Overview
On 28 August 2023, the Australian Securities and Investments Commission (ASIC) released its latest corporate plan outlining the regulator's key priorities for the four-year period from 2023-27 and key areas of focus for the year ahead. Our high level summary is below.
Four key strategic priorities underpin the plan
The four key strategic priorities identified in last year's plan are unchanged. To recap these are as follows:
- Product design and distribution: ASIC has flagged reducing the risk of consumer harm caused by poor product design, distribution and marketing, with a focus on 'driving compliance with the new requirements' as a key strategic focus.
- Sustainable finance: Enforcing existing obligations to 'reduce harms from greenwashing' is a key focus.
- Retirement decision making: ASIC will focus on protecting consumers planning for retirement with a focus on superannuation products, management investments and financial advice.
- Technology risks: Addressing 'digitally enabled misconduct' (eg scam activity), driving good cyber risk and operational resilience practices and focusing on the 'impacts of technology in financial markets and services' is the final strategic priority highlighted in the plan.
Six 'Core strategic projects'
The following six 'core strategic projects' are intended to progress the priorities outlined above.
1. Disrupting investment scam activity
Planned actions listed under this project include:
- working with external service provider to 'identify and take down' phishing websites and investment scams
- working with other agencies to coordinate disruption strategies, including working in 'fusion cells' (eg the National Anti-Scam Centre investment scam fusion cell)
- identifying ways for regulated entities including authorised deposit-taking institutions and superannuation trustees, to 'strengthen their anti-scam practices, leveraging insights from REP 761' (For our summary of REP 761 see: Banks and 'corporate Australia' on notice: ASIC calls on banks (and encourages other organisations) to improve their approach to scams)
- 'developing our communications, including through social media, to help consumers be more aware of how to detect and avoid investment scams'
- 'taking targeted enforcement action to deter scams'.
2. Sustainable finance practices
Actions highlighted under this project include:
- supporting the government's sustainable finance strategy (eg proposals to introduce ISSB-aligned mandatory climate-related disclosure requirements)
- 'undertaking targeted surveillances and oversight of sustainability-related disclosure and governance practices across regulated entities'
- 'taking enforcement action against misconduct, including in relation to poor governance, misleading marketing and greenwashing by entities'
- 'licensing and supervision of carbon and related markets'
- 'working with peer domestic and international regulators on sustainable finance developments (eg through the Council of Financial Regulators Climate Working Group and the IOSCO Sustainable Finance Taskforce)'
3. Crypto-assets
ASIC has flagged it will take action to protect investors from harms posed by crypto assets that fall within ASIC's remit including through:
- monitoring product disclosure statements and target market determinations of 'major crypto offerings' within ASIC's jurisdiction
- 'taking enforcement action to protect consumers from harms associated with crypto-assets, including those that mimic traditional products but seek to circumvent regulation, and offerings within our jurisdiction that involve misleading promotion of high-risk investments or inadequate risk disclosures'
- 'supporting the development of an effective regulatory framework focused on consumer protection and market integrity following the consultation by Treasury'
- 'monitoring the regulatory model for exchange traded products with underlying crypto investments'
- 'raising public awareness of the risks inherent in crypto-assets and decentralised finance (DeFi)'
- 'working with domestic and international peers to monitor risks, develop coordinated responses to issues, and develop international policy regarding crypto-assets and DeFi'
4. Design and Distribution Obligations (DDO) compliance
Planned actions flagged in the plan include:
- Reporting the outcomes of the review into how issuers of over-the-counter (OTC) derivatives are meeting their DDOs
- 'conducting further targeted surveillance of market intermediaries compliance with the obligations'
- 'conducting surveillance of poor design and distribution practices across insurance products, particularly low-value insurance products'
- 'collecting data from credit card issuers to assess compliance with the obligations and to identify improvements to consumer outcomes'
- 'reviewing the product governance arrangements of selected credit card providers, including the data and metrics that inform review triggers'
- 'taking disruptive and enforcement action, including by issuing stop orders, to address poor design and distribution of products, including in relation to investment, insurance, superannuation, credit and other financial products'
5. Supporting enhanced cyber and operational resilience
Planned actions include:
- 'conducting targeted surveillances to monitor cyber and operational resilience among our regulated entities'
- 'engaging with our regulated entities to promote good practices and support initiatives that enhance cyber resilience, including by leveraging insights from the cyber pulse survey results'
- 'developing supervisory approaches for emerging operational risks, including artificial intelligence and quantum computing'
- 'partnering with other financial regulators to support whole-of-government cyber-resilience initiatives and incident responses, where appropriate'
- 'partnering with financial regulators on key cyber-resilience initiatives, including the Trans-Tasman Council of Banking Supervision’s cyber-attack protocol and the Council of Financial Regulator’s Cyber and Operational Resilience Intelligence-led Exercises (CORIE)'
- 'monitoring market resilience and the implementation of the new technology and operational resilience market integrity rules for market participants and market operators'
- 'taking enforcement action where there are egregious failures to mitigate the risks of cyber attacks and governance failures relating to cyber resilience'
6. Harnessing digital technology and data
The final 'core strategic project' identified in the plan is an internal priority focused on lifting ASIC's own digital/technology capabilities to enable it to be a 'leading digitally enabled, data-informed regulator'.
