Mackay Chapman November 2023 ASIC Update

In this month’s ASIC update:

• ASIC Calls for Greater Organisational Vigilance to Combat Cyber Threats;
• More Than $17.4 Million in Compensation to Retail Investors by OTC Derivative Issuers;
• ASIC Releases New Alert List Highlighting Suspicious Investment Opportunities;
• The Regulatory Body Proposes to Temporarily Extend Relief from Disclosure and Reporting Consistency Obligations for Super Trustees; and
• ASIC has acknowledged ASX’s release of the Portfolio, Program and Project Management Special Report and Audit Report.

ASIC Calls for Greater Organisational Vigilance to Combat Cyber Threats

ASIC's recent report on the cyber capability of corporate Australia has revealed significant gaps in cyber security practices. The report summarises the results of ASIC’s cyber pulse survey.  The survey, covering a broad range of organisations, highlighted a prevalent reactive approach rather than a proactive stance in managing cyber security risks.

In calling for greater organisational vigilance to combat cyber threats, ASIC Chair Joe Longo emphasised the necessity for organisations to prioritise cyber security and resilience, noting that ASIC’s survey exposed deficiencies in managing third-party or supply chain risks, with 44% of participants neglecting this critical aspect.

While the report notes well-developed capabilities in certain areas among participating organisations, smaller entities lag behind in key aspects. Mr Longo stressed the importance of building resilience beyond security, regularly testing incident response plans, and continually reassessing cyber security risks.  Notably, 95% of survey participants opted for individual reports which provided insights into how that individual organisation compared with its peers, demonstrating a commitment to improving cyber resilience. 

Responding to the report, National Cyber Security Coordinator Air Marshal Darren Goldie commends ASIC's efforts and underscores the priority of cyber security for individuals and businesses.

The estimated cost of cybercrime to Australia in 2021 was $42 billion.  ASIC encourages organisations to cultivate a culture of cyber awareness and provides resources on its cyber resilience webpage for enhancing cyber security and resilience.

ASIC Oversees More Than $17.4 Million in Compensation to Retail Investors by OTC Derivative Issuers

ASIC has overseen compensation payments exceeding $17.4 million to over 2,000 retail clients affected by financial services law breaches in the OTC derivatives sector. 

The compensation includes $4.3 million provided to 1,500 clients of seven product issuers for exceeding leverage limits in contracts for difference (CFDs) and approximately $13.1 million to 523 clients of Binance (related to client misclassification and other issues). The affected CFD issuers, including Capital Com Australia Pty Ltd and IG Australia, self-reported breaches and initiated remediation programs. 

ASIC's review resulted in additional compensation of over $2.8 million due to behavioural assumptions and unaddressed fees. Binance compensated clients misclassified as wholesale, totalling over $13 million. The misclassification by Binance deprived clients of consumer protections, leading to compensation for net trading losses and fees.

ASIC Deputy Chair Sarah Court emphasised the importance of protecting retail clients dealing with complex OTC derivatives, highlighting the role of regulatory measures like the CFD product intervention order. 

Background information on CFDs, ASIC's previous reviews, and the extended CFD product intervention order until May 2027 is available on the ASIC website.

ASIC Releases New Alert List Highlighting Suspicious Investment Opportunities

ASIC has enhanced its scam prevention tools by introducing a new investor alert list to assist consumers in identifying potential fraudulent or unlicensed entities when considering investments. 

This list, replacing the previous "Companies you should not deal with" list, includes both domestic and international entities that ASIC is concerned may operate without proper licensing or authorisation. It also covers "impostor" entities engaged in impersonation scams. The investor alert list currently features 52 unlicensed entities and 25 websites impersonating legitimate ones.

Deputy Chair Sarah Court emphasised the serious financial and non-financial harm caused by unlicensed and imposter investment opportunities, eroding consumer trust. The updated investor checklist provides essential information for consumers before making investment decisions. While the list is not exhaustive, ASIC encourages industry and consumers to report suspicious investment websites to Scamwatch.

As part of the Alert Investor campaign, ASIC plans to publish articles to guide consumers in making informed investment decisions. The release of the investor alert list aligns with the National Anti-Scam Centre's efforts, led by ASIC and the ACCC, to combat investment scams. ASIC's initiative is part of the government's Fighting Scams initiative, supporting the National Anti-Scam Centre's broader mission to coordinate government and private sector initiatives against scams. 

For additional resources and information on combating scams, consumers can visit scamwatch.gov.au and the National Anti-Scam Centre.

ASIC Proposes to Temporarily Extend Relief from Disclosure and Reporting Consistency Obligations for Super Trustees

ASIC is proposing to extend the exemption provided by ASIC Class Order [CO 14/541] for a period of two years until January 1, 2026. 

This extension would maintain relief for RSE licensees (superannuation trustees) from complying with disclosure obligations under subsection 29QC(1) of the Superannuation Industry (Supervision) Act 1993 (SIS Act). 

The exemption aligns the calculation of information given to the public with reporting to APRA under an APRA reporting standard. Industry feedback on the effectiveness and efficiency of the instrument, as well as any suggested amendments, is invited until 4 December 2023, and can be submitted to Super.Enquiries@asic.gov.au.

Feedback may be provided anonymously, but ASIC won't be able to contact anonymous contributors for further discussion. It's important to note that ASIC will not treat feedback as confidential unless explicitly requested. 

The exemption, initially granted in 2013, addresses uncertainties in meeting disclosure requirements tied to APRA's reporting standards, particularly amid evolving standards in APRA's superannuation data transformation project.

ASIC deems the exemption integral to the legislative framework and encourages stakeholders to refer to ASIC's privacy policy for information on handling personal data and privacy-related concerns.

ASIC acknowledge ASX’s release of the Portfolio, Program and Project Management Special Report and Audit Report

ASX Limited has released a Special Report, along with an external Audit Report, on its Portfolio, Program, and Project Management Frameworks (PPPM Reports), pertaining to the delivery, implementation, and governance of the recently announced CHESS replacement solution design. 

ASIC will review these reports to determine if further regulatory action is necessary. 

The reports highlight areas that are well-developed and those requiring improvement in ASX's management capabilities. ASIC emphasises the complexity of replacing CHESS and the importance of the appointed solution integrator in enhancing project delivery capabilities. 

ASIC and the Reserve Bank of Australia are closely monitoring the CHESS replacement to ensure compliance with regulatory expectations.

‍

More information can be found here.

‍

The contents of this article do not constitute legal advice and it is not intended to be a substitute for legal advice and should not be relied upon as such.  It is designed and intended as general information in summary form, current at the time of publication, for general informational purposes only.  You should seek legal advice or other professional advice in relation to any particular legal matters you or your organisation may have.