Australian Business Communications - B-ASIC instructions

On June 26th 2024, the Australian Securities and Investments Commission (ASIC) released new guidance on its expectations around business communications. This came in the form of Information Sheet 283 and an accompanying Press Release, and signaled the regulator’s intention to raise compliance standards. 

This heralds a new era in Australian compliance, with a lot of new information and actions for its community to unpack. Below we’ll analyze the ASIC’s instructions, and the global events that have led to this regulatory overhaul.

Why now?

Regulatory Landscape 

One prominent trend in 2024 is an increased level of transparency from regulators on exactly what they expect from financial organizations. This clarity is welcome in the US, where off-channel communications alone have resulted in over $3 billion of penalties since the investigation unfurled in December 2021. Individual firms have been fined up to $200 million, and senior professionals have been held accountable and fired.  

The ASIC appears to have adopted the same direct, unambiguous approach with this statement, following the lead of its global regulatory counterparts. The Media Release explicitly refers to (and in fact celebrates) the work of the Securities Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) in the United States. 

“The risks arising from the widespread use of personal devices and unapproved communication channels were also highlighted by the recent actions taken by the U.S. Securities and Exchange Commission and Commodity Futures Trading Commission. These regulators reached record-breaking settlements with dozens of financial institutions for failures to maintain and preserve electronic communications.”

New faces, old problems 

The global reckoning around business communications can be neatly summarized as a consequence of three interlinked factors; the COVID-19 pandemic, a surge in remote working, and the proliferation of (and reliance on) business communications technology. 

In Australia the same regulations largely apply, they just have different names. Rather than the Marketing Rule or FINRA Rule 2210, firms must comply with the Corporations Act 2001 and ASIC’s market integrity rules. The requirements are slightly different; certainly vaguer and more open to interpretation than the aforementioned US regulations. However, both directly stress the importance of supervising representatives, and having the appropriate policies and procedures in place to prevent and promptly detect ‘misconduct and poor behavior’. 

The language used here is interesting and nods to another recent trend in Western regulation. The ASIC is not just focused on preventing insider trading or fraud, but also ‘other behaviour that may be prohibited under . . . a market intermediary’s internal policies.’ This alludes to non-financial misconduct, and under this approach, a failure to maintain communications around a breach of internal policy - a HR scandal for example – will attract regulatory scrutiny.

ASIC expectations 

The Information Sheet leads with a definition of what constitutes a business communication. 

“We consider business communications to include any written, voice or electronic communications used by market intermediaries and their representatives to carry on their financial services business.” 

This is immediately compelling, with voice communications (conversations, voice notes) being called out as a requirement. This is stricter than what we have seen from the SEC and CFTC thus far, who have been more focused on text interactions. 

We are then led to the Importance of supervising representatives. Many US firms have found that prohibiting platforms to protect compliance has been an unsuccessful strategy, due to employees violating those policies and using them anyway. This was particularly irksome to regulators, who regard broken rules with more contempt than no rules at all, and have continued to penalize such conduct severely. 

The Information sheet is then broken into clear sections; Managing risks from unmonitored business communications, Supervisory arrangements to monitor business communications, and Reviewing the effectiveness of supervisory arrangements for business communications. These three headings perfectly summarize their contents, with each containing detailed expectations from the ASIC on each matter. 

A case study is shared, covering an archetypal ‘bring your own device’ (BYOD) scenario, and how it should be tackled. Meanwhile a variety of other hypothetical situations are shared, as well as extremely detailed sets of questions which intermediaries are encouraged to periodically review. Rather than just a list of meticulous but uninspiring legalese, a great deal of practical guidance is also provided. This again demonstrates the direct, actionable approach favored by the ASIC.

Pressure in the presser 

The language used by ASIC Commissioner Simone Constant in the accompanying press release is precisely calculated. 

‘Bankers, dealers and market participants have important roles as gatekeepers to Australia’s financial markets and stewards of market integrity...With almost every working or retired Australian having a share in Australian markets, market integrity is a duty owed to every Australian.” 

The vast majority of Australians have a share in Australian markets through superannuation, investment, and other avenues, and so the security and integrity of these markets means more to the populace. Ms Constant incites these concerns effectively, putting pressure on financial firms to take their responsibilities seriously.

What’s next for Australian firms? 

It is undoubtedly a period of overhaul for Australian firms in the financial sector, and one which the ASIC is pressing on with urgently. While this adaptation may appear daunting, it’s positive that a compliance precedent has already been set in the United States around off-channel communications. The fact that the ASIC is explicitly celebrating US settlements and regulatory progress suggests that we can probably expect a comparable level of enforcement, as the conduct being addressed is ultimately very similar.  

This means that as well as monitoring the platforms they permit, Australian firms will need to actively look for unauthorized communications from unsanctioned channels (WhatsApp, iMessage for example). This shift has recently occurred in the United States, and was delineated in FINRA’s 2024 Annual Regulatory Oversight Report, where heightened surveillance was promoted in a similar manner to the recent ASIC communications. 

That said, the ASIC’s additional requirements around voice capture show that this is not a case of simply copying and pasting the US approach to compliance. This ties in with one of the common challenges listed in the ASIC press release - reliance on ‘out of the box’ settings of vendor-provided communication surveillance systems. That will not work here, and the new market will demand systems that are willing and able to adapt to its bespoke requirements.