Skip to main content

Shifting regulator focus: adapting to the waves of change

In August, ASIC and APRA both released their Corporate Plans outlining their priorities over the next four years. ASIC has a continuing focus on achieving a “fair, strong and efficient financial system for all Australians” and APRA on “protected today, prepared for tomorrow”. The regulators both say they will continue to work towards achieving these outcomes with a supervision-led approach and using their regulatory powers to enforce compliance, whilst also planning for the longer term to address emerging trends and issues more effectively.

The Corporate Plan drivers

The financial results of Australia’s major financial service businesses in the past year demonstrate that the Australian Financial System is nothing if not resilient. However, the challenges which have crossed our paths in the past year cannot be overlooked. From the effect of COVID-19 to the rise in inflation, cost of living and fast rising interest rates, to natural disasters and geopolitical tensions, overall, Australians have been through a lot and the current environment is shaping the regulatory focus.

Together these events have triggered the regulators to revise and reconstruct their economic outlook for the coming years. Thus, the revised Corporate Plans published by both ASIC and APRA are reflective of the economic and external factors which are acting as forces for change.

In addition, the accelerating rate of technological change in financial services is also influencing where the regulators will be expending effort including:

  • New technology focussed financial market entrants, platforms, products, channels and services
  • New forms of digital currencies, wallets, stored value and payment methods
  • The rise in cyber-security issues
  • Emerging data and technologies

Finally, there remains some foundational issues the regulators are focussed on, some a consequence of further law reform and lessons learned from the Financial Services Royal Commission and others reflective of changing standards and expectations of social responsibility impacting the regulatory environment such as:

  • Climate risk and ESG
  • Aging population
  • Vulnerable customers
  • Legislative reforms
  • Protecting consumers from financial volatility
  • Greater consumer demand for transparency

Summary of the key changes

Many of the same themes from ARPA’s 2021-25 Corporate Plan have carried across to the updated 2022-23 plan, primarily around cyber/technological resilience and strengthening governance, risk culture, remuneration and accountability (GCRA). It is unsurprising these are enduring themes. Both the regulators and those they regulate are on a journey particularly in the technology space to transform the way they manage and assess data. In its 2022-26 Corporate Plan, ASIC is looking towards digitally enabled misconduct identification and assessment, and has updated its priorities to include scams and crypto-assets. Similarly, APRA will continue to consult with relevant stakeholders to develop appropriate prudential requirements for crypto-assets activities and stablecoins as previously announced in its risk management expectations and policy roadmap.

Both regulators have a reduced focus on the negative effects of COVID-19. While there is acknowledgement the pandemic impacts still linger, the regulators have responded to emerging trends with new priorities of climate risk/sustainability and retirement strategy. With interest rates rising at their fastest level in a generation there will be increased focus on credit risk and in the event of financial distress and default, the treatment of arrears and vulnerability.

The priorities and shared focus areas

Sustainability and climate change

  • Product disclosure and integrity. Organisations need to remain vigilant of ESG-related disclosures as ASIC has warned that they are targeting greenwashing and will take enforcement action where needed to address misleading marketing and misconduct.
  • Greater transparency. Fund managers must be able to provide support that investment products are ‘true to label’, and can for example, show evidence of the process/measures undertaken to demonstrate the sustainability of their products and that the product name aligns with the underlying assets. Organisations should also avoid making ambiguous statements and using vague terminology.

Improving risk, governance, and accountability with recent regulatory regimes

  • Adaptability. Organisations must be able to shift their priorities in line with the regulators – which has transitioned from driving industry readiness on the new reforms to ensuring the benefits of law reform are realised. This includes uplifting GRC system capabilities and improving the standards of breach reporting to meet the expectations of the regime.
  • Data-driven. Use of data-driven insights from breach reporting regime is crucial to achieving the intended regulatory outcomes and driving efficiencies.
  • Accountability and governance. Continue to uplift individual accountabilities and governance practices in line with the proposed FAR regime, especially as APRA is updating its prudential standards to align with FAR.
  • Risk culture and BFID: Superannuation trustees need to focus on member outcomes as part of ‘everyday risk management’ and consider incorporating risk behaviours and risk architecture from APRA’s Risk Culture Survey. This includes, at a minimum, rectifying inadequate practices over fund expenditure.

Protecting consumers

  • Product governance
    • There will be greater focus by ASIC on how organisations have with the implemented DDO thus far to ensure compliance with the regime and reduced the risk of harm to consumers.
    • APRA will be focussing on removing poor value and poor performing products and implementation of the Retirement Income Covenant
    • We have outlined in more detail our key takeaways on ASIC’s position on product governance, and its planned surveillance and enforcement action in our blog here. 
  • Crypto-assets and scams.
    • Products that fall into the remit of crypto-assets will be closely monitored by the regulators along with their related product disclosure statements for risk of harm to consumers. ASIC previously warned that brokers offering crypto-assets alongside shares and other regulated investment products to retail investors must adequately disclose the different risk profiles of each.
    • Organisations engaging in crypto-asset activities should ensure that existing systems, processes and controls are adequate to address the associated risks.  
    • The scam identification and response strategies of ADIs will be under scrutiny, and accordingly organisations should consider making uplifts in fraud controls and processes.

Driving operational, cyber, and technological resilience

  • Risk Management / Business Continuity
    • Greater focus by regulators on cyber and operational resilience activities means that organisations should start focusing on strengthening operational risk management and ensure there are processes in place to respond to severe business disruptions.
    • Organisations need to continue strengthening processes to actively manage and respond to operational risk events.

Watch this space!

We will continue to provide insights into the challenges organisations face and explore to pragmatically meet regulatory expectations across the priority areas. Contact us if you would like to learn more about our solutions and how we can help you.