This article was co-authored with Rex Lee, Ella Crowley-Burrows, Marc Kopelowitz and Joel McKay.
October has been a busy month for regulators with both ASIC and APRA releasing their reports on the 2021/22 financial year. The chairs of both regulators, in addressing the House of Representatives, signalled their progress in the past year and their goals for the year ahead.
The month of October 2022 also saw both ASIC and APRA release numerous publications aiming to increase transparency and accountability. APRA’s publications for the month included a guide to assist with outsourcing, general insurance statistics and a review of insurance risk management. Meanwhile ASIC’s publications include its review of auditing firms and the insights from the reportable situations regime. APRA also welcomed John Lonsdale as the new APRA Chair on 31 October 2022.
The Regulators were also occupied in October responding to the Optus and Medibank data breaches.
ASIC Chair confirms ASIC is investigating greenwashing and announces plan for mandatory climate disclosure rules in address to House of Representatives Standing Committee on Economics
On 11 October 2022, ASIC Chair Joe Longo addressed the House of Representatives Standing Committee on Economics about ASIC’s annual report for the 2020-2021 financial year.
Mr Longo indicated that ASIC will remain committed to protecting consumers by taking appropriate action against misconduct. Specifically, ASIC’s new Design and Distribution Obligations (DDO) have been in force for over a year and it has used these new powers under the regime to reduce problematic conduct, such as financial service providers marketing high-risk products to too broad a range of consumers.
Mr Longo also announced that ASIC will increase its regulatory oversight of climate disclosure, committing to implementing mandatory disclosure rules as part of “government policy” within the next 3 years. This is expected to be modelled on the recommendations published by the G20’s Financial Stability Board’s Task Force on Climate-related Disclosure (TCFD) and will bring Australia in line with other jurisdictions such as the UK, which legislated the recommendations in 2020.
Following the publication of its Information Sheet on greenwashing (see here for our article), which signalled ASIC’s increased regulatory scrutiny of misleading climate disclosures, ASIC Deputy Chair, Karen Chester, confirmed that ASIC was currently investigating various entities for greenwashing and had changed gears to “compliance and enforcement mode”.
Mr Longo further expressed that ASIC will increase its oversight of crypto-assets. While ASIC has a wide range of tools at its disposal, it emphasised that it will scrutinising crypto-assets under the DDO regime, which commenced in October last year (see here for our article). It emphasised product issuers and distributors should take into account the “volatile, risky and complex” nature of crypto-assets when deciding whether target market determinations are appropriate.
Furthermore, a key milestone ASIC met this past year was releasing an expanded remediation guidance to assist firms in providing fairer outcomes to consumers. ASIC has been engaging with industry to provide a return of $5.6 billion for seven million consumers over the past 6 years and is also working to ensure that its regulatory powers and organisational capability remain fit-for-purpose in a new digital age.
The full speech can be read here. Transcript of proceedings can be accessed here.
ASIC releases 2021-22 Annual Report
ASIC released its 2021-2022 Annual Report on 14 October 2022 which outlines ASIC’s key regulatory and enforcement outcomes for 2021-22.
2021-22 saw the introduction of new obligations aimed at increasing accountability and protecting consumers, including:
- design and distribution obligations, aiming to reduce the risk of harm caused by poor design, distribution and marketing;
- the revised breach reporting regime, which provides ASIC with a key source of information and acknowledges the crucial role licensees have in identifying and reporting breaches;
- the revised hawking prohibition, which is designed to tackle consumer harms arising from consumers being approached with unwanted products through cold-calls or other unsolicited contact
ASIC have indicated that their priorities over the coming year include targeting greenwashing claims and crypto investment scams. ASIC also aims to focus on supporting consistent sustainability and climate change reporting by corporations.
The full media release can be read here and the full report can be accessed here.
