Financial Services and Credit Monthly Update May 2025

Our Financial Services and Credit Monthly Update for May 2025 can be downloaded as a PDF by clicking the button below.

CONSUMER CREDIT

ASIC issues new guidance for buy now pay later providers

On 8 May 2025, the Australian Securities and Investments Commission (ASIC) released Regulatory Guide 281 Low cost credit contracts (RG 281) to assist buy now pay later (BNPL) providers in complying with new laws effective from 10 June 2025. The guidance follows the Treasury Laws Amendment (Responsible Buy Now Pay Later and Other Measures) Act 2024 (Cth), which extends the National Credit Code to BNPL contracts. RG 281 outlines key obligations, including modified responsible lending requirements for BNPL low-cost credit contracts.

CORPORATE

ASIC announces financial reporting and audit focus areas for FY 2025-26

ASIC has outlined its financial reporting and audit focus areas for the 2025-26 financial year. ASIC will continue to scrutinise areas requiring significant judgement, including revenue recognition, asset valuation, and estimation of provisions, especially in light of recent market volatility. The regulator plans to increase the number of audit file reviews, targeting files with changes to financial information or potential material misstatements. Additionally, ASIC will review a random selection of audit files from its regulated population.

For the first time, ASIC will review financial reports and audit files from registrable superannuation entities (RSEs), focusing on investment portfolio measurement and marketing expense disclosure. The regulator will also monitor compliance among previously grandfathered entities, ensuring they meet financial report lodgement requirements. Sustainability reporting standards will be enforced for Group 1 entities, with ASIC adopting a pragmatic approach to supervision and enforcement. Auditor independence and conflicts of interest remain a key surveillance area, with outcomes expected to be published later this year.

FINANCIAL ADVICE

ASIC proposes remake of financial advice instruments

ASIC has announced plans to remake three legislative instruments related to financial advice into a single instrument, extending their validity for another five years. The instruments, set to sunset on 1 October 2025, include:

• ASIC Corporations (Advertising by Product Issuers) Instrument 2015/539

• ASIC Corporations (General Advice Warning) Instrument 2015/540

• ASIC Corporations (Financial Services Guides) Instrument 2015/541

Submissions can be made until 12 June 2025.

FINANCIAL SYSTEM

Federal election

The Federal election on 3 May 2025 saw the Australian Labor Party returned to government. In the new Ministry announced on 13 May 2025, the Hon Dr Daniel Mulino MP is the Minister for Financial Services and Assistant Treasurer.

The new Leader of the Opposition, the Hon Sussan Ley MP, announced her Shadow Ministry on 28 May 2025. The Shadow Minister for Financial Services (and Shadow Assistant Treasurer) is Mr Pat Conaghan MP.

FOREIGN INVESTMENT

New online portal to streamline foreign investment applications

The Federal Government has launched a new online portal with the aim of enhancing the efficiency and transparency of Australia's foreign investment regime. Effective from 28 May 2025, the Foreign Investment Portal allows investors to submit proposals, pay fees, and view outcomes of their applications. This initiative aims to expedite application processing by collecting accurate information upfront and centralising communications within a secure system. The Treasury will continue to refine the portal and offer additional support to investors during the transition period.

PRIVACY AND DATA

Commonwealth Ombudsman releases updated guide on automated decision-making

The Commonwealth Ombudsman, in collaboration with the Office of the Australian Information Commissioner (OAIC) and the Attorney-General’s Department, has released an updated version of the "Automated Decision-Making – Better Practice Guide". This guide, originally published in 2007, provides comprehensive guidance for government agencies on the design, implementation, and management of automated decision-making systems. The updated guide emphasises the importance of compliance with administrative law, privacy requirements, and human rights obligations. It includes new sections on the use of artificial intelligence (AI) and machine learning. Key areas covered include the suitability of automated systems, governance and design principles, quality assurance, and transparency. The guide also introduces a detailed checklist to assist agencies in ensuring their automated systems are legally compliant and ethically sound.

Record year for data breaches

The OAIC has reported a record number of data breaches in 2024, with over 1,100 notifications. This marks a 25% increase from the previous year. The second half of 2024 alone saw 595 breaches, predominantly due to malicious and criminal attacks, which accounted for 69% of notifications. Health service providers and the Australian Government were the most affected sectors, reporting 20% and 17% of breaches respectively. The OAIC highlighted the need for improved privacy and security measures across both private and public sectors to combat the rising threats. The report also noted the public sector's lag in timely breach notifications compared to the private sector.

