On 28 July 2022, ASIC released its periodic enforcement and regulatory update for April to June 2022 (Report 733). Report 733 demonstrates that ASIC continues to prioritise and take action against misconduct that exposes consumers to risk of harm and threatens the integrity of Australia's financial system. The priorities ASIC continued to work towards during the period in accordance with ASIC's Corporate Plan for 2021 to 2025 included:
- promoting economic recovery following the COVID-19 pandemic (such as through better and more efficient regulation, the facilitation of innovation, and targeting regulatory and enforcement action to areas of greatest consumer harm);
- reducing risk of harm to consumers exposed to poor product governance and design, and increased investment scam activity;
- supporting enhanced cyber resilience and cyber security in line with the Australian government's commitment to mitigating cyber security risks; and
- driving industry readiness and compliance with standards set by law reform initiatives, including the Financial Accountability Regime, reforms in superannuation and insurance, and breach reporting.
Against this backdrop of strategic priorities, Report 733 recorded ASIC's enforcement and regulatory achievements for the period April to June 2022, which included:
- Acting against misconduct by both financial institutions and individuals in the courts.
- Protecting consumers and investors against misconduct and harms relating to financial products and services, including misleading or deceptive conduct and the charging of excessive fees.
- Improving industry's financial reporting and risk management with the announcement of new financial reporting requirements for Australian Financial Services licensees, highlighting key focus areas to be included in financial reports, and calling for better disclosure of business risks and asset values.
- Engaging with industry on new and existing obligations including information about the new corporate collective investment vehicles (CCIVs) regime, information for superannuation and investment funds on how to avoid greenwashing, and guidance under the Financial Sector Reform (Hayne Royal Commission Response – Better Advice) Act 2021 (Cth) (Better Advice Act).
Penalties
During the period, a total of $145.8 million in civil penalties was imposed by the courts. This included a $113 million penalty ordered by the Federal Court against Westpac for extensive compliance failures across multiple business units, including banking, superannuation, wealth management and insurance, which affected more than 70,000 customers over a period of 13 years.
In recognition of the increase in cybersecurity risks facing businesses and consumers, in an Australian first, the Federal Court found RI Advice had inadequate risk management systems and practices in place to manage its cybersecurity risks. This included authorised representatives failing to have current antivirus software, system backups, email filtering or quarantining, and weak password practices, leading to, in one instance, the possible compromise of the sensitive personal information of a significant number of clients following an "unknown malicious agent" obtaining access to an authorised representative's file server.
For the first time, ASIC also obtained a criminal conviction against a person under section 1041D of the Corporations Act 2001 (Cth) for manipulation of stocks listed on the ASX and illegal dissemination of information relating to that manipulation.
Summary of enforcement outcomes
In addition to Report 733, ASIC has also released a summary of ASIC's enforcement results achieved between 1 January 2022 and 30 June 2022 in four key market segments:
- Financial services: During the period from January to June 2022, ASIC obtained 54 enforcement results which addressed misconduct concerning credit, financial advice, insurance, investment management and superannuation, and, as at 1 July 2022, ASIC had 26 criminal and 24 civil financial services-related matters before the courts.
- Markets: ASIC recorded six market-related results during this period in relation to continuous disclosure obligations, insider trading, market manipulation and other market misconduct. As at 1 July 2022, ASIC had 11 criminal and eight civil market-related matters still before the courts. These matters are in relation to continuous disclosure obligations, emerging misconduct (including cyber and crypto), insider trading, market manipulation and other market misconduct.
- Corporate governance: ASIC recorded 36 corporate governance-related enforcement results. This comprised two criminal and 34 administrative outcomes. As at 1 July 2022, ASIC had 27 criminal and one civil corporate governance-related matters still before the courts.
- Small business: ASIC recorded 123 small business-related enforcement outcomes. This largely comprised criminal matters – 89 were criminal in nature and 34 were administrative. As at 1 July 2022, ASIC had 86 small business-related criminal prosecutions currently in progress before the courts.
In future, we expect the regulator to continue its focus on insider trading, the provision of unlicensed financial services with a focus on misconduct involving crypto-assets, and AFS licensees obligations to effectively manage cybersecurity risks. ASIC has also indicated an intention to prioritise the challenges posed by an increased focus on climate change in the financial space with ASIC Chair Joe Longo foreshadowing prioritisation of climate-related disclosure as one of the regulator's core focuses moving forward. This includes the facilitation of the provision of reliable and accurate climate-related disclosures by listed companies to consumers and investors as demonstrated by the release of Information Sheet 271 (INFO 271) in June 2022, which outlines information on how issuers of superannuation and investment products can avoid greenwashing when offering or promoting sustainability-related products. This is consistent with the climate-related priorities of Australia's securities, consumer and prudential regulators.