Our Australian Financial Services Regulatory team has reflected on what they forecast will be the significant regulatory developments in 2016.
Last year’s predictions
As 2015 draws to a close, our FSR team has again reflected on what they forecast will be the significant regulatory developments in 2016.
Before we share those, let’s quickly recap on our predictions for 2015:
- Mr Murray’s health check of the Australian financial system was delivered and, amongst other things, recommended industry funding for ASIC, higher penalties, a periodic capability review for financial regulators and a product intervention power for ASIC. The Federal Government has adopted the majority of the recommendations.
- Bank prudential requirements are being boosted, including as a result of APRA’s increase to mortgage risk weights for the larger banks.
- ‘Culture’ has become ASIC’s buzzword, as it continues its focus on accountability in organisations.
- Rumblings on market soundings continued as ASIC conducted a thematic review of market participants to assess their handling of market-sensitive information. In the last few weeks, a further survey of research analysts and the IPO process has kicked off.
- Cybercrime – the next ‘black swan’ event – was on the agenda and ASIC published Report 429: Cyber resilience: Health Check to help its regulated population improve cyber resilience.
- ASIC is expecting more from internal investigations of issues and is relying on self-reporting and self-funded remediation. ASIC updated its guidance on Enforceable Undertakings (including public reporting on compliance) and is developing a new regulatory guide on review and remediation in the financial advice industry.
- ASIC progressed its work on derivative reform, as part of the G20 commitment, including releasing draft rules requiring central clearing of certain derivatives to commence in early 2016. The Council of Financial Regulators has recently released a framework for considering the classes of derivatives which may be subject to a mandatory platform trading requirement.
We hope you find our insights for 2016 valuable and we look forward to assisting you to respond to these developments.
Culture and accountability
Culture shock – ‘A stick versus carrot issue’
ASIC’s buzzword for 2015 has been ‘culture’ – expect to hear more about it in 2016. ASIC has themed its 2016 Annual Forum as ‘culture shock’ and sees culture as having an important role in restoring the trust of consumers and investors in our financial institutions.
But what does ‘culture’ mean to ASIC, what is ‘good culture’ and how does ASIC plan to regulate it? Despite many ASIC speeches on the topic, it remains a vague concept involving ‘putting customers first’.
Given the uncertainty, ASIC may find culture a difficult beast to regulate. Chairman Greg Medcraft has referred to cleaning up culture as a ‘stick versus carrot issue’.
First, the carrot. According to ASIC Deputy Chairman Greg Tanzer, ASIC plans to focus on: incorporating culture into its risk-based surveillance review, using surveillance findings to understand how culture is driving conduct, and communicating to firms where ASIC has a problem with their culture. Key target areas include: remediation, incentives, whistleblowing policies, conflicts, complaints and corporate governance.
Secondly, the stick. Chairman Medcraft has noted that ASIC has limited ways to address culture directly and pointed to the Commonwealth Criminal Code under which a company can be held responsible for certain Commonwealth crimes if the company’s culture ‘encouraged or tolerated the breach’. Mr Medcraft thinks the same approach should be available to ASIC for sanctioning certain civil conduct. Whether ASIC will get its sought-after stick remains to be seen.
The ‘head on a stick’ approach to enforcement: trends in individual accountability
In 2016, expect to see global regulators continue to emphasise individual accountability and the importance of enforcement actions targeting individuals responsible for wrongdoing.
This follows key reforms in both the US and the UK during 2015, including:
- the US Department of Justice’s Yates Memorandum, which highlighted the importance of individual accountability for corporate wrongdoing. Importantly, the Yates Memorandum links a company’s eligibility for ‘cooperation credit’ to disclosing all relevant information regarding individual misconduct, regardless of the seniority or position held by the offenders, and
- the impending finalisation of the UK Senior Managers Regime (SMR), which intends to better hold individuals to account by requiring banks to identify and delineate the responsibilities of their most senior managers.
We predict that ASIC will increasingly focus on individual accountability through 2016. ASIC Chairman Greg Medcraft has said ASIC sees individual accountability as a key part of good corporate culture.
