Webinar – Two New Codes for Banking and Lending

Consumer, Financial Services

In our recent webinar focusing on the finance industry, regulatory specialist Dr Drew Donnelly consider two new codes for banking and lending. This year has seen the finalisation of two distinct codes covering lending and banking businesses in Australia: The Banking Code of Conduct 2019 (Banking Code) and the Code of Lending Practice: AFIA Online Small Business Lenders (Lending Code).

This webinar forms part of our series looking at the role of fintech, financial services, and the regulatory and compliance environments that surround them. If you would like to know more about our work supporting companies in the fintech and financial services sector, please contact us by clicking here.

Below you can view a full transcription of the webinar along with the video.

Recent Developments in Banking & Fintech

  • Open Banking Reforms / Consumer Data Right
  • Fintech Lending Code
  • Banking Code
  • Extension of Fintech Sandbox
  • Royal Commission Interim Report

Independent Review:

Code of Banking Practice

The Code of Banking Practice (the Code) sets standards of good banking practice.
The original Code took effect on 1 November 1996. It was most recently reviewed in 2008 with amendments taking effect on 1 February 2014.
Takes into account both consultation and other reviews and reports.

Identified that:

  • A code is valuable
  • Lack of coverage for small business who need better information and enhanced protections with respect to credit
  • There is a need for better coverage for customers in financial difficulty
  • Improved Code Monitoring required.

New Banking Code of Conduct

  • The existing Banking Code of Conduct (2013 Code) updated for 2019 in line with outcomes of Independent Review.
  • Feedback from public and industry indicated the continued need for a code which exists over and above legal and regulatory obligations.
  • In contrast with 2013 Code, will be compulsory for all banks that are members of the ABA by July 2019

Key Changes – Part One

> Upfront principles governing the banking industry.
> A requirement for ‘plain English’ contracts.
> Increased transparency around fees and valuations.
> Restrictions on unsolicited credit card limit increase offers.
> Elevation into an ‘industry code’ approved by ASIC.

Key Changes – Part Two

> Increased assistance to vulnerable customers.
> Simplified small business loan contracts.
> New cooling off periods.
> Clarified role for compliance committee.
> All members of ABA to sign up by July 2019.

FinTech Lending Code

> Report recommending new code for Fintech small business lenders.
> New Code established. As of June, several have signed up.
> Voluntary for members of the Australian Finance Industry Association.
> From high-level principles to detailed duties.
> Emphasis on protection for vulnerable customers and clarity.

Specific Obligations

Disclosure and Pricing Comparison

> Full disclosure of cost and fees for disclosure and pricing comparison documents.

Communication and Dispute Resolution

> All communications to be in plain language.
> Before accepting a loan offer, customers will receive a summary document.
> Internal and external dispute resolution (including CCC)

Privacy

> Affirmation of obligations under the Privacy Act, Credit Reporting regulation and a requirement to have a Privacy Policy.

Advertising

> Advertising and other information about Lona Products must be clear, concise and accurate, be written in plain language; and (c) use terms from the Lending Code.

Key Differences between the two Codes

> The Banking Code applies to all banking services which includes bank accounts and term deposits, all lending, credit cards, payment services and foreign currency exchange. The Lending Code, by contrast, only applies to online lenders who loan to small business.

> The Banking Codes is compulsory, for members of the ABA while the Lending Code is voluntary for members of the AFIA.

> The Lending Code provides for a full external dispute resolution service, whereas the Banking Code expects this to be carried out by existing dispute resolution bodies (such as the financial services ombudsman).

Implications for Compliance Programs

> Consider interaction with legal and regulatory obligations, including Corporations Act 2001, AML/CTF Act, Privacy Act, Banking Act.
> Review disclosure and contractual terms and conditions.
> Review advertising and marketing.
> Staff Training.
> Incentive Structures.

If you have any questions or want further information or assistance please contact us at [email protected] OR [email protected]

Unfair Contract Terms

Unfair Contract Terms

Financial Services

In March 2018, the Australian Securities and Investment Commission (ASIC) published REP 565 (found here: https://asic.gov.au/regulatory-resources/find-a-document/reports/rep-565-unfair-contract-terms-and-small-business-loans/), which outlines changes to small business loan contracts made by the big four banks to comply with the unfair contract term law. This report also provides guidance to the broader small business lending industry.

On Friday, ASIC announced that Prospa Advance Pty Ltd (Prospa) had changed the terms of its small business loan contract to address potential non-compliance with the unfair contract terms provisions of the ASIC Act.

