FSR GPS Podcast Series (Australia)

The Financial Accountability Regime (FAR) has made its way through Parliament (at long last!) and will replace the current Banking Executive Accountability Regime (known as the BEAR). While there are a number of changes arising, this podcast deals with one of the most important from an investigations perspective, which is the introduction of ASIC as a co-regulator of the FAR together with APRA.

We will explore the different regulatory and enforcement priorities and approaches of ASIC and APRA and how we expect to see these differences play out in relation to the FAR. Financial institutions that are required to comply with the regime will need to think about what this means for their internal processes, including breach reporting and regulator engagement. In particular, we look at the increasing role for internal legal teams on FAR investigations and best practice considerations to help insulate executives and the company from enforcement risks.

We also draw out HSF’s observations on similar overseas regimes such as the Senior Managers and Certification Regime in the United Kingdom, including the enforcement themes and practical lessons that Australian financial institutions can take away from that experience 

In recent years the “Quincecare Duty of Care”, owed by banks to its customers as recognised in the UK, was slowly expanding with the potential for it to cover APP Scams. However the recent UK Supreme Court decision in Philipp v Barclays Bank UK has clarified that a bank’s duty to act with reasonable skill and care when processing customer payments is limited and applies only to “interpreting, ascertaining, and acting in accordance with the instructions” of the customer.

In Australia, banks already owe duties to their customers under existing legislation – including a duty to act efficiently, honestly and fairly, which may cover how banks deal with APP Scams.

The insurance sector is undergoing an intense regulatory cycle and has now become a flavour du jour for the regulators. APRA is looking at sustainability, while ASIC is looking at consumer rights. A good, transparent and trusted relationship with ASIC and APRA now has unparalleled importance as the regulatory matrix becomes increasingly complex.

Sustainability and cyber security issues will continue to be key challenges for the insurance sector, and it will be important for insurers to consider how to “future proof” their insurance contracts and disclosures. Some legislative intervention is necessary to address challenges in the insurance sector – such as in the context of financial advice, product rationalisation and sustainability.

There are escalating structural changes in the insurance sector, being effected through a rise in M&A activity as well as new entrants and disruptors in the market.

So far, legal issues have centred on various prohibitions on making misleading statements, including the prohibitions against misleading or deceptive conduct, and making false and misleading statements. As ever, it is important for financial services providers to be vigilant about the representations they are making about their offerings, both within and beyond their prescribed disclosure documents.

It can be tempting to assume that any error must amount to misleading or deceptive conduct, and therefore automatically reportable to ASIC as a significant breach. However, there are several key situations where making an unintentional error will not necessarily constitute misleading or deceptive conduct, or otherwise contravene the law.

Several of these situations can be found in the defective disclosure regime under Chapter 7 of the Corporations Act, which has been designed to recognise that not every misstatement (however trivial) should amount to a contravention. For example, taking reasonable care to ensure that a document would not be defective can in some cases provide a defence.

Legal professional privilege is an important issue to consider when investigating any potential compliance incident. Our experts cover when privilege is likely to apply in the context of an internal incident or breach reporting investigation.

The obligation to do all things necessary to ensure financial services and credit activities are provided or engaged in efficiently, honestly and fairly applies both to financial services licensees and to credit licensees. While the precise formulation of these statutory duties differs slightly between the two, it nevertheless imposes a relatively high bar on both.

There is considerable over-reporting of breaches of the efficiently, honestly and fairly obligation to ASIC. It is important to bear in mind that the efficiently, honestly and fairly obligation is a standalone obligation from other technical obligations under financial services law, which requires separate assessment of breach.

Recent case law is instructive in distilling some key principles on when there is a breach of the obligation to act efficiently, honestly and fairly. Most notably, the courts are now recognising that the standard does not require perfection and there may be scope to rectify an error before there is a breach of the efficiently, honestly and fairly obligation.

Investigations into breaches are reportable if they last more than 30 days. Understanding when an investigation has started is key to complying with the reporting timeframe, and because there is no statutory definition of what constitutes an investigation, each organisation must determine this for itself. In our experience, industry approaches differ significantly.

There is an enormous number of obligations, the breach of which is deemed significant and therefore automatically reportable to ASIC (notably, including the prohibition on misleading and deceptive conduct and the obligation to do all things necessary to ensure financial services are provided efficiently, honestly and fairly). But it is not every obligation. And not every error will necessarily constitute a breach.

Our experts expect ASIC’s attention will soon shift to those licensees who appear to be under reporting matters, particularly in light of ASIC’s observation that only 6% of licensees had lodged a breach report during the time of its review.