January « 2007 « Australian Regulatory Compliance Review from Langes+ Lawyers

January 17, 2007

Review of EFT Code of Conduct

ASIC has released a consultation paper initiating the public phase of a review of the Electronic Funds Transfer Code of Conduct (EFT Code). The EFT Code is a voluntary industry code of practice covering all forms of consumer electronic payments transactions. ASIC is responsible for administration of the Code, including conducting periodic reviews.

ASIC has invited submissions in response to the consultation paper by Friday, 13 April 2007. ASIC will appoint a stakeholder working group, chaired by ASIC, in early 2007 to review submissions and suggest amendments to the Code.

There will be a further public consultation on a revised draft code once the working group has completed its initial redrafting of the Code.

Key matters to be examined as part of the review include:

* liability issues arising from the growth and growing sophistication of Internet fraud;
* regulation of alternative payment facilities;
* coverage issues, including whether the protections of the Code should extend to small business as well as consumer account holders;
* obligations around mistaken payments;
* administrative arrangements associated with the EFT Code, including compliance monitoring and ASIC’s role as Code administrator; and
* other more specific issues raised by stakeholders in preliminary consultations.

Print This Post

Posted 17th January 2007 by David Jacobson in Financial Services

APRA governance standards amended

The Australian Prudential Regulation Authority (APRA) has released amended versions of its governance prudential standards. The
changes are minor and remove the restriction that prevented Board
committees, other than the Board Audit Committee, from undertaking the
independent objective review of the risk management function required
under the standard. APRA has amended the standard to recognise that it
may be appropriate for other Board committees to perform this review
function.

The provisions that have changed are as follows:

APS 510: Paragraph 33 – addition of the words “unless, with respect to
risk management, there is another Board Committee which carries out
this function”.

GPS 510: Paragraph 32 – addition of the words “unless, with respect to
risk management, there is another Board Committee which carries out
this function”.

LPS 510 – Amendments to paragraphs 30 and 31. These changes have the
same effect as those outlined above, but involve different wording
changes reflecting existing requirements in the Life Insurance Act 1995
with respect to Audit Committees of life companies.

Print This Post

Posted 17th January 2007 by David Jacobson in Corporate Governance

January 11, 2007

AML tool kit (2)

The Criminal Code Act 1995 and the Privacy Act 1988 have been updated to incorporate amendments made by the AML/CTF Acts.

Print This Post

Posted 11th January 2007 by David Jacobson in Anti-money laundering

January 10, 2007

Private Health Insurance

The Private Health Insurance Bill was introduced into Parliament on 7 December 2006. It has been referred to the Senate Community Affairs Committee which is due to report on 26 February 2007.

It is part of a package of Bills which will implement a new regulatory regime for private health insurance. The changes are due to come into effect on 1
April 2007.

The changes include Standard Information Statements about health insurance products.

Print This Post

Posted 10th January 2007 by David Jacobson in Insurance

January 7, 2007

Website compliance, pricing errors and ecommerce update

I have previously commented on how companies such as Dell and Bramleys have responded to website pricing errors.

If you have a business website, doing business on-line requires
compliance with e-business rules as well as the standard laws, even if
you think your site is just a "brochure" or information site.

To assist you, I have modified my report on financial services websites to cover business-to-consumer (B2C) websites generally and am pleased to make it available to readers at no charge. Download the Business website compliance report (pdf). I would appreciate any comments.

January 6, 2007

ASIC extends FSR financial compensation transition

ASIC has announced a new class order [CO 06/1012] extending the transitional compensation arrangements under s912B of the Corporations Act 2001 from 1 January 2007 to until 30 June 2007.

The Government plans to finalise
the compensation regulations during the next six months, including
any further transition period.

Background

Print This Post

Posted 6th January 2007 by David Jacobson in Financial Services

January 4, 2007

How a website mistake can harm your business: Hamleys, Sainsburys, Woolworths

Website compliance continues to be a problem for businesses.

