Enforceability of industry codes of conduct

By Nicola Greenberg
Financial Services

In brief 5 min read

Proposed changes giving ASIC powers in relation to financial services industry codes of conduct means that obligations in these codes may become enforceable. This is interesting because the drafting in many of these codes tends to be broad, and, in some cases, goes far beyond the participants' existing obligations at law. Financial services providers who have signed up to voluntary codes should consider their obligations, and investors in financial services should consider asking about the existence of code obligations as part of due diligence.

'Soft law' gets tougher

One of the big trends coming out of the Royal Commission is that our expectations of financial services providers goes beyond obliging the letter of the law, to some kind of moral expectation or unwritten code of conduct. Certainly, use of the phrase 'community expectations' has seen a huge increase, as providers of financial services try to understand what their community expects of them, and what might be the consequences if they don't meet those expectations.

From a regulatory perspective, we have also wondered whether or how these expectations could make their way into our financial services laws. So, it was interesting to see that there is one aspect of this developing 'soft-law' that has been incorporated into the Financial Sector Reform (Hayne Royal Commission Response Protecting Consumers (2020 Measures)) Bill 2020 (the Bill), albeit through a somewhat roundabout mechanism. The Bill proposes amendments to the Corporations Act 2001 (Cth) that would give ASIC powers in relation to financial services industry codes of conduct.

This is a power that taps into another trend in financial services: the self-regulation of fintech, and financial services generally, via voluntary codes of conduct. Observers of Australia's financial services market will have seen a proliferation of these kinds of industry codes. Their participants range from Australia's banks (Banking Code of Practice); to fintech lenders (Online Small Business Lenders Code of Lending Practice); and, recently, the buy now pay later industry (Code of Practice for Buy Now Pay Later Providers). One of the consistent features across these codes is that they are all described as voluntary (although, arguably, industry pressure means they are not truly voluntary). However, while participation in the code of conduct may be voluntary, under new laws its enforcement by ASIC may not be.  

What are the new powers?

The changes regarding industry codes of conduct make up a new section 1101A of the Corporations Act. The powers given to ASIC in this section can broadly be summarised as:

  • to approve industry codes of conduct;
  • to make certain provisions of an industry code of conduct enforceable; and
  • to enforce provisions that are enforceable (including a civil penalty for breach of an enforceable code).

It is interesting to consider the extent to which this addresses the 'soft-law' issues raised by the Royal Commission. These codes of conduct have typically been drafted broadly, and make much more general 'community based' statements than we would typically see in financial services regulatory laws. For example, the Online Small Business Lenders Code of Lending Practice states that 'We will always act honestly and with integrity and will treat you reasonably in all our dealings with you.'1 The Banking Code of Practice provides that: 'We are committed to earning and retaining the trust of our customers and the community'.2 It does not seem likely that the participants in these Codes envisaged a world where those words could be specifically enforceable by their customers.

Arguably, these are not the parts of voluntary codes of conduct that the legislation considers should become enforceable, because this would make it an almost impossible task to define a breach. That would be a sensible approach, and perhaps is what the Bill contemplates when it requires ASIC to consider mandatory elements before determining that a provision of an industry code is enforceable. However, ASIC's consideration requirements before making a provision enforceable are equally broadly drafted. They require it to consider whether:

(b) either:
(i) a breach of the provision could result in significant detriment to the person; or
(ii) a breach of the provision could significantly undermine the confidence of the Australian public, or a section of the Australian public, in the provision of financial services in this jurisdiction or those who provide financial services in this jurisdiction.

It is difficult to imagine a breach of a voluntary code that would not at least satisfy (ii), even if it resulted in no harm to consumers. It is possible that the reason ASIC's power to make codes' provisions enforceable is discretionary is to ensure that it does not act beyond what is reasonable, despite the broad drafting of its powers.

Even the less broadly drafted sections of these voluntary codes do not easily lend themselves to enforceability. This might be because when they were drafted, it was not contemplated that they might become enforceable by ASIC, eg the serviceability assessment in the Buy Now Pay Later Code of Conduct, which provides that:

We will assess customers to ensure our product or service will be suitable for them prior to providing it for every new Transaction Amount. We will take into account customers’ characteristics based on the common aspects of their objectives, financial situation and needs.3

The use of the word 'suitable' here goes beyond the notorious double negative of 'not-unsuitable' in the National Credit Code. If enforceable, this could impose a more onerous obligation on buy now pay later providers than is imposed on providers of regulated credit, which seems to be a very strange outcome. 

So, what does it all mean?

Given the Bill is still in draft, it is possible that some further restrictions will be placed on the kinds of provisions that ASIC may deem enforceable; likewise, there may be some alterations to industry codes of conduct, to tone down some of the more extreme undertakings. Overall, it would be sensible for providers of financial services to conduct an audit of their own voluntary codes of conduct, and consider how they would fare if sections became enforceable. Likewise, investors in fintech and financial products generally should consider adding questions about voluntary codes to their due diligence, so they can anticipate any issues that may arise if ASIC starts enforcing this particular power.


  1. Online Small Business Lenders Code of Lending Practice, AFIA, page 6.

  2. Banking Code of Practice, Australian Bankers Association, 1 March 2020, page 5.

  3. Code of Practice for Buy Now Pay Later Providers, AFIA, effective from 1 July 2020, page 8.