The Australian Securities and
Investments Commission (ASIC) released guidance on 26 June 2024, outlining
its expectations regarding business communications. This was detailed in
Information Sheet 283 and an accompanying press release, indicating the regulator’s
intention to enhance compliance standards.
This signals significant changes in
Australian compliance, with much new information and actions for its community
to address. Below we’ll analyze the ASIC’s instructions and the global events
that have led to this regulatory overhaul.
One prominent trend in 2024 was an
increased level of transparency from regulators on exactly what they expected from
financial organizations. This clarity was welcome in the US, where off-channel
communications had resulted in over $3 billion in penalties since the
investigation unfolded in December 2021. Individual firms had been fined up to
$200 million, and senior professionals had been held accountable and dismissed.
Learning from the US Experience
The ASIC appears to have adopted the
same direct, unambiguous approach with this statement, following the lead of
its global regulatory counterparts. The media release explicitly referred to
(and celebrated) the work of the Securities and
Exchange Commission (SEC) and Commodity Futures
Trading Commission (CFTC) in the United States.
“The risks arising from the widespread
use of personal devices and unapproved communication channels were also
highlighted by recent actions taken by the US Securities and Exchange
Commission and Commodity Futures Trading Commission. These regulators reached
record-breaking settlements with dozens of financial institutions for failures
to maintain and preserve electronic communications.”
Communication Challenges Post-Pandemic
The global reckoning around business
communications can be summarized as a consequence of three interlinked factors:
the COVID-19
pandemic, a surge in remote working, and the proliferation of (and reliance on)
business communications technology.
Distinctive Regulatory Frameworks
In Australia, the same regulations
largely apply, they just have different names. Rather than the Marketing Rule
or FINRA Rule 2210, firms must comply with the Corporations Act
2001 and ASIC’s market integrity rules. The requirements are slightly
different; certainly vaguer and more open to interpretation than the US
regulations mentioned above.
However, both directly stress the importance of
supervising representatives and having the appropriate policies and procedures
in place to prevent and promptly detect ‘misconduct and poor behaviour’.
The @SECGov campaign against off-channel communications rolls on with fines for @CharlesSchwab, @blackstone and other big firms. #wealthmanagement #advisors #financialadvisorshttps://t.co/cACRX74fNe
— Financial Planning (@finplan) January 14, 2025
Addressing Non-Financial Misconduct
The language used here is interesting
and reflects another recent trend in Western regulation. The ASIC is not just
focused on preventing insider trading or fraud, but also ‘other behaviour that
may be prohibited under…a market intermediary’s internal policies.’ This
alludes to non-financial misconduct, and under this approach, a failure to
maintain communications around a breach of internal policy—a human resources
scandal, for example—will attract regulatory scrutiny.
Defining Business Communications
The Information Sheet begins with a
definition of what constitutes a business communication, namely “…any
written, voice or electronic communications used by market intermediaries and
their representatives to carry on their financial services business.”
Emphasizing Voice Communication
This is immediately compelling, with
voice communications (conversations, voice notes) being highlighted as a
requirement. This is stricter than what we have seen from the SEC and CFTC so
far, who have been more focused on text interactions.
Avoiding Platform Prohibition Pitfalls
We are then led to the importance of
supervising representatives. Many US firms have found that prohibiting
platforms to protect compliance has been an unsuccessful strategy, due to
employees violating those policies and using them anyway. This was particularly
frustrating to regulators, who regard broken rules with more contempt than no
rules at all and have continued to penalize such conduct severely.
A Dozen Investment Advisors and Brokerages to pay a COLLECTIVE fine of $63 Million for using encrypted messaging apps to do business
How much did each advisor/firm make on the deals discussed on these apps?
“Affiliates of Blackstone Inc. (BX), KKR & Co. (KKR), Apollo Global… https://t.co/L3BHQzpKaD pic.twitter.com/8BXIuNu6gn
— kristen shaughnessy (@kshaughnessy2) January 14, 2025
Clear Sections on Supervisory
Arrangements
The Information Sheet is then broken
into clear sections: Managing risks from unmonitored business communications,
Supervisory arrangements to monitor business communications, and Reviewing the
effectiveness of supervisory arrangements for business
communications. These three headings perfectly summarize their
contents, with each containing detailed expectations from the ASIC on each
matter.
Case Studies and Hypothetical Scenarios
A case study is shared, covering a
typical ‘bring your own device’ (BYOD) scenario, and how it should be tackled.
Meanwhile, a variety of other hypothetical situations are shared, as well as
extremely detailed sets of questions which intermediaries are encouraged to
periodically review.
Rather than just a list of uninspiring legalese, a great
deal of practical guidance is also provided. This again demonstrates the
direct, practical approach favoured by the ASIC.
Regulatory Pressure and Public
Responsibility
The language used by ASIC Commissioner
Simone Constant in the accompanying press release is precisely calculated.
