Compliance Radar February 2021

After navigating through an unpredictable and challenging 2020, key compliance trends in financial services began to emerge as the overall approach by regulators continues to move towards digitisation, new technologies and associated procedures.

Regulators will continue to play an important role in promoting RegTech adoption which in 2020 allowed organisations to adapt and continue to deliver their services and products.

In a persistently changing environment, we continue to track and identify relevant updates and bring you our Compliance Radar for February 2021.

Identity theft up 55% according to the ACCC

The ACCC indicated in August 2020 that identity theft was up 55% over COVID with the consumer watchdog’s Scamwatch website receiving 24,000 reports of stolen personal information in 2020, compared to the 15,500 reports over the same time period the previous year.

ASIC published a regulatory resource in 2019 setting out some matters to consider in preventing one-off share sale fraud which LAB Group has previously reported on here. This is particularly important now as the increase in cyber incidents and identity theft, together with tightening insurance conditions, could potentially lead to circumstances that no broker or market participant would want to find themselves in – liable and inadequately insured.

Warranties and indemnities in the Corporations Regulations 2001 (Cth) (Regulations) make it likely that participants on an exchange such as those operated by ASX Ltd or Chi-X Australia Pty Ltd will potentially be liable to the real shareholder if they transfer their shares based on instructions from a fraudster, notwithstanding that they may have followed industry practice and may have been defrauded themselves.

The Stockbrokers and Financial Advisers Association (SAFAA) advises “that as well as implementing the matters set out in the ASIC publication and taking other actions that are prudent to avoid this situation, participants should ensure that if an incident were to occur, their insurance would cover it, even where industry practice has been followed.”

ASIC recommendations for protecting stockbrokers against share sale fraud include the comparison of the geographical location of the IP address used to submit an application with the physical address of the prospective applicant. A Virtual Private Network provides online privacy and anonymity by creating a private network from a public internet connection.

LAB Group’s Application Manager has been enhanced with a new feature to flag if an application is coming from a VPN and we have also partnered with a fraud score provider.

If VPN detection results are available and a VPN is detected, you can take action to confirm the application is authentic before proceeding with your usual account opening processes.

For more information on how to activate this feature, please contact your Customer Success Manager.

Retail OTC derivatives issuers offering financial services overseas

ASIC has reviewed a sample of retail over-the-counter (OTC) derivative licensees practices for onboarding overseas-based clients with the attention being on licensees’ controls.

The focus was to ensure that customers were not onboarded from jurisdictions where the issuer may not be authorised to provide the products.

ASIC observed some of the better controls included:

• Blocking IP addresses
• Limiting the range of jurisdictions available through onboarding systems
• Requiring a proof-of-residence check for each application
• Closing deposit and payment gateways for residents of certain jurisdictions

Some licensees rely on website disclaimers and manual checks, which ASIC considers to be less effective controls.

For more information refer to the ASIC Market Integrity Update – December 2020.

For assistance implementing any of the above contact LAB’s Customer Success team.

Public release of Digital ID on myGov

The Digital Transformation Agency (DTA) is leading the federal government’s digital identity scheme in an effort to provide identity verification across a range of government and private sector services through a federated model.

Along with the DTA, a number of departments are involved with the program, including the Australian Tax Office, which developed the government’s own digital identity service, myGovID.

Australian myGov account holders can log into their online services portal using the federal government’s myGovID digital identity offering with the functionality being described as a “major breakthrough” by the DTA.

The government also revealed plans last year to charge companies and state governments to become part of the scheme and offer their own digital identity services, with the DTA listing a number of opportunities on its Digital Marketplace.

View the DTA Roadmap here.

For more information on myGovID visit the website.

AML/KYC legislation proposed amendments

AUSTRAC has released proposed amendments to the Anti-Money Laundering and Counter-Terrorism Financing Rules for public consultation.

Key proposed changes include:

• Chapter 3 – Correspondent banking: Requiring banks to conduct due diligence before entering into any correspondent banking relationships
• Chapter 6 – Customer identification and verification: Clarifying the requirement to complete the Applicable Customer Identification Procedure (ACIP) before providing a designated service
• Chapter 7 – Reliance on customer identification carried out by another reporting entity: Expanding the circumstances in which a reporting entity may rely on Applicable Customer Identification Procedure (ACIP) or other identification procedure undertaken by another person

Consultations close on 11 March 2021.

