Gadens Regulatory Recap – 31 October 2023

31 October 2023
Matthew Bode, Partner, Brisbane Kelly Griffiths, Partner, Melbourne Michael Kenny, Partner, Melbourne Sinead Lynch, Partner, Sydney Daniel Maroske, Partner, Brisbane Kate Mills, Partner, Sydney Caroline Ord, Partner, Melbourne

This edition of the Gadens’ Regulatory Recap highlights recent developments from ASIC, APRA, ACCC, AFCA, AUSTRAC, the ATO, the OAIC, Treasury, and some key legislative updates, including various enforcement actions taken by the regulators.


  1. ASIC Breach reporting amendments: On 19 October 2023. ASIC made ASIC Corporations and Credit (Amendment) Instrument 2023/589, which modifies the reportable situations regime for participants, reflecting a more lenient approach in direct response to recent criticisms of more onerous requirements under the breach reporting regime. As a result of this instrument, licensees no longer need to report certain breaches of the misleading and deceptive conduct provisions (sections 912D and 1041H(1) of the Corporations Act 2001 (Cth) (Corporations Act), and sections 12DA(1) and 12DB(1) of the Australian Securities and Investments Commission Act 2001 (Cth)). This relief applies in (limited) circumstances where the relevant reportable situation:
  • only impacts one person;
  • will not result in, or is unlikely to result in, financial loss or damage to any person (regardless of whether any loss will be remediated); and
  • will not give rise to any other reportable situation.

The reportable situation incident reporting timeframes have also been extended from 30 days to 90 days in circumstances where the relevant reportable situation has underlying circumstances that are the same as, or substantially similar to, the underlying circumstances of a situation that has previously been lodged with ASIC.

It is recommended that licensees update their relevant policies and procedures relating to the reportable situations regime, and that the underlying root cause of incidents is recorded accurately to determine the necessity of reporting reportable situations going forward.

  1. ASIC releases findings from its audit surveillance and integrated financial reporting program: On 18 October 2023, ASIC released findings from its audit surveillance and integrated financial reporting program in Report 774 Annual financial reporting and audit surveillance report 2022-23. ASIC identified insufficient financial reporting disclosures and reported adjustments totalling $215 million following its review of 180 financial reports of large entities and ASX listed entities and 15 related audit files. The audit findings have been reported to directors of 11 companies to improve the quality of audit and financial report, including the identification of root cause audit findings and implementation of effective and sustainable action plans.
  2. Update to guidance on insolvent trading: The consultation period for the update of ASIC’s draft regulatory guide RG 217 (Guidance on insolvent trading safe harbour provisions) closed on 26 October. Publication of the update is expected in the first quarter of 2024.
  3. ASIC provides regulatory update at Annual Credit Law Conference: On 18 October 2023, Greg Yanco, ASIC’s Executive Director for Regulation and Supervision, presented at the 33rd Annual Credit Law Conference. Mr Yanco highlighted ASIC’s priorities within the consumer credit sector as being:
  • a focus on financial hardship;
  • financially vulnerable consumers;
  • buy now, pay later (BNPL) services;
  • small amount credit contracts and consumer leases; and
  • short-term credit facilities and continuing credit contracts.

Mr Yanco also highlighted ASIC’s focus on product design and distribution obligations, noting that close to 80 DDO stop orders have been issued in the last financial year, with the DDO focus expanded to credit and ‘credit-like’ products, such as buy now, pay later products.

Scams, cyber resilience and the regulatory requirements of FAR will continue to impact the consumer credit sector.

