House of Representatives

Explanatory Memorandum

(Circulated by authority of the Treasurer, the Hon Josh Frydenberg MP)

Chapter 1 - Enforceable code provisions (recommendation 1.15)

Outline of chapter

1.1 Schedule 1 to the Bill amends the Corporations Act and the Credit Act to strengthen the existing voluntary code of conduct framework to allow ASIC to designate enforceable code provisions in approved codes of conduct. A breach of an enforceable code provision may attract civil penalties (including pecuniary penalties of up to 300 penalty units) and/or other administrative enforcement action from ASIC.

1.2 Schedule 1 also establishes a mandatory code of conduct framework for the financial services and consumer credit industry through regulations, with the ability to designate certain provisions as civil penalty provisions. A breach of these provisions may attract civil penalties (including pecuniary penalties of up to 1,000 penalty units) and/or other administrative enforcement action from ASIC. A breach of any of the mandatory code of conduct provisions may attract other enforcement action from ASIC.

1.3 These amendments implement recommendation 1.15 of the Financial Services Royal Commission.

Context of amendments

1.4 A code of conduct is a set of statements that sets out an industry's commitment to deliver a certain standard of practice. Where an industry has the capacity, cohesion and commitment to develop an effective code, consumers can receive greater benefits than might otherwise have been achieved.

1.5 Voluntary codes of conduct have existed in the financial services sector since the late 1980s and a number of codes of conduct have been developed since that time. However, ASIC approval of codes is optional, and historically ASIC approval has not often been sought, or granted.

1.6 Codes of conduct provide a set of standards for industry on how to comply with and exceed what is required by the law. This can promote better consumer outcomes as well as confidence and trust in the industry.

1.7 Under the current law, ASIC can approve industry codes of conduct in relation to any aspect of financial services licensees, credit licensees, authorised representatives of financial services licensees, credit representatives and issuers of financial products in relation to the activities of which ASIC has regulatory responsibility (section 1101A of the Corporations Act and section 241 of the Credit Act).

1.8 ASIC's approval of a code of conduct is a signal to consumers that they can have confidence in the code. An approved code should respond to identified and emerging consumer issues and deliver substantial benefits to consumers.

1.9 Commissioner Hayne identified a number of limitations in the current financial services industry codes framework, some of which had previously been identified in the final report of the ASIC Enforcement Review Taskforce.

1.10 In particular, recommendation 1.15 of the Financial Services Royal Commission proposed:

•

that ASIC's power to approve codes of conduct should extend to codes relating to all Australian Prudential Regulation Authority-regulated institutions and Credit licensees;

•

that industry codes of conduct approved by ASIC may include enforceable code provisions, which are provisions in respect of which a contravention will constitute a breach of the law;

•

that ASIC may take into consideration whether particular provisions of an industry code of conduct have been designated as 'enforceable code provisions' in determining whether to approve a code;

•

that remedies, modelled on those set out in Part VI of the Competition and Consumer Act 2010, should apply where there is a breach of an enforceable code provision; and

•

the establishment of a mandatory code of conduct framework for the financial services industry.

1.11 The Government, in its response to the Financial Services Royal Commission, agreed to amend the law to implement recommendation 1.15.

Related recommendations

1.12 Set out below are details of other recommendations of the Financial Services Royal Commission that are related to the implementation of recommendation 1.15. Responsibility for implementing these recommendations is split between Government and industry.

For Government to implement:

•

Recommendation 3.8 - Adjustment of APRA and ASIC's roles (see Chapter 9).

•

Recommendations 2.8, 7.2 and part of 1.6 - Breach reporting (see Chapter 11).

For industry to implement:

•

Recommendation 1.8 - The Australian Banking Association should amend the Banking Code to provide greater access to banking services.

•

Recommendation 1.10 - The Australian Banking Association should amend the definition of 'small business' in the Banking Code.

•

Recommendation 1.13 - The Australian Banking Association should amend the Banking Code to provide that banks will not charge default interest on loans secured by agricultural land in certain circumstances.

•

Recommendation 1.16 - The Australian Banking Association and ASIC should work to designate enforceable code provisions in the Banking Code.

•

Recommendation 4.9 - Certain provisions in the Life Insurance Code of Practice, the Insurance in Superannuation Voluntary Code and the General Insurance Code of Practice should be made enforceable code provisions by 30 June 2021.

