Australian regulators weekly wrap — Monday, 13 September 2021

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

Never miss an update by signing up to receive emails here or by following me on LinkedIn here. You can also access past editions of the Australian regulators weekly wrap by clicking here.

1. Breach reporting (ASIC): the corporate regulator has released the new RG 78 to apply from 1 October 2021 for the new breach reporting regime. The primary shift under this new regime, which applies to both AFSL and ACL holders, is to a more expansive scope of ‘reportable situations’ (i.e. matters that must immediately be reported to ASIC), and the introduction of ‘deemed significant breaches’. Largely gone will be the days of subjective assessments of ‘significance’ of a particular issue, with the decision of whether a matter is reportable to ASIC or not hinging on that assessment. There is far more prescriptive rigour around what is reportable to ASIC now. The new RG 78 explains: what licensee holders must report to ASIC (see Section B); when and how they must report to ASIC, including information about how ASIC deal with the reports we receive and the information we will publish about your reports (see Section C); and, ASIC’s expectations and guidance about compliance systems (see Section D). (The last one is particularly important, as ‘deemed significant breaches’ include a huge raft of civil penalties across legislation — my team has spent the last 6 months alone compiling them all!) It is a large guide, and does nothing to limit what will be an extremely onerous regime change — you can read a summary of the changes in this briefing here (my top read for the week).
2. ASIC enforcement (ASIC): “We love litigation, say new ASIC chiefs” was the AFR heading on 3 September 2021. In the interview, ASIC Chair Joe Longo and Commissioner Sarah Court made very clear that: 1) they see significant challenges ahead of them in terms of enforcing compliance with the law — one of the more jarring sentences was that the depth of compliance problems in the financial services sector is “breathtaking”; and 2) they will be pushing more litigation from ASIC, albeit in more targeted areas. My read of all this is that we won’t see ASIC stray into policy-type decisions or cases (think responsible lending), which is consistent with the Treasurer’s direction to ASIC covered in the ARWW a fortnight ago, and we will see ASIC using more of the appreciable regime advantages it has been given to conduct more litigation. Think the penalties legislation of 2019 which made 912A an offence, mortgage brokers’ BID regime, new breach reporting regime and FAR in 2023. In effect, a more enforcement happy regulator, though with less of the big cases we saw under Tony D’Aloisio and to a lesser extent Shipton (not Medcraft).
3. AML/CTF (AUSTRAC): the AML/CTF regulator released four new Australian banking sector money laundering and terrorism financing risk assessments. The four assessments examine the threats criminals pose to Australia’s major banks, other domestic banks, foreign subsidiary banks and foreign bank branches operating in Australia. A sobering read, AUSTRAC assesses the threat of ML/TF facing Australia’s major banks as high, and more importantly that that the major banks are subject to a high level of inherent ML/TF vulnerability. It is a fascinating read, which should prompt banks and non-bank lenders to revisit their AML / CTF policy, program and procedures. AUSTRAC had this to say: “Major banks have a mixed record of applying risk mitigation strategies. On one hand, major banks make significant investments to counter ML/TF risk, engage regularly with AUSTRAC, and some entities have undergone or are undergoing an uplift in their AML/CTF systems, controls and policies. On the other hand, there have been significant and systemic deficiencies detected in the subsector over recent years. Governance and assurance around AML/CTF compliance has been identified as a particular concern, and risk mitigation strategies are not always applied consistently across a reporting entity.”
4. Safe harbour (Treasury) : In 2017, Parliament enacted the Treasury Laws Amendment (2017 Enterprise Incentives №2) Act 2017. The amendments introduced a safe harbour for company directors from personal liability for insolvent trading if the company is undertaking a restructure. As part of the 2021–22 Budget, the Government announced that it would commence an independent review into the insolvent trading safe harbour, to ensure that the safe harbour provisions remain fit for purpose and its benefits can extend to as many businesses as possible — the consultation has just been released, and closes on 1 October 2021. My sense, given how willing the Government is to kickstart the post COVID-19 economy by tinkering with insolvency law, is that the provisions will be expanded. Good news for debtors, and more challenges for creditors essentially!
5. Climate assessment (APRA): the prudential regulator has published an information paper outlining the purpose, design and scope of the Climate Vulnerability Assessment (CVA) that is underway with Australia’s largest five banks. Along with its draft prudential guidance on climate risk, which closed for consultation on 31 July 2021, the CVA forms the bulk of APRA’s efforts to help its regulated entities understand and manage the financial risks associated with climate change. You can read the paper here, which sets out that the three key objectives of the CVA are to assess potential financial exposure to climate risk; to understand how banks may adjust business models and implement management actions in response to different scenarios; and to foster improvement in climate risk management capabilities. The report sets out the criteria it will be assessing, including the types of climate risks considered, scope (geographic and financial exposures) of the assessment, climate scenarios, and the timeframe.

Thought for the future: once you have your AFSL or ACL permissions, they are yours forever right? Perhaps not, if ASIC follows a UK FCA development. The FCA has new powers to remove a firm’s unused permissions from the Financial Services register more quickly. It says incorrect or outdated permissions on the Financial Services Register can mislead consumers about the level of protection offered by a firm or give credibility to a firm’s unregulated activities. One to watch in case it comes to Australia…