Financial Services and Credit Monthly Update October 2025
CONSUMER CREDIT
ASIC flags broad credit sector misconduct in keynote address
On 14 October 2025, a Commissioner of the Australian Securities and Investments Commission (ASIC), Alan Kirkland, delivered a keynote address at the Credit Law Conference outlining the regulator’s active surveillance and enforcement priorities across the consumer credit sector. Areas under scrutiny include mortgage broking, motor vehicle finance, financial hardship practices, debt management, credit repair, and debt collection.
New surveillances are underway, including a review of mortgage broker compliance with best interests obligations and a sector-wide probe into motor vehicle finance, with a focus on regional and First Nations consumers. ASIC is also pursuing enforcement actions against lenders for hardship-related failures, including Australian and New Zealand Banking Group Limited (ANZ), National Australia Bank Limited (NAB), and Resimac Limited.
Debt management firms are being investigated for licensing compliance and alleged misconduct, while ASIC has commenced proceedings against entities such as Venture 5 Group Pty Ltd (trading as CashnGo Australia), Rent4Keeps Pty Ltd, Oak Capital Mortgage Fund Ltd and Oak Capital Wholesale Fund Pty Ltd for practices designed to circumvent consumer credit protections. The regulator signalled its intent to continue targeting business models that exploit legal loopholes to the detriment of vulnerable consumers.
ASIC re-issues guidance on unsolicited credit and debit cards
On 1 October 2025, ASIC re-issued Regulatory Guide 201, clarifying the prohibition on sending unsolicited credit and debit cards under section 12DL of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act). The guide outlines ASIC’s interpretation of the prohibition and the scope of exceptions that permit card issuers to send cards without a specific request from the consumer.
The guide is intended for card providers and aims to assist them in complying with the law, particularly in relation to replacement, renewal, and supplementary cards. It addresses the circumstances under which a card may be sent in connection with a pre-existing agreement or at the consumer’s request.
CONSUMER PROTECTION
Treasury finds consumer law adequate for AI - for now
The Treasury has released its final report on the interaction between artificial intelligence (AI) and the Australian Consumer Law (ACL), concluding that the current legal framework is broadly fit for purpose. The review, published on 3 October 2025, assessed whether the ACL can effectively address risks posed by AI products and services. Treasury found that, when considered alongside other laws, the ACL generally provides sufficient consumer protection. While no immediate legislative changes were recommended, the report notes that ongoing monitoring will be necessary to ensure the law keeps pace with technological developments.
ASIC flags poor consumer outcomes in credit and banking sectors
In a keynote address at the Institute of Internal Auditors Australia Financial Services & ASX Listed Assurance Forum on 28 October 2025, ASIC Commissioner Alan Kirkland outlined four key areas where financial firms are falling short in delivering fair outcomes for consumers: financial hardship, credit and debt, banking practices, and dispute resolution. Mr Kirkland highlighted enforcement actions against major lenders, including a $15.5 million penalty against NAB and a proposed $40 million penalty against ANZ, for failures in handling hardship notices.
ASIC also raised concerns about “cookie-cutter” responses to hardship applications and announced ongoing surveillance of debt management and collection firms. In banking, an initial review of 4 banks revealed that over two million low-income Australians were kept in high-fee accounts, prompting a further broader review of 21 banks which resulted in a total of $93 million in refunds. ASIC also plans to publish firm-level internal dispute resolution data to improve transparency and drive better practices. The regulator emphasised the role of internal auditors in identifying governance and compliance failures before they result in consumer harm.
AFIA publishes new Finance Industry Code of Practice
The Australian Finance Industry Association (AFIA) has released its new Finance Industry Code of Practice (AFIA Code), formalising a self-regulatory framework aimed at lifting standards across the sector. The AFIA Code sets out principles for transparency, fairness, and customer confidence, and is designed to help members meet legal obligations and community expectations.
The AFIA Code applies to a broad range of finance products and services, including credit, finance and novated leasing offered by AFIA members to consumers and small businesses. It complements AFIA’s existing suite of sector-specific codes, such as those for buy now pay later, online small business lending, insurance premium funding and car rental.
COMPETITION
ACCC clears Cuscal’s acquisition of Indue
On 24 October 2025, the Australian Competition and Consumer Commission (ACCC) announced it will not oppose Cuscal Limited’s proposed acquisition of Indue Limited, concluding the deal is unlikely to substantially lessen competition in the market for payment facilitation services. The review focused on competition impacts for small and mutual banks and fintechs, which rely on providers like Cuscal and Indue for services such as card processing and payment scheme access.
While Cuscal and Indue are among the larger suppliers in this space, the ACCC found that customers generally have access to multiple providers. Industry feedback, including from 30 small and mutual banks, indicated support for the transaction, citing potential efficiencies and continued investment in innovation. The ACCC also considered broader industry trends, including digitisation, which may reduce switching costs and barriers to entry.
ACCC proposes continued authorisation for cash distribution collaboration
On 24 October 2025, the ACCC released a draft determination proposing to reauthorise the Australian Banking Association (ABA) and other industry participants to collaborate on maintaining access to cash across Australia. The proposal includes measures to ensure continuity of cash-in-transit (CIT) services in the event of disruption to Linfox Armaguard Pty Ltd (Armaguard), the country’s primary cash distributor.
The draft authorisation includes three conditions, notably requiring the ABA to develop initiatives to safeguard access to cash in remote areas. It does not cover pricing arrangements between Armaguard and its major customers, which would require a separate application.
