FSR GPS Podcast Series (Australia)

• Remediation can reduce exposure to potential litigation and enforcement action, whether by the affected consumers or the regulator itself. It’s also increasingly viewed as a key indicator of whether the licensee is complying with its obligation to act efficiently, honestly and fairly under section 912A(1)(a) of the Corporations Act 2001 (Cth).

• Remediation has two core limbs: it involves, firstly, investigating the scope of misconduct or failure and, secondly, where appropriate, returning consumers who’ve suffered loss due to that misconduct or failure as closely as possible to the position they otherwise would have been in.

• One of the commercial objectives in a remediation is to compensate fully for the customer's loss so there is no loss remaining that could be the subject of a class action. If done well, that should minimise, if not eliminate, the prospect of a class action or other litigation arising from the same facts.

• In countries that host the world’s biggest financial markets, there is an increasing determination by regulators to embed and enforce senior executive and director accountability regimes. With some regimes now starting to reach maturity, we expect to see more concrete trends emerge, including from an enforcement perspective.

• Starting with a focus on the banking industry, regulators are moving to expand the scope of these regimes to other industries, such as the insurance and superannuation industries. Depending on how effective these regimes are, we can predict even further expansion to other business critical or high-risk industries.

• In Australia, we expect the “reasonable steps” standard of conduct as well as the breadth of the responsibilities that accountable persons under FAR are required to be across at both an individual and organisational level to become focal points in Australian jurisprudence.

• We recommend directors and senior executives challenge themselves and their peers about how their organisations are identifying emerging issues, what systems their teams are setting up to monitor compliance with these issues, and how they are resourcing those issues.

• Reasonableness is in the eyes of the beholder. While the “reasonable steps” obligation is ostensibly an objective test, it is malleable and the scope of what it requires will be impacted by both the knowledge and circumstances of the licensee.
• Broader implications. The principles explored in this case are relevant to a myriad of other general licensee obligations, such as the obligation to take reasonable steps to ensure representatives comply with financial services law and the obligation in the DDO context to take reasonable steps to ensure retail product distribution is consistent with the relevant TMD.
• Actions speak louder than words. Licensees should consider what tangible evidence they have to evidence adequate monitoring and supervision of its representatives. Perhaps obvious, but in this case something as simple as a training record was proven to be essential. Written policies and procedures are redundant unless carried out in practice.   

Potential implications

• Departure from “limited waiver” as a means of preserving privilege
• Unfamiliar position of blanket waiver despite VDA
• Privilege disputes are, by nature, fact-specific

Further uncertainties:

• Scope to amend ASIC’s voluntary disclosure regime?
• Distinction between strictly legal advice and factual investigation material?
• Factors in assessing unfairness (Is the privilege holder a party? Is the privileged information being deployed against the person challenging privilege?)
• Whether earlier disclosure (i.e. remoteness from formal investigation) could weigh against a finding of waiver?

Position going forward

• Reduced certainty around usual VDA practice
• Likely negative effect on companies sharing privileged materials with ASIC
• Establishing privilege: While the Court accepted that the purpose of a document could “evolve” into a privileged purpose, ideally the purpose should be clearly stated from the outset.
• Potential responses to the judgment:
  • (Parties) Seek leave to appeal (up until Friday 26 April)
  • (ASIC) Issue market guidance
  • (ASIC) Seek legislative change

Key takeaways for companies dealing with ASIC

1. Proceed on the basis that VDAs may be ineffective to insulate against waiver of privilege
2. Seek legal advice prior to entering into any VDA

• Quantum computing is an exciting new technology which could help us solve computing problems in mere hours that would take modern computers or super-computers thousands of years to solve. This potentially has huge application in financial services, including in relation to portfolio optimisation, pricing of financial assets and increasing the power and speed of AI systems. Large financial services institutions have already started to invest in their quantum computing capabilities.

• One of the key risks posed by quantum computers is that a sufficiently powerful quantum computer could break modern forms of encryption which we rely on to securely communicate over the internet. Estimates vary for when quantum computers will become powerful enough to do so. In the meantime, there is an additional risk of ‘hold now and decrypt later’ attacks, where attackers steal encrypted information now which would then be decrypted once a sufficiently powerful quantum computer comes into existence. This can impact a broad range of regulatory and compliance obligations relevant to financial services institutions, including privacy and cyber laws, AFS licence obligations and compliance with various prudential standards.  

• The US National Institute of Science and Technology has been working on a long-term project to develop new ‘quantum-safe’ encryption standards, and aiming to finalise them this year. In the meantime, financial services institutions should be taking steps now to address the potential risks posed by quantum computers, including to take inventories of vulnerable systems and prioritising them for migration once standards are available. 

• On 19 October 2023, ASIC registered the ASIC Corporations and Credit (Amendment) Instrument 2023/589, which provides some welcome relief from the obligation to report significant breaches to ASIC under Chapter 7 of the Corporations Act. Of particular interest is relief from the deemed significance regime for certain breaches of misleading or deceptive conduct.

• The misleading or deceptive conduct relief is more likely to be satisfied in one-off non-scripted interactions with individual customers. Errors in scripted material are more likely to affect more than one person and give rise to repeated reportable situations.

• It is important to note that there will be no need to rely on this relief if the conduct does not actually involve misleading or deceptive conduct.

• A key criteria for this relief is that the relevant breach must not, and must be unlikely to, result in any loss or damage to any person. To address this, we have developed several scenarios where we think this criteria is more likely to be satisfied.