ASIC invites managed funds’ feedback on the Asia Region Funds Passport
ASIC is inviting members of the Australian funds management industry to review the Asia Region Funds Passport through a short survey.
The Asia Region Funds Passport is a multilateral framework which aims to establish and develop an Asia-region funds management industry. It allows collective investment products offered in one participating economy to be sold to retail investors in another participating economy.
The survey closes on Tuesday 15 November.
The media release can be accessed here and the feedback survey can be found here.
ASIC releases reports on practices in wholesale financial markets
On 25 October 2022, ASIC released two reports indicting better and poorer practices in wholesale financial markets and encouraged entities within these markets to use these reports to benchmark their practices.
Report 741 Conduct risk in wholesale fixed income markets describes key conduct risks in fixed income markets, such as misleading or deceptive conduct, market manipulation and insider trading. The report summarises the differences in participants’ security measures against these risks with more mature entities having comprehensive monitoring and surveillance while other entities lacked these security measures.
Report 742 Managing conflicts of interest in wholesale financial markets describes the varying level of sophistication in the management of conflicts of interest across industry entities with more sophisticated entities having proactive and methodical system of identifying and managing conflicts of interest. Less sophisticated entities had practices that were ad hoc and reactive.
The media release can be accessed here, Report 741 can be accessed here and Report 742 can be accessed here.
ASIC publishes insights from the reportable situations regime
On 28 October 2022, ASIC released its initial publication of information lodged under the reportable situations regime. Between 1 October 2021 and 20 June 2022 over 8000 reports were made to ASIC by financial services and credit licensees under the regime.
Key findings from the report include:
- Only 6% of the licensee population lodged a report during this time which was significantly lower than expected;
- In 18% of the reports received, the licensee took more than one year to identify and start investigating an issue after it occurred;
- ASIC is concerned that the proper root cause of breaches are not being identified as 55% of reports identified staff negligence or error as the sole root cause; and
- The total financial loss across the reports was $368.5 million, in 4% of reports licensees indicated that they did not intend to compensate customers and in 12% of reports licensees indicated that compensation would take over 12 months.
The media release can be found here. The publication can be downloaded here.
APRA and ASIC publish latest data on life insurance claims and disputes
APRA has released its Life Insurance Claims and Disputes Statistics publication, covering a rolling 12-month period from the 1st of July 2021 to the 30th of June 2022.
APRA’s Life Insurance Claims and Disputes Statistics publication exhibits the key industry and entity-level claims and disputes outcomes for 18 Australian Life Insurers writing direct business.
ASIC’s MoneySmart Life insurance claims comparison tool, which compares insurers across cover types and distribution channels, has been updated with the latest data.
The full media release can be read here and the Life Insurance Claims and Disputes Statistics publication can be read here.
APRA working with Government and regulated entities to facilitate closer coordination and controlled process of data sharing following Optus data breach
Following the Optus data breach, the Federal Government announced that it plans to make changes to the Telecommunications Regulations 2021 to enhance protections to Australians. Against this backdrop, APRA announced that it will be working closely with the Government to facilitate closer coordination and a controlled process of data sharing between Optus and APRA-regulated entities.
APRA’s media release can be accessed here. Data breach FAQs can be accessed here.
APRA publishes guide to help superannuation trustees improve outsourcing
APRA has released its findings from a review conducted into the outsourcing arrangements adopted by a sample of 10 retail superannuation funds from February 2019 to October 2021. The review was conducted following concerns about increased outsourcing that emerged during the Royal Commission and focused on the key areas of outsourcing including administration, financial advice, investment management and insurance.
The review focused broadly on the trustee’s oversight and monitoring of external service providers and found that while there has been stronger oversight following the Royal Commission, there is still further work that could be done.
The guide is meant to supplement SPS 231 which deals with outsourcing, and the draft CPS 230 which APRA has recently released for consultation.
