Financial Services and Credit Monthly Update October 2024
COMPETITION
ACCC outlook
At a Financial Services Forum on 31 October 2024, Australian Competition and Consumer Commission (ACCC) Chair Gina Cass-Gottlieb discussed significant changes in the financial services sector driven by global economic and social forces such as geopolitical instability, rising cost of living, technological advancements, and climate change.
Ms Cass-Gottlieb outlined three key areas of the ACCC's work: protecting consumers and promoting competition in economically challenging times, the impact of the digital economy on financial services, and the effects of climate change on the insurance market. She highlights the need for improved transparency in retail banking, the importance of the Consumer Data Right (CDR) in promoting competition, and the ACCC's efforts to tackle scams and ensure access to cash in a declining cash-use economy.
The speech also touches on the ACCC's advocacy for law reforms, including merger control and prohibiting unfair trading practices, to better protect consumers and promote fair competition.
CONSUMER PROTECTION
Consultation on AI in Australian Consumer Law
On 15 October 2024, the Federal Government published a discussion paper seeking submissions on whether the Australian Consumer Law (ACL) remains fit to protect consumers who use products which have artificial intelligence (AI) enabled features, and fit to facilitate the safe and responsible use of AI by businesses. The paper seeks views on:
how well adapted the ACL is to support consumers and businesses to manage risks of AI-enabled goods and services;
the application of the existing ACL principles to AI-enabled goods and services;
remedies available to consumers of AI-enabled goods and services under the existing ACL; and
the mechanisms for allocating liability amount manufacturers and suppliers of AI-enabled goods and services.
The feedback from this consultation will also further inform the Government’s development of the proposed mandatory AI guardrails. Consultation is open until 12 November 2024.
Consultation on consumer guarantees and supplier indemnification
On 16 October 2024, the Federal Government released a consultation paper on the proposed civil prohibitions and penalties for contraventions of the consumer guarantees and supplier indemnification requirements under the ACL. The Government is seeking feedback on the proposed reforms including:
penalties for suppliers who refuse to provide a remedy to consumers after a good or service fails to meet a consumer guarantee;
penalties for manufacturers who refuse to indemnify the supplier for the costs of remedying a breach of a consumer guarantee, or who retaliate against suppliers who ask for reimbursement; and
empowering the ACCC and State and Territory consumer protection agencies with enforcement powers against suppliers and manufacturers.
Consultation is open until 14 November 2024.
Single redress pathway for scam victims
On 23 October 2024, the Federal Government announced a commitment of $14.7 million over two years to the Australian Financial Complaints Authority (AFCA) to establish a clear pathway for scam victims to seek compensation. The financial commitment is part of the Government’s plan to nominate AFCA to operate the external dispute resolution scheme for the first three designated sectors under the Scams Prevention Framework – banks, telecommunication service providers, and digital platforms providing social media, paid search advertising and direct messaging. The funds to AFCA are to support its expansion to add scams complaints against telcos and digital platforms within AFCA’s remit.
CORPORATE
Merger reforms
The Federal Government has published its response to consultation feedback on the proposed new merger policy. The Government response covers a range of issues including the notification thresholds requirements, merger assessment, review of administrative decisions and procedural safeguards, and transitional arrangements. The response paper also sets out the next steps of the reform process.
On 10 October 2024, the Treasury Laws Amendment (Mergers and Acquisitions Reform) Bill 2024 (Cth) was introduced. The Bill will amend the Competition and Consumer Act 2010 (Cth) to replace the existing framework for merger reviews with a mandatory and suspensory administrative system for acquisitions, with the ACCC as the first instance administrative decision-maker.
ESG
AASB Sustainability Reporting Standards
On 8 October 2024, the Australian Account Standards Board (AASB) published new sustainability standards following their approval on 20 September 2024: AASB S1 General Requirements for Disclosure of Sustainability-related Financial Information (AASB S1), and the mandatory AASB S2 Climate-related Disclosures (AASB S2).
An entity that voluntarily applies AASB S1 would need to disclose information about all sustainability-related risks and opportunities that could reasonably be expected to affect the entity’s cash flows, its access to finance or cost of capital over the short, medium or long term.
Some entities are required to apply AASB S2 for annual periods beginning on or after 1 January 2025. AASB S2 requires an entity to disclose information about climate-related risks and opportunities that could reasonably be expected to affect the entity’s cash flows, its access to finance or cost of capital over the short, medium or long term.
