Gadens Regulatory Recap – 21 August 2024

This edition of the Gadens Regulatory Recap highlights recent developments from ASIC, APRA, OAIC, ACCC, and Treasury including various enforcement actions taken by the regulators.

ASIC 

1. Financial advice update: The Financial Advice Update, published by ASIC on 9 August 2024, highlights key regulatory developments affecting Australian financial services (AFS) licensees and financial advisers.

The update reminds AFS licensees to ensure the accuracy of information on the financial advisers register, particularly their adviser’s approved qualifications, ability to provide tax advice and business details, to avoid penalties. ASIC emphasises the importance of assessing adviser qualifications according to legal standards before authorising them (see s 921B(2) of the Corporations Act 2001 (Cth) and the Determination for a list of approved degrees and equivalent qualifications). It further reminds financial advisors of their ongoing obligation to be registered prior to providing personal advice to retail clients.

ASIC is also urging financial advisers and licensees to monitor cold calling for superannuation switching business models and act in their clients’ best interests. This is where businesses use high-pressure tactics to push consumers into switching super funds, often leading to poor financial outcomes. The regulator is committed to taking enforcement action against such misconduct and has launched a campaign in compliance with its 2023–27 Corporate Plan. It further emphasises financial advisors’ responsibility to assist Australians in achieving good retirement outcomes, with one in five choice investment options with an 8-year history significantly underperforming the investment return benchmarks in 2023.

With the financial sector particularly relying on outsourced IT services, the update highlights the rising threat of third-party cyber risks. Third-party vulnerability identification is critical, as highlighted by incidents like the SolarWinds and Latitude Financial breaches. To mitigate risks, ASIC advises organisations to enforce strong controls like multifactor authentication and ensuring robust cybersecurity practices across their supply chains.

2. ASIC proposes to extend the operation of three legislative instruments: ASIC is proposing to extend the validity of three key legislative instruments for the next five years. The first, Class Order 14/923 which mandates that Australian financial services licensees keep specific records when providing personal advice. The second, ASIC Corporations and Credit Instrument 2021/716, outlines which breaches must be reported and extends the reporting period for certain breaches. The Third, ASIC Credit Instrument 2021/801, specifies additional Commonwealth legislation that counts as core obligations under the National Credit Act.

ASIC has reviewed these instruments and found them to be effective and will consolidate them into one while converting CO 14/923 into a legislative format.

Feedback on this proposal is being sought until 4 September 2024, through email to rri.consultation@asic.gov.au.

3. A guide to ‘good’: delivering better retirement outcomes and member services for Australians: ASIC Commissioner Simone Constant gave a recent speech at the Conexus Institute Retirement Conference on 14 August 2024. The speech highlights ASIC’s focus on improving retirement outcomes and member services for Australians. The key takeaways include:

• Focus on member services: ASIC emphasises the importance of transparency, accountability, and a member-centric approach from superannuation funds. ASIC expects funds to consistently deliver value and services that meet fair standards throughout members’ working lives and into retirement.

• Data utilisation: Funds are encouraged to use the data they already have to better serve their members, helping them understand if they are on track for the retirement they expect.

• Member accountability: Superannuation funds need to ensure that their boards and leadership teams are equipped and focused on delivering good outcomes for members, with measurable and meaningful performance metrics.

• Regulatory expectations: ASIC will enforce standards where funds fall short in transparency, accountability, and consistency.

The speech serves as a call to action for superannuation funds to improve their services and outcomes for the millions of Australians relying on them for their retirement.

4. Australian Securities and Investment Commission signs MoU with State Securities Commission Vietnam:  ASIC and the State Securities Commission (SSC) of Vietnam signed its first MoU. The agreement focuses on improving dialogue, technical cooperation, and regulatory practices in the countries’ respective securities markets.

The MoU was formalised under a capacity building program, that aims to enhance technical cooperation and information sharing between the two regulatory bodies. The program, funded by DFAT under the Mekong Australia Partnership, is designed to strengthen Vietnam’s regulatory framework and capital market resilience.

5. CS 10 Proposed extension of breach reporting and record-keeping legislative instruments: ASIC has proposed extending the operation of the following legislative instruments for a further five (5) years:

• Class Order [CO 14/923];

• ASIC Corporations and Credit (Breach Reporting – Reportable Situations) Instrument 2021/716; and

• ASIC Credit (Breach Reporting – Prescribed Commonwealth Legislation) Instrument 2021/801.

ASIC has opened invitations for feedback as to whether the instruments are operating effectively and efficiently, and/or whether any amendments are required. Submissions close at 5pm on 4 September 2024.

6. ASIC Enforcement: ASIC has engaged in a range of enforcement activity in the past fortnight.

ASIC disqualified a former director from managing corporations for a period of five years based on his involvement in three failed companies, on the basis that his management fell significantly below the standard expected of a director. His conduct included failure to lodge required tax materials, a failure to keep sufficient business records, and a failure to ensure that statutory liabilities, such as superannuation, were accounted for. A further director was also disqualified from managing corporations for a period of five years based on serious misconduct that included permitting companies to trade while insolvent, making payments that were not in the best interest of the companies, such as unfair preferential payments, and failure to lodge required documents with the ATO.

On 14 August 2024, ASIC commenced proceedings in the Federal Court against the ASX in relation to alleged misleading statements relating to the Clearing House Electronic Subregister System (CHESS) replacement project, specifically that statements indicating that the project was ‘progressing well’ and ‘on-track for go-live’ were misleading on the basis that there was no reasonable basis to imply that the project was expected to meet future milestones. The proceedings follow ASIC’s announcement in March that the ASX paid a penalty relating to failure to comply with the market integrity rules (as covered in the 19 March 2024 edition of the Gadens Regulatory Recap).

