In this edition of Gilbert + Tobin’s Financial Services Regulation Newsletter, we focus on key legal developments over the last fortnight.

Contents 

On the pulse 

ASIC updates guidance for participants in the carbon market following Safeguard Mechanism reforms - see media release .

ASIC publishes updated regulatory guidance for registered liquidators ASIC InFocus - October 2024 - see media release .

APRA publishes the June 2024 edition of the Quarterly Superannuation Product Statistics, Superannuation Industry Publication and Fund-level Statistics - see media release .

APRA releases Monthly Authorised Deposit-taking Institution Statistics for September 2024 - see media release .

AUSTRAC’s latest efforts to combat financial crime - see media release .

Updated ML/TF risk assessments guidance for businesses - see media release .

New guidance on outsourcing AML/CTF functions - see media release .

AUSTRAC: How we produce a national risk assessment - see media release .

Important changes to customer identification obligations for online gambling service providers - see guidance .

ACCC welcomes introduction of merger reform bill, prepares for implementation - see media release .

AICD: key themes and takeaways from the Climate Governance Forum 2024 - see media release .

AICD: Cybersecurity remains top concern for Australian businesses - see media release .

AICD: nature key to our shared prosperity - see media release .

AICD: directors' oversight of company compliance obligations - see media release .

TNFD: increasing number of Australian adopters - see media release .

IOSCO Announces Final Report on Investor Education on Crypto-Assets - see report .

Full Federal Court dismisses ANZ appeal in continuous disclosure case: ANZ v ASIC [2024] FCAFC 128   AASB publishes Australian Sustainability Reporting Standards - see standards .

Merger reform for a more competitive economy: Government response to consultation - see media release .

Landmark cybersecurity legislation package introduced - see media release .

Labor’s reforms to boost financial market competition pave way for new provider - see media release .

Feedback Invited: Proposed Australian Standard on Sustainability Assurance - ASSA 5010 Timeline for Audits and Reviews of Information in Sustainability Reports under the Corporations Act 2001 - see exposure draft .

G+T Insight - Work health and safety - key developments in court procedures and case law - Dianne Banks and James Pomeroy (11 October 2024). G+T Insight - Australia’s merger reform odyssey: our first look at the final merger reform bill - Elizabeth Avery (11 October 2024). G+T Insight - Senate report urges financial incentives to boost whistleblowing as ASIC review approaches - Dianne Banks and Kaushalya Mataraaratchi (10 October 2024). G+T Insight - Artificial intelligence in critical infrastructure - Peter Waters and Dal Lim (10 October 2024). G+T Insight - When can a business be found liable for another person’s contravention? A practical update on ancillary liability - Andrew Low and Kelvin Ng (8 October 2024). G+T Insight - Largest greenwashing penalty so far of $12.9m imposed on Vanguard - Jeremy Jose and Ilona Millar (4 October 2024). G+T Insight - Shop Talk | Consumer Law Enforcement Wrap-Up - Charles Coorey and Liana Witt (3 October 2024).

ASIC 

ASIC updates guidance for participants in the carbon market following Safeguard Mechanism reforms

On 3 October, ASIC released its updated regulatory guidance for carbon market participants in Regulatory Guide 236: Do I need an AFS licence to participate in carbon markets? (RG 236).

RG 236 provides guidance for participants in the carbon markets including people involved in the Australian Carbon Credit Unit (ACCU) scheme, responsible emitters for safeguard facilities, market intermediaries and advisers to participants in the carbon market.

The guidance will assist participants in carbon markets in deciding whether they need an Australian financial services licence to engage in activities associated with participation in the carbon market. These activities may involve providing a financial service, such as providing financial product advice or dealing in emissions units regulated as financial products, including ACCUs and Safeguard Mechanism Credits (SMCs).

The updates to RG 236:

  • address the Safeguard Mechanism reforms that commenced on 1 July 2023; and

  • reflect changes to the ACCU scheme that have occurred since RG 236 was last re-issued in May 2015.

A copy of the non-confidential submissions made to ASIC during consultation with stakeholders, as well as an outline of ASIC’s response to the submissions received, is available here: CP 378 .