Key findings include:
- Trustees should not become complacent when accepting third-party costs, instead a more rigorous tender process should be adopted;
- Service providers should be required to report frequently on their performance and trustees should develop a clear policy and performance targets the service provider is expected to meet; and
- Establishing a trustee office to monitor the performance of outsourcing arrangements can be a beneficial approach for superannuation funds.
APRA’s media release can be accessed here.
APRA’s opening statement to the House of Representatives Standing Committee on Economics and Annual Report
On 11 October 2022, Chairman Wayne Byres addressed the House of Representatives Standing Committee on Economics on APRA’s 2020/21 Annual Report.
In his speech Chairman Byres discussed the role of APRA in Australian society as ensuring that financial institutions keep their promises.
Chairman Byres commented that despite the disruption caused by the Covid-19 pandemic, Australian financial institutions continued to perform strongly in an evolving geopolitical and technological landscape.
He noted that APRA is focusing its efforts and actions broadly on the following themes:
- How technological change will impact the financial system;
- Enhancing the cyber-capabilities of financial institutions;
- Ensuring financial institutions manage climate-related risk in a well-informed manner;
- Establishing mechanisms to help institutions recover from financial stress; and
- Strengthening the governance and accountability of institutions.
Chairman Byres also noted that APRA has industry-specific priorities it is aiming to meet.
The full speech can be read here.
APRA improves superannuation transparency with new publication
APRA has released the first of new statistical publications aiming to improve the transparency of the superannuation industry on 20 October 2022.
APRA announced the launch of this series of quarterly superannuation publications in July this year and this first publication includes data collected as part of APRA’s recently expanded Superannuation Data Transformation reporting standards. Monthly publications will also now include information on member demographics, such as gender, age and account balance, which had previously only been published annually as well as updates on the number and types of products and investment options available in the superannuation industry.
Key findings include:
- As at the quarter ending 30 June 2022, there were 69 MySuper products, 956 Choice products and 142 Defined Benefit products in APRA-regulated entities with more than four members;
- Of the $1.95 trillion in member assets held in these products, 41.5 per cent is held in MySuper products, 51 per cent in Choice products and 7.5 per cent in Defined Benefit products; and
- In the Choice product segment, there were around 10,000 multi sector investment options, 30,000 single sector investment options and 116,000 direct asset investment options available to members to invest in directly, such as shares or term deposits.
The next publication is due in December 2022.
The publication and media release can be read here.
APRA releases annual report for 2021/22 financial year
APRA has released its annual report for the 2021/22 financial year.
The report highlights how Australian financial institutions remained strong throughout the 2021/22 financial year despite uncertainty caused by COVID-19, natural disasters and increased geo-political tensions.
The report also details APRA’s activities throughout the past financial year and how they reflect APRA’s two strategic themes of ‘protected today’ and ‘prepared for tomorrow’ which are outlined in APRA’s 2021-25 Corporate Plan.
The report can be accessed here. Please see here for the media release.
APRA Chair Wayne Byres – Speech to FINSIA
On 19 October APRA Chair Wayne Byers gave his last official speech as APRA Chair to FINSIA. In his speech Mr Byres reflected on some themes which have dominated his tenure including capital, housing, competition, superannuation and community expectations and responsibilities, and drew out some lessons for the future.
In relation to superannuation, Mr Byers stated that the most important and impactful change has been the increased transparency that has been forced upon the industry. Mr Byres said that transparency has “been key to increasing the discipline on trustees to ensure they are always managing members’ money in their (i.e. members’) best interests.”
Mr Byres also suggested that transparency, achieved through APRA’s heatmaps and the statutory performance test, with more to come though APRA’s improved data collections, has been the most powerful force in driving better member outcomes as trustees who are not delivering for their members have no place to hide.
The full speech can be read here.
APRA releases further cyber-security update following Medibank data breach
Following the Medibank data breach on 13 October 2022, which shortly followed the Optus data breach, APRA released on 24 October 2022 an update for APRA-regulated entities.