Closely aligned with this is a strong focus on organisational efficiency and lifting staff capability.
Among other things, ASIC flags plans to increase its use of 'data analytics, machine learning and artificial intelligence, to enable earlier detection of harm'.
ASIC also plans to (among other things) continue to support the modernisation of business registers (in line with the government's response to the independent review of the MBR project).
Shorter term strategic projects
In addition to the eight core strategic projects identified above, the plan also identifies a number of shorter term, cross-sector and industry specific projects.
Cross sector strategic projects
Over the next year (or more), ASIC will:
- continue to work closely with APRA to implement the Financial Accountability Regime (FAR) including through 'providing guidance, engaging with industry and developing effective registration and other processes' (subject to the passage of the legislation).
[Note: Legislation to introduce the long-awaited FAR - the Financial Accountability Regime (Consequential Amendments) Bill 2023 and Financial Accountability Regime Bill 2023 – is currently before the Senate. The Senate is not due to sit again until 4 September 2023. Though the Bills are listed in the latest Senate Notice paper, it is not certain that they will necessarily be considered/passed during the September sittings]
- focus on ensuring the objectives of the reportable situation regime are met. This work is planned to include:
- Working with stakeholders to 'improve the consistency and quality of reporting practices'
- Undertaking 'a targeted surveillance of licensees with low numbers of reportable situations' and taking enforcement action 'where appropriate'
- Developing and implementing a 'framework for ongoing publication of information about the reports received'.
- focus on promoting the ethical use of consumer data and artificial intelligence. This work is planned to include reviewing the risks of consumer harm flowing from the potential misuse of consumer data, algorithms and artificial intelligence in financial services and examining how institutions are seeking to mitigate these risks.
- 'take action against failures of internal dispute resolution (IDR) systems to address complaints, delays, and poor communication and record keeping'. ASIC also plans to investigate non-responses to the AFCA under the external dispute resolution scheme.
- take enforcement action 'against misconduct that exploits financial market volatility in the current economic environment and results in large investor losses and business failures'.
- 'take enforcement action against misconduct involving unfair contract terms with a focus on the insurance and credit sectors'
- 'take enforcement action in relation to high-risk property schemes that expose investors to significant losses, by addressing mismanagement, including governance and responsible entity failures'.
- implementing the Compensation Scheme of Last Resort (CSLR), including working with Treasury and AFCA to deliver regulatory guidance and administering a levy system (as determined by the CSLR operator)
- complete the review of superannuation trustees’ distribution practices in relation to choice superannuation products and the role of financial advisers and their licensees in the distribution of underperforming choice products.
Over the next two years (or more), ASIC expects to focus on:
- deterring cold-calling superannuation-switching business models including through: taking enforcement action to protect consumers from cold-calling practices that induce inappropriate superannuation-switching and result in the erosion of superannuation balances.
- addressing misconduct that 'unfairly' impacts small business including through taking enforcement action 'in relation to unfair contract terms, insolvency and the promotion and supply of high-risk or unsuitable products'. ASIC also flags plans to work with the Australian Tax Office’s Phoenix Taskforce members to target illegal phoenix activity and address issues in the small business sector.
- taking 'enforcement action, against companies and AFS licensees who do not comply with obligations to lodge financial reports'.
- 'monitor and take action in relation to failures to comply with: director identification (ID) requirements; obligations to give written consent to be appointed as a director; other ABRS compliance programs'.
Sector specific priorities
Some of the shorter-term sector specific priorities flagged by ASIC include the following.
Credit and Banking
ASIC flags the following as key priorities over the next 12 months:
- Taking enforcement action to protect financially vulnerable consumers impacted by: 'predatory lending practices; non-compliance with new consumer protections relating to small amount credit contracts and consumer leases; high-cost credit (including conduct by unlicensed or ‘fringe’ entities); and debt collection misconduct'.
- Reviewing consumer hardship arrangements with a view to making recommendations to improve their effectiveness and suitability. ASIC also cautions that it intends to take enforcement action 'where there has been serious lender non-compliance with hardship requirements'.
