Regulatory spring clean

18 December 2017

There is a lot of government regulatory activity in the regulators’ continued efforts to spring clean the financial services sector and the corporate sector at large. This follows a hive of activity in recent months across the regulatory spectrum, with regulators such as AUSTRAC, APRA and the ACCC all muscling in on the action, and on the last day of Spring the Prime Minister announcing a Royal Commission into misconduct in the banking, superannuation and financial services industry, which will include insurers.

This article focuses on some of the key developments that have taken place in relation to:

  1. The ASIC Enforcement Review – first, banning powers and second, increased penalties;
  2. The Bank Executive Accountability Regime – the BEAR draft legislation;
  3. The introduction of the Australian Financial Complaints Authority – AFCA; and
  4. The draft whistleblower legislation.

We expect these four initiatives will proceed as planned and will not be deferred until after the Royal Commission has handed down its interim or final reports.

1. Enforcement Review

ASIC at present has an ASIC Enforcement Review underway and there have been two developments of note.

First, it issued a consultation paper in September 2017 seeking to widen its banning powers under section 920A of the Corporations Act 2001 (Cth) (the Corporations Act) to enable ASIC to ban a person who performs a function in a financial service business of any sort. It asked for responses within a month. At present, ASIC has the power under section 920A to ban people from providing financial services. The extension of its powers under this section is aimed at preventing individuals from still being involved in a financial services business but not providing financial services advice themselves. It would also give ASIC the power to ban someone from any of the financial services business.

Secondly, on 23 October 2017 the Government announced the ASIC Taskforce’s recommendations for a substantial increase in the maximum civil penalties under the Australian Securities and Investments Commission Act 2001 (Cth) (the ASIC Act), the Corporations Act and the National Consumer Credit Protection Act 2009 (Cth) (the Credit Act). This will bring them substantially into line with the ACCC penalties and more in line with the United States and the United Kingdom. ASIC has been pressing for this for many years. Submissions closed on 17 November 2017 and the Taskforce was due to report back to the Government by the end of the last week of November. The penalties are likely to be introduced by the start of the next financial year. The proposed maximum penalties for each contravention are:

Act Individual
(based on penalty units)
ASIC Act $420,000

(based on penalty units)

$525,000 $2.1m (based on penalty units) the greater of $10.5m (based on penalty units), or

3x benefits, or

10% of annual turnover

Corporations Act $200,000 $525,000 $1m the greater of $2.625m, or

3 x benefits, or

10% of annual turnover

Credit Act $420,000

(based on penalty units)

$525,000 $2.1m (based on penalty units)


The proposed maximum penalty of 10% of turnover is a drastic increase. The top 32 ASX companies in 2016 each had annual turnover in excess of $10 billion.  Ten percent of $10 billion is $1 billion.

The recommendations for reform also extend to the Insurance Contracts Act 1984 (Cth). It is proposed that section 13, the duty of utmost good faith, becomes a civil penalty section.

2. BEAR Regime

The Federal Government has taken a step towards introducing the Bank Executive Accountability Regime (BEAR), similar to that in the UK (the SMR – Senior Manager Regime) and in Hong Kong.

The Treasury Laws Amendment (Banking Executive Accountability & Related Measures) Bill 2017 (the Bill) which sets out the proposed BEAR regime was published by the Government on 22 September 2017, and allowed only a seven day consultation period.

The purpose of the BEAR regime is to strengthen the responsibility and accountability framework for the most senior influential directors and executives in authorised deposit taking institutions (ADIs). It forms part of APRA’s regulatory regime.

The BEAR regime is proposed to take effect from 1 July 2018 and will require ADIs to put in place designated accountable persons and provide accountability maps and statements clearly defining each individual’s responsibilities. If an ADI breaches its BEAR obligations, it is proposed that the civil penalties of up to $210 million for a large ADI can be imposed by the Federal Court (based on the current value of a penalty unit). If individuals breach their BEAR responsibilities, they will not face civil penalties under the regime, but APRA will have the power to disqualify a person from acting in that position. Additionally, and importantly, in an attempt to deter accountable persons from engaging in behaviours that are inconsistent with their BEAR obligations, the regime places obligations on the ADI to introduce remuneration policies that defer a minimum percentage of an accountable person’s variable remuneration by a minimum of four years, and reduce the variable remuneration if the person breaches their accountability obligations.

The accountability obligations will be on Board members or senior executives with responsibility or control of significant or a substantial part or aspects of the ADI group. However, the obligations will also extend to individuals of subsidiaries where those activities are substantial, to ensure that an accountable person will have responsibility in those circumstances. The obligations will also apply to a local ADI of a foreign ADI.

The accountable person has to carry out his or her obligations with honesty and integrity, and with due skill care and diligence. He or she has to take reasonable steps to prevent matters arising that affect the prudential standing or reputation of the organisation, and they must deal with APRA in an open, constructive and cooperative way. Legal professional privilege is not displaced.

The accountable persons include the Board (including Non Executive Directors) and management personnel that directly report to the Board such as the CFO, COO, CRO, CIO (including IT), internal audit head, compliance head, human resources head and the person responsible for anti-money laundering.

The Explanatory Memorandum states that an accountable person could include the head of a business line or a senior executive responsible for major business activity in the subsidiary.