ASIC will also update Information Sheet 156 Regulated emissions units: Applying for or varying an AFS licence (INFO 156) to address the Safeguard Mechanism reforms and updates made in RG 236, in Q4 2024.

See ASIC media release

InFocus - October 2024

  1. Multi-factor authentication (MFA) is coming to the ASIC Regulatory Portal - from late October 2024, users will require MFA to access their ASIC Regulatory Portal account. Read more .

  2. Financial reports due soon - lodge online now - for businesses with a financial year end date of 30 June 2024, financial reports will be due soon. Companies that are not disclosing entities or registered schemes must lodge within four months after the end of the financial year. Read more .

  3. Compensation Scheme of Last Resort (CSLR) - the CSLR is a new independent, not-for-profit company which commenced operations earlier this year. Read more

See ASIC InFocus .

ASIC key actions and proceedings

APRA 

APRA key actions and proceedings

APRA revokes International Bank of Australia’s restricted banking licence - APRA has agreed to requests from International Bank of Australia Pty Limited (IBA) to revoke its licence to operate as a restricted authorised deposit-taking institution (ADI) and IBOA Group Holdings Pty Ltd (IBOA Holdings) to revoke its licence to operate as a non-operating holding company (NOHC). 

APRA granted IBA and IBOA Holdings licences to operate as a restricted ADI and a NOHC respectively under the Banking Act 1959 in November 2022. At the time of revocation, IBA had not launched any products and had no customers and zero deposits. 

IBA’s decision to request a revocation of its restricted ADI licence does not prejudice any future application it may make for an ADI or restricted ADI licence. See APRA media release .

Other bodies and regulators 

Updated ML/TF risk assessments guidance for businesses

Updated information is now available to help businesses effectively use AUSTRAC guidance and feedback when assessing money laundering and terrorism financing (ML/TF) risks. The updated guidance provides important information about:

  • how to take AUSTRAC guidance and feedback into account;

  • the key sources of AUSTRAC guidance on ML/TF risks; and

  • how to determine whether particular guidance or feedback is relevant to a business.

For more information, see the money laundering/terrorism financing risk assessment guide .

New guidance on outsourcing AML/CTF functions

New guidance is now available to help businesses identify and manage the risks that may arise when outsourcing AML/CTF functions.

This guidance recommends that companies: 

  • identify the risks that may arise through outsourcing;

  • conduct due diligence on outsourcing providers;

  • understand restrictions on sharing AML/CTF information;

  • use a written agreement for outsourcing;

  • monitor and review ongoing outsourcing arrangements; and

  • document procedures for managing outsourcing arrangements in your AML/CTF program.

For more information, see the new outsourcing guidance and AUSTRAC media release .

How a national risk assessment is produced

The Attorney-General Mark Dreyfus and AUSTRAC CEO Brendan Thomas formally released their unclassified National Risk Assessments (NRAs) of money laundering and terrorism financing at the National Press Club in July 2024.

These risk assessments provide a collective understanding of the scale, sophistication and threat of these crimes in Australia. They can help businesses understand how criminals launder the proceeds of crime or fund extremist violence and ensure they have the appropriate AML/CTF measures in place.

For more information, see AUSTRAC media release .

Important changes to customer identification obligations for online gambling service providers

In September 2023, the AML/CTF Rules were amended to strengthen the applicable customer identification procedures (ACIP) that apply to online gambling service providers.

These changes help ensure that online gambling services are not exploited by criminals.  Online gambling service providers have had a year to adapt their systems to these changes. During this time under interim measures, providers could delay ACIP in special circumstances. These interim measures have now expired.

From 29 September 2024, all online gambling service providers must complete ACIP before creating an online gambling account or commencing to provide any designated service.

They must not provide these services to an individual customer until they are reasonably satisfied that the customer is who they claim to be. Providers must complete comprehensive checks on a customer as part of ACIP before providing these services.

Verifying customer identity is vital to making sure providers:

  • protect themselves against criminal exploitation 

For more information on ACIP requirements, read AUSTRAC’s guidance .

Have your say on draft guidance

AUSTRAC are seeking feedback on draft updates to guidance on using alternative identification procedures by 30 October 2024.