•

Recommendation 4.10 - The Life Insurance Code of Practice and the General Insurance Code of Practice should be amended to impose sanctions on subscribers for breaches of the relevant code.

Summary of new law

1.13 Schedule 1 amends the Corporations Act and the Credit Act to strengthen the existing voluntary code of conduct framework to allow ASIC to designate enforceable code provisions in approved codes of conduct which, if breached, may attract civil penalties of up to 300 penalty units.

1.14 Schedule 1 also establishes a mandatory code of conduct framework for the financial services and consumer credit industry through regulations, with the ability to designate certain provisions as civil penalty provisions. A breach of a mandatory code of conduct provision may attract civil penalties of up to 1,000 penalty units.

Comparison of key features of new law and current law

Detailed explanation of new law

The role of codes of conduct

1.15 Industry codes play an important role in how financial products and services are regulated in Australia.

1.16 The development of industry codes can raise standards and complement existing legislative obligations to deliver benefits for both consumers and subscribers to the code of conduct.

1.17 For voluntary industry codes to be effective, industry leadership is required to commit to a progressive model that raises standards and complements the existing legislative requirements that are already set out, bringing better outcomes for consumers and subscribers to the code of conduct. This can improve consumer confidence in a particular industry or industries.

1.18 As instruments of self-regulation, voluntary industry codes identify and respond to emerging consumer issues. Receiving ASIC approval of a voluntary code of conduct provides a signal to consumers that they can have confidence in that code.

1.19 Ultimately, the development of voluntary industry codes that improve these consumer outcomes is a matter for industry. In the absence of a voluntary industry code, there may be situations where a government-imposed mandatory code of conduct is appropriate. Alternatively, the government may consider whether other legislative options may be appropriate, for example to address identified issues of systemic and/or egregious conduct.

1.20 An approved voluntary code of conduct, or one that is mandated through regulations, is a signal to consumers that this is a code they can have confidence in. These codes of conduct respond to identified and emerging consumer issues and deliver substantial benefits to consumers.

1.21 The enhanced code of conduct framework allows for a graduated level of industry engagement and government regulation. Under the new framework, codes of conduct may be:

•

developed by industry, voluntary and not approved by ASIC;

•

developed by industry, voluntary and approved by ASIC; or

•

developed and mandated by Government.

1.22 The enhanced codes regime will:

•

strengthen the existing framework for voluntary, industry-developed codes of conduct to be approved by ASIC;

•

enable voluntary codes that are approved by ASIC to include enforceable code provisions. These enforceable code provisions should comprise the key provisions that govern the terms of a contract between the financial services entity or credit provider and the customer or guarantor;

•

allow remedies, including civil pecuniary penalties, for breaches of a designated enforceable code provision in an approved code; and

•

create a framework for establishing and imposing mandatory financial services and consumer credit codes of conduct.

Approved voluntary codes of conduct

How does a voluntary code of conduct get approved?

1.23 Schedule 1 allows an applicant to request that ASIC approve a code of conduct. An applicant, also known as a code owner, is often an industry association or peak body. Historically, this has been the case. However, a single licensee, on behalf of a group of subscribers to the code, may also request approval by ASIC for a voluntary code of conduct.

1.24 A subscriber to the code means a person or entity that agrees, in a way required by the code owner, to be bound by an approved code of conduct. This may be through a contractual arrangement with the code owner, or by publicly holding out that they comply with the code. If a person or entity no longer agrees to be bound by the code, they are a subscriber for the period that they did agree to be so bound. [Schedule 1, items 1 and 9, section 9 of the Corporations Act and section 5 of the Credit Act]

1.25 ASIC can approve a code of conduct in relation to any aspect of the activities for which ASIC has regulatory responsibility in relation to:

•

Australian Financial Services licensees;

•

authorised representatives of Australian Financial Services licensees;

•

issuers of financial products;

•

Australian Credit licensees;

•

credit representatives of Australian Credit licensees.

[Schedule 1, items 1, 4, 9 and 10, section 9 and 1101A of the Corporations Act, and sections 5 and 238A of the Credit Act]

1.26 ASIC can also approve a code of conduct on behalf of trustees of a registerable superannuation entity that hold a relevant licence. A majority of these entities already hold an Australian Financial Services licence, and from 1 July 2021, the remainder will be required to do so (except certain trustees of pooled superannuation trusts).

