December Technical Update

Recap of 2022

This year has seen a lot of change and bedding in of new requirements from ASIC, AFCA, TPB, and AUSTRAC. In this update, we are going to look at some of the most significant impacts to business in 2022 and explore some expected areas of interest in 2023.

1.    DDO

2022 was the first full year of DDO requirements, with their introduction on 5th October 2021. There were four key elements to these new obligations:

  1. Each product was required to have a TMD before it could be recommended to Retail clients
  2. Advisers are required to consider the TMD as part of their product selection process, even though Personal Advice providers are not bound by the obligation
  3. Advisers are to keep records of product distribution information and complaints so they can report back to the issuer any significant dealings
  4. ASIC has indicated that they will be monitoring Issuers to ensure that TMD’s are being reviewed in accordance with their documented review schedule and trigger events

In June 2022, ASIC released a requirement for issuers to notify ASIC of significant dealings outside of the target market. Distributors are to notify the issuer within 10 business days of identifying a significant dealing, and Issuers must notify ASIC within 10 business days of becoming aware of a significant dealing.

According to RG 274, the following factors are to be considered when determining whether a significant dealing has occurred:

  • Proportion of consumer not in the target market
  • Actual or potential harm to consumers, including amount of loss
  • Nature and extent of inconsistency of distribution to the TMD.

Whether you are a distributor or issuer, if you are unsure whether a dealing is significant ASIC recommends that you report the dealing as a precaution.

For More Information

ASIC Design and Distribution Obligations: Significant dealing notification requirements

2.    Single Disciplinary Body

There were three key areas of change that came about through the introduction of The Better Advice Act. Its primary purpose was to streamline the number of bodies involved in the oversight of financial advisers by:

  1. Moving the Code of Ethics legislative instruments over to Treasury, providing that these instruments will continue in force as if they were made by the Minister, ensuring that financial advisers will continue to be required to meet the education and training standards
  2. The Industry Exam aspect of FASEA has transitioned to being administered by ASIC
  3. Tax (financial) Adviser provider registration has been transitioned from the TPB to ASIC, with stage one providing a one-off registration process for existing providers.

NOTE: On Tuesday, 1 November 2022, the Assistant Treasurer and Minister for Financial Services announced a six-month delay to the requirement to register financial advisers with ASIC. Financial advisers will now need to be registered by 1 July 2023. It is important to note that the new registration requirement is separate to the pre-existing requirement for an Australian financial services (AFS) licensee to appoint a financial adviser that they authorise to the Financial Advisers Register.

For More Information

ASIC: Professional standards for financial advisers

ASIC releases sitting dates for 2023 financial adviser exam

ASIC: FAQ regulation and registration of relevant providers who provide tax (financial) advice

3.    ASIC Reference Protocol

From 1 October 2021, Licensees were required to comply (as an obligation under their licence) with the ASIC Reference checking and information sharing protocols. These obligations include:

  • Requesting Licensees are to take reasonable steps to obtain a reference from a referee licensee before you employ or authorise a prospective representative. Reasonable steps include:
    • Seeking written consent from a prospective representative to request a reference, and
    • If consent is given, requesting a reference from the referee licensee(s) in accordance with the ASIC protocol.
  • Referee licensees must receive consent from the representative prior to completing the reference, respond in writing withing 10 business days (30 days with prior agreement), and provide as much information according to the templated reference request.

Both licensees must keep records demonstrating their compliance to the protocols when requesting and completing a reference.

For More Information

ASIC: Reference checking and information sharing protocol

4.    Austrac Source of Funds Guidance

In October 2022, AUSTRAC released guidance to help licensees and their representatives undertake source of funds and source of wealth checks on relevant clients. They developed this guidance to assist with determining the appropriate checks and to mitigate the risk that a client’s funds relate to money laundering, terrorism financing, or other criminal activity.

This guidance document provides information regarding:

  • collecting information on source of funds/wealth
  • how and when to verify a client’s source of funds/wealth
  • the action to take if you can’t establish client’s source of funds/wealth, and
  • practical examples of how to identify a client’s source of fund/wealth

For More Information

AUSTRAC: Source of funds and source of wealth

5.    Cyber Security

Early in the year, the Australian Cyber Security Centre implemented a High Alert Status, instructing organisations to act now and improve their cyber security resilience considering the heightened threat environment.

ASIC set a target of 14.9% improvement in cyber security resilience among firms operating in Australia but reported only an increase of 1.4% overall. ASIC strongly encourages businesses to assess their cyber risks and ensure that their cyber security detection systems and response strategies are adequate.

Also, in April 2022, the Federal Court found an AFS licensee (RI Advice) breached its general obligations as an AFS licensee by failing to act efficiently and fairly, and failing to have adequate risk management systems. These findings came after a significant number of cyber incidents across their authorised representative network between 2014 and 2020.

