Key themes of the quarter – November 2024 to January 2025
This quarter saw ASIC engaging in self-reflection at the ASIC Annual Forum where Joe Longo, ASIC chair, advocated for a simplification of regulation and noted ASIC was reassessing its regulatory approach amidst the "legislative porridge" of Australia's complex regulatory landscape. To address these challenges, Mr. Longo announced plans to establish a "Simplification Consultative Group" to explore how regulatory complexity impacts ASIC’s ability to administer the law effectively. See the full speech full speech here.
Despite the challenges highlighted by Mr. Longo, ASIC has shown no signs of slowing its enforcement efforts. In a 14 November announcement outlining ASIC’s 2025 enforcement priorities, Deputy Chair Sarah Court revealed a 25% increase in investigations during 2024 compared to the previous year. Meanwhile, the enforcement priorities offer a clear view of what lies ahead in 2025. Several priorities have carried over from 2024 such as greenwashing and member services failures in the superannuation sector and new priorities provide valuable insight into ASIC's future focus. Notably, these include misconduct targeting superannuation savings, bad faith practices in the insurance industry, a renewed emphasis on cyber security, and an increased focus on insider trading. These priorities were also reiterated in ASIC’s key issues outlook for 2025, released on 24 January.
As 2024 came to a close, ASIC (and APRA) released observations on the banking industry’s implementation of the Financial Accountability Regime so far. Among other things, they noted that individual accountability is the “clearest form of accountability” and that jointly held responsibilities should be kept to a minimum. They also reminded regulated entities that failure to comply with the FAR obligations could result in further action, including once FAR has commenced for superannuation and insurance entities in March this year.
Cutting through all this activity were three key themes, as summarised below.
Superannuation (again!): Superannuation remains squarely in the cross-hairs with multiple enforcement priorities likely to impact the sector. Member services are under scrutiny with ASIC launching enforcement action against the trustee of Cbus alleging failures to adequately manage claims for death benefits and TPD insurance, and ASIC has foreshadowed an increase in investigations into misconduct exploiting superannuation savings, such as the ongoing investigation into the Shield Master Fund.
Insurance in the spotlight: ASIC’s recent enforcement action against QBE Insurance (Australia) Limited and its identification of shortcomings in insurers’ internal dispute resolution processes gives a taste of what’s to come as ASIC focuses on its enforcement priority that insurers deal fairly and in good faith with their customers.
Governance and accountability: There has been a multitude of enforcement actions in this area, including against Regional Express Holdings (Rex) for alleged misleading and deceptive conduct and contravention of continuous disclosure obligations relating to announcement about its forecast profits, and against Oak Capital for alleged unconscionable conduct as a result of a business model that bypassed important consumer credit protections. It’s clear that governance and directors’ duties failures remains a key focus for ASIC.
What else did I miss? Cyber security and regulation of crypto-assets remain hot topics for ASIC, as does misconduct relating to financial hardship (highlighted by proceedings issued against NAB in November last year). The question mark over the effectiveness of ASIC’s voluntary disclosure agreements in protection privilege appears to have been lifted with a successful appeal against the decision in ASIC v Noumi Ltd. Firstmac is ordered to pay $8 million in penalties for DDO failures and the Treasury publishes the first edition of the Regulatory Initiatives Grid with the aim of assisting the financial services industry in navigating upcoming regulatory and legislative changes.
1. Superannuation (again!)
No one in the superannuation industry will be surprised to hear the sector remains under as much regulatory scrutiny as ever, with at least five of ASIC’s 2025 enforcement priorities likely to impact the industry including misconduct exploiting superannuation savings, member services failures in the superannuation sector, greenwashing and misleading ESG claims, licensee failures to have adequate cyber-security protections and an increased focus on insider trading. See our Superannuation team’s article on ASIC’s spotlight on the superannuation section here.
The focus on misconduct exploiting superannuation savings will target unscrupulous investment schemes which entice consumers to withdraw superannuation savings from a regulated fund and invest them elsewhere. In her opening remarks at the enforcement session of the ASIC Annual Forum 2024, ASIC Deputy Chair Sarah Court referred to the “sobering” reporting of ASIC’s investigation into the Shield Master Fund throughout 2024, which indicates that potential investors were contacted by lead generators and advised to invest their superannuation into Shield. In February 2024, Keystone Asset Management Ltd, the responsible entity for Shield, suspended investor redemptions and since then investors have been unable to withdraw funds. ASIC is investigating whether any of the circa $480 million invested in Shield since February 2022 has been dissipated or misapplied. The investigation is ongoing with regular updates provided on ASIC’s webpage.