Changes agreed

Prospa agreed to make the following changes:

  1. to the early repayment clause so that borrowers are able to repay the loan early without Prospa’s consent. Further, removing Prospa’s absolute discretion whether or not to provide a discount for prepayment.
  2. to the unilateral variation clause to significantly reduce Prospa’s ability to unilaterally vary contracts.
  3. to clauses defining events of default to add remediation periods and materiality thresholds and to permit changes of control of the borrower with the lender’s consent (not to be unreasonably withheld).
  4. Removal of a broad cross-default clause which allowed Prospa to call a default under the loan due to any default under any other finance document related to the loan.
  5. Restricting borrower’s indemnity to ensure that does not apply to 3rd parties and reducing its scope so that it does not apply to losses or costs incurred due to the fraud, negligence or wilful misconduct of Prospa.
  6. Removing an entire agreement clause which purported to absolve Prospa from contractual responsibility for conduct, statements, or representations made to the borrower about the loan.

Lessons

ASIC’s enforcement action an agreement with Prospa provides lessons for all businesses that have standard form contracts that are covered by prohibitions on unfair contract terms. Unilateral variation clauses are a typical concern, as are widely drafted indemnities.

The removal of the entire agreement clause was noteworthy in that, even though Australian Consumer Law is likely to apply to many contracts despite an entire agreement clause, in ASIC’s view such a clause may be contrary to the prohibition on unfair contract terms.

All businesses with standard form contracts should ensure that their contract terms comply with Australian Consumer Law, and where applicable, the ASIC Act.

New ASIC Guidance for the Fund Management Industry – Push on Compliance

Financial Services

The Australian Securities & Investments Commission (ASIC) has just released a batch of guidance for fund management in Australia.[1] In today’s update we offer a quick breakdown of the seven guidance documents. The seven guidance documents square the existing regulatory framework under the Corporations Act 2001 with the new ‘Asia Region Funds Passport’.[2] This is a multilaterally agreed framework for the cross-border marketing of managed funds across the Asia Region.

Our take — compliance is everything. The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry demonstrated that in spite of massive institutional compliance departments, and huge spends, a ‘compliance culture’ is non-existent in some businesses. [3] With deliberate attempts of senior management in some businesses to hide wrongdoing from ASIC it is fair to say that a ‘non-compliance culture’ exists.

By Dr Drew Donnelly, Compliance Quarter.

The Regulatory Guides

Seven guides were released in total. We briefly summarise each one:

  • RG 131 Funds management: Establishing and registering a fund sets out the requirements for (a) registering as a managed investment scheme and (b) registering as a passport fund;
  • RG 132 Funds management: Compliance and oversight sets out the key compliance obligations of managed investment schemes. This includes the requirement to have a compliance management system and risk management program, designed in light of the applicable Australian Standards. It has a particular emphasis on oversight and governance of the compliance program within the organisation, including systematic audit of compliance programs;
  • RG 133 Funds management and custodial services: Holding assets sets out the requirements for asset custodial arrangements. It focuses on businesses that have arrangements with third parties to hold assets, having compliance controls in place and ensuring funds have the appropriate legal set-up (usually a trust);
  • RG 134 Funds management: Constitutions gives guidance on constitutions for those who run managed investment schemes (‘responsible entities’) and passport fund operators;
  • RG 136 Funds management: Discretionary powers sets out ASIC’s approach to granting individual relief from Corporations Act 2001 requirements, and where relevant, the Australian Passport Rules;
  • RG 137 Constitution requirements for schemes registered before 1 October 2013;
  • RG 138 Foreign passport funds establishes the requirements for foreign passport fund operators seeking to enter, or operating in, Australia under the Asia Region Funds Passport scheme.

Comment

There is ongoing frustration from regulators with organisations that take a ‘set and forget’ approach to compliance. It is not enough to simply establish good policies and expect compliance. We are seeing this dissatisfaction across the board, not just in banking and financial services, but also in energy retail, utilities and property management. Organisations need to demonstrate an ongoing commitment through:

  • integration of compliance management throughout the organisation’s functions (i.e. don’t just leave it to the compliance lead and their team);
  • continuous improvement of organisational policies (e.g. ensuring that customer complaints immediately/quickly inform policy updates)
  • Robust governance arrangements (e.g. regular Board involvement);
  • Regular audit and breach reporting (e.g. consider automated processes).

If you think we could be of assistance in supporting your financial services compliance through our automated compliance hub, document review or bespoke compliance management programs, please get in touch.

