As the Royal Commission hearings draw to a close and the Commissioner prepares to draft his Final Report, the financial services industry is bracing itself for a new age in regulation with widespread reform on the horizon.
Regardless of what the Commissioner recommends, it is clear that that there will be a strong focus on effecting a fundamental change to enforcement.
In 2019, financial service providers should expect to face a significant increase in penalties for breaches of law, increased regulatory scrutiny, a proactive regulator with new powers and an increased appetite for enforcement action, and changes to breach reporting obligations.
WE HAVE OUTLINED EACH OF THESE CHANGES IN FIVE CATEGORIES:
1. Change in Penalties
The Federal Government has released draft legislation intended to strengthen penalties for corporate and financial sector misconduct. The proposed legislation amends a number of ASIC administered acts, to introduce a stronger penalty framework.
The changes reflect a number of recommendations made by the ASIC Enforcement Review Taskforce report in April 2018 (Taskforce Report). Most notably, the proposed legislation:
- expands the civil penalty regime by increasing financial penalties for contraventions (to a maximum of $210 million per breach) and making a wider range of offences subject to civil penalties;
- updates the maximum imprisonment penalties for criminal offences;
- introduces a formula to calculate financial penalties for criminal offences by multiplying the maximum term of imprisonment in months by 10 for individuals, and a further 10 for bodies corporate;
- introduces the availability of disgorgement remedies in civil penalty proceedings brought by ASIC; and
- requires the courts to give priority to compensating victims over ordering the payment of financial penalties.
The changes are expected to have significant implications for financial service and credit providers, with substantially greater risks of large penalties for corporate breaches.
A comprehensive summary of the changes contained in the draft legislation can be found here.
2. Embedding ASIC into banks
In August this year, ASIC Chairman James Shipton announced that the corporate regulator would be embedding senior officers into the Big Four banks and AMP, as a part of its new ‘close and continuous monitoring’ (CCM) program. In November, the Commonwealth Bank was the first to welcome the ASIC staff.
Little detail has been released about the CCM team or its operations, so it remains unclear how the pseudo-secondment will operate in practice. However, in an interview with the AFR, the Chairman made reference to his experience with embedding in Hong Kong. Officers are stationed in a conference room or similar area, and staff are called on to answer questions about different facets of the business. The Chairman also indicated that officers could ask to sit in on board or other leadership meetings.
There are no set periods for the length of time that ASIC staff will spend in an individual organisation, but indications are it will be an average of 6-8 weeks. Once the first rotation across the Big Four banks and AMP has concluded, there are prospects that ASIC could expand the scope of the CCM program to be applied across the financial services industry more broadly.
3. New approach to enforcement
ASIC has committed to take a more active approach to litigation with a reduced emphasis on negotiated settlements. This follows criticisms by the Royal Commission of ASIC’s failure to take enforcement action in a number of instances.
ASIC’s Chairman James Shipton has acknowledged that ASIC needs ‘to continue to make changes to [ASIC’s] approach to enforcement to deliver more effective deterrence’ and ‘that ASIC is expected to utilise enforcement tools more often, particularly against larger financial institutions’. This has been strengthened by the appointment of Daniel Crennan QC as Deputy Chairperson, with a specific focus on enforcement action. As part of his appointment Mr Crennan is also conducting an internal review of ASIC’s enforcement practices.
In a recent appearance before the Parliamentary Joint Committee on Corporations and Financial Services, Mr Crennan noted that:
Gone are the days where ASIC will allow a person who we perceive to be a perpetrator of a wrong in financial services to be entitled to acknowledge our concerns. We're not here to have concerns. We're here to regulate the law.
ASIC has disclosed that, over the next two years, it expects to have a 21% annual increase in civil proceedings commenced by ASIC and an 82% increase in criminal briefs referred by ASIC to the Commonwealth Director of Public Prosecutions for prosecution.
This has been supplemented by a recently announced $70 million funding boost to be provided by the Federal Government to ASIC.
As a result, financial service and credit providers can expect to face increased levels of scrutiny from ASIC in the coming months and may need to readjust their approach to dealing with ASIC to reflect this new regulatory environment.
4. Introduction of Design and Distribution Obligations and Product Intervention Powers for ASIC
The Federal Government is pressing on with the proposed introduction of a targeted and principles-based product design and distribution obligation, and financial product intervention powers, which were recommended by the 2015 Financial System Inquiry. A second round of consultation on the draft legislation has recently been completed, as these reforms aim to ensure that financial products are targeted and sold to the right consumers.
The design and distribution obligations generally apply to offers of most financial products (including insurance and superannuation products) and will require:
- product issuers to identify appropriate target markets and distribution channels for products, based on the features and characteristics of products and consumers in those target markets;
- product distributors to implement reasonable distribution controls so that products are likely to be distributed to individuals in the target market; and
- that these arrangements be periodically reviewed to ensure they are appropriate.
The new law gives ASIC powers to enforce the new arrangements. These include the ability to request necessary information, issue stop orders where there is a suspected contravention of the law and to make exemptions and modifications to the new arrangements.
The product intervention powers would enable ASIC to intervene where it is satisfied that a financial product has resulted in, will, or is likely to result in significant consumer detriment. The intervention power allows ASIC to proactively reduce the risk of consumers suffering significant detriment from financial and credit products, as ASIC would have the capacity to issue a consumer warning, require labelling change and, in serious cases, ban the product.
5. Changes to breach reporting
In September, ASIC completed its review into the operation of breach reporting in the financial services industry. The findings, published in ‘Report 594’ (Review of selected financial services groups’ compliance with the breach reporting obligation), reported on:
- compliance with the breach reporting obligation in s 912D of the Corporations Act 2001 (Cth);
- the adequacy and effectiveness of breach reporting processes; and
- the degree to which the industry demonstrated elements of a sound breach-reporting culture.
Report 594 also expressed support for a number of breach reporting-related law reforms outlined in the Taskforce Report. Generally, the report found :
- there was delayed identification of incidents and lengthy internal investigations which lead to significant delays in ASIC receiving breach reports about events or conduct;
- there was a regular failure by licensees to report to ASIC within the required 10 business day timeframe;
- for significant breaches that involved consumer financial loss, there was often delayed remediation for consumers;
- compliance systems were ineffective for the management of breach incidents;
- the financial services industry had inconsistent reporting of significant breaches (due to different interpretations of what needed to be reported);
- some AFS licensees have not always made the most of lessons learned opportunities; and
- the organisational culture of many licensees did not support an ability to meet breach reporting obligations.
Report 594 also expressed support for a number of breach reporting-related law reforms outlined in the Taskforce Report. Together, the two inquiries are expected to prompt significant change to breach reporting obligations for ADIs, including:
- introducing a self-reporting regime for credit licensees equivalent to the regime for AFS licensees;
- changing the determination of what is ‘significant’ in terms of a breach from a subjective test (having regard to the organisation and its customers) to an objective test;
- making the misconduct of employees reportable;
- extending the breach reporting period (including ongoing investigations of suspected breaches) from 10 business days to 30 calendar days;
- changing the required content of breach reports to be prescribed by ASIC; and
- introducing an annual publication of breach report data for licensees by ASIC.
Watch this space
With the Commissioner’s Final Report due on 1 February 2019, draft penalty legislation currently before the House of Representatives, and two ASIC investigation reports showing deficiencies in reporting and compliance now released, the new year is tipped to bring in a lot of new rules for the financial services industry.
2019 will be a crucial time for organisations to be aware of and understand the implications of any new laws before they come into effect. It will also be an opportunity for organisations to get on top of their compliance, and to ensure they remain steadfast in a new regulatory environment.