OAIC recommendations to consumers regarding BNPL reforms

In the OAIC’s monthly newsletter on 30 May 2025, the Commissioner provided recommendations to consumers in light of the BNPL reforms coming into effect on 10 June 2025. Under the reforms, BNPL will be regulated as a type of credit under the National Credit Code which means that BNPL contracts may soon appear in individuals' credit reports. The OAIC urged consumers to review and close any unused lines of credit, including BNPL accounts. Regularly checking credit reports, which are accessible for free every three months, is also advised to maintain accurate and up-to-date information.

PRUDENTIAL

APRA issues new FAQ on Your Future, Your Super performance test

On 22 May 2025, the Australian Prudential Regulation Authority (APRA) released a new frequently asked question (FAQ) to provide further guidance on the administration of the Federal Government’s Your Future, Your Super performance test. The FAQ outlines the benchmark representative administration fees and expenses for the 12 months to March 2025. This update aims to clarify the performance test criteria for RSEs to ensure transparency and consistency in reporting. The FAQ can be accessed here.

AML/CTF

Updated guidance on alternative identification processes

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has updated its guidance for financial institutions on assisting customers who lack standard forms of identification. The revised guidance emphasises the importance of financial inclusion and clarifies that alternative identification methods can be used for customers who are not considered low money laundering or terrorism financing (ML/TF) risks. Key updates include:

• further guidance on how financial institutions can manage and mitigate ML/TF risks associated with accepting alternative identification without placing an undue burden on customers;

• recently expired identification can be accepted as a form of alternative identification; and

• alternative identification can be relied upon when customers face systemic and long-term barriers to accessing standard identification.

Second consultation on new AML/CTF Rules

AUSTRAC has opened a second round of public consultation on the new Anti-Money Laundering and Counter-Terrorism Financing Rules (AML/CTF Rules), with submissions accepted until 27 June 2025. This follows the initial consultation phase that began in late 2024, which provided feedback on key areas such as customer due diligence, AML/CTF programs, value transfer services, and reporting groups.

The updated draft AML/CTF Rules now:

• allow for delayed initial customer due diligence in more circumstances;

• offer greater flexibility in determining the lead entity of reporting groups;

• provide further clarity on definitions relevant to value transfer and travel rule requirements, and on how to form reporting groups; and

• address challenges that businesses may have in their implementation and compliance with the AML/CTF Rules.

In addition, the draft includes new requirements for reportable details in threshold transaction reports and suspicious matter reports, as well as information needed for enrolment and registration applications.

SUPERANNUATION

ASIC highlights governance failures in superannuation sector

In a keynote address at the Consumer Rights Forum on 27 May 2025, ASIC Commissioner Simone Constant highlighted significant governance failures within Australia's superannuation sector. Despite the sector's growth to nearly $4.2 trillion in assets with $2.9 trillion in APRA-regulated funds, issues persist in trustees' treatment of members, particularly in handling death benefits claims.

ASIC's investigations have revealed that complaints about death benefits claims handling tripled between 2021 and 2023. Trustees' internal dispute resolution data showed a spike in such complaints in early 2023. ASIC has taken legal action against major funds like AustralianSuper and Cbus for significant delays in claims processing. The regulator's review found that 78% of delays were due to factors within trustees' control, such as staff errors and inefficient requests for information.

DISPUTES AND ENFORCEMENT

HCF Life penalised for misleading insurance term

The Federal Court has imposed a $750,000 penalty on HCF Life Insurance Company Pty Limited (HCF Life) for a misleading term in its insurance policies. The term, found in four policies under HCF Life’s ‘Recover’ range, was deemed liable to mislead the public regarding pre-existing conditions. The Court ruled that the term could mislead consumers into believing they were not covered for conditions they were unaware of at the time of taking out the insurance. HCF Life has been ordered to make corrective disclosures on its website and had already sent corrective notices to affected consumers. Justice Jackman highlighted the seriousness of the misrepresentation, noting that insurers must ensure their contractual terms are clear and consistent with the Insurance Contracts Act 1984 (Cth).

ASIC acts against Macquarie

ASIC has imposed additional conditions on the Australian financial services licence of Macquarie Bank Limited (Macquarie) following significant compliance failures. These failures, some undetected for up to a decade, pertain to Macquarie’s futures dealing business and over-the-counter (OTC) derivatives trade reporting. The new conditions require Macquarie to develop a remediation plan addressing these failures and their root causes, appoint an independent expert to review the plan, and assess the effectiveness of remediation activities. This action follows the identification of nine market conduct issues over the past 18 months, including misreporting over 375,000 OTC derivative transactions, and failing to detect and prevent suspicious trading activities.