This follows a series of ACCC authorisations since 2023, including approvals for industry collaboration and financial support to Armaguard. Interim authorisation for the current conduct has been in place since October 2024. Submissions on the draft determination are open until 14 November 2025.
CORPORATE
Government advances public register of beneficial ownership
The Federal Government has announced it will proceed directly to a public, Commonwealth-operated register of beneficial ownership for unlisted companies. The move aims to improve transparency around who ultimately controls or benefits from corporate entities.
Currently, companies must maintain member registers under the Corporations Act 2001 (Cth) (Corporations Act), but these do not always reflect beneficial owners. The new register will address this gap, aiding regulatory and law enforcement efforts against financial crime. To support the initiative, ASIC’s companies register is being stabilised, backed by $207 million in funding over 2025–27. Policy development for the beneficial ownership register will continue, with stakeholder engagement beginning in early 2027 and public consultation to follow.
The reforms will also extend to trusts, ensuring consistency across legal structures. Separately, legislation to enhance ownership disclosure for listed entities has passed the House of Representatives.
Government refines merger notification exemptions ahead of 2026 regime
The Federal Government has announced refinements to exemptions under the forthcoming mandatory merger control regime, set to commence on 1 January 2026. The changes aim to reduce regulatory burden for low-risk transactions while preserving the regime’s core objectives.
The refinements include broader exemptions for activities in residential property development, retail trade, and financial markets. Key adjustments include:
exempting leases and land interests acquired in the ordinary course of business, unless subject to targeted notification;
simplifying monetary thresholds for asset acquisitions;
streamlining obligations for serial acquisitions; and
clarifying and expanding exemptions for financial market activities.
The Government also intends to revise automatic voiding provisions to maintain incentives for merger notification. These changes will be implemented via subordinate legislation before the regime’s commencement.
Consultation on foreign investment framework reforms
The Federal Government has opened consultation on proposed reforms to Australia’s foreign investment framework, aiming to streamline low-risk approvals and strengthen scrutiny of higher-risk proposals. The consultation paper, released on 31 October 2025, outlines an automatic approval pathway for low-risk actions by trusted investors, requiring notification but not formal sign-off. The Treasurer would retain discretion to review such cases.
Other proposals include reducing reporting and approval burdens, improving management of approved investments, and enhancing certainty around decision timelines. The paper also canvasses stronger conditions and enforceable undertakings, expanded information-sharing powers, and a review of penalties and deterrence mechanisms. Submissions are open until 12 December 2025.
Government proposes unified financial reporting standards body
On 31 October 2025, the Federal Government released draft legislation to establish External Reporting Australia (ERA), a new entity that will consolidate Australia’s financial reporting standard-setters. ERA will assume the functions of the Australian Accounting Standards Board, the Auditing and Assurance Standards Board, and the Financial Reporting Council. The ERA will be responsible for the setting of accounting, auditing and assurance, and sustainability standards. The draft legislation follows stakeholder feedback on a consultation paper issued in January 2025. Consultation on the draft legislation and explanatory materials is now open, with submissions due by 27 November 2025.
DIGITAL ASSETS
ASIC clarifies digital asset rules and grants transitional relief
ASIC has updated its guidance on digital assets, confirming that products such as stablecoins, wrapped tokens, tokenised securities and digital asset wallets are considered financial products under current law. The revised Information Sheet 225 (INFO 225) outlines how existing financial services laws apply to these assets, with implications for licensing and compliance.
To support industry transition, ASIC has issued a sector-wide no-action position until 30 June 2026. It has also proposed targeted relief for distributors of certain stablecoins and wrapped tokens, and custodians of digital assets. Feedback on the draft relief instruments is open until 12 November 2025. ASIC has indicated it will consider the no-action position when assessing past conduct, but will continue to act against serious misconduct causing consumer harm.
AFCA membership now mandatory for digital asset providers
The Australian Financial Complaints Authority (AFCA) has confirmed that digital asset businesses offering financial products or services must apply for an Australian financial services (AFS) licence and become AFCA members by 30 June 2026. The announcement follows updated guidance from ASIC, outlined in INFO 225, which clarifies the application of existing financial services laws to digital assets such as wrapped tokens, stablecoins, tokenised securities, and digital asset wallets.
Previously, most cryptocurrency providers were not required to join AFCA, though some did so voluntarily or through industry associations. In the 2024–25 financial year, AFCA received 159 complaints about cryptocurrency firms, with scams, disputes over product terms, and failure to act in clients’ best interests topping the list. The new requirements aim to bring digital asset providers within the existing consumer protection and dispute resolution framework. AFCA has indicated it will work with affected firms to support a smooth transition.
FINANCIAL ADVICE
Deficiencies in offshore outsourcing oversight for financial advisors
ASIC has completed a review of offshore outsourcing practices among ten financial services advice licensees, revealing inconsistent risk management and oversight. The review focused on licensees using offshore service providers (OSPs) via intermediaries, with over 300 representatives engaging OSPs in the past two years.
Key findings included a lack of formal outsourcing policies, inadequate information technology controls specific to offshore staff, and limited auditing of OSP use. Licensees often relied on intermediaries’ cyber security claims without independent verification. ASIC also noted frequent offshore enquiries into Australian client accounts, raising data privacy concerns.
Services outsourced included financial planning assistance, paraplanning, client communications, and insurance application and document support. The regulator has urged licensees to strengthen due diligence, monitoring, and cyber risk frameworks when engaging offshore providers.
