The obligation to secure your opponent's data in the age of hacking
Hacking, corporate espionage and data breaches are on the rise around the globe.
Commissioner Hayne stressed that much of the malaise, wrongdoing and “pursuit of profit” within the financial services industry were due to remuneration practices, the prevailing cultural environment and governance arrangements, all of which are inextricably linked.
In order to re-build consumer confidence and trust within the financial services industry, all financial services entities need to take immediate action to review management, organisational and governance structures to ensure they have identified the key financial and non financial risks of their business and have clear accountability for managing these risks. In addition, all financial services entities should be regularly assessing culture and addressing issues on an on-going basis.
We have already seen ASIC requesting responsible entities provide information around their rewards and incentives structures, their statements of value, and the extent to which the board has considered culture and conduct as part of on-going surveillance activities. We anticipate that ASIC’s expectations and scrutiny of all financial services entities will increase exponentially. Boards and senior managers need to ensure that they have taken sufficient steps to ensure they are comfortable there is enough focus on these aspects of the business.
All Australian financial services licensees have an obligation to have adequate arrangements for the management of conflicts of interest arising in the provision of financial services. The Report stressed the need to move away from ‘managing’ conflicts of interests to ‘eliminating’ them altogether in certain contexts and several recommendations are aimed at elimination. This includes a recommendation for a superannuation trustee to be prohibited from assuming any obligations other than those arising from its duties as trustee of a superannuation fund. This would require a dual regulated entity that acts as a responsible entity of a registered scheme and as trustee of a superannuation fund to restructure their operations. This is likely to impact on the approach to the establishment of new investment funds by these entities prior to any implementation of this recommendation.
Although the Report falls short of recommending a change to the law for all licensees in relation to conflicts, fund managers will likely see an increased focus from ASIC on conflicts, including on related party transactions. This would continue the focus on conflicts which came out of some of ASIC’s surveillance activities on responsible entities over recent years. For example, in ASIC’s report 528 released in July 2017, ASIC recommended that responsible entities review ASIC’s guidance on conflicts in ASIC Regulatory Guide 181 and where necessary, strengthen conflicts management measures to ensure they are adequate, implemented and maintained.
The Report is a reminder of the regulatory risk posed by conflicts and fund managers should ensure that their conflicts management policies and procedures and their practical implementation are adequate and effective. Licensees will need to wait and see how ASIC further implements the broader conflicts themes in any updated regulatory guidance.
Commissioner Hayne provided a strong message to ASIC that it needs to change from its current passive approach of issuing fines and enforceable undertakings to ‘litigate first’ in order to hold wrongdoers to account. This is likely to result in a change in how financial services entities engage with ASIC. There will be need to be a balance between ensuring that fund managers comply with their reporting obligations to ASIC without unnecessarily compromising their position if litigation is commenced against them on a particular incident.
Many fund managers will have recently received their first (not insubstantial) ASIC statement for the industry funding levy. This levy was a recommendation of the Financial System Inquiry to ensure ASIC has the resources to be a more pro-active watchdog in supervising all financial services entities and addressing misconduct. Together with the amendments to the law recently passed by Senate which will implement the recommendations of the ASIC Enforcement Review to strengthen ASIC enforcement powers and increase penalties of contraventions, we expect that ASIC will be deploying the funding it receives from these levies to bolster its enforcement activities.
This means that all financial services entities are likely to be subject to more frequent surveillance and issues identified are more likely to result in ASIC commencing action against the financial services entities rather than being satisfied with remedial action that the entity agrees to undertake.
The proposed repeal of the grandfathering arrangements for conflicted remuneration (recommendation 2.4) would most likely come as no surprise to fund managers. Notable industry moves have to a large extent acted as a precursor to the recommendation in Hayne’s final report, particularly in relation to arrangements that impact financial planning businesses. However, fund managers will need a broader perspective so that they are not contractually obliged to make payments which cease to be grandfathered. In the context of certain distribution arrangements, for example, fund managers will need to confirm processes are in place to identify ongoing agreements and other commercial terms. Engagement may well be needed with counterparties to those agreements to ensure there is no inadvertent compulsion to perform an agreement that would leave the fund manager in breach.
In addition, fund managers should keep a watching brief on the proposed review into the quality of advice, due to the recommendation in the final report of the need to “consider whether each remaining exemption to the ban on conflicted remuneration remains justified” (recommendation 2.6). The recommendation specifically calls out the s963C non-monetary benefits exemption, but a broader repeal could impact on other exemptions either provided for in the Corporations Act or Regulations and which were developed in a fairly piecemeal fashion as FoFA was implemented. Practical impact for fund managers could arise in the context of commercial arrangements such as industry event sponsorships. The result could require a much broader reset on arrangements that fund managers have in place with intermediaries that promote and distribute their products.
From a fund manager’s perspective, the key recommendations made in respect of the superannuation industry are likely to be the changes proposed to the way that default superannuation accounts operate in Australia. While the changes are aimed at eliminating the issue of multiple superannuation accounts for individuals, there will also be practical long-term effects in terms of competition and the flow of investment money within the superannuation system.
Similar to the Productivity Commission Inquiry Report into the efficiency and effectiveness of the superannuation industry, which was publicly released on 10 January 2019, the Commissioner recommended that a person should only have one default account during their lifetime. Practically speaking, this means an individual would open a default account when entering the workforce or at the time when superannuation guarantee payments must first be made in respect of that individual. The practice of opening a new default account whenever changing employment would cease. The Productivity Commission’s report also recommended the creation of a ‘best in show’ shortlist of up to 10 superannuation funds that would be presented to individuals who are new to the workforce.
When the two reports are read together, it becomes clear that if all eligible employees in Australia are essentially selecting from 10 superannuation funds, then a large proportion of superannuation money will be pooled in these ten funds. For investment managers, this is likely to lead to competing for larger mandates from a smaller number of superannuation fund clients.
If you would like to discuss how best to monitor these regulatory changes and keep across your obligations, please do not hesitate to contact us.
Hacking, corporate espionage and data breaches are on the rise around the globe.
Implications for cryptocurrency trading, smart contracts and AI
Decree No. 228 of 2019 (Decree 228/2019) came into effect on 27 August 2019, which simplifies and revokes previous decrees of the Ministry of Employment (MoE) to widen the type of job titles allowed for foreign professionals to work in Indonesia.