Advice in 2019: Where too much change is never enough

Data, rights and opportunities

In March 2019, the Australian Competition and Consumer Commission published draft rules for the Consumer Data Right (CDR) in Banking.

The CDR is a competition and consumer reform announced by the Australian Government in May 2018 and one that’s likely to be slowly implemented by the affected parties. Essentially, the CDR will allow consumers to require their bank, for example, to share the client’s data with another accredited service provider. This will, it is hoped, drive increased competition between the banks by freeing consumers and facilitating their movement between banks.

Importantly, it’s not only banks that can share and receive client data. The reform is intended to allow consumers to share their data with a comparison site or a switching service in order to get more tailored, competitive services. 

Those advisers and licensees that already serve as custodians of their clients’ personal information, may not have paid much attention to rules that will allow consumers with easy access to their banking data and the ability to transfer or provide it to parties they trust.

That may be a mistake, because the CDR will provide consumers with flexibility and minimise the difficulty of changing providers. While it’s easy to dismiss the CDR as simply undermining traditional banks, it’s important to recognise the advantage it provides to new entrants into the financial services industry; comparators, switching services, budgeting and digital advice businesses will become overnight competitors to traditional planning businesses.

There are, of course, opportunities for licensees in a regime that increases transparency and:

  • enables consumers to request and transfer their data; and

  • ensures that information on products offered to consumers is accessible and easily available.

The ACCC plan to run a pilot in July 2019 but there’s still time to make a submission on the draft rules.

Hurry though, the consultation period ends 10 May 2019.

Privacy, safety and security

What the Morrison Government is doing today is outlining a new regime of protections for Australians and penalties for those who misuse Australians’ personal information. This regime will update our privacy laws without impeding the continued innovation and development of companies working in the online space
— The Hon Christian Porter MP Attorney-General and Senator The Hon Mitch Fifield Minister for Communications Minister for Arts

Last month, Attorney General, Christian Porter MP and Communications Minister, Senator Mitch Fifield, announced proposed changes to the Privacy Act 1988 (Cth) designed to keep Australians safe online.

If current polling is correct, the proposed amendments to the Act, which are scheduled to be drafted for consultation in late 2019, are unlikely to eventuate. However, in the event the Coalition is returned, their new penalty and enforcement regime will:  

  • Increase penalties for all entities covered by the Act from the current maximum penalty of $2.1 million for serious or repeated breaches to the greater penalty of:

    • 10 million or

    • three times the value of any benefit obtained through the contravention or

    • 10 per cent of a company's annual domestic turnover.

  • Provide the OAIC with new infringement notice powers and significant new penalties to apply to non-compliance, contraventions and intransigence.  These new powers include enforcement tools such as mandating third-party reviews, publishing prominent notices about breaches and directing that disclosures are made to affected persons;

  • Introduce specific rules to protect the personal information of children and other vulnerable groups.

  • Require social media and online platforms to stop using or disclosing an individual's personal information upon request.

Recognising the practical limits of disclosure

On 3 April 2019, Treasury Laws Amendment (Design and Distribution Obligations and Product Intervention Powers) Bill 2019 was finally passed by both houses.

ASIC welcomed the passage of “key financial services reforms” that will protect consumers and enforce accountability on issuers and distributors of financial products.

In their joint media release dated 4 April 2019, the Treasurer and Assistant Treasurer declared that “These reforms mean consumers will be better protected from being sold financial and credit products that are not suitable for their circumstances.” It’s an ambitious aim but ASIC now have the framework (and resources) to operate both more proactively and more effectively.

In our view, it’s important to understand the breadth and scope of reforms introduced by the Government in response to FSI recommendations 21 and 22. It is broad ranging consumer protection legislation intended to strengthen product issuer and distributor accountability.

We’ll examine the detail in a future article, but prudent Licensees should review the Bill and consider how these amendments pivot ASIC from being a disclosure-focused regulator and equip them with the power to “take broader, more proactive action to improve standards and achieve fairer consumer outcomes”.

You should also consider these amendments in the context of a better resourced regulator, with a litigation-first approach and an arsenal of new penalties.

If you liked this, you might benefit from reading:

Banking on Fear: ASIC’s new focus

ASIC, Distribution and Product Intervention

Don’t forget to tell: Mandatory Data Breach Reporting

Stop me if you’ve heard this one: Mandatory Data Breach Notification Laws