Keeping on top of the latest financial services regulatory & compliance trends?
Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.
- AU / UK Investigation (OAIC): the Office of the Australian Information Commissioner and the UK’s Information Commissioner’s Office have opened a joint investigation into the personal information handling practices of Clearview AI Inc., focusing on the company’s use of ‘scraped’ data and bio-metrics of individuals. Clearview’s facial recognition app allows users to upload a photo of an individual and match it to photos of that person collected from the internet. It then links to where the photos appeared. It is reported that the system includes a database of more than three billion images that Clearview claims to have taken or ‘scraped’ from various social media platforms and other websites; there are privacy law aspects here, insofar as consent and data handling are concerned. The joint investigation will be conducted in accordance with the Australian Privacy Act 1988 and the UK Data Protection Act 2018. It will be conducted under the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement and the MOU between the OAIC and the ICO. Fascinating stuff, and highly unusual for the privacy regulator which (like its domestic regulatory cousins) appears to be growing more hawkish.
- D&O and class actions (Parliament): the Parliamentary Joint Committee on Corporations and Financial Services looking at litigation funding and the regulation of the class action industry is underway. As you might expect, there is push back from the litigation funders regarding the form and degree of the regulation that should apply to them — Omni Bridgeway says the managed investment scheme regime is not fit for purpose for litigation funders. Without rehashing my well-documented views there, one of the really interesting submissions was from major insurer Marsh on the impact the class actions / funding industry has had. It contains some stark statements, including: directors may soon be unable to get D&O insurance cover, as premiums have surged by up to 600 per cent recently; average D&O premium paid by Marsh’s ASX-listed clients increased by 225 per cent in the first three months of 2020; corporate Australia could face a future in which D&O insurance is no longer available or affordable or provides the coverage expected or required; some of the biggest global insurers, including Allianz, Zurich and Chubb, were either no longer writing D&O policies for ASX-listed firms, or were pulling back because it had become risky and unprofitable; we are in the midst of the most volatile and restrictive D&O insurance market in the history of the segment; it is not just the listed companies facing premium and retention increases and reduced capacity. Quite concerning submissions, and further evidence of the difficult tightrope that boards have to tread these days between hawkish regulators, opportunistic litigation / class actions and decreasing ability to hedge their risk via insurance.
- ASIC’s priorities (ASIC): the corporate regulator has appeared before the Parliamentary Joint Committee on Corporations and Financial Services. It has outlined five interim strategic priorities, which will not come as a particular surprise. They are: a) protecting consumers from harm at a time of heightened vulnerability; b) maintaining financial system resilience and stability; c) supporting Australian businesses to respond to the effects of COVID-19; d) continuing to identify, disrupt and take enforcement action against the most harmful conduct; and d) continuing to build its organisational capacity. ASIC has also stated that it has seen a 20% year-on-year increase in reports of misconduct received by ASIC since April 2020 and a rise in the number of scam reports from Australian consumers. These are mainly fake cryptocurrency term-deposits, fake investment schemes, and scams that start via romance sites. Useful, but not substantive new material from ASIC. That will be saved for its more detailed update reports later this year.
- FAR / BEAR (Legislation): the Financial Accountability Regime — BEAR’s replacement — will come into being for banks, insurers, super and other APRA-regulated entities in mid 2021. You can read more on this significant regulatory regime here (where the BEAR may go, based on the UK experience) and here (BEAR is now FAR). If you are an affected organisation, and have not started planning now, my suggestion is to start. The regime appears deceptively simple, for all the work it involves. In any event, there has been an interesting development in the UK this week. The UK FCA will be replacing its existing Financial Services Register with an enhanced Financial Services Register later this month (27 July). It will then add a directory of ‘certified’ and ‘assessed’ persons to the Register later this year. This is a reference to individuals who have approved positions under the UK Senior Managers & Certification Regime (BEAR and FAR’s forerunner). The interesting thing is this — under FAR, ‘accountable persons’ details will not be published by APRA / ASIC. With this development in the UK, that could change as we are following them quite closely on this one. Of the change, the UK FCA has said: ‘Under the Senior Managers and Certification Regime (SM&CR), we committed to publishing and maintaining a directory of certified and assessed persons on the Financial Services Register, so consumers and professionals can check details of key individuals working in financial services’.
- BCCC Inquiry (Codes): the Banking Code Compliance Committee has just launched an Inquiry into Code-subscribing banks’ compliance with Part 4 of the Banking Code of Practice. When the new Code came into effect in July 2019, banks were required to comply with several new obligations, including requirements to take extra care with customers experiencing vulnerable circumstances and be sensitive, respectful and compassionate towards people experiencing vulnerable situations. The BCCC plans to conduct the Inquiry over the course of the next nine months. It will cover how banks consider vulnerability, inclusivity and accessibility throughout the entire consumer and small business banking experience, including the design of products and services, lending, financial difficulty, complaint resolution and debt recovery. The BCCC will also seek to understand how banks have set up cultural, system and training frameworks to support staff to comply with the Code. It has invited individual and small business customers and their representatives to engage with it in relation to the Inquiry, and share their experiences. Another unusual inquiry, it will be interesting to see the outcome of this one and a key early test for the new quasi-regulator as to its stringency…
Thought for the future: the OAIC / ICO investigation is a very interesting one — I can’t think of one quite like it before — and a timely reminder of the increasing cooperation between international regulators. The number of information-sharing and cooperation MOUs are increasing. For investigations with an international element, it is always worth keeping this in mind. More information can be found here.
(These views are my own and do not constitute legal advice. Photo credit Tom Wheatley)