feedSubscribe to our news feeds
Langes Sites

Australian Regulatory Compliance Review
Australian Technology and IP Business
Credit Union and Mutual Law
National Consumer Credit Reform
Longview Business Insights
Australian Private Health Insurers
Mutuals Resource Centre

 Resources

Commonwealth legislation
Corporate Governance
Not-for-Profit links
Regulator Links

March 11, 2010

Superannuation borrowing changes

The Minister for Financial Services, Superannuation and Corporate Law, Chris Bowen MP, has announced that the Government proposes to amend the Corporations Regulations 2001 to provide that certain borrowing arrangements by superannuation fund trustees permitted by the Superannuation Industry (Supervision) Act 1993 (the SIS Act) are financial products under the Corporations Act 2001.

Only licensed financial services providers will be able to offer these arrangements to superannuation funds.

The Regulations would come into effect three months after being made.

The Minister also announced that the Government proposes to amend the tax law so that a superannuation trustee who enters into a limited recourse borrowing arrangement to purchase an asset, as permitted under subsection 67(4A) of the SIS Act, will be treated as the owner of the asset for income tax purposes.

Treasury has released a discussion paper outlining proposals to amend the income tax treatment of ‘traditional instalment warrants’ and limited recourse borrowings of complying superannuation funds.

Posted 11th March 2010 by David Jacobson in Financial Services, Superannuation

March 9, 2010

AML amendments

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 has been amended by the Crimes Legislation Amendment (Serious and Organised Crime) Act 2010.

  • Section 10 and the designated services at items 31 and 32 of Table 1 in subsection 6(2) of the AML/CTF Act have been amended to capture arrangements where a non-financier receives an instruction from a transferor entity for the transfer of money or property or arranges for money or property to be made available to an ultimate transferee entity.
  • Amendments to the definition of stored value card and the designated services set out in items 21, 22, 23 and 24 of Table 1 in section 6(2) of the AML/CTF Act clarify that stored value cards include cards that do not store the monetary value on the card itself. The amendment to the definition distinguishes stored value cards from debit or credit cards.
  • The amendment to subsection 123(3) (the “tipping  off” section) prohibits a reporting entity from disclosing information relating to a request for further information under subsection 49(1).
  • The amendment to subsection 59(1) clarifies that a person who is required to provide a report about a movement of a bearer negotiable instrument (BNI) into or out of Australia, must do so ‘immediately’.

Entities are required to comply with these amendments from 20 February 2010.

Posted 9th March 2010 by David Jacobson in Anti-money laundering

March 7, 2010

Government responds to unconscionable conduct and franchising report

The Government has announced it will amend the Trade Practices Act to clarify the unconscionable conduct provisions of the Trade Practices Act.

The changes are in response to an expert panel report entitled Strengthening statutory unconscionable conduct and the Franchising Code of Conduct.

The report recommended that the Government should consider harmonising or unifying sections 51AB and 51AC of the Trade Practices Act and include interpretative principles, as an aid to interpretation of the provisions, to assist the courts in interpreting the provisions, stakeholders in understanding them and regulators in enforcing them.

Increased new penalties for contravention of the statutory unconscionable conduct provisions (up to $1.1 million for companies and $220,000 for individuals) are in the Australian Consumer Law Bill which is currently before Parliament.

The report also considered whether the Franchising Code of Conduct should be amended to deal with certain franchisor practices, including unilateral variations by franchisors, requirements for capital expenditure, consent to business sales and confidentiality requirements.

The report recommended that a short, simple, ‘Plain English’ document should be developed, to be provided to prospective franchisees before they are psychologically, financially and legally committed to entering a franchise agreement. This short document would be a ready reference to the nature of the franchise relationship.

The report also suggested the provisions of the TPA may provide remedies where appropriate, for example, where unilateral variations of franchise agreements by franchisors constitutes unconscionable conduct.

Posted 7th March 2010 by admin in Financial Services, Trade Practices

APRA prudential standards for life insurers

The Australian Prudential Regulation Authority (APRA) has released final prudential standards on enhancements to the prudential framework for life insurance companies.