Meanwhile member services failures are squarely in the spotlight, with ASIC progressing its review into member services and writing to CEOs of super trustees on 19 November 2024 to flag its observations of weak trustee practices in the handling of death benefit claims by superannuation trustees. ASIC has indicated a detailed report will be released in early 2025. And it isn’t all just talk, with ASIC launching enforcement action in November 2024 against United Super Pty Ltd (the trustee of Cbus) for alleged failures to act efficiently, honestly and fairly in the handling of claims for death benefits and total permanent disability insurance. We expect more actions like this to follow in 2025.
Finally, the issues of greenwashing and ESG are here to stay, and on 25 November and 5 December 2024 APRA and ASIC jointly hosted two roundtables for superannuation CEOs to discuss climate and nature risk which focused on the importance of accurate climate and nature risk reporting and the need for consistent reporting standards and data.
2. Insurers in the spotlight
Consistent with ASIC’s 2025 focus on protecting consumers from financial harm, a new enforcement priority for 2025 targets failures by insurers to deal fairly and in good faith with their customers. ASIC has referred in particular to the need for consumers to be able to compare insurance products and pricing offers as well as to rely on promises by insurers with respect to loyalty and other discounts.
In line with those remarks, ASIC issued proceedings on 22 October 2024 against QBE Insurance (Australia) Limited (QBE) alleging that QBE misled its customers about the value of discounts (such as loyalty discounts) promised to more than 500,000 customers in their renewal notices, in that QBE’s pricing model eroded those discounts – in some cases to nil. ASIC is seeking civil penalties, declarations and adverse publicity orders.
In a timely judgment handed down by the Federal Court on 28 October 2024, in ASIC v HCF Life [2024] FCA 1240 Justice Jackman considered whether certain terms in insurance policies were unfair and/or misleading. He found that a ‘pre-existing condition’ term in certain HCF Life policies was liable to mislead the public but did not constitute an unfair contract term. The term purported to exclude liability that could not be excluded under s 47 of the Insurance Contracts Act 1984 (Cth) (ICA Act). Justice Jackman held that this comprised misleading conduct under s12DF of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act) as the “ordinary and reasonable reader” would be ignorant of s 47 of the ICA Act. However, the term was not an unfair contract term under s 12BF(1)(a) of the ASIC Act as the consumer’s confusion about their rights and obligations did not mean that their rights and obligations were significantly unbalanced.
As the year came to a close, on 5 December 2024 ASIC released its findings from a review into insurers’ Internal Dispute Resolution (IDR) practices. The review of 11 insurers revealed three key shortcomings. Firstly, insurers are failing to identify complaints in a timely and effective manner, prolonging customer distress and denying them access to alternative protections. Secondly, insurers are failing to identify systemic issues that affect multiple customers. Finally, ASIC found significant variance in insurers’ communication practices with customers, reflected in immature IDR systems and poor complaints handling.
3. Governance and accountability
ASIC’s enduring enforcement priority of governance and directors’ duties failures remains as important as ever, with this quarter seeing ASIC issue several headline-grabbing proceedings, including:
A proceeding against Oak Capital issued on 29 October 2024 alleging systemic unconscionable conduct as a result of a business model that required a company to be the named borrower for loans, meaning that the individuals seeking the loans had to use residential property as security and then had no consumer credit protections if they defaulted. ASIC alleges that the business model was designed to fly under the regulation radar and as a result Oak Capital breached section 12CB of the ASIC Act by engaging in unconscionable conduct in connection with the supply of financial services.
A proceeding against HSBC issued on 13 December 2024 alleging failure to adequately protect its customers from scams in breach of its obligations to provide financial services and undertake credit activities efficiently, honestly and fairly. ASIC alleges that HSBC Australia was aware of gaps in its fraud controls, and further failed to complete scam investigations or restore customer access to bank accounts in a timely manner.
A proceeding issued on 18 December 2024 against Regional Express Holdings Limited (administrators appointed) (Rex) and its directors, alleging that Rex engaged in misleading and deceptive conduct and contravened continuous disclosure obligations. ASIC alleges Rex published a 2023 announcement predicting positive operating profits without a reasonable basis for that claim, and that it failed to disclose a material downgrade despite knowing it was unlikely to achieve an operating profit. Further, that the directors contravened section 180 of the Corporations Act 2001 (Cth) by failing to take steps to correct the announcement or to make a market disclosure.