ASIC has also initiated legal proceedings against Macquarie Securities (Australia) Limited (MSAL) for systemic misleading conduct. ASIC alleges that between December 2009 and February 2024, MSAL misreported millions of short sales to market operators, with discrepancies ranging from 298 million to 1.5 billion short sales. The misreporting, attributed to multiple undetected systems-related issues, impacted data for at least 321 unique securities, inflating or deflating short sale volumes by an average of 12%. ASIC is seeking penalties and an independent review of MSAL’s reporting systems.

AUSTRAC orders audit of Mercedes Benz Financial Services

AUSTRAC has ordered an external audit of Mercedes Benz Financial Services Australia, citing concerns over the financier’s compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). Key issues identified include the assumption that most customers were low risk, inadequate systems for identifying and escalating suspicious matters, and insufficient transaction monitoring.

The audit follows a broader regulatory campaign targeting the non-bank lending and financing sector, which revealed significant gaps in compliance. AUSTRAC highlighted that nearly 90% of non-bank lenders did not report any suspicious matters in 2024, with only two businesses accounting for half of all reports. The sector’s failure to identify high-risk customers and effectively monitor transactions has raised concerns, prompting AUSTRAC to demand immediate improvements.

AUSTRAC orders AML/CTF audits of two regional casinos

AUSTRAC has directed The Ville Resort-Casino in Townsville and Mindil Beach Casino Resort in Darwin to appoint external auditors to assess their compliance with anti-money laundering and counter-terrorism financing (AML/CTF) obligations. This follows the identification of potential deficiencies in the casinos’ AML/CTF controls, risk management, and oversight frameworks. The audits will examine whether each casino maintains an effective AML/CTF program, conducts appropriate risk assessments, ensures board-level oversight, and monitors customers to manage money laundering and terrorism financing risks. This move continues AUSTRAC’s recent enforcement focus on the gambling sector, following actions against Crown Resorts, The Star, SkyCity, and online bookmakers including Entain, Sportsbet, and Bet365.

Zurich penalised for misleading trauma insurance claims

ASIC has issued two infringement notices totalling $37,560 to Zurich Australia Limited (Zurich) for allegedly making false or misleading statements to two policyholders regarding their trauma insurance claims. In May 2024, Zurich allegedly declined two claims, incorrectly advising that the policyholders' medical conditions were excluded from coverage. ASIC contends these statements were false, as the applicable policy terms did not exclude the conditions, entitling the policyholders to benefit payments. Following a quality assurance review, Zurich identified the errors, remediated the policyholders with benefit entitlements plus interest, and reported the matter to ASIC. Zurich paid the infringement notices on 8 May 2025.

ASIC sues Resimac over hardship failures

ASIC has filed civil penalty proceedings against Resimac Limited (Resimac), alleging systemic failures in handling hardship applications from home loan customers. It is alleged that Resimac imposed a uniform approach to hardship requests, demanding extensive standard information without considering individual circumstances. Vulnerable customers, including those facing domestic violence, bereavement, or poor health, were particularly affected, often having their applications summarily rejected for not providing the required information. ASIC contends this conduct breached Resimac’s obligations as an Australian credit licensee to act efficiently, honestly, and fairly. The regulator is seeking declarations, penalties, adverse publicity orders, and costs. This is ASIC's first court action against a credit licensee for hardship assessment failures.

ASIC seeks High Court appeal in Block Earner case

ASIC is seeking special leave from the High Court to appeal the Full Federal Court's decision regarding Block Earner's crypto-asset product. The Federal Court had previously ruled that Block Earner's fixed yield product was not a financial product, exempting it from financial services licensing requirements. ASIC aims to clarify the definition of a financial product, particularly concerning interest-earning and asset conversion products.

AFCA consults on changes to rules to expand jurisdiction

The Australian Financial Complaints Authority (AFCA) has opened a public consultation on proposed changes to its rules which would expand its jurisdiction to include the conduct of receiving banks in scam complaints. This follows a recent amendment to AFCA’s authorisation conditions by the Federal Government. Other proposed amendments involve naming financial firms that fail to comply with AFCA’s determinations, mandating communication channels for paid representatives, and removing legacy rules. Submissions can be made until 13 June 2025.