[1] See https://asic.gov.au/about-asic/media-centre/find-a-media-release/2018-releases/18-222mr-asic-updates-guidance-for-funds-management-industry/.

[2] For more information see http://fundspassport.apec.org/

[3] For more, see https://www.compliancequarter.com.au/three-financial-services-compliance-lessons-from-the-royal-commission/.

How do I work out my compliance spend?

AU Energy Compliance, Financial Services, NZ Energy Compliance

In the just released final report of the Australian Competition & Consumer Commission (ACCC) retail electricity pricing inquiry[1], energy retailers identified the rising cost of regulatory compliance as a major concern.[2] Furthermore, rising compliance costs are not just a challenge for the energy sector.

In 2014 Deloitte estimated that the total cost of compliance for Australian businesses was $250 billion every year.[3] This raises the question; what kinds of things must I consider when calculating my compliance spend as an energy business in Australia?

By Dr Drew Donnelly, Compliance Quarter.

Compliance Costs in General

Unfortunately, there are no publicised benchmarks for compliance spend for individual energy businesses. This is likely because, in part, compliance spend is often not captured by a distinct line in the budget. Even when a business does set aside distinct funds for compliance, due to the integration of compliance activities within a business, this will often not capture the total spend.

While there are no benchmarks per se, there is some interesting international survey data available which aggregates the amounts that organisations claim to spend. The Deloitte/Compliance Week 2016 Compliance Trends Survey was a worldwide survey with over 700 respondents across a range of industries (around 8 per cent from the energy sector). 59% of respondents reported having a total annual compliance budget of less than $5 million, while a third of respondents got by on less than $500,000. 60 per cent of respondents expected their compliance budget to increase over the next year.[4]

The Society of Corporate Compliance and Ethics Benchmarking Guidance Survey: June 2016 analysed responses of 647 compliance professionals, that survey found:

  • For organisations with revenues up to $15 million, 50 % spent less than 100,000 on their compliance budgets;
  • For organisation with revenues of a billion or more, around 12 per cent spent 100,000 or less, with 42% spending a million or more. [5]

One problem with this general survey data is that, as some sectors, including energy and financial services, are much more heavily regulated than others, their compliance costs are likely to be higher than aggregated figures.

Determining Compliance Spend for Energy Businesses

While there is no benchmarking data available for energy businesses in Australia, what we can identify are some of the matters that you should take into account when calculating compliance spend for yourself. Some key considerations are:

  • Integration of compliance. Under the Australian Standard AS ISO 19600: 2015, compliance should be embedded into the operations of the business. In practical terms, this means that the organisation needs to put compliance on the agenda at all levels of the business, including at executive management and governance levels. It is not possible to ‘hive off’ compliance completely to a distinct compliance unit. Insuring integrated compliance could end up being cheaper for the business in the long-run;
  • Use of RegTech, LegalTech, ComplianceTech. Automating aspects of your compliance program can significantly reduce the time and money spent on compliance and can focus your efforts on those areas where you can add value;
  • Prohibitions on passing on costs to customers. Some compliance costs such as the cost of appointing an Embedded Network Manager in an embedded network, cannot be passed onto customers.[6] Energy businesses will need to consider which costs they can pass on before determining their compliance spend.

If you would like some advice on your compliance program, including how you can utilise our compliance technology offerings for a more efficient compliance spend, please get in touch.

 

[1] See https://www.compliancequarter.com.au/accc-blueprint-to-reduce-energy-prices/ for more information.

[2] See Retail Electricity Pricing Inquiry—Final Report, p296.

[3] See https://www2.deloitte.com/au/en/pages/media-releases/articles/rules-eat-up-250-billion-a-year-271014.html.

[4] See https://www2.deloitte.com/us/en/pages/regulatory/articles/compliance-trends-report.html.

[5] See http://www.corporatecompliance.org/Portals/1/PDF/Resources/Surveys/scce-2016-benchmarking-guidance-survey-report.pdf?ver=2016-06-15-075138-863.

[6] See https://www.aer.gov.au/networks-pipelines/network-exemptions/embedded-network-managers/.

Consumer data right – speech by Rod Sims Chairman of the ACCC

AU Energy Compliance, Financial Services

The Australian Competition and Consumer Commission (ACCC) Chair Rod Sims has delivered a speech to the National Consumer Data Policy Research Centre on the consumer data right (CDR) and the digital platforms inquiry (DPI). The CDR will be rolled out first in the banking industry followed by the energy and telecommunications industries.

Photo by jesse orrico on Unsplash

By Anne Wardell, Regulatory Specialist, Compliance Quarter.