Meanwhile, ASIC's claim against a director of Dixon Advisory & Superannuation Services (DASS) for alleged breach of director duties was dismissed on 4 November 2024, illustrating that directors can rely on the business judgment rule in s 180(2) of the Corporations Act 2001 (Cth) to successfully defend against breach of duty claims, provided they have acted in good faith, reasonably relied on legal advice, and undertaken an independent assessment of that advice. ASIC had alleged that Mr Ryan, also a director of DASS’s parent company, failed to properly consider the interests of DASS’ creditors when making decisions at a time when the company was approaching insolvency. Mr Ryan successfully relied on the business judgment rule in s 180(2), arguing that he had honestly and reasonably relied on external legal advice in respect of his actions.
What else did I miss?
Here’s our pick of other key ASIC enforcement highlights we think you should know about:
Cyber security still a hot topic: included in ASIC’s 2025 enforcement priorities, directors of Australian Financial Services Licensees have been put on notice that failure to implement appropriate cyber risk management and cyber resilience processes risks enforcement action for breach of licensee obligations and directors’ duties. As part of that, directors should be familiar with the “basic communication principles in the event of a cyber incident” published by ASIC in its November 2024 Market Integrity Update and consider if their organisation’s processes are up to scratch;
ASIC continues to grapple with the regulation of crypto and other digital assets. On 4 December 2024, it released a consultation paper outlining proposals to update its guidance on the application of the Corporations Act 2001 (Cth) to these assets. In this context, on 18 December 2024, ASIC initiated legal action against crypto company Binance Australia Derivatives (Binance), alleging significant consumer protection failures. Specifically, ASIC claims that Binance misclassified 83% of its Australian client base as wholesale clients rather than retail investors. As a result, these clients were deprived of critical retail consumer protections, including access to a product disclosure statement and a compliant dispute resolution scheme.
Further focus on failures relating to financial hardship: on 18 November 2024, ASIC issued proceedings against NAB alleging that it failed to respond to 345 hardship applications within the 21-day timeframe required under the National Credit Code. The action falls within ASIC’s enduring priority of targeting misconduct involving a high risk of significant consumer harm, and follows ASIC’s 2023 action against Westpac for similar conduct (which is due to be heard on 27 May this year);
ASIC and Noumi were successful in appealing the surprising decision in ASIC v Noumi Ltd (reported in our July 2024 edition) which found that privilege had been waived in a PwC report as a result of it being disclosed by Noumi to ASIC under a Voluntary Disclosure Agreement. The appeal court has not yet published its reasons for setting aside the decision while the parties make submissions on confidentiality;
Firstmac to pay $8 million in penalties for design and distribution failures: following the liability finding in July 2024, on 24 January, the Federal Court ordered $8 million in penalties against Firstmac for failing to take reasonable steps to ensure an investment product was consistent with its target market determination.
The first edition of the Regulatory Initiatives Grid was published by the Australian Treasury in December 2024 with the aim of supporting coordination of regulation across the financial sector by listing reform priorities and initiatives that will materially affect the sector over the next 2 years.
What next?
Look out for developments in the following areas over the coming months:
Operational risk: with the upcoming effective date of APRA’s Prudential Standard CPS230 (Operational Risk Management) on 1 July 2025, organisations should be looking to complete uplifts to their operational environment to meet that standard. These obligations should be viewed in tandem with ASIC’s stated focus on digital and data resilience and safety referred to in its Corporate Plan 2024-25. Expect more enforcement action in this area in the near future, including in respect of outsourced services.
The Financial Accountability Regime will commence for insurance and superannuation entities on 15 March 2025 who should be finalising the extensive work that's been required to ensure compliance, having regard to the guidance and materials available on ASIC’s website and the observations published by ASIC and APRA on the banking industry’s implementation of FAR to date.
Increased focus on insider trading: while insider trading has been an enduring priority for some time, this year ASIC has expressly announced the establishment of a new specialist team to support increased focus on this issue – so look out for more enforcement action in this area.
A new approach to privilege in Commonwealth investigations? Just before Christmas, the Attorney-General's Department launched a review and public consultation into the use of legal professional privilege in Commonwealth investigations, citing "concerns that some claims of privilege are being used to obstruct or frustrate investigations". Consultation closes on 28 February and a paper setting out proposed reforms will be released later this year. It will be interesting to see how any proposals seek to balance the need for regulators to have confidence that material is not being improperly withheld, with the critical protection afforded by legal professional privilege.
Look out for our next issue of Regulatory Rumblings at the end of April 2025. Otherwise, please get in touch if you have any questions or need advice.
In the meantime, for an in-depth, fortnightly overview of regulatory matters more broadly, see our Financial Services team’s excellent publication here.