The regime will apply to an ADI or its subsidiaries where the person has actual effective management or control of the ADI, a subsidiary or a significant or substantial part of the ADI’s subsidiary operation.

The liability of an ADI, including for a civil penalty, is not insurable, nor can an entity indemnify or take out an insurance policy to indemnify an executive.  However, an indemnity or insurance cover for legal costs is permitted under the regime.

Under the regime, APRA will have investigation powers to investigate suspected contraventions, including the power to carry out private examinations similar to the examinations carried out by ASIC pursuant to section 19 of the Australian Securities and Investments Commission Act 2001 (Cth).

The BEAR regime will not apply to insurance companies (unless they are subsidiaries of an ADI). However, APRA has said on more than one occasion, including to the House of Representatives Standing Committee on Economics on 13 September 2017 that it will consider, once the new framework is put into place for banks, whether ‘some of the concepts within the regime have wider application … they might have significant benefit more broadly [to all prudentially regulated institutions]’.

3. Introduction of the Australian Financial Complaints Authority

Following consultation, in September 2017 the Federal Government issued its revised legislation to set up its new external dispute resolution scheme, which will start up on 1 July 2018, the Australian Financial Complaints Authority (AFCA).

AFCA will combine the Financial Ombudsman Service (FOS) and the Credit & Investment Ombudsman (CIO).

Financial firms will be required to be members of AFCA.

Whilst FOS and CIO have a claim limit of $500,000 with a compensation cap of $309,000 for small business, the new body will have a claim limit of $1 million and a compensation cap of not less than $500,000. For credit disputes, small businesses will now be able to bring a claim where the credit facility is up to $5 million, with a compensation cap of up to $1 million. Additionally, there will be no monetary limits for superannuation claims.

One of the changes to the Bill was to the transitional arrangements. The revised Bill requires membership of FOS and the CIO to be maintained for up to 12 months following AFCA’s commencement on 1 July 2018, to enable the resolution of outstanding disputes prior the cessation of the two schemes. ASIC will also have the power to increase the limits on the value of claims or remedies that may be awarded.

A Transition Team has been established to manage the transition to AFCA from FOS, CIO and SCT. It will advise the Minister on key elements of AFCA’s operations, including its terms of reference, governance and funding arrangements. A consultation paper on some of the aspects was issued in early November 2017.  The consultation period closed on 20 November 2017.

4. Whistleblower Protections

Greater whistle-blower protection has been high on ASIC’s agenda for a while and on 14 September 2017 the Federal Parliamentary Joint Committee on Corporations and Financial Services issued its report on Whistleblower Protections.

On 23 October 2017, the Government released for public consultation its draft whistleblower legislation, the Treasury Laws Amendment (Whistleblowers) Bill 2017. The consultation period was very brief and ended on 3 November 2017. Shortly after the report’s release, the Government established an expert advisory panel to consider the Committee’s recommendations and it will comment on the draft legislation and assess it against the PJC report. The bill is now likely to be introduced into parliament in the new year. It is proposed that the legislation comes into force on 1 July 2018.

The key features of the draft bill include that it:

  1. Consolidates the current whistleblower protection legislation by repealing all the current legislation and creating a new legislative regime under the Corporations Act;
  2. Introduces a single concept of “eligible whistleblower” that widens the people protected by including past and present officers, employees, contractors, associates of the company, and even the spouse and children of the whistleblower;
  3. Introduces a single concept of “whistleblower disclosee” which allows disclosure internally to officers, senior managers, authorised persons or the company’s auditor, and externally to ASIC, APRA, the AFP, and the whistleblower’s lawyer;
  4. Introduces a single concept of “whistleblower third party disclosee” which allows disclosure to members of Parliament and journalists in specified circumstances subject to three conditions being met, including that the whistleblower has reasonable grounds to believe there is an imminent risk of serious harm or danger to public health or safety or to the financial system if the information is not acted on immediately;
  5. Removes the concept of “good faith” in relation to the whistleblower’s disclosure and replaces it with an objective test that the whistleblower has a reasonable basis to suspect the misconduct; and
  6. Allows anonymous disclosure and imposes a maximum civil penalty of $200,000 for an individual or $1 million for a corporation if they disclose a whistleblower’s identity.

Interestingly, the draft bill has also included some matters considered by the PJC but not ultimately recommended in its report:

  1. Expanding access to compensation for whistleblowers who suffer reprisal by reversing the onus of proof by requiring the entity to prove the reason for its conduct that led to the alleged victimisation and damage suffered was not the disclosure; and
  2. Requiring public companies and large proprietary companies to have a whistleblower policy by 1 January 2019 (assuming the legislation commences on 1 July 2018).

It does not include the establishment of a Whistleblower Protection Authority or bounties (rewards) for whistleblowers that had been recommended by the PJC. These could however be added into the bill prior to it being introduced into Parliament or as the legislation is debated early next year.

This article was written by Jonathan Tapp, Partner, Jason Symons, Special Counsel and Shonagh Rasmussen, Solicitor.

Subscribe to HWL Ebsworth Publications and Events

HWL Ebsworth regularly publishes articles and newsletters to keep our clients up to date on the latest legal developments and what this means for your business.

To receive these updates via email, please complete the subscription form and indicate which areas of law you would like to receive information on.

Contact us