The Australian Securities and Investments Commission (ASIC) released guidance on 26 June 2024, outlining its expectations regarding business communications. This was detailed in Information Sheet 283 and an accompanying press release, indicating the regulator’s intention to enhance compliance standards.
This signals significant changes in Australian compliance, with much new information and actions for its community to address. Below we’ll analyze the ASIC’s instructions and the global events that have led to this regulatory overhaul.
One prominent trend in 2024 was an increased level of transparency from regulators on exactly what they expected from financial organizations. This clarity was welcome in the US, where off-channel communications had resulted in over $3 billion in penalties since the investigation unfolded in December 2021. Individual firms had been fined up to $200 million, and senior professionals had been held accountable and dismissed.
Learning from the US Experience
The ASIC appears to have adopted the same direct, unambiguous approach with this statement, following the lead of its global regulatory counterparts. The media release explicitly referred to (and celebrated) the work of the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) in the United States.
“The risks arising from the widespread use of personal devices and unapproved communication channels were also highlighted by recent actions taken by the US Securities and Exchange Commission and Commodity Futures Trading Commission. These regulators reached record-breaking settlements with dozens of financial institutions for failures to maintain and preserve electronic communications.”
Communication Challenges Post-Pandemic
The global reckoning around business communications can be summarized as a consequence of three interlinked factors: the COVID-19 pandemic, a surge in remote working, and the proliferation of (and reliance on) business communications technology.
Distinctive Regulatory Frameworks
In Australia, the same regulations largely apply, they just have different names. Rather than the Marketing Rule or FINRA Rule 2210, firms must comply with the Corporations Act 2001 and ASIC’s market integrity rules. The requirements are slightly different; certainly vaguer and more open to interpretation than the US regulations mentioned above.
However, both directly stress the importance of supervising representatives and having the appropriate policies and procedures in place to prevent and promptly detect ‘misconduct and poor behaviour’.
The @SECGov campaign against off-channel communications rolls on with fines for @CharlesSchwab, @blackstone and other big firms. #wealthmanagement #advisors #financialadvisorshttps://t.co/cACRX74fNe
— Financial Planning (@finplan) January 14, 2025
Addressing Non-Financial Misconduct
The language used here is interesting and reflects another recent trend in Western regulation. The ASIC is not just focused on preventing insider trading or fraud, but also ‘other behaviour that may be prohibited under…a market intermediary’s internal policies.’ This alludes to non-financial misconduct, and under this approach, a failure to maintain communications around a breach of internal policy—a human resources scandal, for example—will attract regulatory scrutiny.
Defining Business Communications
The Information Sheet begins with a definition of what constitutes a business communication, namely “…any written, voice or electronic communications used by market intermediaries and their representatives to carry on their financial services business.”
Emphasizing Voice Communication
This is immediately compelling, with voice communications (conversations, voice notes) being highlighted as a requirement. This is stricter than what we have seen from the SEC and CFTC so far, who have been more focused on text interactions.
Avoiding Platform Prohibition Pitfalls
We are then led to the importance of supervising representatives. Many US firms have found that prohibiting platforms to protect compliance has been an unsuccessful strategy, due to employees violating those policies and using them anyway. This was particularly frustrating to regulators, who regard broken rules with more contempt than no rules at all and have continued to penalize such conduct severely.
A Dozen Investment Advisors and Brokerages to pay a COLLECTIVE fine of $63 Million for using encrypted messaging apps to do business
How much did each advisor/firm make on the deals discussed on these apps?
“Affiliates of Blackstone Inc. (BX), KKR & Co. (KKR), Apollo Global… https://t.co/L3BHQzpKaD pic.twitter.com/8BXIuNu6gn
— kristen shaughnessy (@kshaughnessy2) January 14, 2025
Clear Sections on Supervisory Arrangements
The Information Sheet is then broken into clear sections: Managing risks from unmonitored business communications, Supervisory arrangements to monitor business communications, and Reviewing the effectiveness of supervisory arrangements for business communications. These three headings perfectly summarize their contents, with each containing detailed expectations from the ASIC on each matter.
Case Studies and Hypothetical Scenarios
A case study is shared, covering a typical ‘bring your own device’ (BYOD) scenario, and how it should be tackled. Meanwhile, a variety of other hypothetical situations are shared, as well as extremely detailed sets of questions which intermediaries are encouraged to periodically review.
Rather than just a list of uninspiring legalese, a great deal of practical guidance is also provided. This again demonstrates the direct, practical approach favoured by the ASIC.
Regulatory Pressure and Public Responsibility
The language used by ASIC Commissioner Simone Constant in the accompanying press release is precisely calculated.
“Bankers, dealers and market participants have important roles as gatekeepers to Australia’s financial markets and stewards of market integrity…With almost every working or retired Australian having a share in Australian markets, market integrity is a duty owed to every Australian.”
U.S. regulators on Tuesday announced a combined $549 million in penalties against Wall Street firms that failed to maintain electronic records of employee communications.
The firms admitted that from at least 2019, employees used side channels like WhatsApp to discuss company… pic.twitter.com/oTNkzurDec
— Kat Stryker (@KatStryker111) August 9, 2023
Impact on Everyday Australians
The vast majority of Australians have a share in Australian markets through superannuation, investments, and other avenues, so the security and integrity of these markets mean more to the populace. Ms Constant effectively incites these concerns, putting pressure on financial firms to take their responsibilities seriously.
Adapting to New Compliance Expectations
It is undoubtedly a period of significant change for Australian firms in the financial sector, and one which the ASIC is urgently pursuing. While this adaptation may appear daunting, it’s positive that a compliance precedent has already been set in the United States around off-channel communications.
The ASIC’s explicit celebration of US settlements and regulatory progress suggests that once the dust settles, we can probably expect a comparable level of enforcement, as the conduct being addressed is ultimately very similar.
The Banking Code of Practice was originally designed to safeguard consumers from bad banking practices, however since the first code was issued, there has been a continual watering down of these protections, effectively rendering the code meaningless.
Currently, ASIC is… pic.twitter.com/ImJ790fx3h
— Malcolm Roberts 🇦🇺 (@MRobertsQLD) July 2, 2024
Monitoring Unauthorized Communications
This means that as well as monitoring the platforms they permit, Australian firms will need to actively look for unauthorized communications from unsanctioned channels (WhatsApp and iMessage, for example). This shift has recently occurred in the United States and was outlined in FINRA’s 2024 Annual Regulatory Oversight Report, where heightened surveillance was promoted similarly to recent ASIC communications.
Customized Compliance Solutions
That said, the ASIC’s additional requirements around voice capture show that this is not a case of simply copying and pasting the US approach to compliance.
This ties in with one of the common challenges listed in the ASIC press release—reliance on ‘out of the box’ settings of vendor-provided communications surveillance systems. That will not work here, and the new market will demand systems that are willing and able to adapt to its specific requirements.
Read the full article here