Consumer data right (CDR)

The consumer data right (CDR) was introduced by the government in November 2017. Following the Open Banking Review, the Treasurer announced that banking would be the first sector to which the CDR would apply. At the same time as the Final Report was released, the government released the Consumer Data Right Booklet. The Booklet contains the following useful summary:

The ACCC will have the lead role in overseeing the implementation of the CDR. The CDR will allow consumers to ‘safely share data, including transaction and product data, with trusted service providers, if they choose to do so’. Rod Sims states that it is important to understand what CDR is and what it is not. It is not ‘intended to be the one stop shop for regulation and control of consumer data. Privacy rules and frameworks will continue to be the primary tools to address current and emerging privacy issues’.  Consumers will not be forced to share their data, but rather it can only occur with the consumer’s express consent.

‘Open Banking is also not Open Data. Open Banking will be a defined system whereby data holders will share specified data with trusted users, at the customer’s request, with the customer’s consent, and in accordance with uses the customer has specified.  In contrast, Open Data is data that is freely available to everyone to access, use and republish as they wish, without restrictions (for example, the Australian Government makes thousands of datasets freely available to the public for download at data.gov.au)’.

The first phase will commence on 1 July 2019 and will involve all major banks making data available on credit and debit card, deposit and transaction accounts on that day and on mortgages by 1 February 2020. Data on all remaining products recommended by the Open Banking Review will be available on 1 July 2020. All remaining banks will have a 12-month-delay in which to implement Open Banking. This means that Open Data is unlikely to be introduced in to the energy and telecommunications sectors before 2021. Although the government may decide to implement it earlier if the early adoption is successful.

The ACCC will have multiple roles as the regulator of the CDR including:

  • rule making;
  • accreditation of third party data receivers;
  • enforcement; and
  • consumer education.

The ACCC has created a dedicated Consumer Data Right Branch and it is proposed to publish a framework paper for public consultation in August 2018.

Digital Platforms Inquiry (DPI)

The ACCC has been investigating digital platforms since 4 December 2017 when a request for an inquiry was made to it by the government. The inquiry is in relation to the effect that digital search engines, social media platforms and other digital content aggregation platforms have on competition in media and advertising services markets.

‘The DPI covers a broad range of issues:

  • the impact of digital platforms on choice and quality
  • the extent to which the digital platforms are exercising market power in their dealings with media content creators and advertisers
  • the extent to which the DPs may benefit from an unfair competitive advantage due to the unequal treatment of regulation
  • and finally, the implications for consumers: are users of digital platforms adequately informed about the personal data collected and how it is being used?’

As part of the inquiry the ACCC released an issues paper and received a number of submissions. A copy of the issues paper and the submissions are available here.

In his speech, Rod Sims considered the impact of digital platforms on consumers and how these platforms collect and use data of individuals.

‘We are due to provide a preliminary report of our findings to the Treasurer by 3 December 2018, followed by a Final Report in June 2019.

There are a number of different outcomes that may eventuate, and part of what is exciting about this Inquiry is that we don’t yet know what our recommendations are likely to be.

Outcomes could be:

  • Increased transparency. The Inquiry is already generating increased awareness about some of the ways digital platforms monetise information they collect about consumers, and will ultimately provide greater transparency around these practices.
  • Recommendations to Government. The Inquiry may result in the ACCC making findings about relevant structural, competitive or behavioural issues relevant to digital platforms, and make practical recommendations for change to industry and government.
  • Enforcement action. If the Inquiry identifies any behaviour that is causing consumer detriment and raises concerns under the Competition and Consumer Act 2010, the ACCC will also take action to address that behaviour’.

Mr Sims was of the view that an important part of the ACCC role in relation to both CDR and DPI is the ‘need to examine and ensure consumers benefit from the competitive provision of services and are adequately informed of, and agree to, the way in which their data is used and can be utilised to further their own interests’.

A copy of the full speech is available on the ASIC website here.

What is the new Financial Benchmark Regime?

What is the new Financial Benchmark Regime?

Financial Services

On 12 June the Australian Securities & Investments Commission (ASIC) announced the final regulatory regime for Financial Benchmarks. This regime, introduced through a 2018 amendment to the Corporations Act 2001, empowers ASIC to determine that certain benchmarks are ‘significant’ and to impose a licensing regime on the ‘administrators’ of those benchmarks. In today’s article, we ask, what is the new Financial Benchmark Regime?

What is the new Financial Benchmark Regime?

