Greg Kilminster
Head of Product - Content
ASIC announces key executive appointments
The Australian Securities and Investments Commission (ASIC) has announced two senior appointments to strengthen the regulator’s capabilities in response to a changing financial landscape.
Peter Soros has been appointed as Executive Director of Regulation and Supervision. Soros joins ASIC from the Australian Transaction Reports and Analysis Centre (AUSTRAC), where he has served as Deputy CEO for Regulation. He will begin his new role in November.
Chris Savundra has been appointed as Executive Director of Enforcement and Compliance, effective 28 October. Savundra, currently ASIC’s General Counsel, has a strong litigation background and has been involved in major cases, including ASIC’s “Bank Bill Swap Rate litigation.”
ASIC Chair Joe Longo stated, “We continue to change and evolve so we can ensure ASIC is an ambitious, confident and modern regulator.” He added, “I would like to congratulate Peter and Chris on their appointments. The talent and experience they bring to those roles will be invaluable.”
Longo highlighted these appointments as part of ASIC’s broader transformation, which has included new leadership roles in areas such as data, digital technology, and culture. He also confirmed that a “global search for a new permanent CEO would also commence shortly” following recent secondments.
Click here to read the full RegInsight on CUBE's RegPlatform
APRA calls for stronger foundations to navigate future challenges in insurance
In a speech at the ICA Conference 2024, APRA Executive Board Member Suzanne Smith highlighted the urgent need for the insurance sector to strengthen its core operations and tackle affordability challenges to address rising climate risks and prepare for new regulatory requirements.
Smith outlined how the increased frequency and severity of extreme weather events continue to affect both the insurance industry and consumers, leading to substantial premium hikes and exposing a widening protection gap. "Australians continue to face significant challenges with the affordability and accessibility of insurance," she noted, emphasising that more action is needed to make insurance coverage more accessible amid escalating costs of living.
Smith praised recent efforts by the industry and the government, such as the "Hazard Insurance Partnership," aimed at reducing the burden of rising premiums through collaborative risk mitigation. However, she stressed that broader measures are needed to tackle the long-term risks posed by climate change. "Reducing the protection gap will take time," Smith warned, advocating for continued cooperation across all sectors.
Focus on new standards and operational resilience
Smith outlined key initiatives that insurers must prioritise over the coming year. Among these is the Financial Accountability Regime (FAR), set to commence on 15 March 2025, which is focused on improving governance and enhancing responsibility and accountability across the industry. She explained, "The commencement of the Financial Accountability Regime...is focused on improving governance."
Another critical change is the cross-industry Prudential Standard CPS 230 – Operational Risk, scheduled to take effect in July 2025. This standard seeks to reinforce operational risk management across insurers and other financial institutions. "This includes the consideration of underwriting agencies, claims management services, and insurance brokers as material service providers, that should all have commensurate governance in place," Smith said, urging insurers to ensure that governance frameworks are well aligned with these requirements.
Smith highlighted the need for insurers to focus on underwriting practices, particularly when using third-party agencies. She emphasised the importance of robust governance frameworks, saying, “While authority can be delegated, the ultimate responsibility remains solely with the insurer.” She urged insurers to implement strong controls to manage conflicts of interest and safeguard data, stressing that these elements are essential for risk governance.
Challenges ahead for the sector
Smith also reflected on the scrutiny the insurance industry has faced following reviews into recent natural disasters and the public concern over premium affordability. She warned that the industry must address the findings from these reviews and make improvements to restore consumer trust. "It is now critical for the industry to take these review findings seriously, act on them, and promptly implement necessary improvements," Smith stated, adding that such actions are vital for the stability and credibility of the insurance sector.
Looking forward, Smith urged insurers to build a strong foundation that allows for enhanced customer education and transparency. She suggested that insurers could help policyholders understand the factors influencing premium changes and how mitigation efforts can impact premiums. "When your core insurance business is strong, you can then look at your services...whether it is improving the products you offer, educating consumers, fostering transparency, or providing greater support to policyholders," she said, framing these elements as essential to long-term resilience.
Click here to read the full RegInsight on CUBE's RegPlatform
ESMA urges stronger cybersecurity checks for crypto-asset service providers
The European Securities and Markets Authority (ESMA) has advised the European Commission (EC) to strengthen cybersecurity requirements for crypto-asset service providers as part of its recent review of the Markets in Crypto-Assets (MiCA) regulation. This follows the EC’s proposed amendments to ESMA’s draft technical standards on notifications and authorisations for firms entering the crypto-asset sector.
ESMA, mandated by MiCA to define the specific information requirements for entities intending to provide crypto-asset services, submitted its first draft standards in March 2024. These standards specify data required for both notifications and applications for authorisation. However, on 3 September, the EC responded with revisions, asking ESMA to amend the standards.
In response, ESMA reiterated the importance of mandatory third-party cybersecurity audits at the authorisation stage. While ESMA acknowledged the EC's legal stance, it has expressed concerns that limiting such requirements could compromise security. ESMA has now resubmitted its recommendations and hopes to see its suggestions for enhanced cybersecurity measures integrated into the MiCA framework, emphasising the need for rigorous ICT system checks as crypto-asset service providers enter the market.