The guidance is being updated to support financial inclusion outcomes and address industry feedback.  It is important to note that using alternative identification procedures must always be a risk-based decision for your business, which factors in the individual circumstances and information available.

For a summary of the changes, see the consultation page .

New resources for many sectors

New sector-specific lists of suspicious activity indicators are now available to help businesses identify potential money laundering, terrorism financing and other serious and organised criminal activity. Sectors include: banking, casinos, digital currency (cryptocurrency), financial planners, life insurance, not for profits, online betting agencies, pubs and clubs, remittance service providers, securities and derivatives, superannuation and non-bank lenders and financiers. 

For more information, see AUSTRAC media release

AUSTRAC latest webinars

Recordings of AUSTRAC industry sector-specific webinars highlighting key findings from Australia’s NRAs on money laundering, terrorism financing and proliferation of financing are available here .

ACCC welcomes introduction of merger reform bill, prepares for implementation

The ACCC on 10 October welcomed the introduction of the Treasury Laws Amendment (Mergers and Acquisitions Reform) Bill 2024 into the Australian Parliament, which if passed through the Parliament will provide the ACCC with fit for purpose tools targeted at identifying and preventing anti-competitive mergers.

If passed by the Parliament, the new legislation will represent a major change for the ACCC, business and the Australian community. In anticipation of the new legislation coming into effect, the ACCC on 10 October issued a statement of goals to outline its approach to implementing the new regime and to reduce uncertainty during the transition.

The new system will provide for greater transparency of the mergers the ACCC is reviewing and the reasons on which decisions are based, and obligations of businesses. This will enable the wider community, including consumers and small businesses, to comment on mergers relevant to them. It will also result in a more efficient and faster process and more certain timelines for businesses seeking clearance, with new obligations on the ACCC to complete decisions within legislated timeframes. The ACCC expects about 80% of mergers will be cleared within 15 to 20 business days.

This contrasts to the current situation where only a small proportion of the estimated 1,000 - 1,500 mergers that occur each year are notified to the ACCC and around 93% of those that are voluntarily notified are assessed on a confidential basis.

Subject to the passage of the legislation, the new regime will come into effect from 1 January 2026 but will also allow for merger parties to start using the new merger regime on a voluntary basis from 1 July 2025.

The ACCC will consult on and publish guidelines on the transition period to ensure stakeholders are well informed about the options available to them during this period and have open channels available for merger parties to seek guidance.

See ACCC media release

AICD: key themes and takeaways from the Climate Governance Forum 2024

Transparency, transition and opportunity were the strongest messages from the Climate Governance Forum 2024. CEO and Managing Director of the Australian Institute of Company Directors (AICD), Mark Rigotti, said that a set-and-forget approach will not suffice and boards must work hand-in-glove with management to develop successful climate governance approaches, guided by the long-term interests of the organisations they serve.

Rigotti noted that 80% of respondents to a recent AICD/Pollination survey said they were concerned about climate change as a material risk.

He said “climate is intrinsic to core business strategy and risk management for many organisations ” and “the days of climate change being parked in the sustainability committee is a thing of the past ”.

The mandatory climate reporting bill, T reasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024 (Cth), was passed by Parliament in September. The landmark legislation will require certain organisations to make detailed disclosures about their climate-related risks and opportunities, commencing with the largest emitters and corporations from 1 January 2025.

For more information, see AICD media release .

AICD: Cybersecurity remains top concern for Australian businesses

Australian executives believe risk and security issues will worsen in severity over the next 12 months.

A new report has found that cybersecurity ranks as the number one concern for businesses, followed by financial, legal and regulatory risks. In partnership with YouGov, McGrathNicol surveyed more than 300 C-suite executives and board directors across Australian businesses with 50 or more employees.

Cyber risk was a top-five concern for 2024 for 68% of organisations, the highest of any risk category. The report found 71% of organisations do not conduct due diligence on their key suppliers’ cybersecurity practices, and over 75% do not require mandatory reporting of cyber or data breaches affecting their suppliers.

While 87% of surveyed organisations were confident their business has a comprehensive insider risk management program in place, less than a third have implemented fundamental insider risk controls. Only 28% use a risk-based vetting and due diligence framework for employees and suppliers or contractors, while only 27% have education/awareness programs in place, and just 18% have appointed an authority accountable for insider risk.