FINANCIAL MARKETS
ASIC approves Cboe Australia as listing market operator
ASIC has approved an application by Cboe Australia (Cboe) to operate as a listing market, allowing it to list new companies and compete directly with the Australian Securities Exchange (ASX) and other licensed operators. The decision, announced on 7 October 2025, expands Cboe’s role to include listings, giving issuers and investors access to more initial public offerings (IPOs), dual-listed entities and investment options. Formerly Chi-X Australia, Cboe entered the market in 2011 and was acquired by Cboe Global Markets in 2021. It now accounts for around 20% of Australia’s equity market turnover. The approval follows ASIC’s broader push to enhance competition and innovation in capital markets, including recent reforms in clearing and settlement and initiatives to fast-track IPOs. Cboe joins ASX, National Stock Exchange of Australia and Sydney Stock Exchange as one of four licensed listing markets in Australia.
ASIC consults on remake of OTC derivatives clearing rules
ASIC has released a consultation paper proposing to remake the ASIC Derivative Transaction Rules (Clearing) 2015 (2015 Rules), which are due to sunset on 1 April 2026. The proposed remake would largely retain the existing framework, with minor administrative updates and new provisions to support post-trade risk reduction exercises. Specifically, ASIC proposes to extend exemptive relief to derivative transactions arising from such exercises, aligning with current relief for multilateral portfolio compressions. However, transitional relief for certain swaptions from the 2015 Rules will be allowed to expire on the 1 April 2026.
The 2015 Rules, introduced under the Corporations Act 2001, implement Australia’s commitments to centrally clear standardised over-the-counter (OTC) derivatives. They apply to specified OTC interest rate derivatives and require certain Australian and foreign financial entities to clear eligible transactions through central counterparties. Submissions on the proposed changes are due by 28 November 2025.
FINANCIAL SERVICES
ASIC review highlights offshore outsourcing risks for fund operators
ASIC has published findings from a two-phase review into offshore outsourcing by responsible entities (REs) of registered managed investment schemes. The regulator examined 30 REs, with 17 outsourcing at least one business function to OSPs in the past two financial years. A deeper review of 10 REs revealed varied risk management practices, particularly around cyber security, due diligence, and service level monitoring.
Key outsourced functions included investment management, custody, fund administration, and transaction processing. Larger REs tended to have more sophisticated oversight frameworks, including dedicated governance boards and centralised risk teams. However, gaps were identified in areas such as service level agreements enforcement, cyber resilience, and oversight of OSPs performance.
ASIC consults on extending litigation funding relief
ASIC has released a consultation paper proposing to extend two legislative instruments that provide regulatory relief for litigation funding and conditional costs schemes. The instruments, ASIC Credit (Litigation Funding-Exclusion) Instrument 2020/37 and ASIC Corporations (Conditional Costs Schemes) Instrument 2020/38, are currently set to expire on 31 January 2026. ASIC proposes extending their operation until 31 March 2030.
The instruments exempt certain litigation funding and proof of debt arrangements from the National Credit Code and aspects of the Corporations Act, including managed investment scheme and financial services licensing requirements. The proposed extension aims to maintain regulatory certainty while the Government reviews its broader policy position on these arrangements. Submissions on the proposal are due by 14 November 2025.
ASIC targets managed accounts in compliance review
ASIC has announced a forthcoming surveillance review of the managed accounts sector, citing rapid growth and emerging risks. In a keynote address on 15 October 2025, Commissioner Alan Kirkland confirmed that ASIC will examine how licensees and financial advisers offering or recommending managed accounts to retail clients are meeting their obligations under the Corporations Act, including acting efficiently, honestly and fairly, and providing advice in the client’s best interests.
The review will also scrutinise how conflicts of interest are identified and managed, particularly given the commercial incentives across the product manufacturing and distribution chain. ASIC’s focus follows data showing a 24% annual increase in funds under management since 2019, with Separately Managed Accounts leading the growth. The regulator is concurrently updating Regulatory Guide 181 on conflict management, with final guidance expected by the end of 2025.
Government commissions review of Enhanced Regulatory Sandbox
On 31 October 2025, the Federal Government appointed Maha El Dimachki to lead an independent review of the Enhanced Regulatory Sandbox (ERS). The ERS allows eligible businesses to test financial and credit services without holding an AFS or credit licence, under certain conditions. The review will assess the effectiveness of the current framework and explore improvements to better support innovation and productivity in the financial sector. The review forms part of the Government’s broader digital asset strategy announced in March 2025 and is expected to conclude by mid-2026. Stakeholder consultation will begin in November 2025.
FINANCIAL SYSTEM
Treasury updates regulatory grid with new coordination principles
The Treasury has released the second edition of its Regulatory Initiatives Grid (RIG), outlining key financial sector reforms planned over the next two years. Published on 17 October 2025, the updated RIG incorporates three new principles: minimising overlap in major consultations and non-routine data collection, sequencing linked initiatives appropriately, and reducing duplication in data requests.
The RIG provides a consolidated view of material regulatory initiatives. This edition includes enhancements to the report and workbook formats to better support stakeholder analysis, and a new dashboard tab highlighting recently announced initiatives. The RIG remains a point-in-time document, with all initiatives subject to change depending on government priorities and market conditions. It focuses on strategic reforms likely to have a significant impact on the financial sector, rather than routine regulatory activity.