Legislation was passed in 2009 that gave APRA power to regulate non-operating holding companies (NOHCs) of life insurance companies, including the power to determine prudential standards for life NOHCs. APRA will apply to these NOHCs the same governance and fit and proper standards that currently apply to NOHCs of authorised deposit-taking institutions (ADIs) and general insurers.

APRA has also made some limited amendments to the audit and actuarial requirements for life companies to align them more closely with those for ADIs and general insurers.

The package consists of the following revised prudential standards:

Prudential Standard LPS 510 Governance (LPS 510);
Prudential Standard LPS 520 Fit and Proper (LPS 520);
Prudential Standard LPS 310 Audit and Related Matters (LPS 310); and
Prudential Standard LPS 320 Actuarial and Related Matters (LPS 320).

The four revised prudential standards will take effect from 1 July 2010.

Posted 7th March 2010 by David Jacobson in Insurance

March 5, 2010

Privacy and data breaches

This article by me was first published in Retail Banking Review here.

Last year’s Heartland Payment Systems’ spectacular data breach stemmed from errors that allowed hackers to break into the payment processor’s networks and steal data on approximately 130 million credit and debit cards over several months.

But most data breaches do not involve sophisticated hackers. They usually result from not following simple procedures.

In 2009, the UK Financial Services Authority (FSA) fined three HSBC firms over £3 million for not having adequate systems and controls in place to protect their customers’ confidential details from being lost or stolen. These failings contributed to customer data being lost in the post on two occasions.

During its investigation into the firms’ data security systems and controls, the FSA found that large amounts of unencrypted customer details had been sent via post or courier to third parties. Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen. In addition, staff were not given sufficient training on how to identify and manage risks like identity theft.

In April 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers.

In February 2008 HSBC Life lost an unencrypted CD containing the details of 180,000 policy holders in the post. The confidential information on both disks could have helped criminals to steal customers’ identities and commit financial crime.

The firms have taken a number of remedial actions to address the concerns raised, including contacting the customers concerned, improving their staff training and requiring that all electronic data in transit is encrypted.

In the last four years, the FSA has also fined Capita Financial Administrators £300,000; Nationwide £980,000; BNP Paribas Private Bank £350,000; Norwich Union £1,260,000; and Merchant Securities £77,000 for failings relating to data security lapses and fraud.

Why are data breaches a concern?
Any breach of the secure storage of customers’ personal information can result in the release of personal, identifying information of an individual. That personal information may be sufficient to allow an unauthorised person to assume the identity of the victim and use that illicit identity to open, for example, new accounts in the victim’s name.

What is Australia doing?
In Australia, the Privacy Act currently does not require individuals to be notified when their personal information has been compromised or subject to a security breach.

As Australia does not yet have mandatory data breach notification laws we don’t know about breaches other than those that get public notoriety (eg files dumped in bins, stolen laptops or forgotten CD’s.)

The Australian Privacy Commissioner, Karen Curtis, has released a “Guide to Handling Personal Information Security Breaches“. It is a voluntary guide for use by businesses, agencies and non-government organisations in preventing and, if necessary, responding to a data breach.

The Guide includes four key steps to consider when responding to a breach:
Step 1: Contain the breach and do a preliminary assessment
Step 2: Evaluate the risks associated with the breach (risk analysis is on a case-by-case basis: not all breaches necessarily warrant notification).
Step 3: Consider notification
Step 4: Prevent future breaches.

With regard to Step 3, the Guide suggests that individuals affected by a breach should only be notified where a breach creates a real risk of serious harm to the individuals. This is consistent with the recent Australian Law Reform Commission report recommendation.

By requiring notice to persons who may be affected adversely by a breach, data breach notification laws seek to provide such persons with a warning that their personal information has been compromised and an opportunity to take steps to protect themselves against the consequences of identity theft.

The Federal Government will not make a decision on mandatory data breach until the second stage of its response to the ALRC Report (to be considered once the first stages reforms have been progressed). In the meantime the Privacy Commissioner’s voluntary guide should be considered when developing a policy on responding to data breaches.