The EC will review ESMA’s formal opinion, while the European Parliament and Council have a three-month window to object to any finalised technical standards.
Click here to read the full RegInsight on CUBE's RegPlatform
DFSA operational risk review for money services providers
The Dubai Financial Services Authority (DFSA) has completed a thematic review of Money Services Providers (MSPs) within the Dubai International Financial Centre (DIFC). This review focused on operational risk management in light of the sector’s recent expansion and heightened transaction volumes.
The DFSA initiated this review as part of its 2024 supervisory priorities to evaluate regulatory compliance and pinpoint vulnerabilities within MSPs, particularly those related to online transaction fraud.
Review focus and methodology
The review targeted five key areas of operational risk management for MSPs. These included policies and procedures, strong customer authentication (SCA), exceptions to SCA requirements, fraud detection, and transaction reporting. The DFSA assessed MSPs’ adherence to Chapter 6 of the Prudential – Investment, Insurance Intermediation and Banking Business (PIB) Module of the DFSA Rulebook. This framework requires MSPs to implement measures to identify and mitigate fraud risks, including SCA for digital transactions.
The DFSA gathered information through a desk-based review of MSPs’ documentation and conducted interviews with senior operations and compliance personnel. Following this, it produced a consolidated report outlining both general observations and specific compliance shortcomings, which were addressed directly with the firms concerned.
Key findings and expectations for MSPs
The DFSA noted that while most MSPs provided documentation of operational risk policies, many could not demonstrate these policies had been reviewed or approved by their governing bodies. As per PIB 6.2.2, MSPs must ensure their governing bodies formally approve such policies to maintain adequate oversight and document this process for audit purposes.
In terms of fraud prevention, the DFSA reported gaps in MSPs’ adherence to SCA requirements. Although firms generally understood and applied SCA, there was insufficient documentation detailing the associated security measures and processes, such as those governing authentication failures, account blocking, and user notifications. The DFSA expects MSPs to document these aspects comprehensively to ensure compliance with PIB 6.13.5.
Additionally, MSPs showed varying levels of compliance in developing and implementing technical standards for SCA. Some firms had not fully addressed requirements such as the protection of authentication data and the resilience of authentication codes against forgery. The DFSA has stressed the need for MSPs to address these technical standards in their operational risk policies, with particular emphasis on maintaining the confidentiality and integrity of user credentials.
The review also found discrepancies in MSPs’ fraud detection capabilities. While firms were generally aware of fraud risks, not all had documented transaction monitoring systems or evidence that all relevant risk factors, such as payment patterns and potential malware threats, were considered. The DFSA has urged MSPs to develop robust transaction monitoring frameworks tailored to their specific risk profiles and ensure they are well-documented.
Next steps
The DFSA expects MSPs to reflect on the findings of this review and enhance their risk management frameworks where necessary. Firms should ensure that operational risk policies are formally approved and that compliance with SCA and fraud detection standards is fully documented. Additionally, MSPs must maintain open lines of communication with the DFSA and promptly report any significant events or changes that could impact their regulatory obligations.
Click here to read the full RegInsight on CUBE's RegPlatform
FCA examines premium finance in motor and home insurance as government taskforce targets rising costs
The Financial Conduct Authority (FCA) has launched a comprehensive review of premium finance in the motor and home insurance markets, raising concerns over the fairness of borrowing costs associated with these products. The review aligns with a new government initiative aimed at addressing rising motor insurance premiums across the UK.
Some context
Premium finance enables policyholders to spread the cost of insurance over instalments. However, the FCA has flagged potential issues with the value offered by these products, which carry annual borrowing rates between 20% and 30%. The regulator is concerned that such high rates may be contributing to financial hardship, especially since 79% of adults in financial difficulty have reported using premium finance to manage their insurance payments.
The review will explore whether premium finance provides fair value, assess customer awareness of financing options, and examine factors such as commission structures that could hinder competition in this market.
Key takeaways
- Focus on fair value: The FCA aims to ensure that premium finance products offer fair value and competitive terms for consumers. With more than 20 million users of premium finance, the FCA’s investigation will consider how well these products meet the needs of consumers and identify any barriers to effective competition.
- New government taskforce: The government’s motor insurance taskforce, which includes the FCA, will examine factors driving up motor insurance costs. The taskforce will investigate claims handling processes, rising claims costs, and the impact on various demographics, including younger and older drivers and those from lower-income backgrounds.
- Ongoing concerns: This latest move follows the FCA’s April 2024 guidance urging insurance providers to support premium finance customers in financial difficulty. It also builds on past FCA communications about premium finance products carrying high APRs, despite the low credit risk associated with them.
Next steps
The FCA plans to publish an interim report on the premium finance market study by mid-2025. This report will outline preliminary findings and propose subsequent actions to address identified issues. As the government taskforce begins its work, further measures may also be introduced to help stabilise or reduce motor insurance premiums while ensuring adequate coverage for consumers.
Click here to read the full release