INSURANCE
APRA refines reinsurance framework to support alternative arrangements
The Australian Prudential Regulation Authority (APRA) has released a response paper refining its proposed updates to the general insurance reinsurance framework. The revisions aim to make it easier for insurers to access alternative reinsurance arrangements, such as insurance-linked securities, while maintaining policyholder protections.
The updated approach follows industry feedback on proposals issued in November 2024. APRA’s refinements seek to strike a balance between regulatory safeguards and flexibility, supporting innovation and resilience in the insurance sector. The response paper outlines targeted adjustments to draft prudential standards, guidance, and reporting requirements. Submissions on the revised materials are open until 30 January 2026.
PAYMENTS
ASIC re-issues guidance on unsolicited credit and debit cards
On 1 October 2025, ASIC re-issued Regulatory Guide 201, clarifying the prohibition on sending unsolicited credit and debit cards under section 12DL of the ASIC Act. The guide outlines ASIC’s interpretation of the prohibition and the scope of exceptions that permit card issuers to send cards without a specific request from the consumer.
The guide is intended for card providers and aims to assist them in complying with the law, particularly in relation to replacement, renewal, and supplementary cards. It addresses the circumstances under which a card may be sent in connection with a pre-existing agreement or at the consumer’s request.
Finalised pricing model for cash-in-transit services
Deloitte Access Economics has completed its independent pricing model for Armaguard’s CIT services, delivering the final report to Armaguard, major banks, and large retailers. The model aims to support the financial viability of cash distribution across Australia, particularly in regional and remote areas, amid declining cash usage. The pricing mechanism now awaits authorisation from the ACCC.
Exposure drafts released for payment systems modernisation
On 9 October 2025, the Federal Government released exposure draft legislation to establish a new regulatory framework for payment service providers. The draft introduces a core licensing regime and a tiered approach for stored value facilities, including prepaid accounts, stablecoin issuers, and digital wallets holding customer funds.
The framework distinguishes between providers based on their functions. For example, wallets that merely transmit payment instructions will face different regulation than those that hold funds. The reforms aim to align regulatory obligations with the scale and risk profile of providers. Submissions on the exposure draft legislation are open until 6 November 2025.
On 29 October 2025, the Federal Government also published draft regulations to support the recently passed Treasury Laws Amendment (Payments System Modernisation) Act 2025 (Cth). The proposed Payment Systems Legislation Amendment (2025 Measures No. 1) Regulations 2025 (Cth) aim to update three key instruments: the Payment Systems (Regulation) Regulations 2006 (Cth), the Australian Securities and Investments Commission Regulations 2001 (Cth), and the Corporations Regulations 2001 (Cth). Submissions on the draft regulations are open until 11 November 2025.
A second tranche of legislation is expected in 2026, covering additional licensing requirements, exemptions, supervisory powers of APRA, a framework for unclaimed monies and a revised ePayments Code.
Draft regulations released to mandate cash acceptance for essential retail
On 17 October 2025, the Federal Government released exposure draft regulations proposing mandatory cash acceptance for in-person transactions under $500 at fuel and grocery retailers. The proposed Competition and Consumer (Industry Codes - Cash Acceptance) Regulations 2025 (Cth) would apply to businesses with turnover above $10 million, including franchise groups. Small businesses below this threshold would be exempt.
The draft regulations form part of a broader policy response to the shift toward cashless payments. A review is scheduled after three years to assess the mandate’s effectiveness and consider potential expansion. Submissions on the draft regulations are open until 31 October 2025. Separately, the Council of Financial Regulators and the ACCC are consulting on proposals to regulate cash distribution, with recommendations to be considered alongside industry feedback.
PRIVACY AND DATA
OAIC issues privacy guidance ahead of social media age restrictions
On 10 October 2025, the Office of the Australian Information Commissioner (OAIC) released regulatory guidance for social media platforms and age assurance providers ahead of the Social Media Minimum Age (SMMA) scheme’s commencement on 10 December 2025. The guidance outlines privacy obligations under s 63F of the Online Safety Act 2021 (Cth), which operate alongside the Privacy Act 1988 (Cth) (Privacy Act).
Entities must ensure age assurance methods are proportionate, privacy-respecting, and transparent. Key requirements include minimising the use of personal and sensitive information, destroying data once SMMA purposes are met, and ensuring any further use is optional and consent-based. Platforms must also clearly communicate privacy practices at relevant moments.
The OAIC’s guidance complements the eSafety Commissioner’s earlier publication on “reasonable steps” for preventing underage access. Together, the regulators define the compliance framework for age-restricted platforms. Non-compliance may constitute interference with privacy and attract enforcement action. Additional OAIC resources for families and children are expected shortly.
Updated guidance for responsible AI adoption
On 21 October 2025, the National Artificial Intelligence Centre published its Guidance for AI Adoption, outlining six essential practices for responsible governance and use of AI. The guidance builds on national and international ethics principles and is the first update of the Voluntary AI Safety Standard.
Two tailored versions are available: Foundations, aimed at organisations beginning their AI journey, and Implementation Practices, designed for governance professionals and technical experts. Supporting resources include an AI screening tool, policy and register templates, and a glossary of key terms. The guidance takes a human-centred approach and includes a crosswalk mapping its practices to the previous safety standard. It also outlines relevant legal considerations and risk mitigation strategies for AI deployment.
