Partner Jacob Uljans discusses the key challenges facing financial services businesses in Australia – cyber risk, misleading and deceptive conduct and enforcing the design and distribution obligations. He also talks about what may happen now that ASIC has walked back its 'why not litigate' approach and instead committed to using its full suite of enforcement powers.
The financial services sector is one of the most regulated sectors as well as being one of the largest industry sectors in Australia. And with broad-ranging regulation comes the requirement to enforce that regulation in a way that will deter future misconduct.
We’ve seen in recent years a real uptick in regulatory activity in particular by ASIC in an enforcement context. And that’s largely been driven by the financial services royal commission, which commenced in 2018 and saw numerous examples of instances of misconduct brought to public attention. We saw recently that ASIC is now committed to adopting an approach that uses all of the regulator’s enforcement powers, not merely court proceedings, in order to resolve controversies proportionately. This is quite different to the approach that was taken by ASIC following the financial services royal commission which involved litigating as a matter of course.
One of the things we were expecting to see as a result of ASIC walking back its ‘why not litigate’ approach is the increased use of enforceable undertakings. Interestingly, since ASIC announced that it would be no longer undertaking the ‘why not litigate’ approach there’s been no enforceable undertakings entered into. Now, that may well change over the next 12 months, but it will be interesting to see how much ASIC does choose to use these other tools at its disposal in order to resolve regulatory enforcement issues.
The key issues that financial services businesses should be aware of, from a regulatory enforcement perspective, include those matters set out in ASIC’s recent corporate plan. We expect to see a lot more focus on ensuring that businesses are properly putting in place sufficient cyber risk management processes and tools. Another area that we’re expecting to see ASIC focus on is the misleading and deceptive conduct in terms of product offerings and enforcing the design and distribution obligations. We also expect to see enforcement litigation in the areas of unremediated breaches by financial services bodies, as well as predatory and unconscionable lending.