Greg Kilminster
Head of Product - Content
ASIC launches 2025 enforcement priorities
The Australian Securities and Investments Commission (ASIC) has unveiled its enforcement priorities for 2025, placing a particular emphasis on shielding consumers from financial harm as cost-of-living pressures continue to test households. ASIC Deputy Chair Sarah Court outlined the agency’s commitment to targeting business models and financial practices that exploit consumers, with a particular focus on deceptive property investment schemes, unlawful debt collection practices, and superannuation misconduct. A renewed focus on market integrity includes the launch of a dedicated team to combat insider trading.
Some context
In recent years, ASIC has expanded its enforcement activities, reflecting its mission to create “a fair, strong and efficient financial system for all Australians.” According to Deputy Chair Court, ASIC’s ambitious approach is to “use our full suite of regulatory tools – and take criminal, civil and regulatory action – to promote compliance and accountability, and to enforce the law.” In 2024 alone, ASIC increased its formal investigations and initiated more court proceedings than the previous year, with enforcement actions resulting in AUS$90 million in court-ordered penalties. These actions included major wins in greenwashing, crypto, predatory lending, high-cost credit, and insider trading cases.
Key takeaways
- Focus on consumer protection: With cost-of-living pressures top of mind, ASIC will focus on misconduct that targets financially vulnerable Australians. Deputy Chair Court explained, “We will focus on business models that are designed to avoid consumer credit protections, and we will take action against those engaging in unlawful debt management and collection.” ASIC will also address schemes that exploit superannuation savings, especially property investment scams designed to mislead or defraud consumers.
- Strengthening market integrity: In line with its market oversight role, ASIC has launched a dedicated unit to monitor and prosecute insider trading more aggressively. “We will continue to fiercely uphold the integrity of our financial markets,” Court said, adding that this focus will also encompass areas such as continuous disclosure breaches and market manipulation.
- Tackling high-risk and misleading practices: ASIC’s efforts in combating greenwashing, crypto scams, and high-cost lending will intensify in 2025. The agency also plans to focus on misleading environmental claims, protecting consumers from businesses using greenwashing as a tactic to misrepresent products as sustainable.
- Cybersecurity and auditor misconduct: Emerging priorities for 2025 include ensuring that licensees have adequate cybersecurity protections in place, an area of concern as cyber threats to the financial sector grow. Auditor misconduct is also in the spotlight, as ASIC seeks to uphold rigorous standards in financial reporting and transparency.
- Enduring priorities: Alongside these 2025 priorities, ASIC will maintain its focus on systemic risks, such as misconduct affecting First Nations people, large financial institutions’ compliance failures, and misconduct involving a high potential for consumer harm. “Our enforcement priorities reflect the increased risks consumers are facing,” said Court, as ASIC continues to adapt its focus to address evolving economic pressures and risks in the financial landscape.
ASIC’s enforcement approach for 2025 underscores its ongoing commitment to protecting consumers and reinforcing the stability of Australia’s financial markets. With a proactive agenda and significant resources directed towards high-risk areas, ASIC aims to send a clear signal to the industry: compliance is non-negotiable, and the costs of non-compliance are rising.
Click here to read the full RegInsight on CUBE's RegPlatform.
ECB highlights critical areas for improvement in banks' resilience
The European Central Bank (ECB) has issued a fresh warning to banks on the urgent need to strengthen their IT and cybersecurity frameworks. Amid an increasingly sophisticated threat landscape, the ECB’s Banking Supervision division emphasises in a newsletter article that banks must bolster their resilience against evolving cyber threats and IT risks. While many institutions have made progress, fundamental gaps persist across a range of critical cybersecurity controls, leaving some banks vulnerable to escalating cyber risks.
Some context
The ECB has been scrutinising banks’ IT risk management through on-site inspections and regular IT risk reports. In recent years, as digital transformation accelerates, banks have faced rising cyber threats from bad actors targeting weaknesses in both direct and third-party ICT systems. The ECB’s latest guidance highlights banks' reliance on outsourcing for key IT functions and the related risks that arise when these providers are not sufficiently managed. The upcoming Digital Operational Resilience Act (DORA), set to come into force in January 2025, is expected to address this by placing accountability for cyber resilience directly with bank boards, pushing for stronger oversight of outsourced IT arrangements.
Key takeaways
- Rising cyber threats and ransomware risks: Cybersecurity incidents, especially ransomware attacks, have surged, underlining the importance of robust defences. Threats targeting third-party service providers present additional risks, as breaches in one organisation can ripple across interconnected systems, potentially compromising sensitive banking data across multiple banks.