The reality of cyber threat has been proven in this last quarter with documented successful attacks on Optus, Medibank, and The Smith family. It is a clear reminder to be vigilant and prepared.

There are three cyber related courses on our GRC Learning E-ssentials platform, we strongly recommend that you complete this training if you have not already done so. (

For More Information

ASIC: What a federal Court ruling on cyber security means for AFS licensees

ASIC: Cyber resilience

6.    ASIC v Dixon Advisory

A hearing on liability and penalty took place on 2 August 2022, and judgement was handed down on 19 September 2022. It was found that Dixon Advisory was the responsible licensee of six representatives who failed to act in the clients’ best interests and failed to provide advice appropriate to the clients’ circumstances. Dixon Advisory was penalised $7.2 million for breaches of best interest obligations.

The court found 53 occasions between October 2015 and May 2019 where representatives of Dixon Advisory did not act in the best interests of eight clients when they advised these clients to either acquire, roll-over, or retain interests in the US Master Residential Property Fund (URF) and other URF-related products. It was found that these representatives did not conduct a reasonable investigation of the clients’ circumstances before providing the advice, resulting in some client self-managed super funds being insufficiently diversified and therefore exposed to risk of capital loss.

Even though the advisers followed process and invested clients into an approved product based on their licensee’s APL, it was determined that the advisers, based on the clients’ circumstances, should have conducted a ‘reasonable investigation’ into both the recommended products and any alternatives to them. The advisers relied on the research done internally by Dixon’s when compiling the APL, it was determined that this research was not sufficient when regarding the clients’ circumstances, so the advisers were deemed to be in breach of their personal best interest duty to the clients.

It is critical that advisers build robust and detailed files that support the advice they provide, particularly when demonstrating their investigations regarding product investment. The law does not distinguish between recommendation to buy or hold/retain a product when determining the duties applicable when personal advice is provided

For More Information

ASIC: 22-256MR Dixon Advisory penalised $7.2 million for breaches of best interest obligations

7.    Quality of Advice

On 11 March 2022, the government released their final terms of reference for the upcoming Quality of Advice Review, with the report to be provided by 16 December 2022. The review is being conducted in response to Recommendation 2.1, 2.3, 2.5, and 2.6 of the Haynes Royal Commission.

The Quality of Advice Review is designed to consider whether measures and obligation that have been implemented by government, regulators, and financial services entities have improved the quality of financial advice, require further reforms and changes and/or have left any measures/obligations redundant or requiring streamlining. It is also designed to consider how to ensure the regulatory environment supports Australians getting access to affordable financial advice.

In August 2022, a consultation paper was published setting out 12 recommendations. It outlines a new regulatory framework that is focused on regulating the content of the advice rather than the process in which the advice was provided, consumers receiving good advice rather than documents and process, and implementing measures for the advice rather than the conduct.

For More Information

The Treasury: Quality of Advice Review – Proposal Paper

8.    What we expect for 2023

There are four key things unfolding in 2023 that we will be focusing on:

IDR Reporting: Financial firms must lodge their IDR data with ASIC every 6 months, covering the following reporting periods:1 January to 30 June, and 1 July to 31 December. The first reporting period will run from 1 January to 30 June 2023 for all firms not listed in the initial cohort in Instrument 2022/205. Firms must lodge their IDR data with ASIC by the end of the following calendar month of each reporting period – but for the first lodgement, the submission period has been extended to 31 August 2023. IDR data files must be lodged via the ASIC Regulatory Portal. The submitted data will need to pass two stages of validation before it is accepted by the system.

Quality of Advice Review: The Quality of Advice report was due to be submitted to Government by 16th December 2022.  It is expected that communication will come out in 2023 in response to the report as decisions are made about changing the status quo.

ASIC focus areas: Australian Securities and Investments Commission (ASIC) Deputy Chair Sarah Court announced the corporate watchdog’s 2023 priorities at the recent ASIC Annual Forum in Sydney. These include:

  • Insurance – address the failures in the general insurance industry to honour promises to consumers, as well as unfair contract terms in insurance products
  • Superannuation – investigate and address misleading conduct and poor governance
  • Misconduct damaging to market integrity, including insider trading, continuous disclosure failures, and market manipulation
  • Misconduct impacting First Nations people, targeting financially vulnerable consumers, and new or emerging conduct risks within the financial system

ASIC has also indicated to Licensees that if they have not submitted any reportable breaches, they should consider reviewing their compliance processes to ensure that they are capturing and reporting appropriate information.

GRC Essentials can help

If you require any assistance, we can offer training for your personnel or a review of your compliance documents. Please don’t hesitate to contact us if you have any questions or if we can help you with any of your compliance matters.

NOTE: if you do not wish to receive further technical updates from GRC Essentials Pty Ltd, please respond to this email requesting to be removed from the mailing list.