Photo by Paul Gilmore on Unsplash

By Dr Drew Donnelly, Regulatory Specialist, Compliance Quarter

Background: What is a Financial Benchmark?

A Financial Benchmark has been defined as:

an index or indicator calculated from a representative set of underlying data or information, used as a reference price for a financial instrument or financial contract or to measure the performance of an investment fund.[1]

Reliable Financial Benchmarks are crucial to the operation of financial markets. If Financial Benchmarks are inaccurate, that is, they fail to reflect underlying forces of supply and demand, financial markets cannot efficiently allocate capital. Inaccurate Financial Benchmarks can happen for a range of reasons, including intentional behaviour of traders, such as:

  • trading with the intent of altering a benchmark rate for a financial institution’s own benefit;
  • inappropriate handling of client orders or positions;
  • inappropriate disclosure of confidential client information (e.g. by disclosing client orders to traders at competing banks);
  • inappropriate submitter conduct (e.g. by making submissions in order to reduce the institution’s borrowing costs).[2]

A licensing regime has been introduced in order to counteract and prevent such behaviour.

The Five Significant Financial Benchmarks

The five significant Financial Benchmarks are:

  • The Australian Bank Bill Swap Rate (BBSW) administered by ASX Benchmarks Pty Ltd. This identifies a set of key short-term interest rate benchmarks for the Australian dollar and is the key reference rate used by issuers of securities in Australian dollars;
  • The S&P/ASX200 Index administered by S&P Dow Jones Indices LLC. This is an equity index which measures the performance of the 200 largest index-eligible stocks listed on the ASX;
  • The ASX Bond Futures Settlement Price administered by ASX Clear (Futures) Pty Limited. This is used to calculate the value of Bond futures contracts for 3-, 10- and 20-year Australian Government bonds listed on the ASX;
  • The Australian Interbank Overnight Cash Rate administered by the Reserve Bank of Australia. This consists in the weighted average of the interest rate at which overnight unsecured funds are transacted in the domestic interbank market. The Cash Rate is the Reserve Bank Board’s operational target for monetary policy and is also an important benchmark for the Australian financial markets.
  • The Australian Consumer Price Index (CPI) administered by the Australian Bureau of Statistics.  This measures quarterly changes in the price of a range of goods and services which are a significant portion of household expenditure. It is a benchmark in a for many financial products, including bonds and derivatives.[3]

The Financial Benchmark Licensing Framework

Under Part 7.5B of the Corporations Act 2001, ASIC is empowered to set up a licensing regime for administrators of financial benchmarks that are designated ‘significant’. Central to the licensing regime for the administrators of these Financial Benchmarks are the following obligations:

  • a requirement to act efficiently, honestly and fairly in generating and administering each benchmark specified in its licence;
  • having adequate arrangements for the governance and management of the licensee. These must be reviewed, audited and tested periodically;
  • if outsourcing any of the functions involved in generating or administering a licensed benchmark, documenting this and having adequate arrangements put in place to ensure compliance;
  • transparency to the public with respect to the benchmarks;
  • a requirement to co-operate with ASIC;
  • having adequate arrangements for handling conflicts of interest in relation to generating and administering each of its licensed benchmarks;
  • a requirement to have sufficient human, technological and financial resources in place;
  • record-keeping obligations.

To read more about the new Financial Benchmark regime go to https://asic.gov.au/about-asic/media-centre/find-a-media-release/2018-releases/18-171mr-asic-implements-financial-benchmark-regulatory-regime/.

Feel free to leave a comment or contact us if you’d like further information or have any questions.

 

[1] See ASIC Report 440: Financial Benchmarks (2015) at http://download.asic.gov.au/media/3285136/rep440-published-8-july-2015.pdf, para 20.

[2] Ibid, para 46.

[3] See ASIC Corporations (Significant Financial Benchmarks) Instrument 2018/420, section 5 and associated Explanatory Statement, section 4.

Fintech and Regtech Developments – March, April, May 2018

Fintech and Regtech Developments – March, April, May 2018

Financial Services

We last summarised regulatory changes for financial and regulatory technology (fintech and regtech) in February.[1] Since then there have been a bunch of exciting developments including the Inaugural RegTech Association’s #ACCELERATERegTech 2018 event[2]  and the regulatory approval of a new challenger bank in Australia.[3] We summarise some of the other important developments over the last few months below.

fintech and regtech

Photo by Samuel Ferrara on Unsplash

By Dr Drew Donnelly, Regulatory Specialist, Compliance Quarter

 Open Banking Review and the Consumer Data Right

We mentioned in our February update that Treasury was consulting on the final recommendations of the Open Banking Review. The submissions that were received can be viewed at https://treasury.gov.au/consultation/c2018-t247313/. In response to both the Open Banking Review and the Productivity Commission’s Inquiry Report Data Availability and Use, the Commonwealth Government has announced that a new consumer data right will be established, with banking being the first sector required to implement the new right.[4] The new data right should open up business opportunities for fintech innovators who can access customer transaction and account data (with the customer’s consent) to develop innovative and competitive products.