RG 236 update
The Australian Securities and Investments Commission (ASIC) has updated its regulatory guide RG 236 Do I need an AFS licence to participate in carbon markets? which was last revised in 2015.
FINANCIAL ADVICE
FSG relief
The ASIC Corporations (Amendment) Instrument 2024/809 (Cth) made on 22 October 2024 amends the ASIC Corporations (Financial Services Guides) Instrument 2015/541 (Cth) and allows financial services licensees and authorised representatives to make available website disclosure information for dealing in a financial product for the purpose of implementing financial product advice that the providing entity provided to that client, instead of giving a financial services guide to the client. The amendment is intended to be an interim measure ahead of consideration of potential future legislative changes by the Government.
ASIC guidance on fees for advisers
ASIC has published INFO 286 FAQs: Ongoing fee arrangements and consents and INFO 287 FAQs: Non-ongoing fee requests or consents. These provide new guidance for financial advisers who from 10 January 2025 will have to get a client’s written consent to enter into or renew an ongoing fee arrangement, or a client’s written request or consent to charge non-ongoing fees to that client’s superannuation account.
Record keeping requirements extended
The ASIC Corporations (Record-Keeping Requirements for Australian Financial Services Licensees when Giving Personal Advice) Instrument 2024/508 (Cth) modifies the Corporations Act 2001 (Cth) to insert a new notional section 912G that has record-keeping requirements for financial services licensees when the licensee or their representative gives personal advice to retail clients. Under section 912G, licensees must ensure that, in relation to the provision of personal advice, certain records are kept that demonstrate compliance with the best interests duty and related obligations under the Act. The instrument continues requirements that were in Class Order [CO 14/923], which expired on 1 October 2024, with minimal changes. Under the instrument, ASIC extends the requirements to the start of 1 October 2029.
FINANCIAL MARKETS
New clearing and settlement services provider approved under reforms
ASIC has approved a licence for a new provider of clearing and settlement services, FinClear, following the passage of the Federal Government’s reforms to enhance competition in financial markets.
ASIC alerts investors of share theft
ASIC has issued a warning to investors of share theft after receiving increasing reports of stolen shares since August 2024 from people who have had their personal information compromised. It is reported that fraudsters create share trading accounts in an investor’s name using stolen or fake identity information to sell shares owned by the investor, with many victims being unaware of their shares being transferred or sold until they receive a confirmation letter from a share registry or CHESS.
FINANCIAL SERVICES
ASIC’s first report on AI adoption by licensees
On 29 October 2024, ASIC released its first market review of the use and adoption of AI by 23 financial services and credit licensees. The report found that use of AI is quite cautious and predominantly to support human decisions and improve efficiency, but around 60% of the licensees indicated their intention to increase their AI usage. The report also highlighted that almost half of the licensees did not have policies for AI that referenced consumer fairness or bias, and only 10 licensees had policies concerning disclosure of AI use to consumers. This raised concerns for ASIC regarding the potential emergence of a governance gap in the balancing between the innovations brought about by AI and its responsible, safe and ethical use. ASIC has urged licensees to ensure their governance practices match the increasing use and adoption of AI.
Reportable situations relief updated
ASIC Corporations and Credit (Breach Reporting—Reportable Situations) Instrument 2024/620 (Cth) remakes and consolidates two instruments that were to expire in October 2024, for a five-year period until the start of 1 October 2029: ASIC Corporations and Credit (Breach Reporting—Reportable Situations) Instrument 2021/716 (Cth); and ASIC Credit (Breach Reporting—Prescribed Commonwealth Legislation) Instrument 2021/801 (Cth). The substance of the relief has not changed.
PAYMENTS
Review of merchant card payment costs and surcharging
The Reserve Bank of Australia (RBA) has commenced a review into the costs that merchants face when accepting card payments, and the framework for surcharging. As part of the review, on 15 October 2024, the RBA published an issues paper, seeking feedback on the current regulatory framework and suggestions for potential regulatory responses to address the merchant card payment costs. Submissions can be made until 3 December 2024.
The Government also announced that it is prepared to impose a ban on debit card surcharges, subject to the outcome of the RBA review.
