In brief

At the end of 2013, our Australian FSR team looked into the crystal ball and gave their predictions on what would be the key regulatory issues in 2014.

As forecast:

  • The Senate Inquiry, noted as being a ‘wake-up call to ASIC’, delivered its recommendations including increasing penalties, improving the education standards for financial advisers and facilitating whistleblowing – but we will have to wait until the Government responds to the Financial System Inquiry (FSI) before we know if, when and how these recommendations will be implemented,
  • ASIC is still placing emphasis on breach reporting (with 52% of breach reports being referred for investigation in 2012-2013) and in September announced that it is conducting a review of breach reporting to see who is reporting, what is being reported and whether breaches are being reported to ASIC in a ‘timely manner’,
  • Financial innovation-driven complexity and the risks of mis-selling are still hot topics, with ASIC releasing a report on the regulation of complex products, the continuing saga of the Future of Financial Advice (FOFA)reforms and Chairman Greg Medcraft warning that ASIC is watching Australia’s financial markets and ‘if we find you have intentionally broken the law, our response will be severe’, and
  • ASIC released guidance on the handling of confidential information and is monitoring changes to analyst ratings to determine whether they could have been prompted by companies inappropriately disclosing confidential information.

Still to come:

  • Chairman Medcraft’s next ‘black swan event’ – cybercrime – has caused some issues in the US but is yet to hit Australia, and
  • We have not yet seen ASIC’s promised guidance on market manipulation.

As 2014 draws to a close, the team has again been asked what they forecast to be the significant regulatory developments in 2015. We have also sought some insights from our global colleagues.

We hope you find these insights valuable and we look forward to assisting you to respond to these developments.

Regulatory framework

Financial System Inquiry predictions

The FSI recently delivered its final report to the Treasurer, ahead of its expected release to the public in early December 2014. We expect the Murray Report will recommend:

  • ASIC funding through an industry levy – an outcome ASIC has sought in light of budget cuts that have forced it to 'substantially reduce' proactive surveillance,
  • A tougher civil penalty regime, following ASIC’s submission that its effectiveness as a regulator is compromised by its relative weaker regime in comparison to those in the UK and US,
  • Strengthening accountability mechanisms for regulators, particularly in light of the Senate Inquiry into ASIC. The Federal Government has chosen to not yet respond to a number of the Senate Inquiry’s recommendations, citing the FSI’s imminent release,
  • Improving Australian domestic regulatory processes to be more harmonious with international standards and foreign regulation, and
  • Alternatives to the current reliance on disclosure as a regulatory tool. We expect a shift towards some form of product suitability or merits-based regulation, in the form of, for example, product design requirements.

Impact of global regulation

Capital standards a tall order

We expect to see further upward pressure on bank prudential standards. In particular, the debate in Basel will include calls for higher ‘systemically important financial institution’ buffers; an increase in the leverage ratio requirements above 3%, further constraints on short–term funding such as repo lending, and a requirement that banks using advanced capital models also establish capital floors based upon standardised models. Whilst none of these are yet accepted policy in Basel, all have strong support. If adopted, they would further increase pressure on bank business models.

In 2015, Europe will resume the debate on bank structure, which will have global ramifications. The UK, Germany and France have already introduced legislation which in differing ways requires the separation of some banking activities into separately capitalised and operated subsidiaries. We expect the rest of the EU to follow, with the French/German model requiring the separation of certain prime brokerage and trading activities to provide a minimum template for the debate. It is a debate which, taken together with changes to prudential rules and the requirements of recovery and resolution planning could materially impact the competitive position of the internationally active EU banks.

Progress towards solving ‘too-big-to-fail’ will require banks to satisfy regulators that they have sufficient liabilities available for bail-in. As a practical matter, there will be an increasing need for many banks to issue debt instruments that can be discounted and converted to equity in a bail-in scenario. Given the UK restrictions on distribution of contingent convertibles to the mass retail market and the increased regulatory scrutiny on such distribution in Australia, that issuance will come at a cost that some banks will find challenging, placing further pressure on business models and funding structures.