On the 9th of May, a helpful Consumer Data Right Booklet was released providing further information as to how this will be implemented.[5] This booklet sets out that the data sets in the banking sector will initially relate to a range of both deposit and lending products. It also out a proposed timeline for implementing the data right in the banking sector:

  • The four major banks will make data available on credit and debit card, deposit and transaction accounts by 1 July 2019 and mortgages by 1 February 2020;
  • Consumer data on all products recommended by the Open Banking Review will be available by 1 July 2020.  All remaining banks will be required to implement Open Banking with an extra 12 months for each of the dates set for the four major banks.

The Australian Competition and Consumer Commission (ACCC) in consultation with the Office of the Australian Information Commissioner will develop draft rules for Open Banking setting out how this right will be implemented in greater detail.[6]

Regulatory Sandbox

The bill which will extend the regulatory sandbox for innovative fintech providers (i.e. relaxing the usual licensing requirements for fintech providers under certain specified circumstances) continues to work its way through Parliament. It was considered by the Senate Economics Committee, which heard submissions and released its report on the bill on the 15th of March.[7] Notable in this report are the remarks of Labor Senators who, while generally supportive of the Bill, argued that potential users of the sandbox should be first screened by the Australian Securities & Investments Commission (ASIC) in order to ensure that consumers are adequately protected.[8]

Australia-United Kingdom FinTech Bridge

This enhanced co-operation and collaboration agreement between the UK’s Financial Conduct Authority and ASIC (announced on the 23rd of March), is designed to achieve a quicker licensing process for the authorisation of innovative businesses that are already authorised in the other jurisdiction. Where a business is a participant in either regulator’s regulatory sandbox and would like to enter the other’s, ASIC and the FCA will endeavour to facilitate that participation.[9]

NSW Government commitment to home loan fintech

NSW Deputy Premier and Minister for Small Business John Barilaro announced last week that the NSW Government is backing fintech with a $700,000 loan from Jobs for NSW to HashChing, a home loan fintech. The loan is aimed at supporting that business to create 46 jobs over the next five years.[10]

Australia Centre for Financial Studies Reports

A range of commissioned academic papers analysing fintech in Australia have been released over the last month, including:

The papers are available at https://australiancentre.com.au/.

If you think that we could be of any support in meeting regulatory and compliance requirements for your fintech or regtech business, Click here to contact the team or click here to book a call directly with us.

 

 

[1] See https://www.compliancequarter.com.au/february-fintech-roundup-open-banking-review-fintech-lending-smes/.

[2] See https://www.regtech.org.au/page-18082.

[3] See  https://www.compliancequarter.com.au/are-challenger-banks-about-to-succeed-in-australia/.

[4] For further information see https://www.compliancequarter.com.au/government-confirms-new-framework-for-data-availability-and-use/.

[5] Available at https://static.treasury.gov.au/uploads/sites/1/2018/05/t286983_consumer-data-right-booklet.pdf.

[6] See Consumer Data Right Booklet, p8.

[7] See https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Economics/TLAB2018/Report.

[8] See pages 15-16 of the Report.

[9] For further details see http://asic.gov.au/about-asic/media-centre/find-a-media-release/2018-releases/18-083mr-british-and-australian-regulators-strengthen-cooperation-on-fintech-through-enhanced-cooperation-agreement/.

[10] For more information see https://www.industry.nsw.gov.au/media/media-releases/2018-media-releases/nsw-government-backs-hashching-with-$700,000-loan.

Understanding your breach reporting obligations as an AFS Licence Holder

Understanding your breach reporting obligations as an AFS Licence Holder

Financial Services

Last month’s wealth management hearings before the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Banking Royal Commission) highlighted the need for AFS licensees to understand and fully comply with their breach reporting obligations in a timely and not overly legalistic way. You can read more about our coverage of the issues coming out of the Banking Royal Commission here https://www.compliancequarter.com.au/tech-lies-and-litigation-asic-reads-the-riot-act-to-the-financial-services-industry/

In our article covering AFSL breach reporting obligations we take a closer look at those obligations and the consequences of non-compliance.

