March 2021

RegTracker 26 March 2021 – ASIC’s regulatory approach

> Financial Services

By Mark Bland, Partner and Geoffrey McCarthy, Special Counsel

This update is designed to help superannuation trustees track and manage regulatory change. We look ahead to forthcoming developments, look back at recent changes and then spotlight the impact of a key development on trustees. This edition’s spotlight is on ASIC’s regulatory approach to superannuation.

Key developments

Breach reporting – comments are due on 9 April consultation on draft regulations that would make supporting amendments in relation to the breach reporting reforms enacted by the Financial Sector Reform (Hayne Royal Commission Response) Act 2020 (Cth).
ERFs – the Treasury Laws Amendment (Reuniting More Superannuation) Bill 2020 passed Parliament. This will facilitate the close of ERFs and the making of payments to the ATO where in a Trustee considers doing so to be in the best interests of the member.
Group insurance – APRA wrote to trustees concerning the group insurance market. In its letter, APRA expressed concern that the group insurance market would be tightening due to adverse claims experience escalating in 2020.
ASIC commenced civil action against the trustee of Statewide Super in respect of allegedly misleading statements concerning insurance and delayed breach reporting.
ASIC commences proceedings against the trustee of REST alleging misleading representations concerning portability.
APRA published updated reporting standards for 30 June 2021.

Looking ahead

26 March – Closing date for submissions to review of AFCA. Treasury is undertaking a review into AFCA and is to provide its report to the Minister by 30 June 2021. The review into AFCA was announced, and terms of reference released, on 19 February 2021.

29 March – ASIC and APRA to appear before the House of Representatives Standing Committee on Economics for its hearings reviewing the regulators’ annual reports.

31 March – As announced by Government, the first Modern Slavery Statement is due for entities with original reporting period of 1 July 2019 to 30 June 2020 under an extended deadline. Superannuation funds with a consolidated revenue of over $100 million are to report on actions taken to reduce the risk of serious exploitative practices in their structure, operations and supply chains.

31 March – Deadline for entities to upgrade to new version of D2A. The update adds integration of myGovID authentication, increased memory resulting in quicker processing of submissions, better business rule validations and error checks, and updated branding. APRA is progressing towards their new Data Collection Solution to replace D2A as part of its data transformation program.

31 March – Submissions are due to the Joint Standing Committee on Trade and Investment Growth Inquiry into the prudential regulation of investment in Australia’s export industries. The inquiry is likely to focus on whether concerns by APRA and ASIC about climate related risks are inappropriately impeding investment in coal and other resources industries.

5 April – Provisions regulating unfair terms of standard form contracts apply to insurance contracts with consumers and small businesses. Third party beneficiaries of insurance contracts will be able to bring actions against insurers under the unfair contract terms regime.

9 April – Breach reporting and remediation consultation draft released by the Treasury due for comment by 9 April 2021.

Looking back

25 March – APRA published a Response Paper to its Phase 1 consultation in its Superannuation Data Transformation Project. New reporting standards applying for reporting on 30 June 2021 due by 30 September were also published. APRA will consult on the next phase on depth in late 2021. At that time APRA may determine to require greater granularity or discontinue some requirements. The amended standards have been designed to ‘facilitate’ implementation of amendments under consideration in Parliament under “Your Future, Your Super”. Following consultation, APRA has recognised that some of the data being sought in Phase 1 of the SDT project could be progressed on a slower timeline or deferred to a later time or phase of the project and has adopted a staged implementation timetable to reflect this.

24 March – ASIC registered the ASIC Superannuation (Consent to Pass on Costs of Providing Advice) Instrument 2021/126. The instrument prescribed requirement for the consent of superannuation members to payment for advice outside of ongoing fee arrangements. Requirements for ongoing fee arrangements are similarly prescribed under the ASIC Corporations (Consent to Deductions—Ongoing Fee Arrangements) Instrument 2021/124. The consents must be clear consise and effective in addition to containing specific content. ASIC instruments broadly follow ASIC CP 329 proposals but reflect changes in the final form of the legislative amendments.

22 March – ASIC published Review of how superannuation trustees supported their members during COVID-19. ASIC advised that review of website information had shown it was generally informative but there were initially some issues concerning disclosures concerning insurance and projections of the impact of use of the early release scheme. In relation to intrafund advice, ASIC didn’t find any harm to clients but most advice did involve process or record keeping defects.

22 March – Treasury Laws Amendment (Reuniting More Superannuation) Bill 2020 facilitating close of ERFs and payments to the ATO where in a Trustee considers in the best interests of the member was enacted.

19 March – ASIC appeared before the Parliamentary Joint Committee on Corporations and Financial Services. In his opening address ASIC Chair Shipton said that while a number of actions had been taken to improve internal compliance and risk management arrangements, ASIC remained focussed on its objects. He noted in particular themes concerning ASIC’s changing role in regulation of superannuation and cyber risk.

19 March – Margaret Cole was appointed a member of APRA for five years from 1 July 2021. Ms Cole is a lawyer with substantial enforcement and other experience.