2016 should also see the introduction of an ASIC power to ban individuals from management within financial firms. We also anticipate the introduction of some elements of the UK SMR, including:
- the requirement to better articulate and map senior management responsibilities,
- mandated clear statements of responsibility for senior individuals, and
- an extraterritorial registration requirement in respect of individuals who exercise significant influence over a firm’s local operations from outside Australia.
That’s irrational! The increasing importance of behavioural economics
In 2016, the learnings from the field of behavioural economics will increasingly shape legislative reform and the approach taken by regulators.
Mainstream economics assumes that people act rationally - taking into account their preferences and the information available to them. However, this does not reflect reality. Over the past few decades, the field of ‘behavioural economics’ has used insights from psychology to explain why people do not always behave as expected. A key insight is that decisions, including investment decisions, are influenced by a range of cognitive biases, including:
- the illusion of control, i.e. the belief that one can control or influence an uncertain event (when you cannot),
- overconfidence, i.e. an unwarranted belief in one’s abilities and judgment, and
- framing bias, i.e. the tendency to respond to the same situations differently based on the context in which a choice is presented.
Policy-makers and regulators, here and overseas, are incorporating these insights into regulatory design and approach. For instance, is ‘better’ disclosure a cure for all regulatory ills, or should regulators be given the power to ban certain financial products (as discussed below)? Regulators have also started to commission research. In the UK, the Financial Conduct Authority has published a number of detailed papers addressing topics such as:
- communications to consumers, following the mis-selling of financial products, so as to encourage consumers to respond, and
- how selling insurance as an ‘add-on’ to another product affects consumer decisions.
ASIC has followed suit, including releasing a report in 2015 in relation to how ‘biases’ impact consumer decisions about investing in hybrid securities.
This trend will continue. It will be critical for financial institutions to be across developments in this area. Consistent with the focus on culture (see discussion above), regulators will expect financial institutions to be drawing upon insights from the field of behavioural economics to assist in achieving better outcomes for consumers.
Go ahead, make my day – new ASIC ‘product intervention power’ to be implemented
The new product intervention power flagged by the Government for implementation commencing in 2016 will represent a fundamental change to the modern regulatory structure of financial products in Australia. In its Response to the Financial System Inquiry, the Government has agreed that ASIC should have a ‘product intervention power’ to allow it to ‘modify, or if necessary, ban harmful financial products.’
There will be significant debate about the scope of the product intervention power in 2016. ASIC has commented that the power would be proposed to apply where there is a risk of significant consumer detriment and would encompass ‘nudges’ from ASIC, through to product bans. Given all financial investment involves risk, and thus the potential for loss, critical issues about the product intervention power include determining the threshold for when consumer detriment will be considered ‘significant’, and indeed determining the meaning of ‘consumer detriment’ itself.
We also foresee debate around a supervisory role for the court, for a merits review of the use of the power, and anticipate that the formulation of ASIC’s policy on the use of the power will be critical to its implementation. This new power has the potential to have a profound impact on the industry and it must be designed well, within an appropriate accountability framework, if product issuers are to have sufficient business certainty to continue to design and issue financial products.
Bring out your dead – review and remediation programs
In 2016, financial institutions will be increasingly subject to pressure to conduct extensive internal investigations into identified concerns and establish detailed regimes to compensate affected customers. This is an emerging facet of the continued ‘outsourcing’ of the regulatory function in Australia. To date, the trend has been most notable in the wealth sector, but will extend far beyond it.
A key feature of such review and remediation programs will be their sheer breadth – banks will be expected to conduct far-reaching in-house reviews of advice provided to customers over the course of many years, likely beyond any statutory limitation period, to determine whether they are owed compensation for loss due to non-compliance or misconduct. Unsurprisingly, the architecture of these programs will be administratively complex and resource intensive, with the cost of the program often outstripping the cost of the compensation itself.
We have seen this trend overseas. The FCA, for example, is currently overseeing the compensation program for mis-sold payment protection insurance, the largest financial services redress exercise ever undertaken in the UK. The compensation paid to clients by industry has reached a remarkable £21.1 billion so far, representing redress to over 10 million customers. The exercise is dealing with conduct that sometimes occurred more than a decade earlier.
