement can be accessed here.
The disruption caused by the COVID pandemic, as well as other critical events such as natural disasters and novel technological advancements, have exposed deficiencies in the existing regulatory framework. To address these issues, APRA has announced its multi-year plan on 12 September 2022 to “modernise the prudential architecture”.
The core objectives of this initiative includes:
This plan builds on other modernisation initiatives that aim to streamline the regulatory regime, including APRA’s proposal to introduce a new Operational Risk framework, which will consolidate five existing prudential standards.
For more information on the announcement, see here. To access APRA’s multi-year plan, see here.
On 30 September 2022 ASIC released its annual licensing report outlining the licensing and registration activities between July 2021 and June 2022. This is an annual report designed to promote transparency for licensees and prospective licensees by providing guidance as to wait times and information that is required.
In the period from July 2021 to June 2022, ASIC:
The report also discusses the average timeframes in which applications were finalised with 71% of all AFS and credit licence applications being finalised within 150 days and 90% being finalised within 240 days.
See ASIC’s announcement here. The annual licensing report can be accessed here.
ASIC announced that it will extend the expiry date of business introduction services relief measures from 1 October 2022 to 1 April 2025. These measures apply to registered managed investment schemes with fewer than 20 members, seeking to raise up to $5 million and grants them an exemption from design and distribution obligations that would otherwise apply. There is no plan to extend the relief after its current expiry date.
ASIC’s full media release can be accessed here.
As part of its broad agenda to modernise the architecture for prudential planning, APRA has begun consulting on guidance for two new proposed prudential standards, CPS 190 financial contingency planning and CPS 900 resolution planning.
Once operative, CPS 190 will ensure APRA regulated entities are better positioned to respond to financial distress, whereas CPS 900 will require entities to take pre-emptive measures to ensure that, in circumstances where the entities fail, the adverse effects on the financial system and community are minimised.
The two new standards are expected to take effect on 1 January 2024, with the finalised version of CPS 190 expected to be released at the end of this year and CPS 900 sometime in the first half of 2023. We expect the prudential practice guides to be released after the three month consultation period.
For more information on the announcement, see here. For APRA’s proposal to implement CPS 190 and CPS 900, see here.
On 21 September 2022, APRA has published its bi-annual intermediated general insurance statistics. The published statistics provides a comprehensive overview of the intermediated general insurance that have been placed with general insurers regulated by APRA, unauthorised foreign insurers and Lloyd’s underwriters.
To access the insurance statistics, see here.
Following the report of a cyber-attack on Optus on 22 September 2022, where it was suspected that approximately 9.8 million customer records were breached, APRA has released an update for regulated entities about how to prevent such an attack.
APRA encouraged all regulated entities to make high-risk processes, such as setting up first-time payees or digitally onboarding new customers, as secure as possible by introducing measures such as callbacks and two-factor identification to reduce the risk of fraud.
The full update can be viewed here.
On 27 September 2022 APRA finalised changes to capital and reporting frameworks following the introduction of new accounting standard Australian Accounting Standards Board 17 Insurance Contracts (AASB 17).
The changes have been introduced to minimise any burdens caused by a mismatch between APRA frameworks and the AASB 17. The changes will come into effect from 1 July 2023 and include clarifying:
The changes also include introducing additional data reporting requirements.
The full media release can be viewed here.
On 20 September 2022, the Australian Competition and Consumer Commission (“ACCC”) Deputy Chair, Delia Rickard, delivered a speech to the Sydney Morning Herald Sustainability Summit where she cautioned retailers that “environmental claims and sustainability are a current priority for the ACCC”. While greenwashing has been a well-publicised issue for financial products (see our article on this issue here), this speech signals a broader regulatory oversight covering consumer products and services as well.
Greenwashing is broadly defined as the practice of misrepresenting the extent to which a product is environmentally friendly, sustainable or ethical. In her speech, Rickard explained that the issue is “ultimately a form of advertising” and has significant implications for markets, as it erodes consumer trust and introduces information asymmetries. Rickard made clear in her speech that greenwashing constitutes false and misleading conduct that the ACCC is prepared to take enforcement action against, just like they did against Volkswagen for non-compliance with Australian diesel emission standards in 2019 (which resulted in a record $125 million penalty order).
Key takeaways for businesses include:
ACCC Speech to SMH Summit can be accessed here.
On 26 September 2022, AUSTRAC released its 2022 superannuation sector risk assessment detailing findings of money-laundering and terrorism financing risks in the sector. The report outlines to reporting entities a greater awareness of the money laundering and terrorism financing risks in the superannuation sector. In doing so, reporting entities are encouraged to reflect on the report’s findings and assess whether their compliance programs require uplift.
The report generally found a medium average level of risk of anti-money laundering and terrorism financing and other predicate offences in the sector, which is generally consistent with its 2016 assessment. Across the board, the variety of threats remains similar, although the sophistication of activity associated with some offences has increased and evolved. Primary threats included attempts to claim illegal COVID-19 early release of superannuation payments and identity fraud, followed by scams, tax evasion and money laundering.
The report identifies a significant shift (since 2016) being the treatment of data as a commodity; that is, as opposed to superannuation funds being targeted by criminals for money alone, criminals are now targeting large volumes of data as its own objective. The theft and on-selling of bulk personal identifying information remains lucrative, and has become a gateway for other predicate offences.
Other emerging risks including family fraud, elder abuse and financial abuse associated with domestic violence, merger activity, and usage of stapled/employee-linked superannuation accounts.
AUSTRAC’s risk assessment can be accessed here.
On 6 October 2022, AUSTRAC published extensive guidance on the identification and collection of documents in relation to source of wealth and source of funds (following a prior public consultation). The guidance identifies several steps to establish source of funds/wealth, in line with existing risk-based procedures for reporting entities:
The guidance also outlines the examples of identifying a customer’s source of funds and source of wealth. These examples included but are not limited to superannuation, financial advisers, non-bank lending, securities and derivate dealers / managed investment funds.
AUSTRAC’s guidance can be accessed here.
Publication
On 21 August 2024, the Supreme Court of NSW handed down its decision in Seaforth Securities Pty Limited v Zoya Investments Pty Limited [2024] NSWSC 1061.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2025