What must an AFS licensee report?

AFS licensees must notify ASIC in writing of any ‘significant’ breach (or likely breach) of their obligations under s912A (including licence conditions), s912B (compensation arrangements) or financial services laws, as soon as possible, and in any event within ten (10) business days of becoming aware of the breach or likely breach. If you don’t tell ASIC about a significant breach (or likely breach) then ASIC will consider that this itself is a significant breach. As such, an AFS licensee should have a clear, well-understood and documented process for identifying and reporting breaches. It is worth noting that, responsible entities are also subject to breach reporting requirements.

AFSL breach reporting obligations – What does ‘significant’ breach mean?

Whether a breach is significant will depend on the individual circumstances – it is a subjective assessment. As such, licensees need to give proper consideration to whether the breach (or likely breach) is significant, and, if so, provide timely notification to ASIC. You will need to decide whether a breach (or likely breach) is significant and therefore, reportable to ASIC.

What factors determine whether is a breach is ‘significant’?

The non-exhaustive list of factors that determine whether a breach (or likely breach) is ‘significant’ include:
• the number or frequency of similar previous breaches;
• the impact of the breach or likely breach on the licensee’s ability to provide the financial services covered by the licence;
• the extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate; and
• the actual or potential loss to clients or the licensee itself.

If you are not sure whether a breach is significant, ASIC has indicated you should err on the side of caution and report the breach. ASIC Regulatory Guide 78 ‘Breach reporting by AFS Licensees’ (RG78) also provides further guidance as to how ASIC interprets and will apply the law.

How do you report a breach?

A breach can be reported to ASIC by completing Form FS80 and/ or written report to ASIC via email at [email protected]

What are the penalties for non-compliance?

It is important that licensees report significant breaches to ASIC as early as possible, even where you are still gathering further information on the breach. ASIC states in RG78 that a failure to report a significant breach is an offence and may itself result in penalties up to $42,500 for companies.

What are the key takeaways?

The insights that have been emanating from the Banking Royal Commission, it’s coverage and associated regulatory matters, are that breach reporting is an area where there has been significant divergence by AFS licensees in how they are managing that process. The issue of governance internally around the breach reporting process has itself been a matter of considerable focus and debate – the ability of those charged with the responsibility to escalate incidents for consideration within the breach reporting framework and bring those to the attention of the board of licence holders in particular.

If you’re an AFS licence holding entity (or on the board of an entity that is) now is the time to be reviewing your breach reporting and incident management policies and considering the workflows within your organisation for how such matters are to be managed. At the board level, you should also be reflecting on what has been coming through from your audit and risk committee reports and whether there have been any details around incidents or breaches reported recently. If not, it may be worth contemplating a review of that process to ensure that adequate transparency is being afforded internally to such matters. Other matters that AFS licence holders should be reflecting on in this space include, how remuneration is structured for senior management and at the board level when there have been breaches identified and reported and ensuring that remuneration structures align with the obligations of the AFS licensee – for example, clawbacks or bonus ineligibility where there has been a major incident or significant breach. It would also be worth looking at how the organisation is learning from incidents and breaches – are they applying the right tools to identify how and why the incident or breach occurred along with adopting a lessons-learned mindset to avoid any future repeats within the business.

AFSL breach reporting obligations – Need more assistance?

If you would like assistance with better understanding your breach reporting obligations or an assessment of your internal procedures for managing issues in this space, please get in touch with us at Compliance Quarter and one of our regulatory specialists would be pleased to assist you.

So, you’re interested in forming a bank in Australia?

So, you’re interested in forming a bank in Australia?

Financial Services

Is it just us or is having your own digital bank the new must-have item at the moment? The announcement by APRA late last week that it had signed off on Australia’s first ever digital bank under a restricted licensing regime came as no surprise to those who have been monitoring the debate around how to increase competition in the banking sector.

forming a bank

You can read more about the restricted banking licence granted by APRA last week to Volt Bank Limited application by accessing our previous coverage on it – click here to view.

So, if owning your own bank is the next-big-thing, in the world of fintech, how does one go about getting a piece of the banking pie for themselves? Today we will take a closer look at forming a bank within the process used by the Australian Prudential Regulatory Authority (APRA) under the restricted licensing regime.

Who is the regulator of banking in Australia?