Back home, ASIC is moving to formalise its approach by developing a regulatory guide on review and remediation programs conducted by financial advice firms. We expect the guide to cover issues such as scope of review (including the extension of remediation programs to cover other licensees in an institutional group), communications with potentially affected clients, the process of review (such as governance structures and independent oversight), and external review mechanisms.
Digitisation of finance
Still no hoverboards in 2015 … but technology is revolutionising finance
In 2016, we anticipate continued engagement by ASIC with the industry around financial innovation.
ASIC has launched initiatives focussed on facilitating innovation in the provision of financial services. These include an online ‘Innovation Hub’ to assist fintech businesses and a Digital Finance Advisory Committee to help focus efforts in this area. Regulatory interest in this area is understandable given the rapid pace of change, spurred by the exponential growth in investment. Fintech investment in Asia-Pacific has risen from US$880 million in 2014 to nearly US$3.5 billion in the first nine months of 2015 according to Accenture Consulting.
Two areas which will receive particular attention are robo-advice and the application of blockchain technology to financial markets.
In September 2015, ASIC announced a robo-advice task force to look at regulatory issues specific to this area of innovation. The focus will be on how these new businesses will comply with the best interests duties, what control environment will be in place to ensure robust development and testing of algorithms, and how staff will be appropriately trained and remunerated. Although it is early days, Chairman Medcraft has already highlighted its huge potential, saying it could drastically reduce investment costs and eliminate conflicts of interest.
In October 2015, NAB and CBA joined around 20 other global financial institutions to collaborate through a New York-based technology company, R3 CEV, to create a framework for using blockchain technology in the markets. It has the potential to revolutionise bank operations and back office functions making them faster, more efficient and more secure – saving millions in the process. The initial focus will be on agreeing an underlying architecture or protocol for developing blockchain technology to create a ‘network effect’ in innovations. Given the far reaching impact this could have on the operations of financial markets, regulators are likely to take an interest in the architecture being developed, particularly around stability, security and transparency. Blockchain, which deploys ’distributed ledger’ technology is inherently transparent and its widespread use could be a boon for regulators, given it has the potential to facilitate market oversight and monitoring for systemic risk.
Keeping up with the disruptors: ASIC’s review of the regulation of non-cash payment facilities
In 2016, we can expect to see regulatory consultation and a review of ’non-cash payment facilities’. The settings of the existing payments regulatory regime were established in the late 1990s. Since then, the number of participants, and their range of different roles in payment systems, have changed considerably because of new technologies.
Non-cash payment (NCP) facilities are payments made other than through the physical delivery of currency (notes or coins). For example, cheque accounts, stored value cards, direct debit services, funds transfer services and electronic bill payment services. NCP facilities are ‘financial products’ for the purposes of the Corporations Act, and accordingly are subject to Chapter 7 requirements with some exceptions. ASIC has generally been flexible in its approach to administering the financial services licensing, conduct and disclosure obligations for NCP facilities. ASIC has granted relief for several types of NCPs under class orders. For example, there are class orders affecting low value NCP facilities, such as prepaid mobile facilities, loyalty schemes, gift facilities and toll road facilities.
This relief recognises that for some types of NCP facilities, compliance with the financial services regulatory regime may be disproportionately burdensome and the likelihood of consumer detriment is minimal.
Many of the class orders applicable to NCP facilities are shortly due to expire. Given this, and the considerable growth and innovation of NCP facilities both in Australia and abroad since the class orders were made, we expect that ASIC will take the opportunity to consult and review in this area, including with APRA and the RBA.
Likely areas for scrutiny and reconsideration include:
- the definition of ‘non-cash payment facility’: for example, should a facility be a financial product if it does not involve the provider holding stored value on behalf of a customer? There is no stored value where the provider supplies a mechanism for transmission of funds rather than a wallet that can be used to effect payments.
- the test for what is a ‘low value’ NCP facility: it is helpful to relax the licensing regime for start-ups to carry out a proof of concept without engaging with the licensing regime, but does this particular test make sense today?
- the form of regulation: rather than class order relief would we expect to see primary legislation for this area?