Finally, the Federal Court ordered Noumi Limited, which previously traded as Freedom Foods, to pay a penalty of $5 million following an admission that it had breached its continuous disclosure obligations. Specifically, the Court found that financial reports for the 2018-19 financial year (FY19), and half year ending 31 December 2019 (HY20) were overstated by $31.77 million in FY19 and $36.6 million in HY20 due to the inclusion of inventory that was unsaleable. Justice Jackman found that the agreed penalty was “appropriate because it achieves the principal object of protecting the public interest by deterring future contraventions of the [Corporations] Act, having the necessary sting or burden to secure such a deterrent effect, but not being so great as to be oppressive.”

APRA  

7. APRA Deputy Chair Margaret Cole – Speech to the Conexus Retirement Conference: 

In her recent speech to the Conexus Retirement Conference, APRA Deputy Chair Margaret Cole highlighted the pressing challenge facing the superannuation industry: shifting its focus from the accumulation phase to the retirement phase as millions of Australians approach retirement age. She emphasised that while the industry has effectively supported members during the accumulation phase, it now needs to adapt to meet the more complex and diverse needs of retirees. With over $450 billion in superannuation assets already held in retirement products, the demand for effective retirement strategies is rapidly growing.

The retirement income covenant, introduced to ensure superannuation funds prioritise the retirement phase, is central to this shift. Cole noted that a recent review revealed significant shortcomings in the industry’s implementation of the covenant, including a lack of urgency and clear metrics to measure success. She stressed that without specific and measurable outcomes, funds cannot gauge the effectiveness of their retirement strategies.

Cole also underscored the need for funds to support all members, including disengaged ones, as they transition into retirement. She called on the industry to embrace the covenant’s intent and act swiftly to close gaps in their strategies, ensuring that all members receive the support they need to achieve better financial outcomes in retirement.

AFCA

8. Financial complaints rise further 9% to record 105,000 in 2023-24: AFCA has reported a new record of over 105,000 complaints in the 2023/24 financial year, marking a 9% increase from the previous year.

AFCA attributed the rise to ongoing issues with scams, which saw an 81% increase, and a significant uptick in complaints related to comprehensive motor vehicle insurance. Complaints in the banking and finance sector rose 11%, and general insurance complaints were up 4%. Scams were particularly notable, with unauthorised transactions being a major concern.

OAIC

9. The Privacy (Credit Related Research) Rule 2024: After OAIC’s public consultation with key stakeholders, the Privacy (Credit Related Research) Rule 2014 has been replaced by the Privacy (Credit Related Research) Rule 2024 (Rule), effective 12 July 2024.

The key takeaway is that credit reporting bodies can continue to use or disclose de-identified information when conducting credit related research when that research complies with the Rule and s 20M of the Privacy Act.

De-identified information means that a person’s identity is no longer apparent or cannot be reasonably ascertained from the information or data. Under the Rule, a credit reporting body must assess the risk of de-identified information being re-identified (by itself or a recipient) and take reasonable steps to ensure that it cannot be re-identified. In addition to the de-identification requirements, the information can only be used or disclosed pursuant to the Rule and s 20M where it is for a permitted purpose, including ‘any other purpose for the general benefit of the public’ per rule 7(d), and the receiving entity has an ‘Australian link’ per rule 9(1).

Credit reporting bodies subject to the Rule must include a statement in their policy on the management of de-identified information in accordance with s 20B(3) of the Act to ensure public awareness of the use and disclosure of a person’s de-identified information.

 Treasury

10. Consumer Data Right Rules: consent and operational enhancement amendments consultation: Treasury is seeking stakeholder feedback on draft amendments to the Competition and Consumer (Consumer Data Right) Rules 2020 (CDR Rules).

The CDR Rules intend to allow greater control over consumer data by allowing consumers to opt-in to share their data with trusted entities for an authorised purpose. The CDR Rules aim to strike a balance between protecting consumer data and encouraging competition and innovation in the marketplace by giving consumers more flexibility when it comes to sharing data in a controlled and informed environment.

Feedback is open until 9 September 2024.

11. Government response to the Continuous Disclosure Review: The Government has published its response to an independent review of amendments to the Continuous Disclosure Regime (CDR Review) as required by section 1683B of the Corporations Act 2001 (Cth).

The CDR Review was provided to government on 14 February 2024 and was made in regard to amendments to the Treasury Laws Amendment (2021 Measures No.1) Act 2021 (Cth) (Amending Act).  The amendments set a threshold requirement that plaintiffs in civil proceedings for breaches of continuous disclosure laws to prove that defendants acted with ‘knowledge, recklessness or negligence.’ Broadly, government’s response observes that many of the issues driving the amendments have stabilised.

12. Consumer Data Right compliance costs review report: Treasury has published an independent review of consumer data right compliance costs with special regard to the banking and energy sectors.

The review provides and assessment on how:

• changes to the Consumer Data Rules (CDR) affect entities, especially in relation to costs; and

• the extent to which decision-makers factor in costs to entities when making changes to the CDR.

The review also provides suggestions on:

• strategies for entities on reducing costs associated with adapting to changes to the CDR; and

• ways that law makers can give greater consideration to entity costs when making changes to the CDR.

If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.

Authored by:

Matthew Bode, Partner
Kelly Griffiths, Partner
Michael Kenny, Partner
Sinead Lynch, Partner
Daniel Maroske, Partner
Kate Mills, Partner
Caroline Ord, Partner
Anna Fanelli, Senior Associate
Philip O’Brien, Senior Associate
Bronte Anderson, Lawyer
Carla Simmons, Lawyer
Declan Melia, Lawyer
Ellie Pitcher-Willmott, Lawyer
Jin Lim, Lawyer
Monica Baur, Lawyer