APRA emphasised that all regulated entities must comply with Prudential Standard CPS234 Information Security. The core requirements of this standard include:
- Notifying APRA of material security incidents;
- Clarifying and defining the responsibility and role that individuals, governing bodies, senior management and directors have to protect cyber-security;
- Maintaining an appropriate cyber-security capability given the size of the organisation and the nature of cyber threats posed; and
- Establishing appropriate information security controls commensurate with the sensitivity of the information and regularly testing those controls.
APRA also urged all its regulated entities to review their incident response plans and communicate regularly with customers as cyber incidents become more frequent.
The full media release can be read here.
APRA releases letter regarding a review of the prudential framework for groups
On 24 October 2022 APRA published a letter to all regulated entities signalling that a review will be forthcoming into the current prudential framework as it applies to more complex group corporate structures.
The review will focus on ensuring the framework for group entities is clearer and simpler as well as the following priorities:
- Clarifying group capital requirements and APRA’s approach to regulating and supervising different group structures;
- Ensuring consistent prudential requirements that apply across group structures and ensuring the same risks are dealt with consistently across regulated industries; and
- Rationalising requirements for the management of risks presented by group structures.
The review will cover a range of topics and existing prudential standards such as:
The review is expected to be a multi-year project commencing with a Discussion Paper in the first half of 2023. The Discussion Paper will seek industry feedback on the key topics of: financial resilience, governance, risk management, resolution and competition issues.
APRA expects any changes to the group prudential framework to commence in 2025 following a period of consultation in 2023-24.
The letter can be downloaded here.
APRA publishes annual general insurance institution-level statistics
On 25 October 2022, APRA published the annual general insurance institution-level statistics for general insurers (level 1), general insurance groups (level 2) and Lloyd’s Australia which concern financial performance, position and capital adequacy.
The media release and statistics can be accessed here.
APRA publishes findings from insurance risk management review
On 26 October 2022, APRA released the results of its review into the strength of the general insurance industry's approach to insurance risk management.
This review was prompted by a series of claims under business interruption policies during the height of the COVID-19 pandemic. The number of these claims, as well as uncertainty about whether cover applied, revealed weaknesses in how insurers managed their exposures.
APRA required 10 insurers to complete a self-assessment of the strength of their risk frameworks in the context of business interruption as well as other risks such as cyber vulnerability. In all cases, insurers found weaknesses and have implemented work programs to address them.
Some common themes that emerged included:
- Failure to update policy wordings to reflect changes in the Quarantine Act legislation;
- Increasing complexity in policy wording without commensurate controls to identify and prioritise exposures;
- Inadequate attention to strong control effectiveness testing;
- Insufficient consideration of emerging and evolving risks.
The media release can be accessed here and a letter outlining the findings of the review can be viewed here.
APRA announces new appointments
With the departure of its former Chair Wayne Byres on 31 October 2021, APRA announced that its former Deputy Chair John Lonsdale will succeed Mr Byres as APRA Chair. APRA also announced Margaret Cole’s appointment as APRA Deputy Chair, together with Suzanne Smith and Therese McCarthy Hockey, who are appointed as new APRA Members. These new appointments commenced on 31 October 2022.
The full media release can be accessed here.
APRA releases Operations of Private Health Insurers Annual Report
On 26 October 2022, APRA released its annual Operations of Private Health Insurers Annual Report for the financial year 2021-2022. This report shows information about private health insurers such as expenses, revenues and other operational information.
The report and the data underpinning it can be accessed here.
AUSTRAC Statement on data breaches and reporting entities
On 7 October 2022, AUSTRAC issued a statement on their website, reminding reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) of the heightened money laundering and terrorism financing risks created by the increasing impacts of data breaches. This is particularly relevant for reporting entities undertaking their customer due diligence and suspicious matter reporting obligations.
AUSTRAC’s statement can be accessed here.