Stay in the know
We’ll send you the latest insights and briefings tailored to your needs
We aim to provide guidelines, principles and strategies (i.e. the "GPS") to assist financial services providers to navigate complex, and sometimes opaque or ambiguous, legal and regulatory requirements in a constantly evolving environment.
Join us in conversation with our resident FSR experts to explore some of the complex challenges faced by the financial services industry.
Be sure to also check out our FSR Australia Notes.
On 19 October 2023, ASIC registered the ASIC Corporations and Credit (Amendment) Instrument 2023/589, which provides some welcome relief from the obligation to report significant breaches to ASIC under Chapter 7 of the Corporations Act. Of particular interest is relief from the deemed significance regime for certain breaches of misleading or deceptive conduct.
The misleading or deceptive conduct relief is more likely to be satisfied in one-off non-scripted interactions with individual customers. Errors in scripted material are more likely to affect more than one person and give rise to repeated reportable situations.
It is important to note that there will be no need to rely on this relief if the conduct does not actually involve misleading or deceptive conduct.
A key criteria for this relief is that the relevant breach must not, and must be unlikely to, result in any loss or damage to any person. To address this, we have developed several scenarios where we think this criteria is more likely to be satisfied.
Through the Scams Code Framework, the Australian Government is proposing to introduce: key principles in addressing scams; a new definition of 'scam' under legislation; and requirements for businesses subject to the framework regarding strategy, information sharing, reporting, complaints handling, and dispute resolution.
The proposed Scams Code Framework would be established under primary legislation, such as the Competition and Consumer Act 2010 (Cth), which sets out principle-based obligations regarding scams for businesses regulated under the scheme. Banks, telecommunications providers, and digital communications platforms are the initial sectors that will be covered by the Scams Code Framework. Alongside the obligations under primary legislation, there will also be mandatory sector-specific codes and standards that will set out further obligations.
We draw out HSF's observations on the possible development of the overarching framework and sector-specific codes, and the ambiguities in the role of regulators such as ACCC and ASIC and the obligations that will be imposed on businesses.
The Financial Accountability Regime (FAR) has made its way through Parliament (at long last!) and will replace the current Banking Executive Accountability Regime (known as the BEAR). While there are a number of changes arising, this podcast deals with one of the most important from an investigations perspective, which is the introduction of ASIC as a co-regulator of the FAR together with APRA.
We will explore the different regulatory and enforcement priorities and approaches of ASIC and APRA and how we expect to see these differences play out in relation to the FAR. Financial institutions that are required to comply with the regime will need to think about what this means for their internal processes, including breach reporting and regulator engagement. In particular, we look at the increasing role for internal legal teams on FAR investigations and best practice considerations to help insulate executives and the company from enforcement risks.
We also draw out HSF’s observations on similar overseas regimes such as the Senior Managers and Certification Regime in the United Kingdom, including the enforcement themes and practical lessons that Australian financial institutions can take away from that experience
Notwithstanding this regulatory uncertainty, banks are already working on technology solutions and modifying customer journeys to mitigate the risk of APP Scams.
The insurance sector is undergoing an intense regulatory cycle and has now become a flavour du jour for the regulators. APRA is looking at sustainability, while ASIC is looking at consumer rights. A good, transparent and trusted relationship with ASIC and APRA now has unparalleled importance as the regulatory matrix becomes increasingly complex.
Sustainability and cyber security issues will continue to be key challenges for the insurance sector, and it will be important for insurers to consider how to “future proof” their insurance contracts and disclosures. Some legislative intervention is necessary to address challenges in the insurance sector – such as in the context of financial advice, product rationalisation and sustainability.
There are escalating structural changes in the insurance sector, being effected through a rise in M&A activity as well as new entrants and disruptors in the market.
In this episode, Senior Associate Shan-Verne Liew, and solicitors Abby Sutherland and Henry Gallagher reflect on some real life examples of potentially reportable scenarios with a focus on inadvertent system or disclosure errors, as well the importance of legal professional privilege when investigating incidents.
It can be tempting to assume that any error must amount to misleading or deceptive conduct, and therefore automatically reportable to ASIC as a significant breach. However, there are several key situations where making an unintentional error will not necessarily constitute misleading or deceptive conduct, or otherwise contravene the law.
Several of these situations can be found in the defective disclosure regime under Chapter 7 of the Corporations Act, which has been designed to recognise that not every misstatement (however trivial) should amount to a contravention. For example, taking reasonable care to ensure that a document would not be defective can in some cases provide a defence.
Legal professional privilege is an important issue to consider when investigating any potential compliance incident. Our experts cover when privilege is likely to apply in the context of an internal incident or breach reporting investigation.
In this episode, Partners Michael Vrisakis, Hugh Paynter and Alice Molan discuss one of the most vexed obligations under financial services law – the obligation to take all necessary steps to provide financial services, and engage in credit activities, efficiently, honestly and fairly.
The obligation to do all things necessary to ensure financial services and credit activities are provided or engaged in efficiently, honestly and fairly applies both to financial services licensees and to credit licensees. While the precise formulation of these statutory duties differs slightly between the two, it nevertheless imposes a relatively high bar on both.
There is considerable over-reporting of breaches of the efficiently, honestly and fairly obligation to ASIC. It is important to bear in mind that the efficiently, honestly and fairly obligation is a standalone obligation from other technical obligations under financial services law, which requires separate assessment of breach.
Recent case law is instructive in distilling some key principles on when there is a breach of the obligation to act efficiently, honestly and fairly. Most notably, the courts are now recognising that the standard does not require perfection and there may be scope to rectify an error before there is a breach of the efficiently, honestly and fairly obligation.
Investigations into breaches are reportable if they last more than 30 days. Understanding when an investigation has started is key to complying with the reporting timeframe, and because there is no statutory definition of what constitutes an investigation, each organisation must determine this for itself. In our experience, industry approaches differ significantly.
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2024