Don’t let a breach get out of reach

The Australian Prudential Regulation Authority has published remarks delivered by Deputy Chair Margaret Cole to the Conexus Chair Forum.

In her remarks, Ms Cole discusses the importance of strong board governance in super in areas including fund expenditure, investment and operational risk management. Ms Cole also flags APRA’s upcoming engagement with all APRA-regulated industries on a review to update core prudential governance standards.

Her comments included:

• “Funds with robust governance put themselves in a much stronger position to develop effective strategies and respond to challenges. Challenges include reputational risk.”
• “Take the politics out of this. This is a system to be proud of. That pride can’t be allowed to foster complacency or a blind eye to practices that have no place in today’s financial services giants. APRA is not attacking any particular board model but we do take issue with some practices. And frankly so should you.”
• “As Chairs you set the tone from the top in your organisations. You oversee the creation of policy and processes around expenditure. You have oversight of how your businesses are run, including how the executive spend and invest members’ money. Decisions made here have direct implications for members. Your role is critical.”

Small businesses employ approximately half of the private sector workforce and contribute more than $500 billion to the Australian economy each year. They are essential for Australia’s prosperity.

ASIC assists small businesses by providing the information they need to operate lawfully, and by taking enforcement action against directors or companies when the law has been contravened.

In the period 1 October to 31 December 2024 enforcement action was taken by ASIC against:

• four company directors through disqualification – two for the maximum five years
• one director charged for making misleading statements to ASIC
• one director sentenced for making false statements to ASIC, and
• 58 individuals for 107 offences in failing to assist registered liquidators following the collapse of their companies.

ASIC has written to superannuation trustees urging them to strengthen anti-scam practices, or risk exposing members to harm.

The open letter, signed by ASIC Commissioner Simone Constant, outlines our guidance for superannuation trustees in preventing, detecting and responding to scams and fraud activity.

Superannuation trustees have a key role to play in minimising the risk of scam and fraud risks to members, given they are the custodians of the second largest asset for many Australians.

ASIC has appointed Scott Gregson as Chief Executive Officer.

Mr Gregson will join ASIC on 17 March 2025 following a nearly 30 year career with the ACCC and takes over from ASIC’s retiring interim CEO Greg Yanco.

ASIC Chair Joe Longo said Mr Gregson had stood out in an executive search of domestic and international candidates.

‘Scott is an impressive leader and will bring extensive experience to this important role at ASIC,’ Mr Longo said.

‘His commitment to achieving regulatory outcomes that benefit all Australians makes him a strong addition to support ASIC’s commission and head the agency’s executive leadership team.’

The Australian Prudential Regulation Authority (APRA) has granted Land Bank of Taiwan Co., Ltd a licence to operate as a foreign authorised deposit-taking institution (Foreign-ADI) under the Banking Act 1959.

An updated list of all APRA-authorised ADIs can be found on the APRA website at: Register of authorised deposit-taking institutions.

Insurers are failing to identify one in six customer complaints, effectively denying those Australians critical protections available through the Internal Dispute Resolution (IDR) regime, an ASIC review has found.

ASIC’s review of the IDR practices of 11 general insurers highlighted shortcomings in several areas, including the failure to identify complaints and systemic issues, as well as inadequate communications to customers.

ASIC’s analysis of insurance complaints handling comes as the volume of general insurance complaints made to the Australian Financial Complaints Authority (AFCA) swelled by 50% in the 2022-23 financial year, and rose again in 2023-24.

ASIC Commissioner Alan Kirkland said, ‘Consumers have a right to expect that their complaints will be identified and handled in a fair, timely and effective manner. When things go wrong, the complaints process provides an opportunity to get them back on track.

‘When insurers fail to identify complaints, they risk prolonging the distress of customers, especially those dealing with extreme events like floods. This failure denies customers access to important protections, including the right to escalate a complaint to AFCA for independent review.’

This consultation paper is about ASIC’s guidance on digital assets and related products.

It sets out our proposals to update Information Sheet 225 Crypto-assets (INFO 225) to provide further guidance about our interpretation of how the Corporations Act 2001 applies to crypto- and digital assets. It also sets out our proposals for licensing entities that provide financial services in relation to crypto- and digital assets that are financial products.

Released 4 December 2024. Comments close 28 February 2025.

The government announced updates to the Delivering Better Financial Outcomes reforms after consulting widely. These changes aim to:

• expand advice services
• reduce unnecessary compliance
• help advisers focus on high‑quality advice
• maintain strong consumer protections.