“Bankers, dealers and market participants have important
roles as gatekeepers to Australia’s financial markets and stewards of market
integrity…With almost every working or retired Australian having a share in
Australian markets, market integrity is a duty owed to every Australian.”
U.S. regulators on Tuesday announced a combined $549 million in penalties against Wall Street firms that failed to maintain electronic records of employee communications.
The firms admitted that from at least 2019, employees used side channels like WhatsApp to discuss company… pic.twitter.com/oTNkzurDec
— Kat Stryker (@KatStryker111) August 9, 2023
Impact on Everyday Australians
The vast majority of Australians have a
share in Australian markets through superannuation, investments, and other
avenues, so the security and integrity of these markets mean more to the
populace. Ms Constant effectively incites these concerns, putting pressure on
financial firms to take their responsibilities seriously.
Adapting to New Compliance Expectations
It is undoubtedly a period of
significant change for Australian firms in the financial sector, and one which
the ASIC is urgently pursuing. While this adaptation may appear daunting, it’s
positive that a compliance precedent has already been set in the United States
around off-channel communications.
The ASIC’s explicit celebration of US settlements and regulatory progress suggests that once the dust
settles, we can probably expect a comparable level of enforcement, as the
conduct being addressed is ultimately very similar.
The Banking Code of Practice was originally designed to safeguard consumers from bad banking practices, however since the first code was issued, there has been a continual watering down of these protections, effectively rendering the code meaningless.
Currently, ASIC is… pic.twitter.com/ImJ790fx3h
— Malcolm Roberts 🇦🇺 (@MRobertsQLD) July 2, 2024
Monitoring Unauthorized Communications
This means that as well as monitoring
the platforms they permit, Australian firms will need to actively look for unauthorized
communications from unsanctioned channels (WhatsApp and iMessage, for example).
This shift has recently occurred in the United States and was outlined in
FINRA’s 2024 Annual Regulatory Oversight Report, where heightened surveillance
was promoted similarly to recent ASIC communications.
Customized Compliance Solutions
That said, the ASIC’s additional
requirements around voice capture show that this is not a case of simply
copying and pasting the US approach to compliance.
This ties in with one of the
common challenges listed in the ASIC press release—reliance on ‘out of the box’
settings of vendor-provided communications surveillance systems. That will not
work here, and the new market will demand systems that are willing and able to
adapt to its specific requirements.
The Australian Securities and
Investments Commission (ASIC) released guidance on 26 June 2024, outlining
its expectations regarding business communications. This was detailed in
Information Sheet 283 and an accompanying press release, indicating the regulator’s
intention to enhance compliance standards.
This signals significant changes in
Australian compliance, with much new information and actions for its community
to address. Below we’ll analyze the ASIC’s instructions and the global events
that have led to this regulatory overhaul.
One prominent trend in 2024 was an
increased level of transparency from regulators on exactly what they expected from
financial organizations. This clarity was welcome in the US, where off-channel
communications had resulted in over $3 billion in penalties since the
investigation unfolded in December 2021. Individual firms had been fined up to
$200 million, and senior professionals had been held accountable and dismissed.
Learning from the US Experience
The ASIC appears to have adopted the
same direct, unambiguous approach with this statement, following the lead of
its global regulatory counterparts. The media release explicitly referred to
(and celebrated) the work of the Securities and
Exchange Commission (SEC) and Commodity Futures
Trading Commission (CFTC) in the United States.
“The risks arising from the widespread
use of personal devices and unapproved communication channels were also
highlighted by recent actions taken by the US Securities and Exchange
Commission and Commodity Futures Trading Commission. These regulators reached
record-breaking settlements with dozens of financial institutions for failures
to maintain and preserve electronic communications.”
Communication Challenges Post-Pandemic
The global reckoning around business
communications can be summarized as a consequence of three interlinked factors:
the COVID-19
pandemic, a surge in remote working, and the proliferation of (and reliance on)
business communications technology.
Distinctive Regulatory Frameworks
In Australia, the same regulations
largely apply, they just have different names. Rather than the Marketing Rule
or FINRA Rule 2210, firms must comply with the Corporations Act
2001 and ASIC’s market integrity rules. The requirements are slightly
different; certainly vaguer and more open to interpretation than the US
regulations mentioned above.
However, both directly stress the importance of
supervising representatives and having the appropriate policies and procedures
in place to prevent and promptly detect ‘misconduct and poor behaviour’.
The @SECGov campaign against off-channel communications rolls on with fines for @CharlesSchwab, @blackstone and other big firms. #wealthmanagement #advisors #financialadvisorshttps://t.co/cACRX74fNe
— Financial Planning (@finplan) January 14, 2025
Addressing Non-Financial Misconduct
The language used here is interesting
and reflects another recent trend in Western regulation. The ASIC is not just
focused on preventing insider trading or fraud, but also ‘other behaviour that
may be prohibited under…a market intermediary’s internal policies.’ This
alludes to non-financial misconduct, and under this approach, a failure to
maintain communications around a breach of internal policy—a human resources
scandal, for example—will attract regulatory scrutiny.
