Skip to content

Regulatory changes for financial services providers

Regulators in Australia have become increasingly focused on the conduct of financial services providers and their employees. The government has recently conducted numerous enquiries into bank executive conduct, financial planning, product design and insurance claims handling practices. This regulatory focus on conduct is reflected in new and proposed legislation. 

Proposed breach reporting changes

The government has issued a consultation paper proposing reforms to the existing breach reporting requirements for Australian financial services licence (AFSL) holders and new breach reporting requirements for Australian credit licence (ACL) holders.

The proposal is at an early stage, but some of the high level changes on which the government is seeking input include:

  • proposed amendments to clarify the types of breaches which must be reported to the Australian financial services regulator;
  • extending the reporting obligations to require reporting of significant breaches or other significant misconduct by an employee or representative of the AFSL holder;
  • modifying the timing requirements for reporting a breach such that breaches must be reported within ten business days of the AFSL holder becoming aware of a breach or having reason to suspect that a breach has occurred (the current regime provides that the ten business day limit on reporting starts from when the licensee breaches or “is likely to breach” certain laws so the proposal imposes a lower threshold for the triggering of the reporting requirements); and
  • extending the breach reporting requirements to ACL holders who have not been previously subject to this regime (currently ACL holders are only required to lodge an annual compliance certificate).

Banking Executive Accountability

The government has also announced its intention to implement a new “Banking Executive Accountability” regime that will apply to prudentially regulated banks in Australia. Although at an early stage, the government has said that this regime will likely include requirements for banking executives to be registered with the prudential regulator, strengthening the prudential regulator’s powers to remove and disqualify senior executives, new penalty provisions and rules on senior executive remuneration. These proposed reforms appear to share certain parallels with other regimes such as the Senior Managers Regime in the United Kingdom and the Manager in Charge regime in Hong Kong. To find out more about the first year of the UK Senior Managers regime, please see our article under ‘UK’.

Privacy self-reporting

From February 2018 (unless an earlier date is fixed by proclamation), organisations that handle personal information will be required to report certain types of data breaches to the Australian privacy regulator and affected individuals.

Reportable data breaches are where personal information has been accessed or disclosed without
authorisation (or has been lost where unauthorised access or disclosure is likely to occur) and a reasonable person would conclude that this would likely result in serious harm to the individuals to whom the information relates.

The regulators’ increased focus on conduct and accountability make it all the more important for AFSL holders and banks to have robust processes and a strong culture of compliance.

Further information

This case summary is part of the Allen & Overy Legal & Regulatory Risk Note, a quarterly publication.  For more information please contact Karen Birch –, or tel +44 20 3088 3710.

Legal and Regulatory Risk Note