- Gaps in cybersecurity practices: ECB findings point to inadequacies in basic cybersecurity controls at some banks, including network segmentation, vulnerability management, and identity and access management. Improved security testing, detection, and response capabilities are essential, as is enhanced resilience to withstand cyber disruptions.
- IT outsourcing risks: The banking sector's reliance on third-party ICT providers has grown, increasing exposure to concentration risk and potential disruptions. DORA mandates banks' boards to implement thorough management and oversight of outsourced arrangements, encompassing pre-outsourcing due diligence, ongoing service monitoring, and effective exit strategies.
- Challenges in IT change management: As banks’ IT systems expand, so too does the scale and complexity of their projects. Managing IT changes effectively is crucial, as poorly managed updates and expansions are a leading cause of critical system downtime, affecting core banking services and customer access.
- Strengthening IT availability and crisis management: ECB supervision highlights banks' need to address IT availability risks through regular testing and aligned incident management processes. Key areas for improvement include comprehensive business continuity plans, recovery testing, and crisis communication strategies to ensure readiness for unforeseen IT disruptions.
- Data quality and IT governance: Data quality management remains one of the sector's weakest areas, despite guidelines from the Basel Committee advocating for effective risk data aggregation. ECB supervision notes persistent weaknesses in IT asset management and risk management frameworks, both essential for effective oversight and decision-making.
Next steps
The ECB will continue its supervision of IT and cybersecurity risks through ongoing inspections and targeted reviews, especially in areas related to DORA compliance. Banks are encouraged to address the identified gaps proactively to meet these emerging regulatory requirements and to secure their resilience against escalating cyber threats. Improved cybersecurity and risk management practices, including robust governance and comprehensive incident management, will be vital for ensuring the long-term integrity and stability of Europe’s banking sector.
Click here to read the full RegInsight on CUBE's RegPlatform.
Australian consultation opens on beneficial ownership reforms
The Australian government has initiated a consultation on draft amendments to the Corporations Act 2001, aiming to enhance transparency over the beneficial ownership of companies. The reforms focus on ensuring clarity on who holds actual ownership or control of entities listed on Australia’s financial markets. This move seeks to close gaps in existing regulations and address the growing risks associated with opaque financial holdings, particularly those used to conceal interests or facilitate financial crime.
Some context
This reform aligns with the Albanese government’s election promise to implement a public beneficial ownership register, a tool increasingly viewed as essential in modern financial oversight. Currently, complex legal structures can allow sophisticated investors to hide their true stakes in major companies, creating significant transparency issues for regulators and company directors alike. The new amendments are part of a broader, staged approach intended to apply first to listed companies and, in time, to expand regulatory scrutiny.
The reforms also respond to heightened concerns about financial crime, such as tax evasion and money laundering, which are often carried out using layered ownership structures that obscure the true beneficiaries of business operations. In particular, the Australian Securities and Investments Commission (ASIC) will gain additional enforcement powers, allowing it to freeze suspect holdings more effectively, a measure intended to prevent the misuse of Australian entities by foreign and domestic actors seeking to evade legal or tax obligations.
Key takeaways
- Increased disclosure requirements: The proposed amendments would require more comprehensive disclosure of beneficial ownership, effectively reducing the opportunity for investors to use intricate financial products or offshore holdings to mask their control of listed entities.
- Enhanced regulatory powers for ASIC: ASIC’s investigative and enforcement authority would be expanded, enabling it to intervene more swiftly where holdings appear intentionally opaque or potentially connected to financial crime.
- Support for directors and investors: The reforms aim to give company directors and shareholders greater insight into ownership stakes, empowering them to safeguard their own interests and ensure corporate governance aligns with shareholder rights.
- Public beneficial ownership register: Central to the reform is the establishment of a publicly accessible register that will provide transparency into who ultimately owns or profits from companies operating within Australia. This tool is expected to support regulators and law enforcement in countering financial crime by making ownership information more accessible.
Next steps
The consultation on the draft legislation is open until 13 December 2024. Stakeholder feedback will inform the final shape of the amendments to the Corporations Act 2001 and contribute to the overall goal of a more transparent and accountable market environment in Australia.
Click here to read the full RegInsight on CUBE's RegPlatform.