1.27 This is a result of the implementation of recommendations 3.8, 6.3, 6.4 and 6.5 of the Financial Services Royal Commission, which will require all trustees of non-public offer superannuation funds to hold an Australian Financial Services licence from 1 July 2021.

1.28 To approve a voluntary code of conduct, ASIC must:

•

be satisfied that the code of conduct meets the threshold criteria; and

•

after having regard to further relevant criteria, be satisfied that it is appropriate to approve the code.

1.29 The threshold criteria for approving a code requires ASIC to be satisfied that:

•

the code is not inconsistent with the Corporations Act or the Credit Act or any other law of the Commonwealth under which ASIC has regulatory responsibilities; or

•

to the extent that the code is inconsistent, the code imposes an obligation on a subscriber that is more onerous than that imposed by the Corporations Act or the Credit Act or any other law of the Commonwealth under which ASIC has regulatory responsibilities; and

•

each enforceable code provision has been agreed with the applicant, and is drafted in a way that can be legally enforced.

[Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.30 If ASIC is satisfied of the above threshold criteria, ASIC must also consider whether it is appropriate to approve the code, after having regard to the following matters:

•

whether the obligations of subscribers to the code are capable of being enforced;

•

whether the applicant has effective administration systems for monitoring compliance with the code and making information obtained as a result of monitoring publicly available; and

•

whether the applicant has effective administrative systems for maintaining, and making publicly available, an accurate list of subscribers to the code.

[Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.31 If, after having regard to the above matters, ASIC is satisfied that the criteria have been met, then ASIC may approve the voluntary code of conduct by way of legislative instrument. When assessing these matters, ASIC should consider these matters as a whole and come to a decision about whether, on balance, the code of conduct can be approved. Once approved, the code of conduct becomes an approved code of conduct.

1.32 An approved code of conduct will also include a replacement code of conduct approved by ASIC under section 1101A of the Corporations Act or section 238A of the Credit Act.

1.33 As ASIC approves a code of conduct by making a legislative instrument that is subject to the disallowance process, this allows for parliamentary scrutiny of the instrument (as set out in section 42 of the Legislation Act 2003). [Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.34 A legislative instrument is appropriate in this instance to allow for effective co-regulation between the regulator and the financial services and consumer credit sector. ASIC will conduct public consultation before any code of conduct is approved. Further discussion regarding consultation in relation to enforceable code provisions is at paragraph 1.79.

1.35 The approved code of conduct, including any variations, will be available in consolidated form on the Federal Register of Legislation.

1.36 An approved code of conduct will be subject to a statutory requirement for five-yearly reviews. This is more onerous than the standard sunsetting requirements under section 50 of the Legislation Act 2003, which require legislative instruments to be reviewed every 10 years. Further discussion about the review process is at paragraph 1.114.

1.37 ASIC's decision whether to approve, or not approve, an application under the voluntary code approval regime is not subject to merits review. This is consistent with the existing voluntary code approval regime. [Schedule 1, items 5 and 13, section 1317C of the Corporations Act and section 327 of the Credit Act]

1.38 The purpose of a merits review is to enable the Administrative Appeals Tribunal to review administrative decisions made by a decision-maker. This process is appropriate in relation to administrative decisions, as they are not generally subject to the accountability safeguards that apply to legislative decisions. However, a decision by ASIC to approve a voluntary code is legislative in character; made by way of a disallowable legislative instrument and therefore subject to parliamentary scrutiny.

1.39 Considering the voluntary nature of the code approval process, and the legislative character of any such decision made by ASIC, it is appropriate that this is not subject to merits review. An industry code of conduct can bring about positive consumer outcomes, with or without ASIC approval. The voluntary approval process aims to strengthen a code of conduct by holding industry accountable for breaches of the code, thereby building consumer confidence within the financial services and consumer credit sector. This is consistent with the 1999 Administrative Review Council publication 'What decisions should be subject to merits review?'

1.40 If there is a concern that ASIC has not followed due process in deciding whether or not to approve a code of conduct, the code applicant may seek a judicial review by the Federal Court under the Administrative Decisions (Judicial Review) Act 1977, as well as through other appeal mechanisms in the Federal and High Courts provided for under the Judiciary Act 1903. This is consistent with the Attorney-General's Department's Australian Administrative Law Policy Guide.

Factors ASIC must be satisfied of before approving a code of conduct - threshold criteria

1.41 An approved code of conduct should do more than simply restate existing laws, rather, it should offer consumers greater benefits than what would normally exist under the law.