For more information, see AICD media release .

AICD: nature key to our shared prosperity

Ahead of the Global Nature Positive Summit (the Summit), Australian business, finance, investor and civil society groups have come together to drive focus on the importance of nature protection and restoration. The Summit is an opportunity for Australia to operationalise the Global Biodiversity Framework goal of halting and reversing nature and biodiversity loss by 2030. Business, investor and civil society groups and government are committed to the task of ensuring we have a thriving natural environment to underpin our shared prosperity.

For more information, see AICD media release .

AICD: directors' oversight of company compliance obligations

On 8 October 2024, the AICD published AICD Practice Statement: Directors' oversight of company compliance obligations (Practice Statement), which provides guidance and suggested steps for effective director monitoring and oversight of a company's regulatory compliance in practice. The Practice Statement is informed by a legal opinion by Michael Hodge KC and Sonia Tame, commissioned by the AICD, which provides clarity for directors on the standard of care required in meeting their duty of care and diligence overseeing a company's compliance obligations and addresses key questions, including:

  • When does a breach of a company's regulatory obligation give rise to a breach of a director’s duty of care and diligence?

  • When are individual directors in breach of their duty versus the whole board?

  • To what extent can directors delegate responsibilities or rely on the advice of others in overseeing a company's regulatory compliance?

For more information, see AICD media release .

TNFD: increasing number of Australian adopters

On 7 October 2024, the Taskforce on Nature-related Financial Disclosures (TNFD) announced that the total number of Australian companies and financial institutions that have committed to adopting the TNFD’s recommendations and publishing TNFD-aligned disclosures as part of their annual corporate reporting now stands at 23, including a number of Australia's leading ASX-listed companies.

For more information, see here .

IOSCO Announces Final Report on Investor Education on Crypto-Assets 

The International Organization of Securities Commissions (IOSCO) has released its Final Report on Investor Education surrounding Crypto-Assets (Final Report) . The Final Report highlights examples of regulatory changes and enforcement activity by members of IOSCO’s Committee for Retail Investors since the related 2020 report. It also highlights examples of current priority issues around investor education in the crypto-asset space, such as relationship investment scams and the need to communicate with retail investors on, and about, social media. See Report

Corporate cases

Full Federal Court dismisses ANZ appeal in continuous disclosure case 

On 2 October, the Full Federal Court dismissed an appeal by Australia and New Zealand Banking Group Limited (ANZ) against a judgment that it breached continuous disclosure laws when undertaking a $2.5 billion institutional share placement in 2015. ANZ was also ordered to pay ASIC’s costs.

In dismissing ANZ’s appeal, the Court upheld the original decision in a case brought by ASIC, which imposed a penalty of $900,000 on ANZ for contravening continuous disclosure laws.

The Court found that by failing to notify the ASX that between approximately $754 million and $791 million of the shares offered in the placement was to be acquired by its underwriters rather than placed with investors, ANZ had contravened its continuous disclosure obligations.

ANZ was also ordered to pay ASIC’s costs.

ASIC Chair Joe Longo said: ” ASIC will always defend the integrity of Australia’s market" and "this is an important case that confirms how critical continuous disclosure is to maintain market integrity ”.

See ASIC’s media release ; ANZ v ASIC [2024] FCAFC 128 and ASIC v ANZ (No 2) [2023] FCA 1217 (primary judgment) (as well as ASIC's media release on the primary judgment).

Legislation and proposed legislation 

AASB publishes Australian Sustainability Reporting Standards

The Australian Accounting Standards Board (AASB) has published its two inaugural Australian Sustainability Reporting Standards, as follows:

Merger reform for a more competitive economy: Government response to consultation

The government response to consultation explains the Australian Government’s merger reform policy following extensive consultation with stakeholders. It also includes proposed notification thresholds.

On 10 April 2024, the government announced reforms to Australia’s merger rules to promote competition, protect consumers and provide greater certainty by streamlining the approvals process. The reforms were detailed in the Merger Reform paper .

