October 2024 Monthly Compliance Wrap

Sustainability

Governance: Macquarie Bank Fined for Market Manipulation in Electricity Futures

Macquarie Bank was fined a record $4.995 million by the Markets Disciplinary Panel (MDP) for breaching market integrity rules by allowing suspicious orders in the electricity futures market. From January to September 2022, Macquarie permitted 50 suspicious orders, placed by three clients, to manipulate the daily settlement price in their favour. Despite repeated warnings from ASIC, Macquarie failed to address concerns and improve its market surveillance. The MDP found that Macquarie’s lack of action, during a period of global energy market volatility, demonstrated serious deficiencies in its compliance systems and culture. Macquarie paid the fine without contesting the breaches.

Greenwashing

ASIC v Vanguard
On 25 September 2024, the Federal Court ordered Vanguard Investments Australia to pay a $12.9 million penalty for greenwashing. Vanguard admitted to misleading investors by claiming that its Ethically Conscious Global Aggregate Bond Index Fund excluded bond issuers involved in industries like fossil fuels, when in reality, approximately 74% of the securities were not screened against applicable ESG criteria. These misrepresentations were made in various public communications, including product disclosure statements and online media. The court emphasised that Vanguard’s misleading conduct enhanced its reputation and ability to attract investors.

ASIC v Mercer Super
On 2 August 2024, the Federal Court ordered Mercer Superannuation to pay an $11.3 million penalty for making misleading statements about the sustainability of its superannuation investment options. Mercer falsely marketed its ‘Sustainable Plus’ options as excluding companies involved in carbon-intensive fossil fuels, alcohol production, and gambling, despite members’ investments including such companies. The court highlighted Mercer’s failure to implement proper systems to ensure the accuracy of its ESG claims. Justice Horan stressed the importance of trust in ESG claims for consumers making investment decisions, and how misrepresentations undermine confidence in the financial industry.

AUASB Proposes Sustainability Assurance Standard and Inviting Feedback
The Auditing and Assurance Standards Board (AUASB) has released a draft of the proposed Australian Standard ASSA 5010, which sets a timeline for auditing and reviewing sustainability reports required under the Corporations Act 2001. This follows new mandatory climate disclosure rules for large entities introduced by the Treasury Laws Amendment Bill 2024, requiring sustainability reports to accompany financial reports. The draft proposes a phased approach to audits, considering entities’ readiness and auditors’ capacity. Stakeholders are invited to provide feedback by 16 November 2024 through comments and roundtable discussions. Please see release on the AUASB website for more information.

Risk

Property Rights in Digital Assets & Cryptocurrency – UK Decision Confirms ‘Property’

The English High Court ruled that Tether (USDT, a type of cryptocurrency) is property under English law, allowing it to be traced and held in trust like other assets. In Fabrizio D’Aloia’s case, the court dismissed his claims due to insufficient evidence that his misappropriated funds reached Bitkub’s wallet. This ruling reinforces the recognition of cryptocurrencies as a distinct form of personal property and highlights challenges in tracing digital assets.

The decision comes shortly after the introduction of the Property (Digital Assets) Bill, signalling that the recognition of digital assets as property in English law is nearing confirmation. While not binding in Australia, the ruling could influence Australian courts to similarly classify cryptocurrencies as property, but it also underscores the challenges of tracing stolen digital assets in fraud cases.

New AML/ CTF Bill – Impact on Crypto and Digital Assets

The AML/CTF Amendment Bill 2024, introduced in September 2024, aims to strengthen Australia’s framework to combat money laundering, terrorism financing, and organised crime by extending the regime to more professions, including lawyers, accountants, and real estate professionals. A major focus of the Bill is the impact on the crypto and digital assets sector, where it expands regulatory oversight and tightens compliance. The Bill replaces the term digital currency with the broader “virtual asset”, covering not only cryptocurrencies but also assets like Non-Fungible Tokens (NFTs) and other digital representations of value. This change subjects more crypto services, such as asset exchanges, safekeeping, and transfers, to AML/CTF obligations, with stricter reporting requirements for international transfers and customer information under the travel rule. The Bill also empowers AUSTRAC to set new rules for emerging virtual assets, ensuring the regime remains adaptable to new technologies. These changes, alongside efforts to simplify the framework, align Australia’s approach with international standards while enhancing its ability to counter illicit activities in the digital space.