PRIVACY AND DATA
New Credit Reporting Code
On 1 October 2024, the Office of the Australian Information Commissioner (OAIC) registered the new Privacy (Credit Reporting) Code 2024 (CR Code). The updates implement 15 proposals made in the OAIC’s 2021 independent review of the CR Code. These include:
improvements to explanatory materials to better explain how the credit rules are applicable;
increased support for victims of fraud by ensuring a person can extend a ban on their credit report with minimal evidence;
free alert system for fraud victims who have placed a ban on their credit report, which will notify them of any attempt to request for credit during the ban;
the ability to correct in one request, multiple pieces of incorrect information on an individual’s credit report caused by a fraud event;
the recognition of domestic abuse as a circumstance beyond an individual's control that may require corrections to be made to their credit report; and
greater transparency over how credit reporting bodies and banks are complying with their privacy obligations.
The OAIC says that the updated CR Code has the following benefits for industry:
enhanced usability of the CR Code and explanatory materials as they now align with other legislative instruments;
improvements to the explanatory statement;
further information around the definition of a reporting ‘month’ to assist the industry comply and input information into their systems;
changes to the ‘account close’ date definition to ensure consistency and certainty in the industry’s calculation in the report of consumer credit liability information; and
transitional periods to allow time for the industry to update systems before compliance is required.
Privacy guides on AI
The OAIC has released two guides on AI, to explain how Australian privacy law applies to AI and to set out the regulator’s expectations.
The first guide, Guidance on privacy and the use of commercially available AI products, is to assist businesses to comply with their privacy obligations when using commercially available AI products and help them to select an appropriate product.
The second guide, Guidance on privacy and developing and training generative AI models, provides privacy guidance to developers using personal information to train generative AI models.
Cyber Security Bill
The Cyber Security Bill 2024 (Cth) was introduced on 9 October 2024. Part of a suite of legislation to implement measures proposed by the 2023-2030 Australian Cyber Security Strategy, the Bill provides for:
mandatory security standards for smart devices;
mandatory obligations on some businesses to report ransomware and cyber extortion payments;
a ‘limited use’ obligation to restrict how cyber security information voluntarily provided to the National Cyber Security Coordinator can be used and disclosed; and
a Cyber Incident Review Board to conduct post-incident reviews into significant cyber security incidents.
At the same time, two other related Bills have been introduced.
The Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024 (Cth) amends the Intelligence Services Act 2001 (Cth) to establish a ‘limited use’ obligation that restricts how cyber security information voluntarily provided to the Australian Signals Directorate can be used and disclosed, and amends the Freedom of Information Act 1982 (Cth) to exempt cyber security information voluntarily provided to the National Cyber Security Coordinator from the operation of that Act.
The Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 (Cth) amends the Security of Critical Infrastructure Act 2018 (Cth) to:
clarify obligations in relation to certain data storage systems that store or process business critical data;
expand the government assistance framework to facilitate the management of consequences of impacts of incidents on critical infrastructure assets;
amend the definition of ‘protected information’ to include a harms-based assessment and non-exhaustive list of relevant information;
clarify the use and disclosure of protected information;
enable the regulator to direct an entity to remedy a seriously deficient risk management program;
consolidate security requirements for critical telecommunications assets;
remove direct interest holders from reporting obligations associated with Systems of National Significance.
PRUDENTIAL
CPS 230 material service provider register template
On 17 October 2024, APRA published a material service provider register template to assist entities in demonstrating the connections between their critical operations and the material service providers that they are reliant on. The use of the template is APRA’s preferred method for regulated entities to submit their registers to APRA in compliance with CPS 230. Authorised deposit-taking institutions, superannuation trustees, and insurers are required to submit a completed material service provider register by 1 October 2025.
SUPERANNUATION
APRA intensifies supervision of superannuation entities’ fund-level expenditure
On 22 October 2024, APRA issued a letter to registrable superannuation entity (RSE) licensees outlining the intention to ramp up its scrutiny of fund expenditure where member benefit is not evident or not reasonably justified. APRA will target its supervision on the following issues of RSE licensees:
discretionary expenditure categories (e.g. travel, entertainment and conferences);
relative and absolute size outliers (including impact on members); and
particular types of payees and payments where benefit to members is not immediately apparent.
Following the issuance of the letter, on 30 October 2024, APRA published fund level data on expenditure for the 2022-23 financial year covering a broad range of categories including investment-related expenses, administration and other expenditure (e.g. advertising, sponsorship and payments to industrial bodies).