1.42 Subscribers to an approved code of conduct should aim to set and deliver standards that exceed what is required by the law and that will fill gaps or provide additional protections about matters not covered by the law. In addition, codes of conduct may provide greater clarity or specificity about matters covered by the law.

1.43 By doing so, codes of conduct can promote better consumer outcomes, raise industry standards and increase confidence and trust in the industries to which the codes apply.

1.44 Historically, industry codes have delivered better outcomes for consumers (even without regulator enforceability) than what the applicable financial services legislation at the time was able to deliver. These include consumer-specific provisions in codes that have been applied as part of external dispute resolution determinations, and broader undertakings (for example, service standards), through industry commitment to the code.

Consistency with other Commonwealth laws

1.45 Where code provisions overlap with existing law they should, at a minimum, be consistent with that law. If not, they must offer consumers protections over and above those set out in the law.

1.46 This 'more onerous' assessment is only a relevant consideration where a specific code provision conflicts with existing law. In this situation, ASIC will assess whether a subscriber is committing to a 'more onerous' obligation than what is currently required under the law. A 'more onerous' obligation is to be taken in its ordinary meaning, and will always require that the provision delivers better outcomes for consumers. [Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.47 For example, the law may require industry participants to perform an action within 30 days, yet code subscribers may wish to go beyond the law and commit to do the action within 20 days. While such a code provision would be inconsistent with the law, the obligation that subscribers have chosen to commit to is 'more onerous' and would deliver a better outcome for consumers, therefore the inconsistency would be permitted.

Enforceable code provisions have been agreed with the applicant and are legally effective

1.48 Before a code of conduct is approved, ASIC must be satisfied that any provisions that have been designated as enforceable code provisions have been agreed with the applicant and have been appropriately drafted to be legally effective. [Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.49 Given the voluntary nature of the code approval process, it would not be appropriate for ASIC to unilaterally designate enforceable code provisions. It is envisaged that, as part of the code approval process, industry will identify provisions for ASIC to consider designating as enforceable code provisions. ASIC would then engage with the code applicant as necessary to ensure that the appropriate provisions have been identified, and ensure that they are appropriately drafted, before being designated as enforceable code provisions.

1.50 This process is consistent with that contemplated by Commissioner Hayne, namely that in reviewing the proposed enforceable code provisions put forward by industry, ASIC should continue to engage with industry to designate enforceable code provisions.

1.51 Any enforceable code provisions in an approved code must be drafted in a way that is legally effective so they can be relied upon by consumers and regulators to enforce. This may require ASIC to consult with other Government stakeholders to ensure that the enforceable code provisions are appropriate and fit for purpose.

1.52 This is important as community confidence in the effectiveness of industry codes is largely reliant on consumers being able to seek redress under the code, and further, that the code is seen to be enforced against non-compliant subscribers. As penalties are attached to breach of an enforceable code provision, the language of these provisions must be sufficiently clear and specific to be relied upon.

Other factors that ASIC must consider before approving a code

1.53 When approving a code of conduct, ASIC must also have regard to the following matters.

Whether the obligations of subscribers to the code are capable of being enforced

1.54 This factor requires ASIC to consider whether all of the provisions within the code of conduct are stated with sufficient clarity so that they are capable of being enforced by an individual. In doing so, ASIC may also consider whether there are other mechanisms available to consumers to enforce the provisions, such as through a court, tribunal, external dispute resolution scheme or other alternative dispute resolution body.

1.55 The success of any code of conduct in protecting consumers and raising standards depends on ensuring that code subscribers comply with the provisions of the code and that there are appropriate remedies and sanctions in place to deal with non-compliance. The applicant (or code owner) is responsible for setting up these arrangements.

1.56 ASIC should look at whether the provisions of the code of conduct are binding on (and therefore, enforceable against) subscribers through a contractual arrangement. Contractual arrangements may include subscribers incorporating their agreement to abide by a code in individual contracts with consumers. This would generally be the preferred arrangement.

1.57 Alternatively, code subscribers contracting directly with an independent person or body that has the power to administer and enforce that code could also be an effective means of enforcement. However, this is dependent on the details of the arrangement. In addition to this, ASIC could consider any internal or external dispute resolution mechanisms available to consumers that deal with any alleged breaches of the code of conduct.