PRUDENTIAL
APRA proposes streamlined IRB accreditation pathway for banks
On 23 October 2025, APRA released a consultation paper proposing a more accessible pathway for banks seeking accreditation to use the internal ratings-based (IRB) approach for calculating credit risk-weighted assets. The IRB method, currently used by six large banks, can marginally reduce capital requirements but has historically required resource-intensive risk management sophistication.
The proposed changes aim to simplify and clarify the accreditation process, potentially enabling mid-sized banks to adopt the IRB approach. This initiative follows commitments made during the recent review into small and medium-sized banks by the Council of Financial Regulators and the ACCC. The consultation paper outlines adjustments intended to improve flexibility and transparency in the process, without lowering prudential standards. Submissions are open until 19 December 2025.
APRA revises governance proposals after industry pushback
APRA has announced changes to its proposed governance reforms for banks, insurers and superannuation trustees, following extensive industry consultation. Originally released in March, the package included eight measures aimed at modernising prudential standards and guidance for the first time in over a decade.
After receiving nearly 80 submissions and holding 57 meetings with stakeholders, APRA will now revise three key proposals. The suggested 10-year tenure limit for non-executive directors will be replaced with a hard 12-year cap, with limited scope for short extensions. A requirement for banks and insurers to appoint at least two independent directors not serving on other group boards has been dropped. Similarly, a proposal mandating early engagement with APRA on responsible person appointments and succession planning will not proceed.
Further adjustments will be made to proposals concerning director skills, conflicts of interest, and disclosure of relevant interests. Updated standards are expected for consultation in early 2026.
APRA flags technology risks in financial services sector
In a speech to the Financial Services and ASX Sector Assurance Forum on 28 October 2025, APRA Member Suzanne Smith highlighted the growing technological risks facing banks, insurers and superannuation funds. Ms Smith noted that many APRA-regulated entities now function as technology companies, yet often rely on outdated legacy systems vulnerable to cyber threats and operational failures.
Cybersecurity remains the top concern, with APRA identifying persistent gaps in compliance with APRA prudential standard on information security, CPS 234, including weak authentication, poor third-party assurance, and inadequate incident response testing. Concentration risk was also flagged, with critical operations increasingly dependent on a small number of technology vendors.
To address these risks, APRA is analysing data on material service providers submitted by regulated entities and will conduct targeted supervisory engagements on AI governance. Internal audit was urged to play a proactive role in assessing digital transformation, third-party dependencies, and emerging data and AI risks, ensuring governance frameworks keep pace with technological change.
APRA refines capital framework for longevity products
APRA has launched a second round of consultation on proposed changes to the capital framework for longevity products, including annuities. The updated proposals, released on 29 October 2025, reflect feedback received during an earlier consultation in June and mark a shift towards a more principles-based approach to determining capital requirements.
The revisions aim to support the development and availability of longevity products for retirees, while maintaining safeguards for policyholders. APRA’s consultation materials include draft prudential standards and a response paper outlining the refinements made in light of industry submissions. Submissions on the draft standards are open until 17 December 2025.
APRA to amend CPS 230 for non-traditional service providers
APRA has announced plans to consult on targeted amendments to Prudential Standard CPS 230 Operational Risk Management (CPS 230) by the end of 2025, following industry concerns about its application to non-traditional service providers (NTSPs). These providers, such as stock exchanges, payment schemes, and clearing and settlement facilities, often operate under standardised, non-negotiable terms or without formal contracts, creating compliance challenges under CPS 230.
The proposed changes will clarify APRA’s expectations regarding contractual arrangements and service level monitoring with NTSPs. While the core risk management obligations under CPS 230 will remain unchanged, the amendments aim to reduce regulatory burden and support practical implementation. APRA will conduct an accelerated policy process, including a one-month consultation period, with the goal of finalising the changes before CPS 230 takes effect on 1 July 2026.
SUPERANNUATION
APRA demands higher standards from superannuation platform trustees
APRA has issued a letter to superannuation platform trustees, urging them to strengthen governance and oversight of investment options offered to members. The move follows APRA’s thematic review of platforms, which covered trustees responsible for nearly 95% of platform assets, and coincides with ASIC’s enforcement actions related to the collapse of the Shield and First Guardian managed investment schemes.
APRA’s letter outlines deficiencies in onboarding, monitoring, and member outcome practices, and requires trustees to assess compliance with prudential standards, confirm Financial Accountability Regime accountabilities, and develop time-bound plans to improve standards. The regulator flagged increased supervisory intensity and potential regulatory action. Platforms represent a growing segment of the superannuation industry, with $397 billion invested, which is 28.1% of choice sector assets.
Payday super legislation introduced to Parliament
On 9 October 2025, the Federal Government introduced legislation to mandate the payment of superannuation on payday. Under the proposed reforms, employers must ensure super contributions reach employees’ funds within seven business days of each payday.
The changes are scheduled to take effect from 1 July 2026. The legislation also includes a redesign of the superannuation guarantee charge to support the new system and enhance enforcement. The Australian Tax Office (ATO) will consult on its compliance approach during the first year of implementation, with a risk-based framework distinguishing between employers who align with pay cycles and those who do not.
ASIC flags shortcomings in super trustees’ retirement communications
ASIC has released Report 818, highlighting widespread deficiencies in how superannuation trustees communicate with members about retirement. The review found that many trustees rely on generic communications primarily aimed at pre-retirees, failing to engage meaningfully with members already in retirement. Despite the retirement income covenant taking effect over three years ago, some trustees have yet to address communication gaps previously identified by ASIC and APRA.
