Welcome to the latest update from Gilbert + Tobin's Corporate Advisory team.  The update provides a summary of key recent legal developments, particularly relevant to in-house counsel.

In this issue, you will find:

Mandatory data breach notification laws are now in effect – are you ready?

From 22 February 2018, for the first time in Australia, entities subject to the Privacy Act 1988 (Cth) now have a mandatory obligation to report what are called ‘eligible data breaches’ to both the Office of the Australian Information Commissioner and any individuals who may be potentially affected by a data breach.

Read more.

The BEAR reforms – Banks and their senior executives to be held to account

The Treasury Laws Amendment (Banking Executive Accountability and Related Measures) Act 2018 (BEAR Act) (which received Royal Assent on 20 February 2018) is intended to incentivise good behaviour and ensure that banks and individuals are held to account where they fail to meet the standards expected of them.

In summary, under the BEAR Act, authorised deposit-taking institutions (ADIs) (and their subsidiaries) are required to:

  • register their “accountable persons” with APRA, and ensure that accountable person roles are filled at all times.  An accountable person is a board member with oversight over the ADI or a senior executive with responsibility for management or control of significant or substantial parts or aspects of the ADI group;
  • give APRA accountability statements detailing the roles and responsibilities of each accountable person and accountability maps allocating the roles and responsibilities of accountable persons across the ADI group; and
  • set remuneration policies which defer an accountable person’s variable remuneration for a period of up to 4 years, allow for a reduction in remuneration in proportion to any failure to meet the BEAR obligations, and continue the deferral where there is a likely failure by an accountable person to meet the BEAR obligations;

The accountability obligations of an ADI and its accountable persons include:

  • acting with honesty and integrity and with due skill, care and diligence;
  • dealing with APRA in an open, constructive and co‑operative way; and
  • taking reasonable steps to prevent matters arising which affect the prudential reputation or standing of the ADI. 

Under the Act, taking of reasonable steps includes having:

  • appropriate governance, control and risk management in relation to that matter; and
  • safeguards against inappropriate delegations of responsibility in relation to that matter; and
  • appropriate procedures for identifying and remediating problems that arise or may arise in relation to that matter.

ADIs are also prohibited from:

  • indemnifying accountable persons against the consequence of breaching a BEAR obligation; and
  • paying a premium for an insurance policy which insures accountable persons against the consequence of breaching a BEAR obligation,

in both cases with a carve out for liability for legal costs.  ADIs should consider whether their existing D&O policies or deeds of indemnities should be amended to avoid a potential breach of the BEAR obligations.

APRA will also have additional examination and enforcement powers to enhance its ability to enforce the BEAR Act.  If an ADI breaches its BEAR obligations, significant civil penalties may be imposed by a court and if an accountable person breaches its BEAR obligations, that person may face disqualification or financial consequences through the reduction of variable remuneration.

The BEAR Act commences:

  • for large ADIs, on 1 July 2018; and
  • for small and medium ADIs, on 1 July 2019.

The Treasurer has indicated that the Government will consult shortly on a legislative instrument defining small, medium and large ADIs for the purpose of the BEAR.

See also Treasurer, Hon Scott Morrison’s media release dated 7 February 2018. 

Strengthening APRA’s crisis resolution powers

On 14 February 2018, the Senate passed the Financial Sector Legislation Amendment (Crisis Resolution Powers and Other Measures) Bill 2017 (Bill) which gives the Australian Prudential Regulation Authority (APRA) additional powers for crisis resolution and resolution planning in relation to regulated entities.  The Bill is currently awaiting Royal Assent.

The Bill provides

  • clear powers that enable APRA to set requirements on resolution planning and ensure banks and insurers are better prepared for a crisis; and
  • an expanded set of crisis resolution powers that equip APRA to act decisively to facilitate the orderly resolution of a distressed bank or insurer.

See also Treasurer Hon Scott Morrison’s media release dated 14 February 2018.  

Cracking down on credit card practices and boosting competition in banking

On 15 February 2018, the Senate passed the Treasury Laws Amendment (Banking Measures No.1) Bill 2018 (Bill) which forces credit card providers to scrap unfair and predatory practices. The Bill is also currently awaiting Royal Assent.

Key features of the Bill include:

  • requiring that affordability assessments be based on a consumer's ability to repay the credit limit within a reasonable period (from July 2018);
  • banning unsolicited offers of credit limit increases (from January 2019); and
  • simplifying how credit card interest is calculated and requiring credit card providers to have online options to cancel cards or to reduce credit limits (from January 2019).

The Bill will also:

  • allow any ADI (i.e. any banking business with an ADI licence) to use the word 'bank' in relation their business (which is intended to reduce barriers to new entrants to the banking sector and provide a more level playing field amongst ADIs); and
  • strengthen financial stability by giving APRA a new reserve power to make rules in respect of the lending activities of non-ADI lenders if these activities are materially contributing to risks of instability in the Australian financial system.

See also Treasurer Hon Scott Morrison’s media release dated 15 February 2017.

On 9 February 2018, Treasury released the Review into Open Banking.  Open Banking is the application of the comprehensive “Consumer Data Right” recommended by the Productivity Commission in its 2017 report on Data Availability and Use to the banking industry.  A recent G+T Insight examines the proposed regulatory framework and recommendations in the Report.

Submissions on the Report are due by 23 March 2018.

Read more.

Australia’s Multinational Anti Avoidance Law (MAAL) (which came into effect on 1 January 2016) prevents multinationals from escaping Australian tax by using artificial or contrived arrangements to avoid having a taxable presence in Australia.

Treasury has now released exposure draft legislation which seeks to strengthen the MAAL by preventing large multinationals from using foreign trusts and partnerships in corporate structures to avoid its application.

Submissions on the exposure draft legislation closed on 23 February 2018.

Following the release of the Final Report of the 2017 Australian Consumer Law Review on proposed legislative reforms to the Australian Consumer Law, Treasury has recently sought submissions on the exposure draft Treasury Laws Amendment (Australian Consumer Law Review) Bill 2018 and the associated regulations and explanatory materials.  For details see here (submissions are due on 28 February 2018).

In summary, the Exposure Drafts include amendments to the Australian Consumer Law (ACL) to:

  • clarify existing provisions relating to consumer guarantees, voluntary recalls, unsolicited consumer agreements and false billing;
  • enhance the regulators’ information gathering powers for investigations in relation to product safety and unfair contract terms;
  • extend the unconscionable conduct protections to publicly listed companies;
  • expand the remedies available to the courts for contraventions of the ACL; and
  • improve price transparency.

The Government also introduced the Treasury Laws Amendment (2018 Measures No. 3) Bill 2018 (Cth) to Parliament on 15 February 2018. The Bill, if passed, will increase the penalties in the Competition and Consumer Act 2010 (Cth) for breach of the ACL to align the maximum penalties for breach of the ACL with the maximum penalties for breach of the competition provisions of the CCA.

This will mean that the maximum penalty for a body corporate in breach of the ACL will increase significantly  from $1.1 million to the greater of:

  • $10 million;
  • if the court can determine the value of the benefit obtained from the offence, act or omission, by the body corporate and any related bodies corporate – 3 times the value of the benefit; or
  • if the court cannot determine the value of the benefit – 10% of the annual turnover of the body corporate.

Maximum penalties may be imposed where a person engages in conduct including unconscionable conduct, making false or misleading representations, and supplying consumer goods or certain services that do not comply with safety standards.

The amendments will commence from the later of 1 July 2018 and the day after the Bill receivesd Royal Assent (and will apply to acts, omissions or offences that occur on or after the commencement date).

Expertise Area