Whether the applicant has effective administrative systems for monitoring compliance with the code and making information obtained as a result of monitoring publicly available

1.58 This factor requires ASIC to consider whether the applicant has established effective systems for monitoring compliance by subscribers to the code of conduct, whether this information is publicly reported and the frequency of that information being reported.

1.59 Effective and transparent systems for monitoring code compliance are vital to ensuring public confidence in a code and those who subscribe to it. Consumers will have the ability to identify subscribers not adhering to the terms of the code and will indirectly benefit from the accountability that can be brought upon subscribers through effective monitoring of compliance. The public information may be in the form of an annual report which presents de-identified information about the number of and reasons for the reported breaches of the code of conduct.

1.60 These monitoring arrangements are also important to provide information to both industry and ASIC to help identify misconduct or more granular systemic issues. For example, whether particular subscribers are not meeting their commitments, or whether there are broader trends observable within the industry which may need to be addressed.

1.61 Monitoring arrangements include an independent body to monitor and report on compliance by the relevant subscribers and, where required, to provide this information to ASIC.

1.62 Providing compliance information assists with ASIC's regulatory functions and helps maintain confidence in the financial services and consumer credit industry by alerting ASIC to concerns in the sector.

1.63 Many code compliance bodies choose to delegate their secretariat functions to AFCA's Code Compliance and Monitoring Team. This is a separately operated and funded business unit of AFCA that supports independent committees to monitor compliance with codes of practice and codes of conduct in the financial services industry.

1.64 For this type of monitoring arrangement, a code of conduct may provide that a consumer or subscriber may disclose a breach about another subscriber, or a subscriber may disclose a breach regarding their own conduct, to the code compliance body. Such a disclosure may contain personal information relating to a client, or to an individual within the subscriber's body corporate structure. AFCA's Code Compliance and Monitoring Team holds that information only for the purpose of provision of service to the code committees. The safe handling and disclosure of such information is managed in accordance with both AFCA's privacy policy and the individual privacy policy of the relevant code committee on whose behalf the information is received.

1.65 Where this information is provided to another independent code compliance body, the handling and disclosure of this information will either be in accordance with the Australian Privacy Principles (if they are covered by the Privacy Act 1988) or in accordance with their own privacy policy.

1.66 When assessing the approval of a code of conduct, ASIC may consider whether the code monitoring body will voluntarily opt-in to the Privacy Act 1988. This may be appropriate to ensure the safe handling of personal information, and to provide certainty that code monitoring bodies can disclose these breaches to ASIC.

Whether the applicant has effective administrative systems for maintaining, and making publicly available, an accurate list of subscribers to the code

1.67 This factor requires ASIC to consider whether the applicant has administrative systems in place for maintaining an accurate and publicly available list of subscribers to the code.

1.68 This allows consumers to identify in real-time who is a subscriber to the code and encourages transparency and accountability within the financial services and consumer credit industry.

Enforceable code provisions

1.69 Under the enhanced code of conduct framework, an approved voluntary code of conduct may have enforceable code provisions. These provisions will be agreed with the applicant, and designated by ASIC, through the code approval process. [Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.70 An enforceable code provision is any provision of an approved voluntary code of conduct designated by ASIC, which if breached attracts a civil penalty of up to 300 penalty units. [Schedule 1, items 1, 4, 9 and 10, sections 9 and 1101AC of the Corporations Act and sections 5 and 238D of the Credit Act]

1.71 It is necessary to delegate the setting of penalties to an ASIC legislative instrument because the enforceable code provisions will be assessed on a code-by-code basis once a code is brought to ASIC for approval.

1.72 However, the criteria governing the types of provisions ASIC may designate as enforceable code provisions is contained in the primary law. Further discussion about the criteria for enforceable code provisions is at paragraph 1.87.

Role of enforceable code provisions in an approved voluntary code of conduct

1.73 Voluntary codes of conduct, approved by ASIC, are a form of co-regulation between government and industry. Designating certain provisions as enforceable code provisions allows industry to be held accountable for breaches of the code, and shows industry's commitment to better outcomes for consumers.

1.74 Therefore, in the first instance, the applicant should identify which provisions of their code may be considered enforceable code provisions. This sentiment was also expressed by Commissioner Hayne. Ultimately, given the voluntary nature of the code approval process, ASIC cannot designate a provision as an enforceable code provision without the agreement of the code applicant.