ASIC chair advocates for regulatory simplification
In a speech at the ASIC Annual Forum, ASIC Chair Joe Longo called for a simplification of Australia’s complex regulatory landscape, arguing that “effective regulation makes society better, it should not be an anchor holding us back.” As Australia faces an era of rapid change and innovation, Longo warned that excessive complexity in legislation and regulatory frameworks may undermine protections for consumers, investors, and businesses. He announced ASIC’s commitment to addressing this through a newly convened Simplification Consultative Group, intended to engage stakeholders in reshaping ASIC’s regulatory approach.
The cost of complexity
Longo outlined the rising complexity of Australia’s regulatory landscape, noting that successive reforms have resulted in a "dizzying web of connections, references, and definitions" that can be challenging to navigate for consumers, businesses, and even legal professionals. Highlighting research from the Australian Law Reform Commission (ALRC), he stated that “Corporations and financial services legislation has become unnecessarily complex,” with resulting costs affecting entities across the financial sector. Longo cited the ALRC’s description of Australia’s corporate law as a "labyrinthine" framework, which he said creates "burdens for business and restricts access to justice."
The problem is not unique to financial services but has grown across Commonwealth legislation over decades, Longo said. He pointed to the growth in new legislation, from an annual average of 17 bills in 1901 to between 150 and 200 bills today, as a key factor contributing to what he described as “legislative porridge.” He warned that “if we continue on the path we’re on, we will undermine how effectively consumers and investors can exercise their rights.”
Streamlining for enforceability
According to Longo, ASIC's enforcement activities highlight the value of clear and straightforward regulation. He said, “Simplicity means enforceability,” noting that effective legislation should be understandable to ensure that consumers can identify and protect their rights, and that businesses can efficiently meet compliance obligations. A lack of clarity, he added, risks fostering a chilling effect on productivity and innovation.
In support of this, he referenced the challenges encountered with Australia’s recent reportable situations regime, an initiative designed to improve financial services compliance but requiring “pages of guidance” to clarify industry obligations. Longo described the regime as an example of how complexity "is affecting how we translate its intent to get the full benefit."
A renewed call for national dialogue
With rising demands from consumers and ongoing technological advances, Longo argued that Australia’s regulatory model must be reassessed. "It’s time for a renewed national discussion about regulatory complexity," he said, pointing to the urgent need for a streamlined system to address emerging risks from areas such as artificial intelligence, crypto assets, and climate disclosure obligations. He highlighted ASIC's commitment to the Government’s Regulatory Initiatives Grid, which aims to provide regulatory clarity and prioritisation.
ASIC will also focus on driving policy simplification through the newly established Simplification Consultative Group. This body, comprising representatives from consumer advocacy, business, and industry groups, will focus on assessing how ASIC can streamline its administration of the law. “We want to engage with the ideas,” Longo said, inviting stakeholders to provide feedback that will aid in “establishing the key priorities that we can help address.”
Longo emphasised that the regulatory burden should not escalate simply by adding more oversight. Instead, he argued that “more bureaucracy is not the answer,” calling for a focused, principles-based approach that enables those affected to "understand how the law applies to them."
Looking forward
The simplification group is part of a broader movement by ASIC to address regulatory efficiency, building on initiatives already implemented, such as a timetable for regulatory developments and increased engagement with stakeholders. Although he acknowledged that the issues surrounding regulatory complexity are deep-rooted, Longo expressed confidence that the consultative approach would help inform a clearer path forward.
Reflecting on ASIC’s own experience, Longo maintained that the agency is well-positioned to lead this reform, given its long-standing role in implementing regulations and engaging with the full breadth of Australia’s financial services landscape. As ASIC takes steps to simplify compliance and improve transparency, Longo concluded that “we owe it to generations to come,” reiterating that regulatory simplicity benefits both enforcement and public trust in the system.
Click here to read the full RegInsight on CUBE's RegPlatform.
OCC confirms new appointments for large bank supervision
The Office of the Comptroller of the Currency (OCC) has announced the promotion of Robert Barnes and Kevin Greenfield to Deputy Comptrollers for Large Bank Supervision (LBS).
The appointments come as the OCC seeks to strengthen its oversight of the nation’s largest banks. Both Barnes and Greenfield are seasoned banking professionals with extensive experience in various aspects of bank supervision.
Barnes, a veteran National Bank Examiner with 30 years of experience, has supervised banks of all sizes, including those with significant international operations. He is currently the Examiner-in-Charge of Bank of America and has a deep understanding of complex commercial credit risk and risk management practices.