AML/CTF
Consultation on guidance on alternative identification processes
The Australian Transaction Reports and Analysis Centre (AUSTRAC) has consulted on draft updated guidance on alternative identification processes to assist customers who do not have standard identification. The updated guidance intends to clarify that reporting entities:
are not restricted to adopt alternative identification procedures for low-risk customers only, but must assess and take appropriate steps to mitigate risk and manage money laundering and terrorism financing (ML/TF) risks associated with the alternative procedures;
may rely on alternative identification where a customer faces systemic and long term barriers to accessing standard identification;
may apply ongoing customer due diligence based on a customer’s overall ML/TF risks instead of a high level of due diligence solely due to the use of alternative procedures;
should use reliable and independent documents or data to verify a customer’s identity; and
may use recently expired identification.
Updated ML/TF risk assessment guidance
On 1 October 2024, AUSTRAC released updated guidance to assist Australian businesses in assessing their ML/TF risks. The updated guidance provides information on:
how businesses can take into account AUSTRAC guidance and feedback;
the key sources of AUSTRAC guidance;
·how businesses can determine if particular guidance or feedback is applicable to them; and
other useful sources of information.
New suspicious activity indicators lists
On 1 October 2024, AUSTRAC published updated lists of suspicious activity indicators to assist businesses with the identification of potential ML/CT risks and other serious criminal activity for the following sectors:
banking;
bookmakers;
bullion dealers;
·casinos;
digital currency (cryptocurrency);
·financial planner;
life insurance;
not for profit;
online betting agencies;
pubs and clubs;
remittance service providers;
securities and derivatives;
superannuation; and
non-bank lenders and financiers.
New guidance on outsourcing AML/CTF functions
AUSTRAC has issued updated guidance for businesses to identify and manage risks that may arise when outsourcing anti-money laundering and counter-terrorism financing (AML/CTF) functions. The key recommendations of the updated guidance include that businesses:
identify the risks that may arise through outsourcing;
conduct due diligence on outsourcing providers;
understand restrictions on sharing AML/CTF information;
use a written agreement for outsourcing;
monitor and review ongoing outsourcing arrangements; and
document management procedures for outsourcing arrangements in the business’s AML/CTF program.
Updates to customer identification obligations for online gambling services
AUSTRAC has issued a reminder to online gambling service providers of the changes made in September 2023 to AML/CTF Rules regarding the applicable customer identification procedures (ACIP). From 29 September 2024, all online gambling service providers are required to complete ACIP before creating an online gambling account or providing any designated service.
DISPUTES AND ENFORCEMENT
Appointments to ASIC executive leadership team
ASIC has announced two new appointments to its senior executive leadership team:
Peter Soros has been appointed as Executive Regulation and Supervision. Mr Soros is joining ASIC in November 2024 from his current role as the Deputy CEO Regulation at AUSTRAC; and
Chris Savundra has been appointed as Executive Director and Compliance. Mr Savundra commenced his new role on 28 October 2024 after leaving his position as ASIC General Counsel and Executive Director Legal Services.
ASIC Commissioner’s speech on ASIC’s strategic priorities
ASIC Commissioner Kate O’Rourke delivered a speech at the 34th Annual Credit Law Conference on 24 October 2024. The Commissioner spoke on two of ASIC’s strategic priorities regarding financial products and services – consumer outcomes and digital and data resilience. Ms O’Rourke said that ASIC continued to place the highest priority on protecting consumers from poor conduct and harm from products in the credit and banking sectors, in particular regarding the issues of financial hardship assistance, fee harm in retail banking, credit card lending and product design and distribution. Ms O’Rourke also referred to several reports detailing ASIC’s work on scams and artificial intelligence, which demonstrated ASIC’s efforts in enhancing digital and data resilience and safety.
ASIC consults on updating regulatory relief
ASIC is consulting on proposed updates to Regulatory Guide 51 Applications for relief (RG 51) and Regulatory Guide 108 No-action letters (RG 108). The updates are to reflect ASIC’s current regulatory approaches to both applications for relief and no-action letters, to include additional guidance, and amend outdated references. ASIC is not proposing to make significant changes to the factors considered when assessing applications. Submissions close on 18 November 2024.