1.75 Commissioner Hayne observed that designating certain provisions as enforceable would provide individuals with greater certainty and enforceability on key code of conduct provisions.

1.76 For example, provisions which could be designated as enforceable may include:

•

cooling off periods;

•

providing information to consumers; and

•

fees and charges.

1.77 These examples show the type of provisions that could bring about better outcomes for consumers over and above the legislative obligations contained in financial services law. Consistent with the criteria for enforceable code provisions at paragraph 1.87, these provisions relate to specific commitments made by a code subscriber to the consumer and if breached are likely to result in significant and direct detriment to the consumer.

1.78 Provisions within industry codes that are broader in their nature and seek to make general, in-principle commitments regarding industry practices or aspirational targets, would not meet the requirement for enforceable code provisions to represent a commitment to a person by a subscriber to the code. Such broad principles based provisions within an industry code would also not meet the criteria for enforceable code provisions because a breach of such a provision would be unlikely to cause significant and direct detriment to the consumer.

Consultation on enforceable code provisions

1.79 Before designating an enforceable code provision, ASIC should consult with relevant government agencies who have regulatory responsibilities in relation to the activities to which the provision would relate.

1.80 This is standard practice in accordance with section 17 of the Legislation Act 2003, which requires the rule maker to be satisfied that appropriate consultation has been undertaken before making a legislative instrument.

1.81 In determining whether the consultation was appropriate, the rule-maker may have regard to any relevant matter, including the extent to which the consultation drew on the knowledge of persons having expertise in fields relevant to the proposed instrument, and whether persons likely to be affected by the proposed instrument had an adequate opportunity to comment on its proposed content.

1.82 Therefore, when ASIC is considering designating certain provisions as enforceable code provisions, ASIC should identify whether any of the provisions involve the types of activities that other agencies have regulatory responsibility for, and notify those agencies of ASIC's intention to designate that provision as an enforceable code provision.

1.83 This provides notice to the relevant agency of ASIC's intention to designate an enforceable code provision, and provides an opportunity for them to respond to the appropriateness of making that provision an enforceable code provision and subject to penalties.

1.84 For example, ASIC should consult on potential enforceable code provisions with APRA where those provisions impact APRA-regulated entities, and the Office of the Australian Information Commissioner where the provisions have privacy implications.

1.85 This process will also alert ASIC to areas where enforceable code provisions may intersect with other Commonwealth legislation, some of which may also apply penalties for substantively the same conduct. This information will help ASIC to make an informed decision about whether it is appropriate to designate that provision as an enforceable code provision. Ultimately, the designation of enforceable code provisions is up to ASIC and the code owner (or applicant). Therefore, a failure to consult does not affect the validity of the approval of a voluntary code of conduct or an enforceable code provision.

1.86 The process set out above relates to consultation ASIC would undertake in relation to proposed enforceable code provisions, as part of ASIC's code approval process. This does not affect the consultation process that the applicant should undertake when developing a code of conduct, before submitting an application to ASIC for approval. ASIC's Regulatory Guide 183: Approval of financial services sector codes of conduct outlines that the applicant should consult with other regulators where any provisions in a code also come within the jurisdiction of those regulators. For example, the applicant may need to obtain ACCC authorisation if a code contains any anti-competitive measures; the applicant should also consult the Office of the Australian Information Commissioner if a code contains any privacy requirements.

Criteria for identifying enforceable code provisions

1.87 ASIC may only designate a provision as an enforceable code provision if ASIC considers that:

•

the provision represents a commitment to a person by a subscriber to the code, relating to transactions or dealings performed for, on behalf of or in relation to the person; and

•

a breach of the provision is likely to result in significant and direct detriment to the person; and

•

any additional criteria that have been prescribed by the regulations have either been satisfied, or taken into account, as required.

[Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.88 The regulations may prescribe further criteria that ASIC must be satisfied of, or prescribe matters that ASIC needs to take into account before it identifies a provision as an enforceable code provision. [Schedule 1, items 4 and 10, section 1101AD of the Corporations Act and section 238E of the Credit Act]

1.89 Enforceable code provisions should not be mere restatements of existing law. Instead, these provisions should create new or extended obligations, or elaborate on what is already stated in the law. These provisions may also provide further specificity in regards to how subscribers intend to comply with existing law.

1.90 If a particular provision in the code of conduct meets the above criteria, and if the applicant agrees, ASIC may designate the provision as an enforceable code provision.