The cost of notification
The cost of notification does not just include the actual cost involved in notifying every individual affected by a security breach. Notifying customers of a security breach also gives rise to a real potential for market damage to the organisation, including reputational damage, lost customers and lost future profits.

Avoiding breaches
We can learn from an analysis of breaches notified in the USA. Verizon’s 2009 Data Breach Investigations Report concluded:
74% were caused externally, 20% internally;
67% were aided by errors, 22% involved privilege misuse;
69% were discovered by a third party, 87% were considered avoidable through simple controls.

The 5 recommendations were:
• Ensure essential controls are met.
• Have data retention policies: find, track, and assess data.
• Collect and monitor event logs.
• Audit user accounts and credentials.
• Test and review web applications.

Posted 5th March 2010 by David Jacobson in Privacy

March 1, 2010

Draft trustee licensing regulations released

Treasury has released amended draft Regulations and explanatory material for the Corporations Amendment Regulations 2010 and the Australian Securities and Investments Commission Amendment Regulations 2010 in relation to the licensing of trustee corporations pursuant to Schedule 2 of the Corporations Legislation Amendment (Financial Services Modernisation) Act 2009 which received Royal Assent on 6 November 2009.

Posted 1st March 2010 by David Jacobson in Corporations Act, Financial Services

February 28, 2010

ASIC consults on market integrity rules

ASIC has released Consultation Paper 131 Proposed ASIC Market Integrity Rules – ASX and SFE Markets (CP 131) which proposes market integrity rules to apply to trading on ASX and SFE markets, based on the existing rules of these markets, while clarifying the supervisory responsibilities of ASIC and market operators.

The paper contains an outline of a proposed approach to dealing with breaches of the rules, including details of a Markets Disciplinary regime as similar as possible to the current ASX disciplinary tribunal, with penalties consistent with the current approach.

ASIC is seeking feedback on these market integrity rules proposals by 26 March 2010

Posted 28th February 2010 by David Jacobson in Corporations Act

February 25, 2010

Bills update

 The Corporations Amendment (Financial Market Supervision) Bill 2010 and the National Consumer Credit Protection Amendment Bill 2010 were passed by the House of Representatives on 23 February and introduced into the Senate on 24 February.

The Fairer Private Health Insurance Incentives (Medicare Levy Surcharge) Bill 2009 [No. 2] and the Fairer Private Health Insurance Incentives (Medicare Levy Surcharge—Fringe Benefits) Bill 2009 [No. 2]  were defeated by a majority vote in the Senate on 24 February. These bills meet the requirements for a simultaneous dissolution of both houses under s.57 of the Constitution.

Posted 25th February 2010 by David Jacobson in Credit Code 2009, Financial Services, Insurance

Senate committee supports Bankruptcy Amendment Bill

The Senate Legal and Constitutional Affairs Legislation Committee has recommended that the Senate pass the Bankruptcy Legislation Amendment Bill 2009 in its present form.

One of the most contentious issues was the creditor’s petition threshold.

The Report states:

the committee considers it appropriate to increase the existing $2,000 threshold for a creditor’s petition to $10,000. The threshold should recognise significant changes in personal debt levels over the past 14 years, as well as the cost and complexity of bankruptcy proceedings (as compared with other available debt collection methods), and the magnitude of the consequences that bankruptcy has for a debtor. The committee adds that, in this day and age, it would be harsh and punitive to bankrupt an individual on the basis of a debt as low as $2,000. The committee accepts that $10,000 is an amount that appropriately balances the interests of all relevant parties.

Posted 25th February 2010 by David Jacobson in Financial Services

Senate committee supports Do Not Call Register extension

The Senate Environment, Communications, Information Technology and the Arts Committee has recommended that the Do Not Call Register Legislation Amendment Bill 2009 be passed.

The Committee said that “On balance, the committee does not believe that the costs of complying with the bill will be excessive or prohibitive.” It considered that any concerns could be dealt with by ACMA.

Posted 25th February 2010 by David Jacobson in Do Not Call Register, Marketing
Older Posts »