The Brief is your monthly financial services update. To help you save time, each month we'll give you a quick run-down of what happened in financial services from experts across our firm.
Winners and losers in election month
Did you notice there was a Federal election last month? With the Government returning to office, many of the more dramatic reforms proposed during the campaign have been shelved. But while our legislators have been enjoying some R&R, our financial services regulators have been busy. Here's your monthly run-down of what they've been up to and what they have planned for our industry — it looks like there's no rest for the wicked.
Are you good at losing money?
Not as good as underwriters of individual disability income (aka income protection) insurance, it seems. APRA has waved its stick at the life insurance industry, which it says collectively lost $2.5b over the past five years on this product alone. While these policies are often seen by insurers as a 'loss leader', APRA is requiring the life industry to lift its game (and its premiums, presumably) if it wants to keep offering this product outside of superannuation. If not, they risk being whacked with APRA's capital stick.
Winning at regtech?
Then sign up for one of three events that ASIC has launched, where you can showcase how your regulatory technology product can:
- improve the compliance of financial advertising promotions (2 August);
- detect problematic financial advice in data (22 August); or
- apply voice analytics and voice-to-text to regulatory activities (September).
ASIC will choose around 10 lucky innovators to demonstrate their products at each event. To win a chance to shine, sign up through ASIC's Innovation Hub.
I appear to have lost my authorisation
Before appointing an authorised representative, check that they are not already an AFS licensee. Unless you authorised the other licensee under a general insurance binder, the authorisation will be void, as 58 licensees recently discovered. ASIC cancelled their authorisations and found them to be in breach of the law. Although such authorisation attempts are an offence under the law, no penalties were reported, so we're calling this a minor win for those affected.
Losing control of personal information
While simultaneously releasing its latest quarterly data, the OAIC published its insights on the first 12 months of the Notifiable Data Breaches scheme, which revealed:
- the finance sector had an above-average rate of data breaches due to human error;
- the finance sector notified the second-most number of data breaches (but there have been many more notifications in the health sector); and
- more than half of the data breaches in the finance sector were caused by malicious or criminal attacks.
The OAIC report notes that APRA-regulated institutions will need to comply with a new prudential standard on information security, CPS 234, when it commences on 1 July. This will require some breaches to be reported to APRA as well as to the OAIC.
Losing track of time
To avoid or reduce their industry funding levy, some financial services and credit licensees may seek to cancel or vary their licences. ASIC has reminded us that licence cancellation or variation takes time and that levies will be calculated based on licence authorisations as at 1 July. ASIC's service charter aims to assess 70% of complete applications within 150 days of lodgement and 90% after 240 days so, if you haven't already lodged your complete application, we suggest not banking your saving just yet.
A win for smashed avo on toast
APRA sought comment from all ADIs in relation to the possible relaxation of its residential mortgage lending requirements. Four and a half years after introducing a serviceability buffer of 2 per cent and a floor rate of 7 per cent, APRA is proposing to allow lenders to increase their serviceability buffer to 2.5 per cent and proposes not to set a specific floor rate. This would enable lenders to set their own floor rates based on the interest rate outlook and may enable borrowers to obtain home loans larger than currently possible. Comments on the proposals are due by 18 June.
Reputations won or lost through IDR
ASIC commenced consultation on reforms to its internal dispute resolution requirements.
Some of the proposed changes to RG 165 Licensing: Internal and external dispute resolution, which will become enforceable, include:
- applying IDR to complaints made on a firm's social media platforms;
- defining what a 'complaint' is (ASIC says there is little consensus on this);
- extending IDR to small businesses with up to 99 employees;
- recording all complaints (currently not required for those resolved within a week);
- reporting all complaints to ASIC every six months;
- publishing industry-wide complaints data, including at firm level;
- prescribing minimum content for IDR responses;
- reducing the time required for IDR responses (by half in some cases); and
- requiring board papers to include metrics and analysis of consumer complaints.
Consultation is open until 9 August.
Losing the ability to drive change from within
APRA has shared an information paper, summarising the self-assessments that it asked 36 boards of regulated institutions to undertake in the aftermath of APRA's 2018 Prudential Inquiry into the Commonwealth Bank of Australia. APRA asked these boards to consider whether similar issues might exist in their own institutions. Having considered their responses, APRA observed that the CBA's issues were certainly not unique to that organisation and concluded that four key themes emerged:
- inadequate management of non-financial risks;
- lack of clarity and enforcement in the accountability of those below senior executive level;
- awareness yet inaction in relation to long-standing weaknesses, with priority only given after regulator scrutiny or adverse events; and
- poor understanding of risk culture, making it hard to know whether the desired behaviours were being reinforced.
Over the next year, APRA will be increasing its supervision of governance, accountability and culture for all regulated institutions, not only the 36 targeted in this exercise.
Other results from around the grounds
Do you know what a securitisation SPV is? If not, carry on. But, if so, you should also know that APRA, the RBA and the ABS recently decided to expand their data collection by consolidating the financial reporting of securitisation SPVs that are not related to authorised banks, credit unions and the like. The changes take effect for the reporting period ending 31 July.
In Issue #2 of The Brief, we reported the passage of the Protecting Your Superannuation Package laws. One of the new laws means that many members with inactive superannuation accounts will lose the benefit of the insurance it provides. APRA has now released FAQs for RSE licensees that answer questions such as 'If a member with an inactive account elects to continue their insurance, can the trustee rely on that election forever?' Spoiler: yes, they can.
FASEA welcomed its first intake of applicants for the exam that all financial advisers will need to pass in order to provide personal financial product advice to retail clients.
ASIC has updated its guidance on initial coin offerings and crypto-assets. In particular, issuers are encouraged to consider whether their tokens or other crypto-assets are financial products and therefore trigger a licence obligation. The updated information sheet reminds crypto-asset issuers and intermediaries that their products may be novel but the financial services laws, including those prohibiting misleading and deceptive conduct, are not.
Want to know more about how these issues affect your business? Reach out to a member of our team.
All information on this site is of a general nature only and is not intended to be relied upon as, nor to be a substitute for, specific legal professional advice. No responsibility for the loss occasioned to any person acting on or refraining from action as a result of any material published can be accepted.