First tranche of reforms
The Treasury Laws Amendment (Delivering Better Financial Outcomes and Other Measures) Act 2024 simplifies rules that add costs without benefiting consumers. It became law on 9 July 2024.

Amends the: Privacy Act 1988 and 7 other Acts to introduce a range of measures to protect the privacy of individuals with respect to their personal information, including expanding the Information Commissioner’s powers, facilitating information sharing in emergency situations or following eligible data breaches, requiring the development of a Children’s Online Privacy Code, providing protections for overseas disclosures of personal information, introducing new civil penalties, and increasing transparency about automated decisions which use personal information; Privacy Act 1988 to introduce a statutory tort to provide redress for serious invasions of privacy; and Criminal Code Act 1995 to introduce criminal offences targeting the release of personal data using a carriage service in a manner that would be menacing or harassing (known as ‘doxxing’).

Amends the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 to: extend the anti-money laundering and counter-terrorism financing (AML/CTF) regime to additional services that are recognised by the Financial Action Task Force as posing high money laundering and terrorism financing risks; reframe and clarify the AML/CTF program and customer due diligence obligations; enable the Australian Transaction Reports and Analysis Centre to require the disclosure of information and conduct examinations; and update the AML/CTF regime to reflect changing business structures, technologies and illicit financing methodologies; and make consequential amendments. Also makes consequential or contingent amendments to 10 other Acts; and repeals the Financial Transaction Reports Act 1988.

The Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) have published a letter containing observations on registration and notification lodgements made since the Financial Accountability Regime (FAR) commenced for the banking industry.

The letter identifies areas that require further consideration by banking entities and reiterates specific aspects, consistent with previously released FAR guidance, to entities across the banking, insurance and superannuation industries.

Entities should review the observations and areas for further consideration provided in the letter for the purposes of ensuring compliance with their obligations under the FAR.

The Australian Prudential Regulation Authority (APRA) has published a speech delivered by Chair John Lonsdale this afternoon to the European Australian Business Council in Sydney.

In “Forewarned and forearmed”, Mr Lonsdale spoke about how financial regulators globally, including APRA, are increasing their focus on the potential for geopolitical events to impact the financial and operational soundness of banks, insurers and superannuation funds.

ASIC is updating its regulatory guides (RGs) to ensure they remain simple to follow, effective, current, and appropriate.

This is part of our firm commitment to improving regulatory efficiency and reducing regulatory complexity, as announced at this year’s ASIC Annual Forum.

To assist regulated entities in understanding the law, we publish updated regulatory guidance on an ongoing basis and this work will continue in 2025.

In 2025, ASIC will consult with stakeholders to update some key RGs, taking into account law reform, insights from case law about the provisions and other relevant issues. The RGs that we intend to update next year, include:

• Regulatory Guide 53 The use of past performance in promotional material
• Regulatory Guide 168 Disclosure: Product Disclosure Statements (and other disclosure obligations)
• Regulatory Guide 181 Licensing: Managing conflicts of interest
• Regulatory Guide 183 Approval of financial services codes of conduct, and
• Regulatory Guide 234 Advertising financial products and services (including credit): Good practice guidance.

ASIC has been enforcing its expectations in relation to licensees’ treatment of customers experiencing vulnerability. Its communication to superannuation trustees to drive improvements to their death benefit claims handling practices followed its recent filing of civil penalty proceedings against Cbus.

Banking, insurance, and superannuation entities are all encouraged to review the observations in the appendix to the letter, with ASIC Commissioner Simone Constant having reminded ASFA conference delegates that senior executives in the superannuation sector will become accountable persons under FAR from March 2025.

ASIC’s inaugural Digital Assets Liaison Meeting (DALM) took place on 11 September 2024. More than 190 industry representatives attended online and in person at ASIC offices.

The DALM has been established as a regular event to provide the digital assets industry with insights into ASIC’s strategic priorities and key projects, and give opportunity for Q&A.

The Australian Prudential Regulation Authority (APRA) has amended the prudential requirements for superannuation trustees relating to operational risk financial requirements (ORFR) as set out in Prudential Standard SPS 114 Operational Risk Financial Requirement (SPS 114) and related guidance.

The changes aim to strengthen operational resilience by ensuring trustees can better access the financial resources held to meet the ORFR when needed and to maintain an appropriate level of reserving.

The key changes are to:

• clarify the purpose of the ORFR;
• widen the allowable range of uses for the ORFR;
• introduce a clear and direct relationship with Prudential Standard CPS 230 Operational Risk Management (CPS 230); and
• amend the APRA notification requirements to facilitate further use of the ORFR.