Australian regulators weekly wrap — Monday, 30 November 2020

Keeping on top of the latest financial services regulatory & compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian regulators weekly wrap is designed to keep you at forefront of your practice by quickly setting out the top 5 developments from the past week, analysis and practical considerations for the future.

Never miss an update by signing up to receive emails here or by following me on LinkedIn here. You can also access past editions of the Australian regulators weekly wrap by clicking here.

1. ASIC v Youi (ASIC): the Federal Court has declared Youi Pty Ltd (Youi) breached its duty of utmost good faith under the Insurance Contracts Act in its handling of a building and contents insurance claim lodged by a policyholder. Following a severe hailstorm in Broken Hill in November 2016, the policyholder made a claim to Youi in January 2017 for damage to their property. Youi took close to two years to ultimately settle the claim — but there was a lot of intervening delays, pauses, scope increases and contractor issues (none of which was Youi’s fault) — and repairs were ultimately not completed until November 2018. At the time the conduct occurred, the Insurance Contracts Act did not impose pecuniary penalties for a breach of the duty of utmost good faith. ASIC therefore sought only declarations that Youi breached the duty. Breaches of the duty of utmost good faith occurring from 13 March 2019 may now also carry pecuniary penalties. In his decision, Chief Justice Allsop found that: a) Youi breached the requirements of s13 of the Insurance Contract Act 1984 (ICA) on five (5) occasions; b) declaratory relief is appropriate, and ASIC is the appropriate party to seek declarations as the statutory regulator; and c) the form of declaratory relief should identify, for the purposes of both the defendant and others in the industry, that conduct of this character is a breach of the important duty of good faith. To me this decision is problematic insofar as how low it sets the bar for the duty of utmost good faith under the ICA, and will be a red rag for AFCA when dealing with insurer complaints. (Full disclosure though; I acted for Youi in the Hayne Royal Commission.)
2. Payments Systems (Treasury): the Federal Treasury has released an issues paper as part of the review of the regulatory architecture of the Australian payments system which was first announced on 21 October 2020. The review will assess: the current structure of the governance and regulation of the payments system to assess whether it is fit-for-purpose, including whether the regulatory framework adequately accommodates new and innovative systems and the effectiveness of the current structure in implementing government policy; how to create more productivity-enhancing innovation and competition in the payments system, including in relation to the pace and manner in which the New Payments Platform is being rolled out and enhanced by industry; ways to improve the understanding of businesses and consumers of alternative payment methods; whether government payment systems, including payments to citizens, are agile and can take advantage of new payments functionality, to enhance service delivery; and, global trends and how Australia should respond to these trends to ensure that it continues to remain internationally competitive. The review is due to report on by April 2021, and submissions on the issues paper are due by 31 December 2020.
3. Business interruption case (Insurance): the COVID-19 business interruption test case in Australia, initiated by the Australian Financial Complaints Authority (AFCA) and the Insurance Council of Australia (ICA), has been handed down. The New South Wales Court of Appeal rejected the industry’s argument that policies should not cover COVID-19 pandemic-related losses. The NSW Court of Appeal’s decision comes after large insurers repeatedly insisted that pandemic exclusions should stand. No doubt those insurers are considering an appeal now, following in the footsteps of the UK experience. The UK Supreme Court has only just this week concluded the FCA business interruption hearings, following from the UK High Court’s finding in its judgment that the pandemic and the UK government’s response to it could be considered a single cause of losses. This resulted in establishing coverage for a significant number, though not all, of the policies in this test case.
4. ASIC Governance (Parliamentary Inquiry): the Australian Securities and Investments Commission appeared before the Parliamentary Joint Committee on Corporations and Financial Services at a public hearing via videoconference. It was a tough appearance, in the wake of Mr. Shipton and Mr. Crennan QC standing aside and down over payments scandals respectively. Acting Chair Karen Chester stated that ASIC could have avoided being embroiled in an overpayments scandal had its former chairman, Mr. Shipton, agreed to change ASIC’s governance. Ms Chester said she was informed of the overpayments “in an opaque way” with little detail by the accountable authority, who at the time was Mr Shipton. It also came out that Mr. Shipn’s expenses were approved by his subordinate, the ASIC CFO. Liberal Senator Paterson asked Ms Chester whether the overpayments were not flagged earlier due to “an issue that goes to Mr Shipton personally and his leadership” rather than being a “broader cultural problem with ASIC” to which she replied “If there had been full disclosure of the payments made to Mr Crennan and Mr Shipton I don’t think I would be having this discussion with you today”.
5. Cyber security (APRA): the Australian Prudential Regulation Authority has warned that its newly released cyber security strategy set out in CPS 234 requires more intense focus from financial firms. The regulator has ordered insurers, banks, and super funds to conduct urgent audits against the new prudential standard to ensure they’re compliant. APRA’s new five-year cybersecurity strategy extends the regulator’s influence into non-banks, including third-party IT suppliers, fund managers, and payment companies, to defend the financial system from the growing threat of cyber attackers. APRA executive Geoff Summerhayes is quoted in the AFR as stating “Our view that it’s only a matter of time until a major incident occurs hasn’t changed. In light of evidence that boards frequently don’t understand or are not adequately informed about cyber risks, we’re no longer prepared to simply take their words for it — we want compliance independently verified.”

Thought for the future: between the revamped ASIC breach reporting framework arriving in April 2021, expanded Financial Accountability Regime, AUSTRAC’s suspicious matter reporting expectations changing, OAIC data breach regime and APRA breach reporting regime there is likely to be quite a lot of breach reporting happening in 2021. If you haven’t taken the time to cross-stitch these regimes together — they do overlap — feel free to reach out for a document I have prepared in this regard to assist.