Cyber Security Update

On October 9, 2024, the Australian Government introduced the Cyber Security Legislative Package 2024, including the Cyber Security Bill 2024, marking the nation’s first dedicated law to strengthen cybersecurity across public and private sectors. Part of the broader reforms under the 2023-2030 Australian Cyber Security Strategy, this Bill introduces mandatory security standards for internet-connected products and requires businesses to report ransomware payments within 72 hours. It also establishes a Cyber Incident Review Board to analyse major cyber threats and introduces protections for information shared during cybersecurity incidents, limiting its use in legal proceedings.

The package also includes amendments to the Security of Critical Infrastructure Act 2018, expanding protections for critical data systems and enhancing government powers to manage cyber risks. These reforms enhance regulatory powers, promote industry-government information sharing, and encourage proactive cybersecurity measures to safeguard Australia’s digital infrastructure, aligning the country with global standards and strengthening cyber resilience.

Compliance

AI Updates

New AI Guidance on Privacy Compliance
The Office of the Australian Information Commissioner (OAIC) has published new guidelines to clarify how Australian privacy laws apply to AI and set regulatory expectations. One guide helps businesses comply with privacy rules when using AI products and the other provides guidance to AI developers handling personal data for training generative AI models. Privacy Commissioner Carly Kind emphasised the importance of strong AI governance and privacy safeguards to build public trust. The OAIC’s focus includes addressing privacy risks from AI and advocating for privacy reforms, such as ensuring the fair use of personal information.

AI and ESG
The Australian Government published a practical guide for ESG practitioners regarding AI use in October 2024. The guide provides a comprehensive introduction to how AI intersects with ESG initiatives. It outlines both the potential benefits and risks of using AI in ESG contexts, emphasising that AI can accelerate sustainability outcomes, such as reducing carbon emissions and enhancing accessibility, while also posing significant risks related to bias, privacy, and environmental pressures. The guide offers practical examples, including AI applications in accessibility, financial protection, and energy efficiency, and stresses the importance of responsible AI governance, transparency, and partnerships in addressing these challenges. It encourages ESG practitioners to integrate AI into their strategies by leveraging existing frameworks, collaborating with AI developers, and using tools like the AI Impact Navigator to measure AI’s societal and environmental impacts.

Responsible AI
On 10 October 2024, the Human Technology Institute (HTI) submitted recommendations to the Australian Department of Industry, Science and Resources regarding proposed mandatory guardrails for high-risk artificial intelligence (AI). The HTI emphasised the importance of defining “high-risk AI” through a principles-based approach aligned with international human rights law, avoiding broad exemptions for defence and national security bodies, and recognizing the potential need to prohibit certain AI technologies that pose unacceptable risks. The submission advocates for clear guardrail requirements to enhance safety and accountability, stakeholder engagement, safe decommissioning of AI systems, and effective enforcement mechanisms. Overall, these recommendations aim to foster responsible, human-centered AI development and deployment in Australia.

ASIC Bans Director for 10 Years, Cancels AFSL

On 31 July 2024, ASIC banned Joel James Hewish, director of United Global Capital (UGC), from providing financial services for 10 years and cancelled UGC’s Australian Financial Services Licence (AFSL). ASIC found that UGC lured clients into transferring their superannuation into self-managed superannuation funds (SMSFs) and investing in speculative products linked to Mr. Hewish. UGC failed to comply with its financial services obligations, including giving inappropriate advice and failing to manage conflicts of interest. Mr. Hewish demonstrated incompetence and non-compliance, leading to his ban. ASIC also applied to liquidate one of UGC’s related investment funds.

Beneficiaries’ Rights to Trust Records: Legal Challenges and Recent Cases

Beneficiaries often face legal challenges when seeking access to records of discretionary trusts. Key principles can be found in recent cases such as Smorgon v ES Group Operations Pty Ltd (2021), Hancock v Rinehart (2018), and Land v Prideland Equity Pty Ltd (2024). Trustees often resist disclosing documents, citing confidentiality and administrative burdens, but courts balance these concerns with the rights of “close beneficiaries” (those likely to receive distributions). Smorgon v ES Group Operations Pty Ltd and Hancock v Rinehart illustrate that beneficiaries may gain access if they are primary beneficiaries, while the specifics of each case, including trust deed provisions and trustee conduct, play a crucial role in court decisions.

AICD’s Practice Statement on Director Duty

On 8 October 2024, the Australian Institute of Company Directors (AICD) released its Practice Statement, outlining directors’ duty of care and diligence in overseeing regulatory compliance amid increasing financial and non-financial risks.

The Practice Statement emphasises that a company’s compliance breach does not automatically mean a director has failed their duty, nor is an actual breach necessary for accountability. Directors must take reasonable steps to monitor the company, respond to warning signs, and exercise independent judgement, especially in managing significant risks.