The report examined practices across 12 trustees, collectively managing over $1.14 trillion in assets and 9.3 million member accounts. ASIC observed limited tailoring of communications to diverse member needs, including First Nations, vulnerable, and culturally and linguistically diverse groups. One-third of trustees lacked formal processes for incorporating member feedback.
ASIC urges trustees to shift focus from product promotion to member education, improve governance, and strengthen oversight of external service providers. The regulator will continue monitoring compliance, with further updates expected via a joint “Retirement Pulse Check” with APRA later this year.
Government refines super tax concessions and boosts LISTO
On 13 October 2025, the Federal Government announced changes to superannuation tax concessions and the low-income superannuation tax offset (LISTO). From 1 July 2027, the LISTO will rise by $310 to $810, with the income eligibility threshold increasing from $37,000 to $45,000, benefiting up to 3.1 million Australians. A fact sheet outlining the changes impact has been published by the Treasury.
Concessional tax rates on large super balances will also be adjusted. The Federal Government has announced adjustments to the design and implementation of its Better Targeted Superannuation Concessions (BTSC) policy, following stakeholder feedback. From 1 July 2026, earnings on balances between $3 million and $10 million will be taxed at 30%, and those above $10 million at 40%. Both the $3 million and $10 million thresholds will be indexed. The changes will apply only to future realised earnings, with Treasury to consult on calculation methods and defined benefit treatment.
ATO reveals $19 billion in lost and unclaimed superannuation
The Federal Government has urged Australians to check for lost or unclaimed superannuation, following the release of new ATO data showing nearly $19 billion in dormant retirement savings. The figures highlight the scale of superannuation left behind due to inactive accounts or outdated contact details, often the result of job changes or address moves. Australians can use the ATO’s five-step Super Health Check to identify and consolidate lost super into their active accounts. The average amount of unclaimed super is $2,590, with the potential to grow significantly over time through compound interest.
AML/CTF
AUSTRAC launches national campaign ahead of major AML/CTF reforms
The Australian Transaction Reports and Analysis Centre (AUSTRAC) has launched a national awareness campaign in preparation for the most significant overhaul of Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime in two decades. The campaign will unfold in three phases: Awareness, Preparation, and Enrolment.
As part of the campaign, AUSTRAC is developing a range of education products to support both current reporting entities and those newly captured under the forthcoming tranche 2 AML/CTF reforms. A suite of resources, including webinars, e-learning modules, checklists, fact sheets, and videos, is being rolled out to build sector capability ahead of key compliance dates in March and July 2026.
AUSTRAC has now published guidance to assist businesses preparing for major changes to the AML/CTF regime. The guidance, developed in collaboration with industry bodies, outlines practical steps for compliance tailored to business size and complexity. It includes risk indicators for newly regulated sectors and additional support for digital currency exchanges. AUSTRAC has flagged further resources to follow, including sector-specific guidance and AML/CTF program starter kits. Businesses can use AUSTRAC’s online tool to assess whether their services fall within the scope of the revised regime.
AUSTRAC has also announced the 15 November 2025 launch of a redesigned AUSTRAC Online platform, aimed at improving how reporting entities manage their regulatory obligations. The overhaul includes enhanced security features, such as multi-factor authentication and stronger password protocols, alongside a more responsive interface and expanded self-service options.
AUSTRAC issues guidance on use of AML/CTF consultants
AUSTRAC has published guidance for reporting entities engaging third-party advisers to assist with AML/CTF compliance. The guidance outlines key considerations when selecting consultants, including their qualifications, sector-specific knowledge, and familiarity with the regulatory framework.
AUSTRAC has cautioned against claims of endorsement by the regulator, noting it does not approve consultants or AML/CTF programs. Advisers may face accessorial liability under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) if their conduct contributes to a breach by a reporting entity.
AUSTRAC tightens oversight of crypto ATM providers
AUSTRAC has introduced minimum compliance standards for cryptocurrency ATM providers, following a year-long investigation by its cryptocurrency taskforce. The move comes amid growing concerns over scams and money laundering linked to crypto ATMs, which have surged from 23 in 2019 to around 1,800 nationwide. The taskforce has already taken action against several providers: one had its registration renewal refused, another withdrew voluntarily, and a third paused operations. A joint law enforcement operation in July 2025 uncovered 90 victims of crypto-related crimes, including money mule activity and scams targeting older Australians. AUSTRAC has published a financial crime guide and indicators of suspicious activity to assist reporting entities in identifying and responding to potential abuse of digital currencies.
AUSTRAC to gain powers to restrict high-risk financial products
The Minister for Home Affairs has proposed legislative amendments that would empower the AUSTRAC CEO to restrict or prohibit high-risk financial products, services, or delivery channels. The move targets emerging money laundering threats, particularly those linked to crypto assets.
AUSTRAC and Pacific partners intensify regional financial crime efforts
AUSTRAC and 15 Pacific financial intelligence units have ramped up joint efforts to combat emerging financial crime threats, with a renewed focus on child sexual exploitation, transnational organised crime, and misuse of virtual assets. At the October 2025 Pacific Financial Intelligence Community plenary in Fiji, members agreed to prioritise these areas for coordinated action.
DISPUTES AND ENFORCEMENT
ASIC annual report highlights enforcement surge and market oversight
ASIC has released its 2024–25 Annual Report, revealing a marked increase in enforcement activity and a broad regulatory agenda aimed at simplifying rules and strengthening market integrity. The regulator reported a 50% rise in investigations, a 20% increase in new civil proceedings, and 829 targeted surveillances completed over the year.
