1. Key themes of the quarter - May to July 2024
It's been a busy three months from May to July 2024 for ASIC. Not only has a challenging Senate report into ASIC's performance been published (which is particularly critical of ASIC's approach to investigation and enforcement), but on 30 June 2024, ASIC announced an expanded program of work to enhance the integrity and quality of financial reporting . And then at the end of July 2024, Chair Joe Longo said that ASIC would be prioritising a review of (the less transparent) private markets , which would include whether the compliance requirements of listed entities were nudging capital away from public markets.
However, it has also been business as usual for ASIC and it is ramping up its efforts on the enforcement front. As reported by the AFR , ASIC commenced around 180 new investigations in 2023-24 (an increase of around 33 per cent on the previous year) and Chair Joe Longo has made clear that an investigation means “by definition we suspect a contravention of the law ”. Based on enforcement activity to date, we see three key themes emerging:
2. Combatting greenwashing remains a key priority
ASIC has been able to reinforce its stance on greenwashing as a result of successful cases in the Federal Court against Mercer and Active Super.
These two cases, along with ASIC’s success against Vanguard in March 2024 (see our briefing on this case here), with its third proceeding against Mercer also likely to result in a similar outcome on an agreed basis (albeit still subject to Court approval). These three cases all relate to the purported application of exclusionary criteria for investment products (so consider this a key risk area!); however, unlike the Vanguard and Mercer proceedings, Active Super actively defended the case against it, with most (but not all) of the alleged contraventions being made out.
Although they do not attract as much fanfare and do not amount to an admission of guilt or liability, ASIC continues to use infringement notices to achieve its enforcement objectives in relation to the less egregious instances of greenwashing. On 25 June 2024, ASIC confirmed that natural fertilizer company Fertoz Limited, an ASX-listed entity specialising in fertilizer mining, manufacturing and supply had paid $37,560 in compliance with two issued by ASIC in relation to alleged false or misleading statements that Fertoz had made in a presentation published on the ASX in respect of its reforestation project in the Philippines. The presentation stated, in essence, that the reforestation project would obtain an offtake partner and receive funding by the end of 2023 and that planting would also take place in that timeframe (planting initial hectares Q4 2023”). ASIC’s position was that Fertoz had no reasonable basis to determine that the relevant statements could be true when the presentation was published. In line with ASIC's Sustainable Finance enforcement priority, since October 2022, ASIC has issued 17 other infringement notices in relation to alleged ESG misconduct. We expect there will be more, not least with the onset of mandatory climate reporting.
Key takeaway - ensure that all claims (green or otherwise) can be properly substantiated! The requirement to be accurate and transparent is not new. As ASIC Chair Joe Longo has said, ASIC’s greenwashing interventions are founded on enforcing well-established legal obligations that prohibit misleading and deceptive conduct (see speech on 2 May 2024 ). As further discussed at the Senate Greenwashing Inquiry , ASIC has found no barriers in applying the existing statutory framework to actions in relation to greenwashing (the Senate report in relation to greenwashing is now due on 20 November 2024 - a date for the diary).
3. Cyber, technology and AI enforcement action
The headline in this space is the Federal Court's landmark decision on 4 June 2024 to relieve digital currency exchange Block Earner from liability to pay a penalty in proceedings brought by ASIC, despite having found that Block Earner had provided unlicenced financial services and operated an unregistered managed investment scheme in contravention of s 911A(1) and (5B) and s 601ED(5) and (8) of the Corporations Act 2001 (Cth) (CA). This was because the Court found that Block Earner had acted honestly, in accordance with legal advice and in an uncertain regulatory environment. This is the first time a company has successfully relied on relief provisions of the CA to avoid a civil penalty . Both sides have appealed, so watch this space!
This quarter also brought the first judgment in relation to a non-cash payment facility involving crypto assets . In a win for ASIC, the Federal Court found that BPS Financial Pty Ltd engaged in unlicensed conduct when offering the ‘Qoin Wallet’, a non-cash payment facility which used a crypto-asset token called ‘Qoin.’ on the basis that it did not hold an Australian Financial Services Licence (AFSL), nor was authorised by a licence holder (in breach of s 911A and 911A(5B) CA). The Court also found that BPS Financial engaged in misleading or deceptive conduct. The case also clarified the legal principles relating to the authorised representative exemption to the requirement of holding an AFSL and is likely to have important implications for how ASIC will interpret and apply the exemption moving forward - so take note!
In other news, the question of whether cryptocurrency is property was considered in a fascinating speech by Justice Jackman on 21 June 2024. The answer is hugely relevant for the structure of crypto transactions as well as available remedies. In a nutshell, Jackman J concluded that crypto should be considered property - but acknowledged that the law in Australia is as yet unsettled. See the full text of the speech here .
