Overview

In the context of cost of living pressures, regulators remained focused on protecting vulnerable consumers, including superannuation fund members and insureds. They prioritised claims handling issues, commencing proceedings against various superannuation funds regarding their death benefits claims handling. The Australian Securities and Investments Commission (ASIC) also commenced civil penalty proceedings against Bupa and RACQ in relation to alleged misconduct and misleading statements in renewal documentation. The Australian Competition and Consumer Commission (the ACCC) continued its focus on the supermarket and retail sectors, particularly regarding market power and alleged misleading pricing. Looking ahead to later in 2026, key upcoming developments include the rollout of the Scams Prevention Framework, proposed bans on unfair trading practices, and the release by the Australian Prudential Regulation Authority (APRA) of the draft update to its governance prudential standards and the results from its Insurance Climate Vulnerability Assessment.

Regulation of the digital economy and AI continues to be a priority on the regulatory agenda. In December 2025, amendments to the Online Safety Act 2021 (Cth) came into effect, empowering the eSafety Commissioner to monitor and enforce the new social media ban. The Australian Communications and Media Authority (the ACMA) continued to focus on interactive gambling safeguards in 2025, enforcing new credit card and crypto bans, promoting BetStop, and taking compliance action against gambling websites for providing prohibited or unlicensed interactive gambling services. The Australian Government released new guidance in relation to AI, replacing the safety standard published a year earlier. We expect that, in 2026, regulators will use existing frameworks to monitor organisations' use of AI, and investigate any harms and failures perpetuated by AI deployment and use.

In 2025, regulators maintained heightened scrutiny on privacy, data governance, cyber risk management and operational resilience. The regulatory landscape evolved rapidly, with increased enforcement actions relating to cyber incidents, and regulators clarifying expectations via industry guidance. Certain themes are clear: organisations must invest in adequate IT systems, security controls and incident preparedness, and focus on third-party and concentration risks.

Throughout 2025, there were a number of corporate crime legislative developments in bribery, sanctions and whistleblowing. They include changes to the sanctions frameworks in various states, and the inclusion of positive obligations on reporting entities in relation to sanctions screening and policy frameworks. The Australian Federal Police established Taskforce Solaris, which is expected to result in an increase in foreign bribery-related enforcement activity in years to come. Other key developments to watch out for in 2026 include potential reforms to Australia's sanction laws and bribery laws, and Treasury's anticipated review of whistleblower protection provisions in the Corporations Act 2001 (Cth).

The most notable developments in anti-money laundering regulation in 2025 concerned the implementation of, and continued consultation on, the reforms to Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime. Certain reforms commenced, including those provisions that amended the prohibition against reporting entities 'tipping off' their customers about certain matters, and other provisions expanding AUSTRAC's information-gathering powers. Enforcement action by the Australian Transaction Reports and Analysis Centre (AUSTRAC) continues to focus on banks, pubs, clubs and remittance sectors; we expect that in 2026 AUSTRAC will increase its focus on digital / crypto asset service providers, payment service providers, bullion and non-bank lenders and financiers. The reforms to commence in 2026 will also broaden AUSTRAC's focus to gatekeeper professions, such as lawyers, accountants and real estate agents.

In 2025, conduct and culture continued to be a key regulatory focus area. Allegations continue to be levelled against large organisations, including against senior executives; the Federal Court provided instructive guidance on the types of disclosures that may qualify for protection under the corporate whistleblower regime; and in Victoria, regulations were introduced imposing new duties on employers to manage psychosocial risks in the workplace, bringing the state into alignment with other Australian jurisdictions. We expect to see in 2026 further developments in relation both to the corporate and public sector whistleblower laws; and continued enforcement action in the psychosocial health and safety space, with a particular focus on workplace change and fatigue-related health and safety risks.

In the ESG space, regulators maintained an active agenda against greenwashing. From 1 January 2025, certain Australian businesses and financial institutions became subject to the mandatory climate change-related financial reporting regime, and a second tranche of entities will be required to report from 1 July 2026. We expect regulatory attention on ESG and its intersecting aspects to continue to expand in the year ahead, including further consideration of potential governance failures, and elevated expectations around transparency and accountability in relation to areas such as climate reporting, human rights and whistleblowing.

Last year saw a significant focus from ASIC on both market misconduct (with several high-profile cases), and from both ASIC and APRA on the transparency and integrity of private capital and private markets. Market misconduct and systemic compliance failures remain at the forefront of ASIC's enforcement priorities in 2026, and in relation to private capital, the regulator is expected to continue its surveillance of the funds management sector and of the audited financial reports of private companies.