Treasury consulted widely to inform the policy and legislation design, with stakeholders representing the perspectives of consumers, businesses (including small-to-medium enterprises and multinational businesses), agriculture, legal practitioners, investors, academics and industry associations.

The reforms will be implemented principally through amendments to the Competition and Consumer Act 2010 (Cth) and associated subordinate legislation.

On 24 July 2024, Treasury released the exposure draft of what is now the Treasury Laws Amendment (Mergers and Acquisitions Reform) Bill 2024 (Merger Reform Bill). The refinements to the Merger Reform Bill reflect extensive and ongoing engagement with stakeholders to ensure the system serves consumers, business and the community.

On 30 August 2024, Treasury released the merger notification thresholds consultation paper . Following consultation, the government has announced that there will be general notification thresholds that apply, in conjunction with additional targeted notification requirements that capture other high-risk acquisitions.

In summary, the notification thresholds will comprise:

The government will not be proceeding with economy-wide market concentration thresholds given stakeholder feedback on their uncertainty and complexity when applied in practice. Instead, the government is exploring a low-cost targeted screening tool to determine whether businesses in concentrated markets need to notify transactions or not.

The government will also ensure that acquisitions that are unlikely to have an impact on Australia will not need to be notified. Additionally, benign land acquisitions involving residential development and certain commercial property acquisitions will be exempt from notification.

The government intends to ensure there is adequate scrutiny of acquisitions by supermarkets and that acquisitions that result in changes in certain levels of control, including by unlisted or private capital, will be addressed through subordinate legislation.

Further detail on thresholds will be consulted on through the development of subordinate legislation later in 2024-25. Treasury will consult on further detail on the notification thresholds through the development of subordinate legislation later in 2024-25.

For more information, see the Treasury media release and the government response to consultation

Landmark cybersecurity legislation package introduced

On 9 October 2024, a landmark cybersecurity legislation package was introduced into Parliament. The package will implement seven initiatives under the 2023-2030 Australian Cyber Security Strategy, addressing legislative gaps to bring Australia in line with international best practice and take the next step to ensure Australia is on track to become a global leader in cybersecurity. The package includes:

  • clarifying existing obligations in relation to systems holding business critical data;

  • enhancing government assistance measures to better manage the impacts of all hazards incidents on critical infrastructure;

  • simplifying information sharing across industry and government;

  • introducing a power for the government to direct entities to address serious deficiencies within their risk management programs; and

  • clarifying existing obligations in relation to systems holding business critical data;

  • enhancing government assistance measures to better manage the impacts of all hazards incidents on critical infrastructure;

  • simplifying information sharing across industry and government;

  • introducing a power for the government to direct entities to address serious deficiencies within their risk management programs; and

The amendments in this Bill complement the "limited use" obligation applicable to the National Cyber Security Coordinator outlined under Part 4 of the Cyber Security Bill 2024 (Cth) .

For more information, see the Department of Home Affairs: Introduction of landmark Cyber Security Legislation Package (9 October 2024) .

Labor’s reforms to boost financial market competition pave way for new provider

A new provider of clearing and settlement services has emerged following the passage of the government’s new legislation (in September 2023) to improve competition in financial markets, with news ASIC has approved a licence for a new player, FinClear.

Clearing and settlement services are critical to the functioning and stability of financial markets and the legislation has enabled providers to emerge.

The legislation which passed in September last year created a framework for fair, transparent and non discriminatory access to market infrastructure for competitors, allowing them to offer their own clearing and settlement services.
The licence recently provided by ASIC will underpin the operations of FinClear’s subsidiary FCX.

The government says the emergence of a new provider of clearing and settlement services is evidence that their economic plan is helping to make the economy more competitive and our financial system stronger and more productive.

For more information, see ASIC media release

Feedback Invited: Proposed Australian Standard on Sustainability Assurance - ASSA 5010

Timeline for Audits and Reviews of Information in Sustainability Reports under the Corporations Act 2001

The Auditing and Assurance Standards Board (AUASB) has released an Exposure Draft of a Proposed Australian Standard on Sustainability Assurance ASSA 5010 Timeline for Audits and Reviews of Information in Sustainability Reports under the Corporations Act 2001 (ED 02/24) that outlines a proposed timeline for when information in a sustainability report prepared in accordance with Chapter 2M of the Corporations Act 2001 (Cth) (Corporations Act) would be subject to audit and/or review. As these proposals will affect preparers, users, and auditors, the AUASB has stated that it is important that it hears views of a wide range of stakeholders. The deadline for providing comments on the Exposure Draft is 16 November 2024.