H4CK3D: continued focus on cyber security
Although ASIC continues to emphasise that cyber security is fundamentally a business issue, we anticipate that regulatory presence in this area will continue to grow in 2016, including through ASIC’s:
- market monitoring activities to identify potential cyber attacks,
- industry engagement to promote improvement in, and peer benchmarking of, cyber resilience levels, and
- enforcement of cyber security as a matter of compliance with licensing obligations e.g. through enforceable undertakings or infringement notices.
In July 2015, the Australian Cyber Security Centre released its first unclassified Threat Report, which identified the cyber threat to Australian organisations as ‘undeniable, unrelenting and [continuing] to grow’. It is no wonder then that regulators remain deeply concerned about the devastating potential of cyber attacks on market stability and investor trust and confidence.
This concern is also felt overseas. In the US, the Securities Industry and Financial Markets Association (SIFMA) recently coordinated a large-scale cyber attack simulation exercise involving over 80 financial institutions, government agencies and market utilities.
Looking to 2016, firms should aim to develop a level of cyber resilience that reflects the cyber risks they face. Cyber security measures should cover prevention, incidence response and post-breach mitigation. An important element of this is elevating cyber security from ‘just an IT issue’ to a concern which is appreciated and accounted for at every level of the business, including executive leadership. Firms should even consider establishing an integrated cyber incident response team consisting of representatives from relevant business units.
The dog ate my homework – ASIC through with excuses on FOFA
ASIC’s 2015-2016 Corporate Plan makes it clear that ‘poor financial advice’ will be a continuing focus in 2016 and we expect to see ASIC taking steps to enforce compliance with the full suite of FOFA reforms.
Following the disallowance of the FOFA amendments at the end of 2014, ASIC announced a facilitative ‘practical and measured’ compliance approach to the disallowed amendments until 1 July 2015.
In April 2015, Commissioner Tanzer said that, notwithstanding the facilitative approach, ‘let me be crystal clear, we are still cracking down on misconduct’. Mr Tanzer also noted that ‘where we find deliberate and systematic breaches we are taking stronger regulatory action’.
The time for facilitation has now well and truly ended; 2016 is the time for action.
Losing the third party blame game
Recent enforcement trends demonstrate that financial institutions can now expect to be held accountable for third party failures that cause detriment to customers, particularly where the firm has failed to take sufficient steps to monitor and manage risks associated with the third party’s conduct.
In its 2013 report on hybrid securities (Report 365), ASIC stated that hybrid issuers have a responsibility to ensure that members of their distribution network act appropriately, and to manage any risks caused by the issuer’s limited visibility over that network. Issuer liability for third party conduct is already embedded in consumer protection legislation in relation to linked credit providers, under which a credit provider can be held liable to a customer for certain conduct of the third party supplier of goods or services in connection with which the credit is provided, where the third party is insolvent. However, recent enforcement outcomes demonstrate that ASIC’s position on this issue is not limited to hybrid issuers or linked credit providers, and that insolvency of the third party is not always a prerequisite to liability.
For example, following a Federal Court finding of unconscionable conduct by payday lender The Cash Store Pty Ltd (In Liq) in relation to sales of payday loan insurance, insurers refunded customers who were sold the policies a combined $2.4 million in premiums and fees. Similarly, a consumer finance lender has recently agreed to compensate a number of borrowers sold car loans by third party Get Approved Finance, whose brokers were submitting falsified loan applications which resulted in borrowers being approved for loans when they would not otherwise have been.
Firms need to take care to ensure adequate due diligence is performed before entering into a relationship with a third party, and that controls are put in place to monitor risks arising from that third party’s conduct. However, even this may not always be enough to prevent liability being sheeted home to the firm.
Anti-Money Laundering regulator flexes its muscle
The Financial Action Task Force, the inter-governmental body responsible for developing and promoting policies to combat money laundering and terrorist financing, released a report on Australia’s AML/CTF regime in May 2015. The report benchmarks Australia against international standards and the results were mixed. The regime was found to be non-compliant in some respects but also recommended that AUSTRAC increase its enforcement activity.
AUSTRAC has already bared its teeth in 2015, moving away from its light touch regulatory approach. We expect this trend to continue and anticipate a more aggressive regulatory approach in combatting money laundering and terrorism financing in 2016.
For information regarding possible implications for your business, please contact the Financial Services Regulatory team.
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2021