For more information on the amendments visit AUSTRAC.

ASIC product intervention order strengthens CFD protections 

ASIC has passed a product intervention order where it has enforced terms on the issuance plus the allocation of CFDs to retail customers.

This order imposes conditions on the issue and distribution of CFDs to retail clients. The new rules will come into effect as of the end of March 2021.

This order strengthens consumer protections by reducing CDF leverage available to retail clients and by targeting CFD product features and sales practices that amplify retail clients’ CFD losses. It also brings Australian practice into line with protections in force in comparable markets elsewhere.

From 29 March 2021, ASIC’s product intervention order will:

• Restrict CFD leverage offered to retail clients to maximum ratios
• Standardise CFD issuers’ margin close-out arrangements that act as a circuit breaker to close-out one or more a retail client’s CFD positions before all or most of the client’s investment is lost
• Protect against negative account balances by limiting a retail client’s CFD losses to the funds in their CFD trading account
• Prohibit giving or offering certain inducements to retail clients (for example, offering trading credits and rebates or ‘free’ gifts like iPads)

The order will remain in force for 18 months, after which it may be extended or made permanent. Civil and criminal penalties apply to contraventions of the product intervention order.

Open Banking and CDR update

The commissioner at the Australian Competition and Consumer Commission (ACCC) in charge of open banking has encouraged more banks to apply to become data recipients to take advantage of the data-sharing regime.

Reportedly there were only six accredited data recipients under the government’s consumer data right, a core policy to foster more competition in banking, in November 2020.

Of the six accredited parties, the only bank accredited is Regional Australia Bank (RAB) but the ACCC is assessing applications from 40 parties who are currently working through the accreditation process, while further numbers are engaged with the regulator and interested in potential involvement.

The ACCC has also made some important amendments to the Consumer Data Right Rules which expand the types of consumers who can use the CDR to include more business customers.  From 1 November 2021, the major banks will enable these customers to share their data with accredited data recipients when shopping around for better services.

The amendments do not include rules about tiers of accreditation, the disclosure of ‘insights’ derived from CDR data to any non-accredited person, or the sharing of data with trusted advisors.

The rule-making function will transfer from the ACCC to the Minister on 28 February 2021. The ACCC is working closely with the Treasury on these rules as part of the transfer of the CDR rule-making function moving from the ACCC to Treasury and the Minister.

Click here to view the ACCC press release on CDR Rule Amendments.

The government has commenced its long-awaited review of the Privacy Act 

The Government has commenced its review of the Privacy Act 1988 (Cth) (Privacy Act), a key part of the Government’s response to the ACCC’s Digital Platforms Inquiry.

The Government has focused on, amongst other things, potentially including stricter requirements for when and how consent is obtained, an updated definition of ‘personal information’ to include technical data and online identifiers, additional protections concerning de-identified information, and enhancement of the OAIC’s enforcement powers and further rights for individuals.

In the DPI Final Report, the ACCC recommended expanding the definition of personal information to include technical data such as IP addresses, location data, device identifiers, and any other online identifiers. The Government supported this recommendation in principle.

While the proposed formulation is seemingly similar to the GDPR definition of personal information, the final wording of any change to the definition will be critical, as it currently also appears to assume these named categories of data (such as IP addresses) do in fact ‘identify an individual’.

For more information visit the Australian Government Website.

ASIC releases Regulatory Guide 274 Design and Distribution Obligations

On 11 December 2020, ASIC released its guidance (Regulatory Guide 274 – Product design and distribution obligations) on the new product design and distribution obligations, following industry consultation.

The design and distribution obligations are intended to help consumers obtain appropriate financial products by requiring issuers and distributors to have a consumer-centric approach to the design and distribution of products.

In particular:

• Issuers must design financial products that are likely to be consistent with the likely objectives, financial situation, and needs of the consumers for whom they are intended
• Issuers and distributors must take ‘reasonable steps’ that are reasonably likely to result in financial products reaching consumers in the target market defined by the issuer
• Issuers must monitor consumer outcomes and review products to ensure that consumers are receiving products that are likely to be consistent with their likely objectives, financial situation, and needs

The coverage is quite broad with the obligations applying to most financial products regulated under the Corporations Act, including securities and interests requiring disclosure (i.e. prospectus or product disclosure statement).

To discuss customer-centric digital acquisition and customer onboarding services contact LAB Group Customer Success by emailing customersuccess@labgroup.com.au.