More broadly, cybersecurity is still likely front of mind for ASIC (noting its own proposed cybersecurity uplift referred to by ASIC Chair Joe Longo in his Parliamentary Joint Committee opening statement ), even though it’s been a while since ASIC brought its first (and so far only) action alleging contravention of s 912A CA on the basis of failure to have in place adequate cybersecurity risk management in place (see G+T’s case summary and analysis of that case here).
Although ASIC has not brought any similar actions since then, with the implementation of FAR already in place for banks and looming for insurers and superannuation entities (see below for more details), ASIC now has another legislative springboard for potential enforcement action relating to cybersecurity arrangements of regulated entities - all the more reason to get your house in order (see G+T’s tips for mitigating potential exposures under FAR here).
4. Accountability (and FAR)
And while FAR makes clear that ASIC is focused on individual accountability , ASIC has continued to use existing statutory regimes to pursue directors under the CA, consistent with ASIC's announcement in November 2023 that it had added governance and directors' duties failures to its list of enduring enforcement priorities for 2024.
In the period May to June 2024, ASIC announced [11] separate enforcement actions against directors.
We very much expect the focus on directors and executives to continue as the FAR framework is put into practice.
What else did I miss?
Here's our pick of other key ASIC enforcement highlights we think you should know about:
A shock decision in the Noumi case has us reassessing the use of ASIC’s Voluntary Disclosure Agreements: in ASIC v Noumi Ltd, the Court found that although a PwC Report disclosed by Noumi to ASIC pursuant to a voluntary disclosure agreement (VDA) was privileged, that privilege was waived because it was disclosed to ASIC under the VDA due to (a) ASIC’s ability to utilise the information in the Report in further investigations or proceedings against Noumi and others, which was inconsistent with the maintenance of confidentiality; and (b) the “specific unfairness” of disclosing information to ASIC which it could also use in actions against a third party, while also refusing to provide the same information to that third party. The decision has a potentially enormous impact on ASIC’s ability to gather privileged information. Disclosing parties should be extra cautious when responding to a voluntary disclosure request.
A timely reminder to check for unfair terms in your standard form contracts: on 4 July 2024, the Federal Court delivered oral reasons finding that a term in a financial tech company’s standard form contracts was unfair. The term allowed the company to retain fees that it had incorrectly charged if the small business did not inform them of the error within 60 days. As the contracts in question were entered into prior to 10 November 2023, the new unfair contracts regime does not apply – but this case serves as a timely reminder to organisations to ensure they have undertaken a review of their standard form contracts to reduce the risk of facing civil penalties introduced by the updated regime. See our unfair contract terms article for a handy overview of the new regime.
Design and Distribution Obligations are in the cross-hairs, with a clear message that organisations must have adequate processes in place:
On 15 December 2022, ASIC brought proceedings against Firstmac, a provider of various investment products, for contravention of its design and distribution obligations (DDO). On 10 July 2024, the Federal Court held that Firstmac contravened its DDO by cross-selling a registered management investment scheme to its term deposit customers without taking reasonable steps to ensure consistency with its target market determination (TMD). This was ASIC’s first civil penalty action under the DDO regime and reinforces the need for organisations to have in place proper processes to ensure their distributions are consistent with the relevant TMD. Read the full judgment here.
Hot on the heels of Firstmac is the 19 July 2024 Federal Court judgment which ordered American Express to pay $8 million in penalties for contravention of its DDO obligations, in this case as a result of failing to identify that events and circumstances had changed such that the target market determinations (TMDs) for certain credit card products were no longer appropriate. The high penalty here was intended as a “sting” and to send a message to the market. The clear takeaway is that adequate processes are required to ensure compliance with DDO obligations. See our analysis of the case (and a comparison against what is happening in the UK) here and read the full judgment here.
What next?
The next three months look like they will be equally busy. Regulated entities should watch out for:
Further developments in greenwashing and climate change enforcement: ASIC will want to maintain its position at the top of the global regulatory leaderboard in combatting greenwashing.
ASIC enforcement of cybercrime, tech and AI: particularly in light of the “substantial uplift in its data and technology capability” announced by ASIC Chair Joe Longo in his Parliamentary Joint Committee opening statement, ASIC will want to flex its muscle in the “digital arms race” and is seen to be taking effective action against digitally-enabled misconduct.
The first rumblings of FAR enforcement: we are likely to see ASIC start to provide guidance on construing the requirements imposed by the FAR framework currently in place for banks; it remains to be seen whether this will be by way of its enforcement toolkit, or whether through the issuance of new or updated information.
The fallout from the Senate report: with the report raising concerns about ASIC’s perceived enforcement shortcomings, it will be interesting to see whether and how this affects ASIC’s enforcement behaviours in the near future. In the longer term, watch out for any further news on whether the report’s recommendations regarding ASIC’s structure and overall functions are likely to be adopted.
Look out for our next issue of Regulatory Rumblings at the end of October 2024. Otherwise, please do get in touch if you have any questions or need advice.