Mandated cyber resilience

In tackling cybercrime, banks (and their regulators) seem resigned to the fact that it is just a matter of time before they fall victim to a successful attack. Nonetheless, efforts at prevention, detection and damage limitation will remain one of the highest regulatory priorities in 2015. We expect regulators, led by the IOSCO, the International Organisation of Securities Commissions (of which ASIC is a member and Greg Medcraft Chair) to seek a consensus on objective standards against which the industry can be judged and a template for self-assessment and reporting that will allow for greater transparency and market discipline. The leading standards at present and the starting point for the IOSCO discussions are ISO27001 and the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cyber-security, issued in February 2014.

OTC derivatives reforms will bite

Progress in implementing the G20's reform agenda for the OTC markets will really start to bite in 2015. Regulators will begin to characterise products as suitable for central clearing and exchange trading, with the implications that has for product standardisation, initial and variation margin. Bank margins will be eroded, liquidity is expected to fall in some products, and some risks may go un-hedged. There is an unfinished debate in Europe on post-trade transparency (likely to be influential in smaller markets such as Australia) which will be decisive in pricing risk and may in turn impact liquidity.

Emerging risks

Hearing rumblings on market soundings

In 2015, we expect ASIC to expand its focus on companies’ handling of confidential information – particularly in relation to market soundings and analyst briefings.

This was foreshadowed in ASIC Report 393: Handling of confidential information: Briefings and unannounced corporate transactions released earlier this year.

Although ASIC stated that, overall, existing guidance on the handling of confidential information is largely sound, it saw the flexible nature of the AFMA Guidelines (Handling Confidential & Price-Sensitive Information & Soundings Best Practice) as leading to some concerning practices.

If ASIC ultimately determines to introduce further guidance on this topic, it is likely to look to the draft technical standards developed by the European Securities and Markets Authority (ESMA) on implementation of the EU Market Abuse Regulation for inspiration. These standards, which will apply from July 2016, prescribe detailed record-keeping requirements for market soundings, including records of:

  • whether the information to be disclosed is inside information or not, and why,
  • the type and number of potential investors that will receive the market sounding,
  • the content of any market sounding and subsequent discussions by taped lines (for both land lines and mobile phones) or if the sounding is in person, by detailed file note (signed by the potential investor) or video/audio recording,
  • informing those investors previously sounded when inside information provided ceases to be inside information, and
  • investors that do not wish to be sounded about any potential transactions.

ESMA requires these records to be kept for 5 years, which is only marginally better than ASIC’s Dec 2009 proposal (see Consultation Paper 128) that details be given to ASIC within 48 hrs of every market sounding.

APLs – do they work?

We expect ASIC to take a more aggressive approach to financial advice in 2015, and approved product lists (APLs) will be a key area of that focus – which raises the question whether they work.

The extent to which advisers can use an APL, with a small number of financial products, and satisfy their obligations under the new FOFA regime is exercising many minds.

Neither the FOFA laws, nor ASIC policy, deal directly with APLs, and how relying on one meets the FOFA obligations (including the ‘best interests’ duty and duty of priority) or any general law fiduciary duty.

The FOFA legislation and ASIC policy recognise the use of ‘scoped’ or ‘scaled’ advice as consistent with advisers’ FOFA obligations. This might suggest that scoping by way of limitation of product should also be consistent with FOFA obligations.

In order to manage ASIC’s scrutiny in 2015, it is crucial that

  • advisers carefully research and assess the virtues (and vices!) of products on their APLs vis-à-vis comparable products,
  • advisers engage with clients and ensure that they understand any limitations of the advice given to them, and
  • circumstances where the APL is not appropriate are carefully set – for example, where an adviser is advising a client to switch from a product not on the APL the adviser may not be authorised to advise on the client’s existing product.

3LOD (and the front line is under fire!)

In 2015, we expect to see a continued revision of the '3 lines of defence' strategy, as financial institutions heed international regulatory calls for a stronger culture of compliance throughout the 1st line, with 2nd line functions such as Legal, Compliance and Risk consulted in 1st line deliberations as 'equal partners'.

We also expect to see bodies such as the Financial Stability Board and the Basel Committee on Banking Supervision, issue further guidance in this space during 2015.

Most financial institutions have established a compliance framework that adopts a 3LOD strategy. The 1st line is the business, the 2nd line consists of control functions such as Risk, Compliance and Legal, and the 3rd line if internal audit.

