October compliance deadlines: rounding up the last-minute changes

ASIC's 'lighter touch' approach to enforcement 6 min read

The shake-up of the financial services industry is now in full swing, with a raft of regulatory changes coming into effect in early October. This includes the commencement of the design and distribution obligations (DDO) regime, the deferred sales model for add-on insurance (DSM), changes to the anti-hawking rules, refreshed standards for internal dispute resolution systems and, to top it all off, a new breach reporting regime.

It shouldn't come as a surprise that ahead of the October compliance dates, ASIC announced it would be taking a 'lighter touch' approach to enforcement, at least in the early transition days. ASIC's concession recognises the sector's efforts in preparation of these new laws and the work that will continue. It also recognises the last-minute guidance issued by ASIC and amendments introduced by Treasury which will require time to address.

Welcome clarifications for the DDO regime

In late July, Treasury announced its intention to amend the DDO legislation to exclude certain classes of financial products from the regime and to tidy up some of the more confusing aspects of the legislation.

As amendments were unlikely to be passed through Parliament ahead of the 5 October 2021 implementation date, ASIC said it would consult on instruments for interim relief.

On 1 October 2021, ASIC published the ASIC Corporations (Design and Distribution Obligations Interim Measures) Instrument 2021/784, which was welcome news just days ahead of the compliance deadline (fair to say, 'better late than never'). Among the relief granted, the Instrument:

• exempts non-cash payment facilities (NCPFs) (except for debit cards, credit products and stored value facilities) – meaning product issuers do not need to make a target market determination for NCPFs such as BPAY or Osko (which are typically only available when bundled with other core banking products), or for most single use gift cards;
• modifies the reporting obligations for distributors by removing the obligation to report to issuers where the distributor received no complaints or other reportable information in a given reportable period – this will significantly reduce the reporting burden on distributors, both from the perspective of the information that needs to be captured and then communicated;
• exempts foreign exchange contracts that settle immediately, margin lending facilities provided to non-natural persons and cashless welfare arrangements – these exemptions align the DDO regime with the broader policy approach to the regulation of such products; and
• amends s761G of the Corporations Act 2001 (Cth) (Corporations Act) to clarify that the definitions of retail and wholesale client apply to Part 7.8A in the same way they apply throughout Chapter 7 more generally – clarifying some of the confusion around whether slightly different formulations of these concepts applied under the DDO regime.

Last minute clarifications for the breach reporting regime

On 1 October 2021, the new breach reporting regime came into play (read more about the regime here). ASIC initially released its draft Regulatory Guide 78: Breach reporting by AFS licensees and credit licensees (RG 78) in April 2021, but it was not until 7 September 2021 that the final guidance was published. Although much of the guidance remains unchanged, ASIC included guidance on several new points to assist licensees in responding to the regulatory change. This includes several worked examples on some of the trickier implementation points, such as when and how investigations should be reported, how certain deemed significant breaches should be assessed (particularly where the breach relies on subjective assessments, such as acts of dishonesty or material loss), how to determine whether a breach of a core obligation is 'significant', and when to figure out how a corporate entity first 'knows' that a reportable situation has arisen.

As part of the breach reporting reforms, Australian credit licensees are now subject to these reporting obligations. Under new provisions in the National Consumer Credit Protection Act 2009 (Cth) (NCCPA), credit licensees must report to ASIC 'reportable situations', which include instances where the licensee has breached a 'core obligation'. A core obligation is defined in s50A(3) of the NCCPA as:

1. an obligation under section 47, other than the obligation under paragraph 47(1)(d);
2. the obligation under paragraph 47(1)(d), so far as it relates to this Act, the Transitional Act and Division 2 of Part 2 of the ASIC Act and regulations made for the purpose of that Division;
3. the obligation under paragraph 47(1)(d), so far as it relates to Commonwealth legislation that is covered by paragraph (d) of the definition of credit legislation.

This definition has the potential for a broad reach, with 'credit legislation' defined under the NCCPA to include any Commonwealth legislation that covers conduct relating to credit activities (whether or not it also covers other conduct), but only in so far as it covers conduct relating to credit activities. This has broader application than the equivalent provision in the Corporations Act, as regulation 7.6.02A of the Corporations Regulations limits the applicable Commonwealth legislation for these purposes to 14 specific laws. The NCCPA provisions contained no such limitation, creating uncertainty as to the number of Commonwealth laws that could potentially be caught by this core obligation.

However, in the lead up to the compliance date, the Government announced its intention to make a number of technical amendments to the breach reporting regime, including amendments to limit the definition of 'credit legislation' for the purposes of the breach reporting regime so it captures only the following laws:

• Banking Act 1959 (Cth);
• Corporations Act 2001 (Cth);
• Financial Sector (Collection of Data) Act 2001 (Cth);
• Financial Sector (Shareholdings) Act 1998 (Cth); and
• Financial Sector (Transfers of Business) Act 1999 (Cth).

These amendments were also made at the last minute, with the ASIC Credit (Breach Reporting—Prescribed Commonwealth Legislation) Instrument 2021/801 (Instrument) being published on 28 September 2021.

Now, a breach of a core obligation under the above Acts will only be deemed significant if it is constituted by the commission of an offence that is punishable on conviction by a penalty that may include a maximum period of imprisonment, or results or is likely to result in material loss or damage to a credit activity client of a licensee.

The Instrument also clarifies that a breach of subparagraph 47(1)(h)(ii) of the NCCPA, as notionally substituted by the ASIC Corporations, Credit and Superannuation (Internal Dispute Resolution) Instrument 2020/98, will not be deemed significant – in contrast to other key licensee obligations in s47(1). Subparagraph 47(1)(h)(ii) requires licensees to comply with their internal dispute procedures.

Deferred sales model for add-on insurance

The insurance sector has worked hard to implement the DSM, with systems and processes undergoing a significant overhaul to accommodate new deferral periods and information requirements.

We are a few weeks in now, and there are still a number of outstanding questions, including how ASIC will approach the implementation of the DSM where add-on insurance policies are being financed and whether certain warranty products are in or out of scope.

Other developments

On 23 September 2021, ASIC published its final Regulatory Guide 38: The hawking prohibition. Read our update on the key changes here.

You can also read about ASIC's new Regulatory Guide 271: Internal dispute resolution here.