Climate change, protection of retirees, cyberattacks and unsound financial products on the agenda 5 min read
ASIC has released its four-year plan, which outlines its key areas of focus. Of these four priorities, three are new:
- Design and distribution obligations
- Retirement decision making
- Sustainable finance
- Technology risks
These areas of focus match what ASIC says is the new regulatory environment: climate risk, aging population, emerging data and digital technologies, and crypto currency volatility.
ASIC's 2021 enforcement focus, as set out in last year's corporate plan which fell in the middle of the COVID-19 pandemic, was to take action in relation to the most egregious misconduct and conduct harming vulnerable consumers.
ASIC's 2022 corporate plan clearly indicates that the regulator has moved away from driving consumer readiness in relation to standards set by law reform initiatives. Instead, ASIC will focus on enforcement in relation to these initiatives.
ASIC has said it will continue to be an 'active litigator' and to use the 'full suite' of its regulatory tools to prevent and respond to wrongdoing, including using its new product intervention powers and enforcing compliance with DDO obligations.
Design and distribution obligations started on 5 October last year and ASIC says it is going to be looking at measures to 'drive' compliance. For product issuers that means target market determinations (TMDs) and ASIC says it will be reviewing a sample of TMDs from superannuation funds and managed investment schemes. We expect ASIC will be asking whether the target markets are too broad and whether the distribution conditions are stringent enough.
For distributors, ASIC will examine the steps being taken to ensure products are only being recommended or sold to consumers in the target markets. ASIC says it will be looking at how choice products are being distributed by superannuation funds and financial advisers. It refers particularly to underperforming choice products. Moving from MySuper to choice is a particularly tricky area under DDO, and TMDs for superannuation funds that offer MySuper and choice products should be clear about what is required when members make investment choices.
ASIC has not forgotten that DDO applies to consumer credit, and says it will be looking at how DDO is improving consumer outcomes, particularly in respect of credit cards and 'buy now, pay later' arrangements. It says it will be engaging with major supervised institutions on DDO and will take enforcement action to address poor design and distribution of products. DDO is matched with ASIC's new product intervention powers.
ASIC has already issued its first stop orders in relation to this regime in July this year, placing an interim stop order on three financial firms due to deficiencies in the Target Market Determinations for their products. This signals a real shift from ASIC's approach until now, which was to assist industry in bedding down its implementation of the DDO regime.
ASIC says very little about what its focus on retirement decision making means other than keeping a close eye on superannuation products, managed investments and financial advice.
Superannuation funds have recently had to adopt and publish retirement income strategies that must assist their members to balance retirement income objectives. In the absence of default retirement products, that assistance focuses very much on information, guidance and advice and so we expect that ASIC will be looking closely at what funds are saying to their members and how they are engaging with them.
Funds will need to be careful about complying with charging rules (for intra-fund advice) and complying with the requirement to provide advice that is in the best interests of the member (again, for intra-fund advice). They will also need to ensure they have appropriate arrangements in place to ensure that any advice fees paid from the fund are applied for the purposes of providing advice about the member's superannuation in the fund. For advisers, ASIC's reference to managed investments suggests it might be concerned by recommendations to move money out of the superannuation system or into platform products following retirement.
ASIC has said its enforcement action in this area will focus on high-risk property schemes, including responsible entity failures and inappropriate financial advice; and misleading conduct relating to fund performance.
ASIC says it will also take action on 'greenwashing' and wants to improve climate and sustainability governance and disclosure of listed companies, managed funds and superannuation funds. Enforcement action will likely target misleading marketing in this area.
This follows its recent release of an information sheet (INFO 271) setting out ASIC's views on how responsible entities and superannuation trustees can avoid greenwashing when offering or promoting sustainability-related products. Our update on that information sheet is available here.
Enhancing cyber and operational resilience remains a top priority for ASIC. It is also expanding its focus to examine the impact of technology on financial markets and services and to address digitally enabled misconduct, including in relation to scams and crypto-assets.
ASIC will continue to monitor cyber and operational resilience and implement self-assessments to benchmark cyber resilience, refine its risk framework and develop insights. This focus on operational risk management and resilience is consistent with APRA's recent focus on the same, having just published the draft new prudential standards CPS 230 (Operational Risk Management). Incidentally, ASIC also says it will be partnering with other financial regulators on key cyber resilience initiatives (including the Trans-Tasman Council of Banking Supervision's cyber attack protocol and the Council of Financial Regulator's Cyber and Operational Resilience Intelligence-led Exercises), as well as to harmonise regulatory approaches and actions.
ASIC intends to consolidate and update its guidance on cyber resilience, including by updating the requirements in Report 429 Cyber resilience: Health check.
ASIC says it will take enforcement action where it considers there are egregious failures to mitigate the risks of cyber attacks and related cyber resilience governance failures.
ASIC recently commenced an action against Lanterne Fund Services Pty Ltd alleging various breaches of s912A(1) of the Corporations Act 2001 (Cth) for risk and compliance failures, including in relation to a lack of documented technology resourcing plans and security assessments (including in relation to cyber security). Given this is an area of strategic focus for ASIC, we are likely to see more actions of this nature brought under s912A against financial services licensees over the coming year.
With emerging technologies transforming our financial ecosystem, ASIC is also turning its focus to investment scams (including bank transfer and crypto-investment scams) which are occurring at higher rates. ASIC is particularly concerned about scammers using social media and other technology to target consumers, and says it will take a data-informed approach and work with other agencies to target investment scams, with a focus on using disruption strategies.