If you posed this question to the ordinary person on the street many would no doubt say that the Australian Securities and Investments Commission (ASIC) is the regulator of banks in Australia. It is true that ASIC regulates the banks in so far as they hold an Australian Financial Services Licence (AFSL), but the use of that AFSL is generally limited to the banks’ activities pertaining to the provision of wealth management, credit or wholesale banking products and services.

The primary regulator of banks in Australia is APRA, who under the twin financial regulators model that is used in Australia, is charged with responsibility for the licensing and prudential supervision of Authorised Deposit Taking Institutions (ADIs), life and general insurance companies and superannuation funds.

Forming a Bank – How does one get a licence to operate a bank?

An organisation that wishes to conduct banking business must apply to APRA for a licence authorising it to conduct business banking under the Banking Act 1959 (Cth) (Banking Act). An organisation that has been granted a banking licence under the Banking Act by APRA is thereafter known as an authorised deposit taking institution (ADI).

Achieving an ADI licence requires significant resources and capabilities, for this reason, there are two routes available to become an ADI: the direct route and the restricted route.

The direct route allows an applicant to conduct their intended banking business from the granting of the licence. The precursor to that being, the applicant must demonstrate that it meets the prudential framework and be ready to commence banking business the granting of the licence.

As the name suggests, the restricted route provides an applicant with a restricted licence for a maximum of two years before they must meet the prudential framework in full. If after two years they are unable to attain those prudential standards they must exit the banking sector. It is similar in operation to the regulatory sandbox that ASIC has created for eligible fintechs who are seeking to validate their concept prior to obtaining a full AFSL.

An applicant who has been granted a restricted licence is able to conduct limited banking business whilst they develop their capabilities and resources in order to meet the prudential standards – the objective of the restricted route is to facilitate entry into the banking sector thus increasing competition whilst ensuring that entry standards are not lessened so as to maintain protections for Australian consumers.

What is involved in practical terms then for seeking authorisation under the ‘restricted route’?

As noted above, the purpose of the restricted licence is to enable competition within the banking sector but in a controlled manner which does not come at the cost of appropriate safeguards to the Australian public. The very nature of the restricted licence means that a less onerous application and capability requirements are imposed on an applicant – but for a limited period of time – two years, after which they must be able to other satisfy the prudential framework requirements. So let’s have a closer look at that licence application process and evaluate the lower standard of requirements.

The first step is to engage early with APRA’s licensing team and organise a meeting with them to discuss the concept that you have and to better understand from their perspective what it is that you are required to do as part of the restricted licence application process. The types of things that APRA will want to see from you at this meeting include: business plans, corporate structure and owner details, corporate governance frameworks, how you propose to fund your bank (where is the investment coming from) and a project plan. (Forming a Bank – Step One – Meet with APRA)

forming a bank

The next step is to submit your business plan to APRA for their high-level review and feedback. It is during this phase that APRA will address any prudential concerns it may hold with the applicant and it should be seen as a pre-licence application test run if anything, a way for the applicant to actively seek out feedback which may concern APRA. The feedback phase may involve multiple sections within APRA meeting with the applicant and raising issues. It is from here that the applicant is to reflect on the feedback provided via APRA’s meeting channels and evaluate their application at that point – be that not to continue or to enhance the current draft application to address any flags that APRA cues with the applicant pre-application. (Forming a Bank – Step Two – Seek APRA’s formal feedback on your business plan)

You’ve met with APRA, you’ve been through the feedback process and now you have your application in good order and are ready to lodge it. The next step is to pay the application fee and lodge your application – the current fee for a banking licence – direct or restricted route – is $80,000 AUD and is payable upon lodgement. The legislative instrument that sets out the applicable filing fees being the Australian Prudential Regulatory Authority Instrument Fixing Charges No 1 of 2013 . (Forming a Bank – Step 3 – Pay the Licence Application Fee on Lodgement)

APRA’s current advice is that it will take between 3 to 18 months to assess an application for a banking licence. In the application assessment phase, you can expect that an allocated APRA case manager, from their licensing group, will be in contact with you in regards to further requisitions they may have. The key matters that APRA will need to be confident that an applicant can satisfy are:

• financial soundness;
• the ability to manage risk effectively;
• the fit and proper expectations for key persons;
• a sound risk culture – both conduct and financial;
• the ability to satisfy prudential requirements;
• public protection – that the applicant does not pose a risk to the safety of the depositors’ funds or the stability of the financial system.

Compliance Quarter has extensive experience and expertise in managing licence applications in complex regulatory environments. If you would be interested in discussing how we may be able to assist you in applying for a restricted banking licence, we would be pleased to arrange a consultation with you – click here to contact us.