  1. ASIC signs MMOU with International Association of Insurance Supervisors: ASIC has signed up to the Association of Insurance Supervisors’ (IAIS) Multilateral Memorandum of Understanding (MMoU). The MMoU provides a worldwide framework of compliance and confidentiality, and allows insurance supervisors to cooperate and exchange information. ASIC and other signatories to the MMoU will be able to share information to assist each other in achieving their respective objectives collaboratively – including enhancing financial stability and ensuring stronger consumer protection. This information-sharing framework enables prompt industry supervisor responses regarding data privacy. This may draw comment from industry in response to ASIC and APRA’s joint discussion papers regarding general insurance and life insurance data transformation – set out below.
  2. ASIC Enforcment: ASIC has continued to act on its 2023-24 enforcement priorities in the past fortnight, with a series of varied enforcement activities taking place.

ASIC has disqualified Antony Murray and Danny Luke Murray, directors of a series of companies, from managing corporations for a period of four years following their involvement in three failed companies. In disqualifying the individuals, ASIC expressed concerns that the directors failed to ensure the businesses maintained sufficient business records, that the companies were allowed to trade while insolvent, as well as being concerned of potential illegal phoenix activity. The total amount owed across the three companies is $1.6 million, including $748,000 owed to the Australian Taxation Office.

ASIC has also suspended the AFSL of Celtic Equities Management Pty Ltd for a period of six months following a failure to lodge financial statements and audit reports for the financial years ended 30 June 2017 to 30 June 2022, pay outstanding ASIC Industry Funding Levies, and pay outstanding late payment penalties. ASIC has also banned former PwC partner, Peter-John Collins, from providing financial services or controlling an entity in the business of financial services for eight years. This ban follows ASIC’s findings that Mr Collins disclosed confidential information he obtained in his roles as a tax advisor to Federal government entities and that he was not a fit and proper person to provide financial services.

Separately, the Federal Court has also made a finding that Diversa Trusties Limited, a superannuation trustee, did not fail to act efficiently, honestly, and fairly, or fail to take reasonable steps to ensure representatives complied with financial services laws. ASIC has stated that it is reviewing the judgment.


  1. APRA publishes its 2022-23 Annual Report: APRA published its 2022-23 Annual Report on Friday 13 October 2023, detailing the work APRA has done in the past year to supervise financial institutions. This includes cross-industry work regarding prudential requirements and guidance for recovery and resolution planning, cyber controls and climate vulnerability assessments, as well as sector-specific work across:
  • Banking – including implementing a new bank capital framework, cross-regulator engagement and implementing macroprudential settings, including maintaining the serviceability buffer at three percent;
  • Insurance – including finalising capital frameworks for private health insurers, working with ASIC to request life insurance companies review premium increases and public-facing materials, and introducing requirements for general insurers to implement remediation plans to bolster risk management processes; and
  • Superannuation – including implementing a new investment governance standard, undertaking statutory annual performance tests of superannuation funds, and reviewing gaps in member assistance for fund members approaching retirement age with ASIC.
  1. APRA releases the latest points of presence statistics for authorised deposit-taking institutions (ADIs): Annual ADI points of presence statistics were released on 18 October 2023. The statistics highlight continuing declines in the presence of most forms of ADIs – such as bank branches which declined by 11% Australia-wide in the year to 30 June 2023, equating to a 37% decline since 2017.
  2. APRA and ASIC release joint discussion papers for consultation on general insurance and life insurance data transformation: APRA and ASIC released discussion papers on Life Insurance and General Insurance on 12 October 2023 as part of the Insurance Data Transformation (IDT) Project – aimed at collecting data to enable regulators, policy makers and insurance to comprehensively assess prudential and conduct risks in the insurance industry. The papers seek further feedback from industry on, among other things, the need for clarity on the objectives and use of IDT Project data, data privacy, governance processes, and the regulatory burden on data collection. Submissions must be sent to by 22 December 2023.
  3. APRA releases observations on credit risk provisioning practices for locally incorporated ADIs: On 19 October 2023, APRA wrote to locally incorporated ADIs regarding credit risk provisioning practices. The letter focused on the need to monitor and improve model performance for credit quality assessments and provisioning, the critical nature of sensitivity analysis on a regular and timely basis across credit portfolios, and the need to both identify vulnerable sectors and factor sectoral risks into loss estimates.
  4. APRA and ASIC release notes on Superannuation CEO Roundtable – September 2023: APRA and ASIC held the Superannuation CEO Roundtable on 27 September 2023, attended by 10 superannuation trustee CEOs and APRA and ASIC leaders. Notes from the roundtable released on 20 October 2023 highlight that the discussion focused on sustainable finance disclosures (including the need to ensure the accuracy of disclosures), and the Retirement Income Covenant (including APRA and ASIC’s ongoing work following their joint thematic report into the implementation of the covenant).