Key initiatives included a review of AI use by financial services and credit licensees, an inquiry into ASX governance and risk management, and enforcement actions against superannuation funds over death benefit failures. ASIC also launched its first discussion paper on public and private market dynamics and established the Regulatory Simplification Consultative Group. Cyber resilience and digital capability upgrades enabled ASIC to take down over 6,900 scam websites. Financial penalties totalled $104.1 million in civil cases and $16.8 million in criminal fines.
ASIC eases IDR reporting burden for small banks
ASIC has issued a no-action letter reducing the frequency of internal dispute resolution (IDR) data reporting for small banks. Under the relief, small banks as specified in the letter will no longer be required to submit IDR reports every six months for the periods ending 31 December 2025 and 31 December 2026. Instead, they must prepare and lodge a full-year IDR report covering 1 July to 30 June, due by 31 August of the following year.
The change follows recommendations from the Council of Financial Regulators’ review of the small and medium-sized banking sectors and is intended to reduce regulatory costs and improve competitiveness. ASIC’s no-action position applies to obligations under s 912A(1)(g) of the Corporations Act and s 47(1)(ha) of the National Consumer Credit Protection Act 2009 (Cth). Formal system changes to IDR reporting are expected by 2027, but the relief takes effect from the January–February 2026 submission window.
ASIC launches breach reporting dashboard
ASIC has launched a public dashboard providing detailed data on self-reported compliance breaches by AFS and credit licensees. The Reportable Situations (RS) dashboard, released on 31 October 2025, offers insights into the volume and nature of breaches, customer impact and loss, investigation and rectification efforts, and compensation and remediation outcomes.
Under the RS regime, licensees must report certain breaches to ASIC, and the regulator is required to publish annual data on these reports. The new dashboard provides more granular, entity-level information than previously available, with the aim of improving transparency and supporting better compliance practices across the sector.
AFCA annual review highlights persistent complaint volumes and emerging risks
AFCA 2024–25 Annual Review reveals continued high volumes of consumer complaints, with over 100,000 received for the second consecutive year. Banking and finance remained the most complained-about sector, accounting for 54% of all cases. While financial difficulty complaints fell 17%, “failure to respond to a request for assistance” remained among the top five issues.
Complaints in the financial advice sector rose 18%, driven by large-scale collapses. Notably, self-managed superannuation fund complaints surged 95%, with “failure to act in the client’s best interest” complaints up 124%, signalling systemic issues in advice models. AFCA’s expanded jurisdiction now includes buy now pay later providers, which attracted 2,099 complaints - mostly concerning credit enquiries, unauthorised transactions, and service quality. General insurance complaints rose 17%, largely due to add-on insurance.
AFCA report flags systemic failures in complaint handling and hardship recognition
AFCA has released Edition 7 of its Systemic Issues Insights Report, covering the second half of the 2024-25 financial year. The report identifies widespread issues across financial services, including poor complaint handling, inadequate recognition of customer hardship and vulnerability, outdated systems, and disconnects between policy intent and frontline execution.
AFCA’s systemic investigations led to remediation benefiting over 342,000 consumers and small businesses, with $3.4 million in financial compensation secured. Non-financial outcomes included corrections to credit files, improved disclosure practices, and strengthened hardship support processes.
ASIC commences action over alleged ESG investment fund misrepresentations
ASIC has launched civil penalty proceedings in the NSW Supreme Court against Fiducian Investment Management Services Limited (FIMSL), alleging governance failures and misleading conduct in relation to its environmental, social and governance (ESG) fund - the Diversified Social Aspirations Fund. The fund, marketed as a socially responsible investment option from 2015 to 2024, purported to avoid harmful industries and monitor ESG compliance.
ASIC claims FIMSL failed to review underlying investments, did not engage ESG experts, and lacked adequate risk controls. The regulator also alleges the fund’s Product Disclosure Statement (PDS) contained false claims about investment screening and monitoring, despite holdings in companies such as BHP Billiton Limited, Rio Tinto Limited and Woodside Petroleum Limited. Complaints from investors were allegedly mishandled, and the PDS remained unchanged for nine years despite concerns. This marks ASIC’s fourth greenwashing case and its first targeting a responsible entity for governance breaches. ASIC is seeking declarations, penalties and adverse publicity orders against FIMSL.
APRA disqualifies former Xinja executives under FAR
APRA has disqualified Eric Wilson (former CEO) and Craig Swanger (former non-executive director) of Xinja Bank (Xinja) from acting as accountable persons of any authorised deposit-taking institution for eight and ten years respectively. These are the first disqualifications under the Financial Accountability Regime (FAR), which replaced the Banking Executive Accountability Regime in March 2024.
The action follows APRA’s investigation into side agreements entered into by Xinja with investors in 2020. These agreements undermined the classification of capital as CET1, misleading APRA about the bank’s capital adequacy. APRA found both individuals failed to act with due skill, care and diligence, and did not deal with the regulator in an open and cooperative manner. Swanger was also found to have had altered documents provided to APRA investigators.
Federal Court imposes first-ever Privacy Act penalties on Australian Clinical Labs
On 8 October 2025, the Federal Court ordered Australian Clinical Labs (ACL) to pay $5.8 million in civil penalties over a 2022 data breach involving its Medlab Pathology business. The breach exposed personal information of more than 223,000 individuals and marks the first time civil penalties have been imposed under the Privacy Act.