ED 02/24 has been developed in response to schedule 4 of the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024 (Cth) (the Bill), which proposes a new mandatory climate disclosure framework for larger entities that prepare financial reports under Chapter 2M of the Corporations Act . The Bill has been passed by both Houses of Parliament and is awaiting Royal Assent.

The Bill will require (among other things):

Following extensive consultation and outreach on its March 2024 Consultation Paper , the AUASB’s ED 02/24 proposes an assurance phasing model that considers the likely:

  • maturity of reporting entities’ systems and processes;

  • demand for assurance over disclosures; and

  • capacity and capabilities of auditors and their experts during the initial years of reporting.

Stakeholders are encouraged to provide feedback on ED 02/24 by:

  • submitting a comment letter via the AUASB website; and

  • attending a roundtable discussion - details to be provided shortly.

Any queries about the Exposure Draft should be directed to enquiries@auasb.gov.au .

G+T articles

G+T Insight - Work health and safety - key developments in court procedures and case law - examines two recent developments in work health and safety which will impact safety prosecutions in NSW in light of both signals from the new Industrial Court of New South Wales regarding the manner in which it intends to manage proceedings (including in the relevant practice note issued by the Court), and recent case law from the Court of Criminal Appeal - Dianne Banks and James Pomeroy (11 October 2024).

G+T Insight - Australia’s merger reform odyssey: our first look at the final merger reform bill - provides a summary of the practical implications of the Treasury Laws Amendment (Mergers and Acquisitions Reform) Bill 2024 , including takeaways from the ACCC’s Statement - Elizabeth Avery (11 October 2024).

G+T Insight - Artificial intelligence in critical infrastructure - discusses the U.S. Cybersecurity and Infrastructure Security Agency's release of guidelines to help critical infrastructure owners manage AI-related risks. In particular, the article highlights the importance of balancing innovation with security as AI technologies are increasingly integrated into critical infrastructure systems, including healthcare, transportation, and finance, and addresses Australia's efforts in enhancing its own cybersecurity framework - Peter Waters and Dal Lim (10 October 2024).

G+T Insight - Senate report urges financial incentives to boost whistleblowing as ASIC review approaches - discusses a Senate report criticising ASIC for failing to properly investigate and enforce actions on alleged misconduct, and it recommends reforms including financial incentives for whistleblowers and a tougher litigation approach for breaches of corporate law - Dianne Banks and Kaushalya Mataraaratchi (10 October 2024).

G+T Insight - When can a business be found liable for another person’s contravention? A practical update on ancillary liability - discusses the issue of ancillary liability, particularly under Australian law, where businesses or individuals can be held liable for being "knowingly concerned" in another party's breach. The article focuses on recent High Court rulings that clarify the threshold for such liability, especially in cases of unconscionable and misleading conduct - Andrew Low and Kelvin Ng (8 October 2024).

G+T Insight - Largest greenwashing penalty so far of $12.9m imposed on Vanguard - discusses a Federal Court decision ordering Vanguard Investments Australia to pay a $12.9 million penalty for misleading representations regarding an "ethically conscious" fund, marking ASIC’s first court outcome on greenwashing, with Vanguard cooperating but still disputing the penalty amount and securing a reduction in comparison to the penalty sought by ASIC - Jeremy Jose and Ilona Millar (4 October 2024)

G+T Insight - Shop Talk | Consumer Law Enforcement Wrap-Up - provides a detailed update on recent enforcement actions and legal cases led by the ACCC, highlighting the ACCC’s focus on consumer law, fair trading, misleading claims (particularly in pricing), and sustainability issues, including penalties against major companies such as EnergyAustralia, Secure Parking, Qantas, and Bloomex for violating the Australian Consumer Law - Charles Coorey and Liana Witt (3 October 2024).

Calendar dates