In this Funds Update for 13 December 2024:
- ASIC reissues RG 133: Funds management and custodial services
- ASIC releases report re reportable situations regime
- ASIC publishes CP 381 to update INFO 225 re digital assets
ASIC reissues RG 133: Funds management and custodial services
On 10 December 2024, ASIC reissued RG 133 Funds management and custodial services: Holding assets to introduce new guidance with respect to holding crypto-assets. These changes will impact responsible entities where scheme assets compromise or include crypto-assets and custodians where the crypto-assets are financial products.
The revised RG 133:
- updates references to relevant legislative instruments, including legislative instruments imposing financial requirements (RG 133 was last updated in June 2022); and
- provides ASIC’s guidance on good practices for crypto-assets holders and maintaining robust information security controls and risk management processes.
More information on the update can be found on ASIC’s website here.
Back ^
ASIC releases report re reportable situations regime
On 4 December 2024, ASIC released the findings of a review of the reportable situations regime, having reviewed the compliance arrangements of 14 licensees across different sectors, focusing on licensees with a low amount of reportable situations.
ASIC’s review revealed:
- slow reporting levels from licensees (summarised in the snapshot below), often attributable to delays in identifying and investigating incidents;
- deficiencies in incident management as many licensees had poor practices in identifying, escalating and recording incidents;
- gaps in monitoring ongoing compliance with the reportable situations regime; and
- slow rectification of breaches which has resulted in real impacts on consumers.
ASIC identified several better practices for licensees to consider, including:
- having clear, well-understood and documented processes for identifying incidents and breaches and making adherence to them a priority;
- establishing a simple, broad definition of an incident, written in plain language, and supported by clear guidelines and examples;
- establishing regular training for staff to reinforce regulatory requirements and internal policies and procedures;
- maintaining a workplace culture where staff are encouraged to be vigilant, raise and escalate incidents, and feel comfortable to do that;
- having measures in place to identify, record and escalate incidents and possible breaches from several channels and monitor the effectiveness of these measures including the volume and distribution of incidents across different channels;
- reviewing all customer complaints (interpreted broadly under RG 271) to identify any incidents or breaches and conducting regular ‘root cause analysis’ to reduce the risk of recurring breaches;
- having defined, short timeframes for incident management and escalation and monitor adherence to timeframes;
- maintaining detailed and centralised registers for incidents and breaches and where possible use the reportable situations prescribed form (summarised in Table 8 of Regulatory Guide 78);
- maintaining robust governance and accountability structures around breach reporting obligations supported by reporting to senior management including in relation to root causes and systemic issues; and
- regular reviews or audits of the breach reporting cycle.
For more information regarding ASIC’s review of the reportable situations regime can be found here.
Back ^
ASIC publishes CP 381 to update INFO 225 re digital assets
On 4 December 2024, ASIC released Consultation Paper 381 Updates to INFO 225: Digital assets: Financial products and services (CP 381) with a view to clarify the current law on digital assets and related products.
The key updates that ASIC has proposed for INFO 225 include:
- adding 13 worked examples of how current financial product definitions apply to digital assets and related products;
- adding further discussion on ASIC’s approach to licensing digital asset businesses;
- adding guidance around the consideration of the design and distribution obligations; and
- decreasing the emphasis on initial coin offerings as a method for selling digital assets.
Stakeholders are encouraged to provide feedback on CP 381 by 28 February 2025.
Back ^
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.