18 March – Submissions were due to the Senate Economics Legislation Committee inquiry on the Treasury Laws Amendment (Your Future, Your Super) Bill 2021. The report is due by 22 April 2021.

18 March – Select Committee on Financial Technology and Regulatory Technology Chair The Senate amended terms of reference under the name of Select Committee on Australia as a Technology and Financial Centre with reporting date amended to 30 October 2021.

17 March – Treasury Laws Amendment (2021 Measures No. 1) Bill 2021 passed the House of Representatives. The Bill contains much anticipated provisions facilitating electronic company AGMs and the process of deed execution. More controversially, it also reframes the test for continuous disclosure obligations so as to expose directors to reduced risk of liability. The Bill provides that civil penalty proceedings commenced under the continuous disclosure and misleading and deceptive conduct provisions must prove that an entity acted with “knowledge, recklessness or negligence” in respect of an alleged contravention. The referral was passed 32 to 30 and raises questions about whether the Bill will be passed. The Bill also provides that company and registered scheme meetings involving some attending physically and some electronically will be permitted until 15 September 2021. The EM indicates that this may become permanent. Although the Senate Economics Legislation Committee had by majority recommended it be passed on 16 March 2021, the Senate referred the Bill to the Senate Economics References Committee for a further report by 30 June 2021.

11 March – Comments were due on AUSTRAC Consultation on AML/CTF rule amendments related to the Anti-Money Laundering and Counter Terrorism Financing and Other Legislation Amendment Act 2020 (Cth).

10 March – The Minister for Home Affairs released Locked out; Tackling the ransomware threat. The report issued by the Cyber Security Industry Advisory Committee provides advice on addressing ransomware risks.

10 March – ASIC Deputy Chair Chester gave a speech with a focus on cyber security and enforcement in superannuation discussed below.

10 March Treasury published a consultation draft of Financial Sector Reform (Hayne Royal Commission Response—Protecting Consumers (2020 Measures)) Regulations 2021 that would make supporting amendments in relation to the breach reporting reforms in Financial Sector Reform (Hayne Royal Commission Response) Act 2020 (Cth). The amendments clarify that breaches of the requirements to give an FSG or PDS or giving a defective PDS are not in themselves automatically significant and therefore reportable. However, such a breach could still be significant on the basis of the other criteria such as because it causes material loss to a member. The draft regulations also provide for ASIC to have the power to issue infringement notices for failure to make breach reports as required.

9 March – APRA Insights indicates that APRA plan to publish a cross industry prudential practice guide on climate related financial risks by 30 June 2021. A final PPG is planned in 2021.

9 March – APRA wrote to trustees concerning the group insurance market. In its letter, APRA expressed concern that the group insurance market would be tightening due to adverse claims experience escalating in 2020. APRA is concerned about trustees accepting tenders that initially offer low pricing but which will later increase significantly. APRA has an expectation that trustees will maintain and make available to insurers quality granular data. APRA notes that ASIC’s Report 675 Default insurance in superannuation: Member value for money contains key observations about the data superannuation trustees have that can give insights into improving the quality of membership and insurance records. APRA is concerned about tender practice, including

abbreviated timeframes for the tender process, or to respond to revisions in insurance design or other parameters as part of that process, being imposed;
life insurers being unduly restricted by RSE licensees seeking to have a major role in determining the reinsurers that must be used; and
that new data that becomes available during the tender process be provided to all participants, with sufficient time for the impact of any changes to be assessed.

5 March – Submissions for second round of APRA’s consultation on prudential standard governing insurance in superannuation SPS 250 closed. Proposed changes included, on requirements for independent certification of related party insurance arrangements and priority and privilege arrangements, and that the rules for status attribution for a beneficiary are fair and reasonable.

4 March – ASIC issued its Cost Recovery Implementation Statement for 2019/2020. ASIC says invoices will be issued by 31 March. ASIC determined that it has spent $24.915 million on regulation of superannuation trustees in 2019/2020.

4 March – ASIC v Statewide Superannuation Pty Ltd: ASIC commenced civil action against the trustee of Statewide Super alleging misleading statements concerning insurance and delayed breach reporting. ASIC is seeking declarations, pecuniary penalties, injunctions relating to a remediation program and publication orders.

2 March – ASIC v Retail Employees Superannuation Pty Ltd: ASIC commenced proceedings against trustee of REST alleging misleading representations concerning portability. ASIC is seeking pecuniary penalties, publication orders and adverse publicity orders.

On the horizon spotlight – ASIC’s Regulatory Approach

ASIC Deputy Chair Karen Chester, in her speech of 10 March 2020, addressed ASIC’s regulatory approach highlighting their approach with superannuation. For the remainder of this article, we explore of Ms Chester’s speech through a superannuation lens. The opening speech of ASIC Chair James Shipton to the PJC on 19 March also mentioned key themes concerning ASIC’s role in superannuation and risks of cyber attacks.

She said that ASIC aimed to leave a lighter but more impactful regulatory footprint with less regulatory weight on business and markets; and more regulatory impact on their targets. We note that ASIC’s targets are frequently businesses, so there is an inherent tension about which businesses are legitimate targets.