Greenfield, who has served as the Acting Deputy Comptroller for LBS since August 2024, brings a wealth of experience in operational risk, information technology, and cybersecurity. He has held key positions at the OCC, including Director for Bank Information Technology Policy and Deputy Comptroller for Operational Risk Policy.
Click here to read the full RegInsight on CUBE's RegPlatform.
FCA publishes motor finance conference call transcript
In a conference call on Wednesday, FCA Chief Executive Nikhil Rathi addressed analysts regarding the regulator’s approach to recent motor finance rulings, and the FCA’s intention to publish a consultation paper. This follows the 25 October Court of Appeal decision, commonly referred to as the "Johnson Judgment," which favoured consumers in cases concerning non-discretionary commission complaints in motor finance.
Rathi emphasised that the FCA will request that the Supreme Court expedite its decision on whether it will hear appeals from the lenders involved. If granted, the FCA will consider intervening to support the Court’s deliberation. In the meantime, motor finance lenders and brokers are expected to comply with the judgment in new business practices and customer complaints.
To address the anticipated increase in complaints following the ruling, the FCA is exploring whether an extension should apply to the response timelines for non-discretionary commission-related complaints. Rathi noted that such an extension would prevent potential inconsistencies, given that a similar extension was granted in 2021 for discretionary commission complaints.
The ruling has led some motor finance firms to temporarily pause new lending while they update compliance processes, with Rathi confirming that the FCA has maintained active discussions with firms to address implementation challenges. However, he clarified that the regulator does not interpret fiduciary duty in motor finance contracts, deferring to court rulings on this matter. He added that the FCA may publish its own guidance to support industry adaptation, though final legal interpretations will remain under judicial purview.
In response to questions, FCA General Counsel Stephen Braviner Roman noted that while the Johnson Judgment is highly fact-specific, the FCA is closely monitoring the broader market implications. Both Rathi and Roman recognised ongoing industry concerns about potential fiduciary duty considerations beyond motor finance, though any broader application of the judgment remains uncertain.
Rathi concluded by reiterating the FCA’s statutory commitment to uphold market integrity and consumer protection while ensuring lawful and fair lending practices, particularly as the sector awaits further judicial clarification.
Click here to read the full RegInsight on CUBE's RegPlatform.
EBA issues first-ever EU standards for compliance with restrictive measures
The European Banking Authority (EBA) has published two sets of final guidelines establishing, for the first time, EU-wide standards on governance, policies, and controls for financial institutions to support compliance with Union and national restrictive measures. The standards are designed to address inconsistencies across the EU that could expose institutions to legal and reputational risks while potentially undermining EU financial stability.
The EBA’s guidelines aim to standardise compliance expectations, highlighting that weaknesses in internal controls can lead to circumvention of restrictive measures. The guidelines are split between general requirements for all financial institutions and targeted measures specific to payment service providers (PSPs) and crypto-asset service providers (CASPs).
Scope and significance
The first set of guidelines applies to all institutions within the EBA’s supervisory remit. It outlines governance and risk management requirements necessary to prevent breaches or circumvention of restrictive measures, reinforcing the need for robust internal controls.
The second set is tailored specifically for PSPs and CASPs, clarifying compliance measures for transfers of funds and crypto-assets under restrictive measures. These specialised guidelines align with Regulation (EU) 2023/1113, which mandates the EBA to guide internal controls for fund transfers in line with EU-wide restrictions.
Background and next steps
These guidelines were issued in response to a July 2021 European Commission legislative package aimed at reforming anti-money laundering (AML) and countering the financing of terrorism (CFT) frameworks. The legislative update included Regulation (EU) 2023/1113, effective from 30 December 2024, which specifically calls for the EBA to set out internal policy and procedure requirements.
Significant disparities in Member States’ approaches to restrictive measures, identified by the EBA, prompted this move. These differences include varying standards in control frameworks and a lack of clear guidance, leading to inconsistent oversight and implementation, according to the EBA's 2023 Opinion. These inconsistencies have led to consumer detriment, legal risks, and operational challenges, impacting institutions’ ability to comply effectively with restrictive measures across borders.
Implementation timeline
Member states’ authorities have two months following the publication of official translations to confirm their compliance with the guidelines. Both sets of guidelines will take effect on 30 December 2025, allowing institutions time to align their internal policies with the new requirements.
This step by the EBA marks a significant shift toward consistent compliance frameworks, aiming to ensure effective implementation of restrictive measures across the EU’s financial system.
Click here to read the full RegInsight on CUBE's RegPlatform.