  1. ACCC proposes to authorise banks to collaborate on development of industry standards to combat scams: On 13 October 2023 the ACCC proposed to grant authorisation, with conditions, for the Australian Banking Association and member banks to participate in the development of an industry standard to prevent, detect, and disrupt scams that affect individual and small business customers. This proposal was on the basis that there were likely public benefits of involving industry in the development of initiatives to prevent avoidable scam losses, prior to the introduction of the Government’s planned industry-wide mandatory code of conduct. The ACCC is seeking submissions to the draft determination by 10 November 2023.


  1. AFCA publishes report on key systemic issues across the finance industry: On 19 October 2023, the Australian Financial Complaints Authority (AFCA) released a new edition of the Systemic Issues Insights Report for FY22-23, which shares information, insights, data and findings that AFCA has collected across the financial services sector. Key statistics provided in the report include the 145,480 consumers that were remediated as a result of the identification and investigation of systemic issues and over $61 million in refunds made to consumers between January and June 2023.

  2. Annual Review of AFCA released for FY22-23: On 23 October 2023 AFCA released its Annual Review for the 1 July 2022 to 30 June 2023 period, which details the program of work completed by AFCA during the last financial year and how its strategic priorities, purpose and vision was met. As Australia’s complaints authority for the financial services sector, AFCA received 96,987 complaints – the most that AFCA has ever received. The review notes, in particular, that complaints have been driven by:
  • delays in insurance claim handling;
  • mounting financial pressures on consumers; and
  • serious financial crime and scams.

The review also outlines AFCA’s work in addition to its ‘business as usual’, including: 

  • progressing AFCA’s business and IT transformation project;
  • responding to recommendations in Treasury’s Independent Review of AFCA;
  • expanding the community outreach and stakeholder engagement program; and
  • embedding AFCA’s internal culture.


  1. AUSTRAC releases new guidance on AML/CTF obligations in relation to data breaches: On 16 October 2023, the Australian Transaction Reports and Analysis Centre (AUSTRAC) released detailed guidance for AUSTRAC-regulated entities to explain anti-money laundering and counter-terrorism financing (AML/CTF) obligations surrounding data breaches and the steps required to protect against money laundering and terrorism financing risks that may arise from such breaches. The guidance is relevant to individuals or businesses that are directly affected by a data breach or impacted by an external data breach that affects services or customers.


  1. OAIC publishes annual report for 2022-23: The Office of the Australian Information Commissioner (OAIC) released its annual report on 19 October 2023, detailing the performance, corporate governance and financials for the OAIC over the previous financial year. In particular, the report covers the work being done by the OAIC to promote and uphold privacy and information access rights, including the investigation and determination of privacy complaints and matters. Key statistics from the report include the following:
  • 3,402 privacy complaints received (up 34%), with the greatest proportion relating to the finance sector;
  • 1,647 applications received by OAIC for IC review of FOI complaints (down 16%);
  • 895 notifications received under the Notifiable Data Breach scheme (up 5%); and
  • 11,672 privacy enquiries handled (up 7%).
  1. OAIC releases annual report on digital health compliance and regulatory activity: On 20 October 2023, the OAIC published an annual report on digital health activities undertaken by the OAIC during 2022-23, which relates to OAIC’s role as an independent regulator of the privacy requirements for the Healthcare Identifiers Service and the My Health Record system. The report covers:
  • the OAIC’s assessment program;
  • handling of My Health Record data breach notifications;
  • developing guidance material; and
  • advising and liaising with key stakeholders.
  1. OAIC updates Compliance and Enforcement Policy for the Consumer Data Right: A new version of the ACCC/OAIC Compliance and Enforcement Policy for the Consumer Data Right (CDR) was published on 12 October 2023, which sets out the priorities, general approach to compliance, and enforcement of the CDR. The policy sets out conduct which may be more likely to draw enforcement action, such as insufficient oversight of third parties and the misuse of CDR data.