1.91 The enforceable code provisions will be designated in the legislative instrument that approves the code.

An enforceable code provision must represent a commitment

1.92 To be designated as an enforceable code provision, a provision must represent a commitment by the subscriber to a person, such as individual customers or a guarantor who has obligations under the contract. The commitment must relate to transactions or dealings performed by the subscriber for, on behalf of or in relation to that person.

1.93 For example, this would include a direct and specific commitment by the subscriber to take specified action within a specified timeframe. It would not include broad aspirational commitments to the public at large.

Breaching an enforceable code provision may cause significant and direct detriment

1.94 A mere outlining of a 'commitment' is not sufficient for a provision to be designated as enforceable. ASIC must also consider the potential harm that may be caused by breaching that commitment. This criteria ensures that only non-trivial provisions will be designated as enforceable code provisions and therefore subject to penalties.

1.95 In considering the potential harm, ASIC will consider whether breaching the commitment is likely to cause significant and direct detriment to the consumer. Where such commitments have been made to consumers under existing voluntary industry codes, evidence of significant and direct detriment caused by past breaches may be taken into consideration by ASIC in considering whether future breaches are likely to cause significant and direct detriment to the consumer.

1.96 The term 'significant detriment' means something more than just an inconvenience, and may include both economic and non-economic loss. When considering this, ASIC may consider factors such as:

•

the nature and extent of the potential detriment, which may include non-financial detriment;

•

the potential financial loss to consumers; and

•

the impact of the detriment on consumers.

1.97 ASIC may also consider the potential harm caused by a single breach of the commitment, or by multiple breaches of the commitment. For example, while a single breach of the commitment may not be considered likely to cause significant and direct detriment to the consumer, ASIC may consider that multiple breaches of that commitment would be likely to have this effect.

Contraventions of an enforceable code provision

1.98 The maximum penalty for a contravention of an enforceable code provision in an approved code is 300 penalty units. However, a court maintains the discretion to impose an amount below this maximum. This is consistent with the enforceable industry codes regime administered by the ACCC in the Competition and Consumer Act 2010. [Schedule 1, items 4 and 10, section 1101AC of the Corporations Act and section 238D of the Credit Act]

1.99 Once a voluntary code of conduct containing enforceable code provisions has been approved, any person who holds out to comply with the approved code must not breach an enforceable code provision. [Schedule 1, items 4 and 10, section 1101AC of the Corporations Act and section 238D of the Credit Act]

1.100 A person holding out that they comply with an approved code of conduct may do so by telling the code owner that they subscribe to the code, or by publicly holding out that they comply with the code via their website or advertising material.

1.101 In addition to the obligations to comply with enforceable code provisions under the voluntary codes of conduct regime, if a holder of an Australian financial services licence or an Australian credit licence knows or is reckless as to whether there are reasonable grounds to believe that it has breached, or will breach an enforceable code provision, and that breach is or will be significant, they must report that breach to ASIC. Additionally, where a licensee conducts an investigation into whether there has been or will be a significant breach of an enforceable code provision, the investigation also needs to be reported to ASIC where it continues for more than 30 calendar days. These breach reporting obligations give effect to recommendation 7.2 of the Financial Services Royal Commission.

Variations to an approved voluntary code of conduct

1.102 An applicant (or code owner) may apply to ASIC to vary an approved voluntary code of conduct. [Schedule 1, items 4 and 10, section 1101AA of the Corporations Act and section 238B of the Credit Act]

1.103 The applicant should seek to vary an approved code of conduct to deal with issues identified during an independent review or where a new consumer or market problem is identified.

1.104 When considering whether to vary an approved voluntary code of conduct, ASIC must consider the same matters that it was required to consider during the original approval process. [Schedule 1, items 4 and 10, section 1101AA of the Corporations Act and section 238B of the Credit Act]

1.105 ASIC should use reasonable judgement in deciding to what extent it reassesses a code of conduct. For example, variations that are minor in nature, or address typographical or grammatical errors would not require ASIC to review a code in its entirety.