Global regulators are generally supportive of the 3LOD model, however the experience of risk management failures, in a number of institutions, is leading to a change in regulatory expectations. For instance, the UK Parliamentary Commission on Banking Standards stated that there should be a conscious effort not to turn 3LODinto a 'box-ticking exercise whereby process was followed but judgment was absent'.

The perception is that institutions have been overly-reliant on the 2nd and 3rd lines to identify and manage risk. In Australia, APRA has stated that it expects the 1st line to 'own the risk', which means identifying, tracking, measuring and controlling the risk.

The placing of more responsibility for compliance on the 1st line makes sense: front office staff have the knowledge and insight to discern risks in the business that they oversee, and they will also often have a timing advantage. But it is not without problems. The 1st line may not be sufficiently resourced to fulfil such a role. Conflicts of interest may be created, which need to be managed by the 2nd line functions. And often the 1st line is neither rewarded or structured to perform an effective part in a compliance framework. These are challenges that financial institutions will continue to grapple with in 2015.

Senior management to be held to account

An important regulatory trend overseas, which Australian regulators may borrow from in 2015, is a more precise articulation of the regulatory responsibilities of senior banking managers.

In the UK, in a move expressly aimed at holding individuals to account, a new regime has been developed for senior bankers. The regime will apply not just to UK banks, but also to branches of overseas banks operating within the UK. 

The Senior Managers Regime is intended to increase and better delineate the responsibilities of those at the highest levels of management within banks. It requires a detailed allocation of responsibilities among senior managers exercising 'senior management functions' (SMFs). SMFs (drawn principally from the Board and Board minus one) are designated by the Prudential Regulatory Authority/Financial Conduct Authority and defined by reference to core responsibilities. Regulatory approval will be required for any individual performing such a function. A Senior Manager responsible for an area in which a relevant requirement is contravened will be deemed responsible (with potential individual sanctions) unless they can demonstrate they have taken reasonable steps to prevent, stop or remedy the relevant breach. Under a similar regime for insurers, also under consultation, the regulator would have to prove that senior insurance managers had not taken reasonable steps.

Formalising such roles is consistent with comments in the FSI’s Interim Report. The Interim Report identified a public policy case for specific corporate governance requirements on financial institutions. While the Report considered there to be no case for regulation to alter the delineation of responsibilities between boards and management, it identified a possible need for better delineation of those roles. We anticipate that there may be a similar movement towards more clearly delineating the roles of Australian senior banking managers.

Enforcement trends

Contrary regulatory expectations – treading the line

An emerging trend globally has been regulators’ expectations that financial institutions will undertake far-reaching investigations and analysis following a particular incident to determine whether it is symptomatic of broader failings within the entity.

Perhaps the high-water mark for these expectations is the various interbank lending, FX and commodities benchmark investigations which have infiltrated major financial centres across the globe prompted by the original LIBOR manipulation cases. The SEC has been the most prominent of the regulators in relation to this trend, making clear its high expectations of the self-investigation to be undertaken by institutions which have reported (or been outed with) LIBOR issues.

Consistent with other 'outsourcing' of the regulatory function in Australia, we expect to see this trend become more prevalent here during 2015. Increasingly, ASIC will be expecting the response to the identification of any major regulatory misconduct issue to include an analysis of whether it is indicative of a systemic issue within the institution and the undertaking of pre-emptive investigations on this basis.

This regulatory trend can be juxtaposed with another emerging trend – both globally and here – namely, regulatory 'statues'. As with the children’s game: when the regulator demands it, you freeze. In certain circumstances regulators are requiring, or 'requesting', that an institution not speak with a particular employee or employees until such time as the regulator has had an opportunity to do so. Some slightly watered-down instances of this involve the regulator wanting to be briefed before interviews with employees and seeking the notes of interviews with employees after those interviews undertaken during an internal investigation.

These trends are, at least in theory, diametrically opposed. Even if they can co-exist in practice, they emphasise the importance of sensitive management of your regulatory relationships and the care to be exercised when undertaking internal investigations. This is particularly the case in cross border matters where multiple regulators are involved who may have varying expectations on the appropriate approach and scope of internal investigations.

