FSR GPS Podcast Series (Australia)

Through the Scams Code Framework, the Australian Government is proposing to introduce: key principles in addressing scams; a new definition of 'scam' under legislation; and requirements for businesses subject to the framework regarding strategy, information sharing, reporting, complaints handling, and dispute resolution.

The proposed Scams Code Framework would be established under primary legislation, such as the Competition and Consumer Act 2010 (Cth), which sets out principle-based obligations regarding scams for businesses regulated under the scheme. Banks, telecommunications providers, and digital communications platforms are the initial sectors that will be covered by the Scams Code Framework. Alongside the obligations under primary legislation, there will also be mandatory sector-specific codes and standards that will set out further obligations.

We draw out HSF's observations on the possible development of the overarching framework and sector-specific codes, and the ambiguities in the role of regulators such as ACCC and ASIC and the obligations that will be imposed on businesses.

The Financial Accountability Regime (FAR) has made its way through Parliament (at long last!) and will replace the current Banking Executive Accountability Regime (known as the BEAR). While there are a number of changes arising, this podcast deals with one of the most important from an investigations perspective, which is the introduction of ASIC as a co-regulator of the FAR together with APRA.

We will explore the different regulatory and enforcement priorities and approaches of ASIC and APRA and how we expect to see these differences play out in relation to the FAR. Financial institutions that are required to comply with the regime will need to think about what this means for their internal processes, including breach reporting and regulator engagement. In particular, we look at the increasing role for internal legal teams on FAR investigations and best practice considerations to help insulate executives and the company from enforcement risks.

We also draw out HSF’s observations on similar overseas regimes such as the Senior Managers and Certification Regime in the United Kingdom, including the enforcement themes and practical lessons that Australian financial institutions can take away from that experience 

Notwithstanding this regulatory uncertainty, banks are already working on technology solutions and modifying customer journeys to mitigate the risk of APP Scams.

The insurance sector is undergoing an intense regulatory cycle and has now become a flavour du jour for the regulators. APRA is looking at sustainability, while ASIC is looking at consumer rights. A good, transparent and trusted relationship with ASIC and APRA now has unparalleled importance as the regulatory matrix becomes increasingly complex.

Sustainability and cyber security issues will continue to be key challenges for the insurance sector, and it will be important for insurers to consider how to “future proof” their insurance contracts and disclosures. Some legislative intervention is necessary to address challenges in the insurance sector – such as in the context of financial advice, product rationalisation and sustainability.

There are escalating structural changes in the insurance sector, being effected through a rise in M&A activity as well as new entrants and disruptors in the market.

It can be tempting to assume that any error must amount to misleading or deceptive conduct, and therefore automatically reportable to ASIC as a significant breach. However, there are several key situations where making an unintentional error will not necessarily constitute misleading or deceptive conduct, or otherwise contravene the law.

Several of these situations can be found in the defective disclosure regime under Chapter 7 of the Corporations Act, which has been designed to recognise that not every misstatement (however trivial) should amount to a contravention. For example, taking reasonable care to ensure that a document would not be defective can in some cases provide a defence.

Legal professional privilege is an important issue to consider when investigating any potential compliance incident. Our experts cover when privilege is likely to apply in the context of an internal incident or breach reporting investigation.

The obligation to do all things necessary to ensure financial services and credit activities are provided or engaged in efficiently, honestly and fairly applies both to financial services licensees and to credit licensees. While the precise formulation of these statutory duties differs slightly between the two, it nevertheless imposes a relatively high bar on both.

There is considerable over-reporting of breaches of the efficiently, honestly and fairly obligation to ASIC. It is important to bear in mind that the efficiently, honestly and fairly obligation is a standalone obligation from other technical obligations under financial services law, which requires separate assessment of breach.

Recent case law is instructive in distilling some key principles on when there is a breach of the obligation to act efficiently, honestly and fairly. Most notably, the courts are now recognising that the standard does not require perfection and there may be scope to rectify an error before there is a breach of the efficiently, honestly and fairly obligation.

Investigations into breaches are reportable if they last more than 30 days. Understanding when an investigation has started is key to complying with the reporting timeframe, and because there is no statutory definition of what constitutes an investigation, each organisation must determine this for itself. In our experience, industry approaches differ significantly.