ACL was penalised $4.2 million for failing to take reasonable steps to secure personal data which amounted to more than 223,000 contraventions, $800,000 for not promptly assessing the breach, and another $800,000 for delays in notifying the regulator. The penalties were imposed under the pre-December 2022 regime, which capped fines at $2.22 million per contravention. Higher penalties now apply under updated laws. ACL admitted liability and cooperated with the investigation, which began in December 2022.
APRA lifts final capital add-on following Westpac risk overhaul
On 15 October 2025, APRA confirmed that Westpac Bank Corporation (Westpac) has fulfilled its obligations under a Court Enforceable Undertaking (CEU) entered into in December 2020, concluding a multi-year risk transformation program. The CEU followed APRA’s 2020 investigation into weaknesses in Westpac’s culture, governance and accountability. In response, Westpac launched the Customer Outcomes and Risk Excellence (CORE) Program and engaged an independent reviewer.
APRA had imposed two $500 million capital add-ons in 2019, with the first removed in July 2024 after partial remediation. The remaining add-on has now been lifted, effective immediately, following APRA’s validation of Westpac’s improvements in risk management. The regulator stated that Westpac’s completion of the program addresses the specific prudential concerns identified earlier.
Federal Court fines RAMS $20 million for home loan failures
On 24 October 2025, the Federal Court ordered RAMS Financial Group Pty Ltd (RAMS) to pay a $20 million penalty after admitting to widespread compliance breaches in its home loan business. Between June 2019 and April 2023, RAMS contravened its Australian credit licence conditions and the National Consumer Credit Protection Act 2009 (Cth) by using unlicensed referrers, failing to manage conflicts of interest, and inadequately supervising representatives.
The Court found RAMS lacked effective controls even after internal findings of misconduct, including falsified pay slips and manipulated customer expenses to secure loan approvals. Justice Shariff noted the conduct exposed consumers to unsuitable loans and potential financial hardship.
RAMS, a subsidiary of Westpac, operated through a franchise model targeting first home buyers and self-employed borrowers. Westpac terminated a planned sale of RAMS in April 2024 and wound down the franchise network by August 2024. RAMS has since admitted liability and remediated affected customers.
ASIC issues interim stop orders on TruePillars fund
ASIC has imposed interim stop orders on the PDSs for two classes of units in the TruePillars Investment Fund, a managed fund promoted by T.P.R.E. Ltd (TPRE). The orders prevent TPRE from offering, issuing, selling or transferring interests in the fund’s Pooled Unit and Loan Units.
ASIC’s concerns include omissions and deficiencies in the PDSs, such as inadequate disclosure of investment terms, conflicts of interest, risks (including liquidity and valuation), fees and costs, and potentially misleading statements about income distributions and withdrawals. TPRE may make submissions before ASIC decides whether to impose final stop orders.
ACCC sues Microsoft over alleged subscription misrepresentations
On 27 October 2025, the ACCC commenced proceedings in the Federal Court against Microsoft Pty Ltd and its US parent company, Microsoft Corporation (together, Microsoft) alleging misleading conduct affecting around 2.7 million Australian consumers. The case centres on communications about Microsoft 365 Personal and Family subscriptions following the integration of its AI assistant, Copilot.
Since 31 October 2024, Microsoft allegedly told auto-renewing subscribers they must either accept Copilot and pay higher prices or cancel their subscription. The ACCC claims this was misleading, as an undisclosed third option, the “Classic” plan, allowed subscribers to retain existing features without Copilot at the original price. However, this option was only revealed during the cancellation process and not mentioned in Microsoft’s emails or blog post. The ACCC is seeking penalties, injunctions, declarations, consumer redress, and costs against Microsoft. The case does not involve business or enterprise subscription plans.
AUSTRAC sanctions Cryptolink over AML/CTF failures
AUSTRAC has issued an infringement notice of $56,340 to digital currency exchange provider Cryptolink Pty Ltd (Cryptolink) for failing to report large cash transactions on time and for deficiencies in its AML/CTF risk assessments. The enforcement action follows findings by AUSTRAC’s Crypto Taskforce, which identified systemic weaknesses in Cryptolink’s compliance framework.
In addition to the infringement notice, AUSTRAC accepted a court-enforceable undertaking requiring Cryptolink to engage independent reviewers. These reviewers will assess the adequacy of the Cryptolink’s reporting of threshold transactions, the effectiveness of its controls for large cash transactions, and the robustness of its AML/CTF risk assessments. Cryptolink has fully cooperated with AUSTRAC and paid the infringement notice in full.
Vinomofo breached privacy laws in major data incident
The Privacy Commissioner Carly Kind has found that online wine retailer Vinomofo Pty Ltd (Vinomofo) breached the Privacy Act by failing to take reasonable steps to protect the personal information of nearly one million individuals. The Commissioner’s determination, published on 29 October 2025, relates to a 2022 data breach that occurred during a major data migration project. The breach exposed approximately 17GB of data, including names, dates of birth, contact details and financial information of around 928,760 customers and members.
The Commissioner found that Vinomofo had been aware of deficiencies in its security governance for at least two years prior to the incident but failed to act. The Commissioner concluded that Vinomofo’s policies, procedures, training, and overall approach to privacy were inadequate, breaching the Privacy Act. Declarations were made requiring the company to cease the identified practices.