Defining Business Communications
The Information Sheet begins with a
definition of what constitutes a business communication, namely “…any
written, voice or electronic communications used by market intermediaries and
their representatives to carry on their financial services business.”
Emphasizing Voice Communication
This is immediately compelling, with
voice communications (conversations, voice notes) being highlighted as a
requirement. This is stricter than what we have seen from the SEC and CFTC so
far, who have been more focused on text interactions.
Avoiding Platform Prohibition Pitfalls
We are then led to the importance of
supervising representatives. Many US firms have found that prohibiting
platforms to protect compliance has been an unsuccessful strategy, due to
employees violating those policies and using them anyway. This was particularly
frustrating to regulators, who regard broken rules with more contempt than no
rules at all and have continued to penalize such conduct severely.
A Dozen Investment Advisors and Brokerages to pay a COLLECTIVE fine of $63 Million for using encrypted messaging apps to do business
How much did each advisor/firm make on the deals discussed on these apps?
“Affiliates of Blackstone Inc. (BX), KKR & Co. (KKR), Apollo Global… https://t.co/L3BHQzpKaD pic.twitter.com/8BXIuNu6gn
— kristen shaughnessy (@kshaughnessy2) January 14, 2025
Clear Sections on Supervisory
Arrangements
The Information Sheet is then broken
into clear sections: Managing risks from unmonitored business communications,
Supervisory arrangements to monitor business communications, and Reviewing the
effectiveness of supervisory arrangements for business
communications. These three headings perfectly summarize their
contents, with each containing detailed expectations from the ASIC on each
matter.
Case Studies and Hypothetical Scenarios
A case study is shared, covering a
typical ‘bring your own device’ (BYOD) scenario, and how it should be tackled.
Meanwhile, a variety of other hypothetical situations are shared, as well as
extremely detailed sets of questions which intermediaries are encouraged to
periodically review.
Rather than just a list of uninspiring legalese, a great
deal of practical guidance is also provided. This again demonstrates the
direct, practical approach favoured by the ASIC.
Regulatory Pressure and Public
Responsibility
The language used by ASIC Commissioner
Simone Constant in the accompanying press release is precisely calculated.
“Bankers, dealers and market participants have important
roles as gatekeepers to Australia’s financial markets and stewards of market
integrity…With almost every working or retired Australian having a share in
Australian markets, market integrity is a duty owed to every Australian.”
U.S. regulators on Tuesday announced a combined $549 million in penalties against Wall Street firms that failed to maintain electronic records of employee communications.
The firms admitted that from at least 2019, employees used side channels like WhatsApp to discuss company… pic.twitter.com/oTNkzurDec
— Kat Stryker (@KatStryker111) August 9, 2023
Impact on Everyday Australians
The vast majority of Australians have a
share in Australian markets through superannuation, investments, and other
avenues, so the security and integrity of these markets mean more to the
populace. Ms Constant effectively incites these concerns, putting pressure on
financial firms to take their responsibilities seriously.
Adapting to New Compliance Expectations
It is undoubtedly a period of
significant change for Australian firms in the financial sector, and one which
the ASIC is urgently pursuing. While this adaptation may appear daunting, it’s
positive that a compliance precedent has already been set in the United States
around off-channel communications.
The ASIC’s explicit celebration of US settlements and regulatory progress suggests that once the dust
settles, we can probably expect a comparable level of enforcement, as the
conduct being addressed is ultimately very similar.
The Banking Code of Practice was originally designed to safeguard consumers from bad banking practices, however since the first code was issued, there has been a continual watering down of these protections, effectively rendering the code meaningless.
Currently, ASIC is… pic.twitter.com/ImJ790fx3h
— Malcolm Roberts 🇦🇺 (@MRobertsQLD) July 2, 2024
Monitoring Unauthorized Communications
This means that as well as monitoring
the platforms they permit, Australian firms will need to actively look for unauthorized
communications from unsanctioned channels (WhatsApp and iMessage, for example).
This shift has recently occurred in the United States and was outlined in
FINRA’s 2024 Annual Regulatory Oversight Report, where heightened surveillance
was promoted similarly to recent ASIC communications.
Customized Compliance Solutions
That said, the ASIC’s additional
requirements around voice capture show that this is not a case of simply
copying and pasting the US approach to compliance.
This ties in with one of the
common challenges listed in the ASIC press release—reliance on ‘out of the box’
settings of vendor-provided communications surveillance systems. That will not
work here, and the new market will demand systems that are willing and able to
adapt to its specific requirements.