ASIC sues Snaffle for inflated prices and overcharging

ASIC has initiated legal proceedings against Walker Stores Pty Ltd (WS), trading as Snaffle, for allegedly inflating prices and overcharging on credit contracts for household goods and electronics. The regulator claims that Snaffle's pricing structure circumvented the National Credit Code's annual cost rate cap of 48%, resulting in interest rates between 60% and 103%. This led consumers to pay significantly more than the retail price for items such as washing machines, refrigerators, and mobile phones. Court documents detail three specific contracts where consumers paid up to $1,433 more than they should have.

In addition, ASIC alleges that Snaffle failed to disclose the true cost of credit and applied a flat interest rate to the full purchase cost, instead of the unpaid balance, on 40,430 credit contracts, contrary to National Credit Code requirements. The regulator is seeking declarations, penalties, injunctions, and adverse publicity orders against WS.

ASIC sues former Blockchain Global director for breaches of duties

ASIC has initiated civil penalty proceedings against Mr Liang (Allan) Guo, a former director of Blockchain Global Ltd (in liquidation) (Blockchain Global). The allegations pertain to multiple breaches of directors' duties in relation to the operation of the ACX Exchange, a cryptocurrency platform that collapsed in December 2019. Customers were unable to withdraw funds or cryptocurrency, leading to approximately over $20 million in unsecured creditor claims.

ASIC's case focuses on Mr Guo's handling of customer funds, statements made about these dealings, and the failure to maintain proper books and records. The liquidators' report, lodged with ASIC in November 2023, highlighted potential breaches of the Corporations Act 2001 (Cth) (Corporations Act) by Blockchain Global's officeholders. As of October 2023, the company owed $58.6 million to unsecured creditors, including $22.8 million from former ACX Exchange customers. Mr Guo left Australia in September 2024 and has not returned. ASIC's investigation commenced in January 2024.

Full Federal Court rules against BPS Financial in licensing dispute

On 30 May 2025, the Full Federal Court ruled that BPS Financial Pty Ltd (BPS) could not rely on the 'authorised representative' exemption under the Corporations Act when issuing the 'Qoin Wallet', a non-cash payment facility. ASIC appealed the Federal Court's earlier decision on 3 May 2024, which had found BPS exempt from holding an Australian financial services (AFS) licence while acting as an authorised representative of PNI Financial Services Pty Ltd (PNI) between November 2020 and August 2021.

The Full Court determined that BPS was acting on its own behalf when issuing the Qoin Wallet and not as a representative of PNI, necessitating an AFS licence. Because the Court found that BPS was not acting as a representative, it did not need to decide the question whether an authorised representative can be the issuer of a financial product.

Australian Retirement Trust pays infringement notice

Australian Retirement Trust (ART), the second-largest superannuation fund in Australia, has paid a $18,780 infringement notice issued by ASIC for allegedly misleading performance data published on its website.

Between July 2023 and July 2024, ART’s Super Savings Product Dashboard displayed outdated performance figures for its default MySuper product, the Lifecycle Investment Strategy. Specifically, from 18 July 2023, the dashboard showed returns for the financial year ending June 2022. These figures that were higher than those for the year ending June 2023. ASIC alleged that the outdated data may have misled consumers into believing the fund’s performance was stronger than it actually was.

The infringement notice was issued under ASIC’s powers to address potentially misleading conduct in financial services. Payment of the infringement notice is not an admission of liability.

Regional Australia Bank found liable for service provider’s data breach

On 28 May 2025, the Privacy Commissioner, Carly Kind, published the first Consumer Data Right (CDR) determination from the Privacy Commissioner, which highlights the risks associated with outsourcing data management. Regional Australia Bank Limited (RAB) was found to have breached CDR Privacy Safeguards 1 and 11 due to the actions of its third-party service provider, Biza. The incident involved the co-mingling of CDR data for up to 197 consumers, potentially leading to inaccurate information being shared within the CDR ecosystem, which could have impacted decisions on credit or financial products for affected consumers.

The breach was traced to a fault in Biza’s software, which was not identified during RAB’s transition to the platform. Although Biza promptly addressed the issue, the Privacy Commissioner held RAB liable under section 84(2) of the Competition and Consumer Act 2010 (Cth), which provides that when a company acts as an agent of another, for the purposes of the CDR, that conduct is deemed to have been engaged in by the other entity. Biza was found to have been acting as agent of RAB. Consequently, RAB was liable for any failings by Biza, even though it had no knowledge or awareness of them and was not in a position to take steps to prevent or address them.