  1. Proposed framework for regulating Digital Asset Platforms: Treasury has released a consultation paper setting out a proposed framework for regulating service providers that hold digital assets or assets that back digital assets. The proposed framework would involve an expansion of the existing Australian financial services law by introducing a new ‘digital asset facility’ financial product, and providers of the new financial product will be subject to various additional disclosure and minimum standards obligations.

Gadens has set out a more detailed overview of the proposed framework in a stand-alone article.

  1. Treasury Annual Report 2022-23: Released 18 October 2023, Treasury’s Annual Report 2022-23 outlines the department’s performance against key internal metrics, completed reform work, and priorities for the following year, against the backdrop of an economy that grew by 3.4% in the 2022-23 financial year.

Key priorities for the next financial year include:

  • reforming the payments system ‘by modernising regulatory frameworks and establishing a new payments licensing regime’;
  • reforming superannuation taxation concessions for balances over $3 million;
  • requiring employers to pay superannuation on payday; and
  • consulting on the retirement phase of superannuation.
  1. RBA Financial Stability Review – October 2023: The RBA’s Financial Stability Review for October 2023 highlights that Australia’s financial system remains strong despite global financial stability risks being exacerbated by challenging macroeconomic conditions. Notably:
  • while households are experiencing strain, low unemployment and savings buffers have helped offset cost of living pressures;
  • businesses remain vulnerable to shocks from higher input costs and interest rates, and softening demand – yet, risks to the broader financial system remain low;
  • banks remain profitable and hold significant capital, with few borrowers in negative equity on their housing loans – despite risks in the global and Australian commercial real estate markets that, while not insignificant for banks, remain low in the context of the broader financial system;
  • non-bank financial institutions continue to pose a low risk to the financial system;
  • cyber risks continue to increase in number and severity, highlighting a need for financial institutions to continue investing in their defence and recovery plans; and
  • stress in China’s financial system due to the continued deterioration of its property sector may be felt in Australia, through slowing global economic activity (including commodity prices, and reduced Chinese imports of Australian goods and services), but direct links between the two financial systems remain small.

Legislative Updates

  1. Joint Committee on Law Enforcement initiates an inquiry into the capability of law enforcement to respond to cybercrime: On 16 October 2023, the Joint Committee on Law Enforcement commenced an inquiry into the capability of law enforcement to respond to cybercrime. The Terms of Reference include consideration of:
  • existing law enforcement capabilities in detection, investigation, and prosecution of cybercrime;
  • coordination of law enforcement across international and federal jurisdictions to investigate and share information relating to cybercrimes;
  • coordination efforts across law enforcement, non-government, and private sector organisations in response to cybercrime;
  • emerging cybercrime threats and challenges;
  • opportunities and challenges within the existing legislative framework; and
  • prevention and education approaches to reduce the prevalence of victimisation through cybercrime.

The committee is accepting submissions until 15 December 2023. 

If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.

Authored by:

Michael Kenny, Partner
Matthew Bode, Partner
Kelly Griffiths, Partner
Sinead Lynch, Partner
Daniel Maroske, Partner
Kate Mills, Partner
Caroline Ord, Partner
Anna Fanelli, Senior Associate
Zira Norman, Senior Associate
Elizabeth Ziegler, Senior Associate
Clare Smith, Associate
Raymond Huang, Lawyer
Chris Girardi, Lawyer

This update does not constitute legal advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of the content.

Get in touch