ASIC has been piloting approaches they consider to be supportive of their objectives while supporting economic recovery post COVID-19.

ASIC recognises that consistently low interest rates and the ongoing hunt for yield have accelerated change and inflated risk appetite including among those without experience in risky investments.

Ms Chester said, ASIC wants to train its radar onto harmful misconduct, not on harm-free process breaches and claims that ASIC’s data and intel will alert ASIC to when there are harms that matter to ASIC.

One of ASIC’s focusses is cyber risk noting it can have a multiplier effect on individual businesses, markets and ultimately – consumers.

She indicated that systems under investment has increased exposures based on ASIC’s onsite supervisory work on internal dispute resolution processes and breach reporting.

ASIC has recalibrated and elevated its own cyber strategy. It has consulted extensively with other domestic and international regulators and Government and on the Australian Government’s Cyber Security Strategy. Common aims are:

raising awareness of cyber resilience for regulated entities;
helping regulated entities get prepared with their self‑assessment; and
taking decisive, deterrence-based enforcement action.

ASIC will ensure there are regulatory incentives for cyber resilience including enforcement action in respect of failings in cyber security and cyber resilience.

ASIC sees much potential for collaboration among large firms to develop a standard of resilience (a pilot path) for their many, smaller service provider firms. We note that this is consistent with the message of the Gateway Network Governance Body report concerning cyber security in the superannuation ecosystem released 9 February 2021.

Ms Chester indicated ASIC was looking to take quicker action and gave an as example a program to address investments that were not true to label, including the way in which they used google advertising.

ASIC’s new approach to enforcement which has been piloted is to be called Express Investigation (EI) which is envisaged as lowering costs of the entity being investigated.

At the earliest possible time, ASIC sets out its concerns to the entity and then seeks cooperation in the investigation through regular and consistent engagement. By cooperating, the time and expense of the investigation is reduced.

ASIC sees that this improves compliance rates on notices to produce documents and information; and on the voluntary provision of information to assist its understanding of the conduct at issue.

In some instances, the EI pilot led to agreement on facts and admissions on liability, which saved time and the expense of a contested trial.

If cooperation from the entity wanes, ASIC’s investigation forges on. But slowly and with greater cost.

We note that while ASIC may have had success with banks in its pilot, it remains to be seen whether the regulated population more generally will see asserting their rights in the face of an investigation as a better strategy depending on the circumstances.

ASIC will soon commence meetings with the chairs, CEOs and boards of regulated cohorts, to which the design and distribution obligations will apply from 5 October 2021.

ASIC’s enforcement in relation to superannuation is to tilt strongly towards harm-targeted deterrence, especially in the all-important window of the next 12 to 18 months.

ASIC also brought civil penalty proceedings last week against Statewide Superannuation for misleading or deceptive correspondence (over three years). It is interesting to assess that action in light of focus on ‘harm’. ASIC states in its concise statement that, “Deducting premia from the accounts of superannuation members for cancelled insurance cover deprived those members of the value of premia charged (and returns on those amounts) pending any remediation by Statewide.” We note that regarding insurance, the subject of the relevant errors was from very low balance members with default insurance. As such, the value of the premiums and interest for each member would be low. Further, any persisting harm would be pending remediation by Statewide which there is no indication would not occur.

ASIC further says that “Representing to members that they held insurance when they did not, gave rise to a risk that the member may have been ineligible to make a claim should a claim event have occurred. … Members may have chosen not to seek insurance cover elsewhere having regard to the representations made. A member may also have been exposed to a risk that he or she was unable to obtain insurance elsewhere.” We note that this refers to a risk of harm or more remotely a risk of exposure to harm, rather than actual harm, and there is no indication that harm has actually occurred or will occur. Most ‘process failings’ provide at least a risk of exposure to harm. It can be open to argument whether ASIC has really focussed on harm as distinct from process failings.

ASIC is continuing with a superannuation pipeline comprising:

eight matters in litigation;
two briefs of evidence in support of criminal charges with the CDPP;
more than 20 enforcement investigations; and
multiple surveillances about potential super trustee misconduct.

In his speech to the PJC Mr Shipton pointed out that none of this work arose from the Hayne Royal Commission.

The broad misconduct themes are trustee competence and oversight, complaints handling processes and mischarging of fees. Ms Chester said, “the metrics of harm are known to us all”. It is not clear the non-compliance with complaints handling processes or acts of trustee incompetence necessarily cause or risk harm and the way in which harm can be assessed may actually be subject to a variety of metrics.

ASIC says it is working side-by-side with APRA noting that “Indeed, the REST case was thanks to a referral from our APRA brethren.”

Enforcement is by no means the only way ASIC will seek to address risks or issues relating to misconduct in superannuation. Ms Chester referred to engagement with industry on DDO as an example as well as the new complaints handling requirements, which come into effect on 5 October 2021 alongside DDO.

Previous Editions

You may also be interested in reading some of our other commentary in our previous editions’ spotlights. Note that these articles reflect the position at the time of publication and so may no longer be current: