Australia's current financial services regulatory & compliance landscape is changing rapidly - Clyde & Co's weekly Regulatory Roundup will ensure you are up to date with the most important changes. In each edition, we will set out key developments from the past week for you to consider. 

Subscribe here: ONLINE LINK

1.  Regulators and cyberattacks: the Australian Communications and Media Authority (ACMA) has commenced proceedings against Optus over the data breach in September 2022 that allegedly compromised the personal information of 10 million customers. ACMA alleged Optus breached the Australian Telecommunications (Interception and Access) Act 1979 by failing to protect the confidentiality of personally identifiable information of its customers from unauthorised interference or unauthorised access. Optus is also facing an investigation by the Office of the Australian Information Commission over the cyberattack. Given the crackdown by the regulators on cyberattacks, all companies (particularly those handling personal information) should take extra care to maintain appropriate cyber security controls and cyber resilience to manage its own cyber risks. That is especially so where they hold AFS or prudential licences, which place additional obligations on them which may be triggered during these events.  

2. APRA approves banks use of advanced AI: APRA member Therese McCarthy Hockey has given the nod to banks for the adoption of generative AI technology, having weighed up its potential benefits of reducing costs, improving customer service and increasing shareholder returns. However, the banks choosing to adopt generative AI technology are required to have a strong record of risk management and robust platforms in place. APRA currently does not have plans for any new regulatory requirements for AI and will use its existing policies and supervision procedures to ensure entities have appropriate procedures in place that monitor the use of AI. Per Ms McCarthy Hockey’s speech, “artificial intelligence can be a valuable co-pilot – but it should never be your autopilot”. 

3. DDO - Trademax: ASIC issued two interim stop orders preventing Trademax Australia Limited from opening trading accounts or dealing in contracts for difference (CFDs) or margin FX to retail investors.  Trademax allegedly placed reliance on an inadequate retail investor questionnaire for compliance with its obligations, and had a lack of other controls in its onboarding process. The questionnaire did not sufficiently: a) probe the prospective clients’ financial situation, risk tolerance and investment objectives; b) test the prospective clients’ risk tolerance and technical understanding of CFDs over crypto assets; and, c) had design flaws, including warning messages prompting clients to review their answers, which served to allow prospective clients to submit alternative responses, and permitted retail investors two attempts to pass the questionnaire every 24 hours for an indefinite period.  It also featured tick-box prompting for certain client attributes.  We are seeing more complexity enter the market when it comes to digital assets and licensing authorisations e.g. margin lending, derivatives and market-making, with the corresponding complexity around the surrounding compliance e.g. DDO and operations e.g. treasury management, mark-to-market monitoring, collateralisation and reporting.  It does all take time to get right, and ASIC is looking out for those who do not, so time spent focusing here is time well spent!

4. Greenwashing: a great speech from ASIC Chair Joe Longo on greenwashing, which contextualises enforcement action on greenwashing in existing principles of misleading and deceptive conduct, and notes that ASIC's focus is “…on entities that we consider carelessly give inaccurate or misleading statements”.  Usefully, he outlined the categories of conduct which have given rise to ASIC's intervention to date, including:  a) zero statements and targets, that were either made without a reasonable basis or that were factually incorrect; b) the use of terms such as ‘carbon neutral’, ‘clean’ or ‘green’, that weren’t founded on reasonable grounds; c) overstatement or inconsistent application of sustainability-related investment screens, and 4) inaccurate labelling or vague terms in sustainability-related funds. The same principles apply to any socially related disclosure e.g. diversity metrics. 

International perspective: first US BTC Exchange-Traded-Funds (ETF) started trading in January 2024, and now its sibling Ether looks set for the same treatment after the US SEC approved key regulatory approval filings called 19b-4 filings.  These US funds are not available for trading yet, though it is a very likely scenario in the coming weeks / months.  It follows ETFs being approved, or close to being approved in HK, UK and AU, adding to the current bull run in digital assets markets.