In the lead-up to Christmas in the United Kingdom 3 separate incidents of pricing errors attracted publicity:

An internet voucher design error left Hamleys toyshop facing a retailer’s nightmare – a shortage of toys for sale at Christmas.
Users
of the HotUKDeals website spotted a glitch in a voucher scheme which
allowed customers to claim a cumulative 60% discount if they bought
goods from the Hamleys online store. Within hours of details of the
offer being posted on the internet, thousands of shoppers across the
web had taken advantage of it – selling out most of the company’s
festive supplies for a fraction of the original price. The company admitted that it had fallen foul of the loophole
and promised to honour any orders made as a result of the blunder. (Guardian Unlimited)
A glitch on Woolworths’ website meant that liquid
crystal display (LCD) TVs that normally retail for more than £1,000
were going for just over £100. Woolworths relied on its website terms and conditions to cancel over 1000 orders for the TV’s.(BBC News)
Sainsbury’s closed a loophole that promised clients a large discount on drinks they bought online. It offered discount codes to regular customers – but
some discovered that despite the offer’s rules they could enter
multiple codes, saving £43 on a £60 order.

These types of mistakes are different from planned viral maketing campaigns (even if the campaigns are more successful than hoped for). The question for the business is whether they have website terms which allows them to reject the order at the incorrect price and, even if they do, whether they wish to rely on them. Whilst there can be significant economic cost if the incorrect terms are honoured, there can be significant consumer trust lost if the terms are not honoured.

More: Channel 4 news (via Gaping Void)

Print This Post

Posted 4th January 2007 by David Jacobson in Business Planning

January 3, 2007

AML tool kit

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and the Anti-Money Laundering and Counter-Terrorism Financing (Transitional
Provisions and Consequential Amendments) Act 2006 operate together with other legislation which have now been updated to include AML obligations:

The latter two Acts contain many of the penalty and enforcement provisions behind the AML scheme.

Print This Post

Posted 3rd January 2007 by David Jacobson in Anti-money laundering, Compliance, Financial Services

January 2, 2007

Exclusive dealing

The ACCC has released its final version of a guide to exclusive dealing notifications.

Section 47 Trade Practices Act 1974 prohibits exclusive dealing which involves one business imposing restrictions on another’s freedom to choose with whom, in what or where it deals. In some cases, exclusive dealing is prohibited outright (for example third line forcing); in other cases, only where it substantially lessens competition.

The Guide covers:

what is exclusive dealing conduct;
third line forcing notifications;
other exclusive dealing notifications.

Print This Post

Posted 2nd January 2007 by David Jacobson in Trade Practices

January 1, 2007

Business and customer security

I recently discussed protecting customer data.

Here’s an example of a company not doing that well:

"In the first week of December, a laptop was stolen from an
employee’s car," Boeing spokeswoman Kelly Danaghy said. "That laptop
had files that contained Social Security numbers for about 382,000 past
and present employees, and in most cases it also included a home
address, phone number and date of birth."

This isn’t the first time the theft of a laptop has compromised security for Boeing employees.

In April, the personal information of about 3,600 employees was
compromised when a laptop was taken from a Boeing human resources
employee at an airport. In November 2005, a similar theft put the
personal data of about 161,000 employees in jeopardy. Source: seattlepi.com

But other companies are learning:

Visa has created a new $20 million incentive program under which it will
monetarily reward "acquiring" financial institutions if their members
are fully compliant with Payment Card Industry (PCI) data security standard requirements by Aug. 31, 2007. At the same
time, acquiring banks that fail to ensure compliance by Sept. 30, 2007,
will be assessed fines starting at $5,000 a month for each noncompliant
merchant. The fines increase to $25,000 per month for each noncompliant
merchant after Dec. 31, 2007.

As part of the compliance validation process, merchants will need to
show that they have purged all magnetic stripe data, Card Verification
Value data and PIN data from their point-of-sale (POS) and other systems. Source: Computerworld

Print This Post

Posted 1st January 2007 by David Jacobson in Compliance, Financial Services, Privacy