Weekly Summary from Australian Regulators — Monday, July 25, 2022
Stay current with the latest trends in financial services regulation and compliance?
Investing time in your professional development within a rapidly changing financial services industry is a challenge. To meet this challenge, the Australian Regulators Weekly Digest is designed to keep you at the forefront of your practice by quickly adjustingng on the five main developments of the past week, analysis and practical considerations for the future.
- FATCA/CRS (ATO): The ATO has published a self-assessment guide and toolkit on the internal processes and systems that reporting financial institutions must maintain to comply with the Foreign Accounts Tax Compliance Act and the Common Standard of statement, which she has focused on in previous years. years. The ATO stated that organizations’ frameworks should be based on three fundamental areas of compliance: 1) governance; 2) due diligence obligations; and 3) reporting systems. The ATO stated that a well-designed framework: has a clear “line of sight” for maintenance, reporting and compliance; defines the operating model and controls (including due diligence compliance program); identifies shortcomings and shortcomings, so that reporting errors can be corrected in advance; helps senior management clarify responsibilities for managing FATCA/CRS obligations and key risks; and provides accurate reporting of customer information. Advice aside – which I think is great – the FATCA/CRS rules are complex. (Contact us if you want a flowchart we developed if that can help you!)
- Open Banking Offense (ACCC): Bank of Queensland has paid a fine of $133,200 after the ACCC issued an infringement notice to it for allegedly breaching the right to consumer data, i.e. open banking rules, by not not providing a service to share consumer data. BOQ had to be able to share data for financial products, including savings accounts, term deposits and credit cards, by July 1, 2021 – it only met this requirement on December 13, 2021. I am interested in two things here, with what is the first such infringement notice issued. First, I know that a fair number of banks have been delayed with CDR compliance, largely due to core banking system provider issues. The ACCC seems to have acknowledged this, although it also took into account a number of factors, including the period of alleged non-compliance, the number of customers potentially affected, the resource constraints to which the Bank of Queensland has faced during the development of its CDR infrastructure and the steps it has taken. taken to limit the duration of its non-compliance. He must have rated the Bank of Queensland as comparatively worse than the other banks. Second, it is worth noting for general insurers and others who are implementing or will soon be implementing CDR. ACCC takes an uncompromising approach!
- Cyber Risk (ASIC): ASIC understandably insists that administrators’ duties include cyber risks following its notable win in RI Advice. He has declared that it expects directors to ensure that their organization’s risk management framework adequately addresses cybersecurity risk, and that controls are implemented to protect key assets and build cyber resilience and “Failure to do so could result in you breaching your regulatory obligations”. These include obligations arising from the recent Critical Infrastructure Security Act 2018 (Cth) (see here) and Privacy Act 2001 (Cth). ASIC asked administrators to: consider their risk management framework and risk appetite to ensure it adequately addresses cybersecurity risk; learn about incident response and business continuity plans to determine the organization’s readiness to respond to cybersecurity incidents; and ensuring access to appropriate resources to effectively manage cybersecurity risks, whether internally or through commercial arrangements. He also highlighted the need for broad and effective disclosure following a cyberattack, e.g. ASX, annual reports, relevant regulators, etc.
- Investment Governance (APRA): APRA has published a response to the consultation and the final version of the prudential standard SPS 530 Investment Governance (SPS 530). The letter responds to key concerns raised by the industry (for example, clarifying that the requirements of the evaluation governance framework do not require the creation of a stand-alone evaluation sub-committee of the board of directors), and further describes updates implemented to SPS 530 to ensure better results for members by improving stress testing, valuation and liquidity management practices. SPS 530 will start on January 1, 2023, and you can read the letter here.
- UK regulations (FCA): I have a lot of respect for the UK FCA as a regulator, from the guidance it issues to its willingness to talk to market players, from the regulatory developments it develops to enforcement measures carefully calibrated. This is also evident in a recent speech by its CEO, in which I noted that he: 1) has invested heavily in data and technology and scans 100,000 websites for fraud every day; and 2) the US and UK will deepen their ties on crypto-asset regulation and market developments, including around stablecoins and exploring central bank digital currencies. These two areas will undoubtedly be an increasing priority for our national regulators. I know that ASIC already scans websites for misleading and misleading conduct. I think this will only increase, as will the focus on cryptocurrency regulation (once the Treasury finalizes the CASSPr regime).
Thought for the future: ASIC has issued an interim cease and desist order preventing advertisements containing certain misleading or misleading statements regarding PPM shares, a class of interests in the RES investment fund (Funds). The order prevents RES from advertising or issuing any statement regarding PPM units suggesting that an investor will acquire shares in Pleasure Point Mine Pty Ltd (PPMPL), a related entity of RES. ASIC considers statements that investors will acquire shares to be misleading or deceptive because they may lead investors in PPM shares to believe that they will receive shares and/or a direct interest in PPMPL. The only underlying asset of the PPM Unit class of the Fund is a loan to PPMPL. This is an interesting and targeted use of ASIC powers – one to watch to see if it will rise.