DDO stop order issued against Indy-C
ASIC has issued an interim stop order restraining Indy-C-Fashion Pty Ltd (Indy-C) from entering into credit arrangements with consumers at its Katherine retail store under which goods are paid on credit through Centrepay deductions. ASIC is concerned about the impact on consumers living in Katherine and surrounding remote areas who may be financially vulnerable and potentially exposed to increased risk of financial hardship. ASIC considers that Indy-C is subject to the product design and distribution obligations (DDOs) but Indy-C does not have a target market determination, despite being put on notice of this requirement in December 2023 by ASIC. During the stop order period, Indy-C may only offer alternate payment options such as cash and EFTPOS.
ANZ appeal against ASIC dismissed
On 2 October 2024, the Federal Court dismissed an appeal by Australia and New Zealand Banking Group Limited (ANZ) against the Court’s decision that it had breached continuous disclosure laws when undertaking a $2.5 billion institutional share placement in 2015. The Court upheld the original judgment in the proceedings brought by ASIC and the penalty of $900,000 against ANZ. ANZ was also ordered to pay ASIC’s costs.
CBA spam penalty
The Commonwealth Bank of Australia (CBA) has been fined $7.5 million for sending over 170 million non-compliant marketing emails. An investigation by the Australian Communications and Media Authority (ACMA) revealed that between November 2022 and April 2024, CBA sent over 170 million marketing emails without an unsubscribe option, with 34.8 million sent to individuals who had not consented or had withdrawn consent. This is the bank's second major violation of spam laws, following a $3.55 million penalty in May 2023 for similar non-compliance issues. CBA has committed to a three-year court-enforceable undertaking to review and improve its compliance systems.
Harvey Norman and Latitude found to have misled consumers
On 18 October 2024, the Federal Court found Harvey Norman Holdings Ltd (Harvey Norman) and Latitude Finance Australia (Latitude) liable for engaging in misleading conduct and making false or misleading representations in relation to a nationwide advertising campaign for a 60-month interest free and no deposit payment method between January 2020 and August 2021. The advertisements failed to adequately disclose the true scope and costs of the promoted payment method which required consumers to take out a credit card, such as the Latitude GO Mastercard, to purchase goods, and subjected consumers to an establishment fee, monthly account service fees and high interest rates. Justice Yates found that consumers entered into a fundamentally different financial arrangement to the one promoted.
ASIC commences action against QBE on discounts
ASIC has filed proceedings in the Federal Court against QBE Insurance (Australia) Limited (QBE) for allegedly misleading customers about the value of discounts offered on a number of general insurance products between July 2017 and September 2022. During this period, QBE made statements and issued over 500,000 renewal notices with promises of discounts on premiums for certain products including home, contents and car insurances on which ASIC alleges QBE to have failed to deliver. ASIC is seeking civil penalties, declarations and adverse publicity orders against QBE.
HCF found to have misled consumers, but no unfair terms
The Federal Court has found a ‘pre-existing condition’ term in insurance policies offered by HCF Life Insurance Company Pty Ltd (HCF Life) was misleading. The term had the effect of enabling HCF Life to deny coverage if a customer failed to disclose a pre-existing condition before entering the insurance contract, even though the customer was unaware of the condition at the time, and a reasonable person in the circumstances could not be expected to have been aware of the condition. Such denial of coverage is prohibited under s 47 of the Insurance Contracts Act 1984 (Cth). ASIC also alleged that the term was an unfair contract term under the Australian Securities and Investments Commission Act 2001 (Cth). However, Justice Jackman dismissed that part of ASIC’s case. He found that the term did not create a significant imbalance, and that it was reasonably necessary to protect the legitimate interests of the insurer.
ASIC alleges Oak Capital engaged in unconscionable conduct
ASIC has commenced court proceedings against Oak Capital Mortgage Fund Ltd and Oak Capital Wholesale Fund Pty Ltd (Oak Capital), alleging unconscionable conduct to circumvent the National Credit Code (NCC). Between March 2019 and October 2023, Oak Capital allegedly made up to 47 loans with an aggregated value of over $37 million under a model designed to avoid the application of the NCC. Under the model, loans were provided to companies (instead of to the individual requiring the loan) in circumstances where Oak Capital knew, or ought to have known that the loan was for a purpose captured by the NCC. ASIC alleges that, by circumventing the NCC’s application, Oak Capital deprived its borrowers of important consumer protections offered by the NCC, including the responsible lending obligations, right to financial hardship assistance and protection against excessive fees and interest.