- Undertaking 'a targeted review of the policies, practices and procedures of high-risk debt management firms' and taking enforcement action where misconduct results in consumer harm.
- Taking enforcement action 'against car-financing misconduct, particularly misconduct that affects vulnerable consumers and First Nations peoples'
- Supporting Treasury's work to implement a regulatory framework for the buy now pay later (BNPL) sector
General insurance
ASIC flags the following as key priorities over the next 12 months:
- Acting against misconduct in general insurance claims handling and pricing: Over the next year (or more) ASIC intends to review 'poor claims handling practices' with a focus on delays, poor communication and record keeping as well as 'inappropriate use of 'wear and tear exclusions'. ASIC states that it will take enforcement action against misconduct, with 'a particular focus on home insurance'.
- Reviewing the direct sale of life insurance: ASIC plans to conduct a review of direct sales of life insurance products with a focus on low-value products. Again, ASIC flags it stands reading to take enforcement action to address 'harmful practices' where these are identified.
- Reviewing life insurance premium levels: ASIC will continue work with APRA on assessing life insurers' compliance with their obligations in in relation to the setting of premiums, with a focus on premium increase practices, disclosure and marketing, and sustainable product design. ASIC states that it will communicate the findings of this assessment, and stands ready to take action against misconduct.
Superannuation
Over the next year, ASIC plans to focus on:
- 'Improving the delivery of member services by superannuation funds' including through reviewing industry practices and compliance with laws in relation to trustee administration and contact centres'.
- 'Monitoring implementation of superannuation fund financial reporting and audit requirements'
- Completing the review of 'superannuation trustees’ distribution practices in relation to Choice superannuation products and the role of financial advisers and their licensees in the distribution of underperforming choice products' with a view to 'reducing harm caused by poor performance and harmful distribution of choice products'.
Financial Advisers
- Adviser registration: Over the next 12 months, ASIC expects to focus on facilitating the registration of relevant providers and ensuring licensees and advisers understand and comply with their new registration obligations.
- Reviewing SMSF establishment advice compliance: ASIC will review advice in relation to the establishment of SMSFs and take action, where appropriate.
Corporations
Consistent with last year's plan, over the next year (or more) ASIC plans to 'take action where we identify misleading conduct and poor governance in the corporate sector, and harms arising from the offering and marketing of investment products'.
Registered liquidators
- Over the next 18 months, ASIC expects to focus on identifying and acting against 'poor behaviour by registered liquidators, including behaviour related to independence, remuneration and competence'.
- Over the next 12 months, ASIC plans to publish grant opportunities, inviting registered liquidators to apply for membership of the Abandoned Company and Reviewing Liquidator panels.
Financial reporting and audit
- Over the next 12 months, ASIC plans to 'enhance' its 'ability to identify risks in financial reports and audits' through use of data and natural language processing.
- ASIC flags that a continuing area of focus will be disclosures by directors in their operating and financial reviews 'particularly in relation to their risk management strategies and future prospects'.
Market supervision
Over the next year APRA plans to:
- 'continue to review AI and machine learning practices, risks and controls among market intermediaries'. ASIC also plans to 'develop automated order processing rules and guidance for futures market participants'.
- 'conduct targeted surveillances of market intermediaries: use of digital engagement practices (DEPs), and marketing and distribution practices.
Market Infrastructure
Over the next five years (or more) ASIC plans to:
- continue to 'closely supervise' ASX's implementation of the CHESS replacement project to ensure 'the market has a high degree of confidence in a revised go-live date'.
- continue to monitor ASX Clear and ASX Settlement’s compliance with additional licence conditions, and ASX's continued investment in/maintenance of, the current CHESS system until 'at least, the CHESS replacement revised go-live date'.
- 'continue to analyse and assess the changes to the ASX operating rules that are necessary for the CHESS replacement, providing ASIC’s advice to the Minister’s delegate on whether to disallow all or parts of the changes'.
- Updating trade reporting rules: Over the next year (or more) ASIC plans to continue to work on aligning Australian OTC derivatives trade reporting requirements with international requirements, including for the Unique Transaction Identifier (UTI), the Unique Product Identifier (UPI) and Critical Data Elements (CDE). ASIC also plans to 'enhance data aggregation and surveillance capabilities, and effective information sharing'.
- Developing a policy framework for competition in clearing and settlement: Over the next three (or more years) and subject to the passage of legislation, ASIC plans to 'develop and implement rules to achieve competitive outcomes in the provision of clearing and settlement services by a monopoly provider, and to ensure safe and effective competition should a competitor emerge'.
[Sources: ASIC media release 28/08/2023; ASIC Corporate Plan 2023-27 Focus 2023-4]