Australian Regulators Weekly Wrap — Monday, 30 August 2021

Keeping on top of the latest financial services regulatory and compliance trends?

Investing time in your professional development within a rapidly changing financial services industry is challenging. To meet that challenge, the Australian Regulators Weekly Wrap is designed to keep you at the forefront of your practice by quickly setting out the top five developments from the past week, analysis and practical considerations for the future.

1. Corporate plan (APRA): APRA has released its new corporate plan until 2025, focusing key action items to: 1) preserve the resilience of banks, insurers and superannuation funds, with a continuing focus on financial strength; cyber risks; governance, risk-culture, remuneration and accountability; and implementing the Government’s Your Future, Your Super reforms; 2) modernise the prudential architecture to ensure it is effective and accessible, less burdensome for entities, and more adaptable to the rapidly evolving financial sector; and, 3) better enable data-driven decision-making. There is some detail in there, for example around adopting the latest regulatory tools, techniques and practices in areas such as specialist regulatory services, enforcement actions, transparency and resolution. APRA’s updates always strike me as abstract and full of trendy compliance lingo to the point of unhelpfulness — they are getting better, though this update probably could have been greatly condensed.
2. CPS 220 (APRA): APRA has released Prudential Practice Guide APG 220 Credit Risk Management (APG 220), which is new APRA guidance to assist ADIs in making prudent lending decisions and meeting their requirements under the new prudential standard, APS 220 Credit Risk Management. APS 220 requires an ADI to implement a credit risk management framework that is appropriate to its size, business mix and complexity. The framework must include a credit risk appetite statement, credit risk management strategy, credit risk policies and processes, a credit risk management function, a management information system and an independent review process. The key changes are around APRA’s expectations for: the role of the Board in managing credit risk, aligning with the requirements in APS 220; sound credit assessment and approval processes, including providing examples where some additional flexibility could be considered prudent; and, the use of automated valuation methods, including examples for the prudent development of scorecards and use of risk controls.
3. Corporate Plan (ASIC): ASIC’s Corporate Plan 2021–25 outlines its priorities over the next four years. It is sharper than APRA’s in terms of practical detail, and outlines four strategic priorities: promoting economic recovery — including through better and more efficient regulation, facilitating innovation, and targeting regulatory and enforcement action to areas of greatest harm; reducing risk of harm to consumers exposed to poor product governance and design, and increased investment scam activity in a low-yield environment; supporting enhanced cyber resilience and cyber security among ASIC’s regulated population, in line with the whole-of-government commitment to mitigating cyber security risks; and, driving industry readiness and compliance with standards set by law reform initiatives (including the Financial Accountability Regime, reforms in superannuation and insurance, breach reporting, and the design and distribution obligations). The last one is absolutely critical. DDO and breach reporting come into effect in October 2021, and are going to be a large adaption for everyone in the industry.
4. Unfair contract terms (Treasury): time to refresh those opinion letters, the Government is strengthening protections for consumers and small businesses against unfair contract terms through newly released draft exposure legislation; the wonderfully named Treasury Laws Amendment (Measures for a later sitting) Bill 2021: Unfair contract terms reforms. The draft makes UCTs unlawful and gives courts the power to impose a civil penalty; provides more flexible remedies to a court when it declares a contract term unfair by giving courts the power to determine an appropriate remedy, rather than the term being automatically void; provides that the remedies available for ‘non-party consumers’ also apply to ‘non-party small businesses’; and, creates a rebuttable presumption provision for UCTs used in similar circumstances; increases the eligibility threshold for the protections from less than 20 employees to less than 100 employees, and introduces an annual turnover threshold of less than $10 million as an alternative threshold for determining eligibility; and, removes the requirement for the upfront price payable under a contract to be below a certain threshold in order for the contract to be covered by the UCT protections. This is a big development, and escalates the risk around UCT provisions in financing and other contracts.
5. Statement of intention (ASIC): the Treasurer has released a Statement of Expectations to ASIC. Reading between the lines, stay away from policy making (don’t expect any more responsible-lending interventions) and stick to reform implementation and enforcement. It states that: “…the Government expects ASIC to contribute to the Government’s economic goals, including supporting Australia’s economic recovery from the COVID-19 pandemic and work closely with Government and Treasury on the implementation of policy reforms and in its exercise of policy-related functions.”

Thought for the future: one month to go between DDO, breach reporting and internal complaints handling commence. If you have not got your breach reporting frameworks (including ‘deemed obligations’ lists), TMDs and risk governance frameworks and RG 271, now is the time to start.

Published on Australian Regulators Weekly Wrap. 

If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.

Authored by:

Liam Hennessy, Partner

Get in touch with the Gadens team to discuss any regulation and compliance issues.