Changes to ASIC’s enforcement model

Cost efficiencies – ASIC says ‘it’s your shout’

The Federal Government announced significant cuts to ASIC’s budget in 2014, and in 2015 we expect to see ASIC increase its reliance on cost-efficient enforcement mechanisms to meet the challenge of reduced funding, including:

  • increased requests for access to privileged material, such as legal advice and internal investigation reports,
  • continued reliance on self-reporting and self-investigation by regulated entities, and
  • self-funded remediation - typically involving a regulated entity bearing the expense of an independent expert appointed to oversee and report to ASIC on remediation (as well as ASIC’s investigation costs). The broader use of independent experts by ASIC was foreshadowed in the Government’s response to the Senate Inquiry report. The use of independent experts by regulators to complement the work of regulators has been gaining traction internationally, with the UK’s FCA making considerable use of its power to unilaterally appoint experts to investigate and report on entities and the US Department of Justice emphasising the role of independent compliance monitors in the implementation of ‘deferred prosecution agreements’.

Tougher EUs may lead to less settlements

We expect stricter requirements to be imposed on regulated entities seeking to resolve ASIC investigations by way of ‘enforceable undertaking’ in 2015, driven particularly by the fallout from the Senate Inquiry.

The Inquiry’s report recommended that, in accepting EUs, ASIC require:

  • stronger and clearer terms - particularly regarding the remedial action that should be taken,
  • an acknowledgement by the entity of the alleged misconduct, and
  • enhanced transparency including publication of reports of independent experts.

As such, in 2015, ASIC will be careful to finely tune the details of EUs so as to highlight the transparency and independence of the remediation framework, and will continue the practice, commenced in 2014, of requiring that experts’ reports be made public.

However, a push for stronger terms may backfire on ASIC’s ability to negotiate EUs, as Australian companies may have an increased appetite for the alternative of litigation. Paradoxically, a tougher stand on EUs could force a reversal of the trend of increasing use of EUs.

ASIC unlocks the war chest

While ASIC’s overall funding has been cut, the Government has, in response to recommendations made by the Senate Inquiry report, halved the threshold at which ASIC can access its Enforcement Special Account (from $1.5 million to $750,000). This reduced threshold will enable ASIC to access special funding on particular investigations much more quickly, and ASIC is likely to make use of this in 2015.

After a round of voluntary redundancies, ASIC has also restructured its enforcement teams and recruited new enforcement personnel.  ASIC’s ‘bulked up’ enforcement presence over the next year comes as it pushes to position itself as a ‘conduct’ regulator, in contrast to the prudential role of APRA – i.e. as a regulator that takes action in response to what it sees as serious and systemic misconduct. 

Higher penalties are coming

Following the Senate Inquiry’s report into ASIC’s performance earlier this year, we predict an increase to the maximum civil penalties available to ASIC for corporate wrongdoing.

The Inquiry found that a ‘compelling case’ has been made for civil penalties to be reviewed to ensure that they are set at an appropriate level, and recommended a government inquiry into the penalties available across the legislation ASIC administers. We expect a review to commence in 2015.

This follows from ASIC’s submissions to the Inquiry and its March 2014 report Penalties for corporate wrongdoing which identified that:

  • civil penalties have remained unchanged since 1992, with the maximum civil penalty for offences under the Corporations Act being $200,000 for individuals ($1 million for companies) and a maximum penalty under the ASIC Act of $1.7 million,
  • such penalties being inconsistent with those available under other legislation it administers (e.g. National Consumer Credit Protection Act), or with penalties available to other Australian regulators, such as the ACCC and AUSTRAC, and
  • Australian civil penalties are significantly lower than those available to comparable regulators internationally, such as in the US and UK (where the maximum civil penalties can be a multiple of the financial benefit obtained from the wrongdoing, as opposed to being a fixed amount as is the case in Australia).

ASIC also argues that it should have greater administrative penalties, including powers to disgorge profits obtained by offenders, so as to remove the financial benefit from wrongdoing.

Such a review will likely also recommend more flexible penalty arrangements, such as multiple of gain penalties, penalties combined with disgorgement of profits and US-style ‘deferred prosecution agreements’.