1.106 ASIC can approve a variation of an approved voluntary code of conduct by way of a legislative instrument. Once approved by ASIC, the legislative instrument will be subject to disallowance and parliamentary scrutiny (section 42 of the Legislation Act 2003). [Schedule 1, items 4 and 10, section 1101AA of the Corporations Act and section 238B of the Credit Act]

1.107 An ASIC decision to not approve a variation is not subject to merits review. Additional discussion on merits review is at paragraphs 1.37 to 1.40. [Schedule 1, items 5 and 13, section 1317 of the Corporations Act and section 327 of the Credit Act]

1.108 Once a variation has been approved through a legislative instrument, the varied code becomes the ASIC approved code of conduct and subscribers must comply with the approved code as varied.

1.109 Any variation to the approved code of conduct may be viewed in consolidated form on the Federal Register of Legislation.

Revocation of approval of a voluntary code of conduct

1.110 ASIC may, by legislative instrument, revoke approval of a voluntary code of conduct. [Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.111 ASIC may revoke approval of a code:

•

on application by the applicant; or

•

if ASIC does not continue to be satisfied that the code meets the requirements it had to be satisfied of to approve the code as contained in section 1101A of the Corporations Act or section 238A of the Credit Act; or

•

because a review of the operation of the code was not completed within the timeframe.

[Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.112 The grounds listed do not limit the application of section 33(3) of the Acts Interpretation Act 1901. [Schedule 1, items 4 and 10, section 1101A of the Corporations Act and section 238A of the Credit Act]

1.113 Section 33(3) of the Acts Interpretation Act 1901 provides that where an Act confers a power to make any instrument of a legislative character, the power shall be construed as including a power to repeal, revoke, amend or vary that instrument.

Reviewing a voluntary code of conduct

1.114 The applicant must ensure that an independent review that considers the operation of the approved code of conduct is undertaken every five years. The review must be subject to public consultation. [Schedule 1, items 4 and 10, section 1101AB of the Corporations Act and section 238C of the Credit Act]

1.115 The five year period commences on the day the code of conduct was approved. [Schedule 1, items 4 and 10, section 1101AB of the Corporations Act and section 238C of the Credit Act]

1.116 Each subsequent review must be completed within five years after the completion of the previous review. This provides the applicant with flexibility to undertake a review sooner if they consider that it is appropriate to do so, for example, a change to the law may prompt a review of a code. [Schedule 1, items 4 and 10, section 1101AB of the Corporations Act and section 238C of the Credit Act]

1.117 A review is complete once the applicant has provided a copy of the report to ASIC. The applicant must also publish the report on their website within 10 business days. [Schedule 1, items 4 and 10, section 1101AB of the Corporations Act and section 238C of the Credit Act]

1.118 Regular reviews of the code of conduct by an independent body means that the code remains current and can respond appropriately to changing industry practices.

1.119 The role of the independent reviewer is to consider, without bias, the broad range of stakeholder views, including both consumer and industry stakeholders. The independent reviewer should consider the relevant factors that ASIC considers when approving the code. Therefore, the review provides an opportunity for stakeholders to give feedback on the effectiveness of the approved code of conduct, and suggestions on how the approved code of conduct may be improved.

Mandatory codes of conduct

1.120 The Government may impose a mandatory code of conduct through regulations where a mandatory code is the most appropriate tool. This may be more appropriate to address poor consumer outcomes in an industry sector when, for example, an industry has insufficient capacity or cohesion to develop a voluntary code of conduct; efforts between ASIC and industry to develop a voluntary code of conduct have not been successful; industry participants have not put forward a proposed code in a timely manner; and/or where the industry has engaged in egregious conduct and it is in the public interest for a mandated code of conduct. [Schedule 1, items 4 and 10, section 1101AE of the Corporations Act and section 238F of the Credit Act]

1.121 A mandatory code of conduct would be prepared by Treasury in consultation with ASIC, industry and consumer groups, and would be subject to a public consultation process. Regulations are made by the Governor-General and are subject to disallowance.

1.122 Regulations imposing a mandatory code of conduct may:

•

confer functions and powers on a person or body for the purposes of:

-

monitoring compliance with the code of conduct; and

-

dealing with disputes or complaints arising under, or in relation to, the code of conduct; and

-

dealing with other associated administrative matters; and

•

provide for record keeping and reporting obligations.

[Schedule 1, items 4 and 10 section 1101AE of the Corporations Act and section 238F of the Credit Act]

1.123 The ability to confer powers and functions on a body or person is important to the operation of the mandatory code of conduct as the industry sector that the mandatory code of conduct applies to may not have the appropriate structures in place to monitor compliance with the code, or deal with disputes arising between consumers and industry participants who are subject to the code.

1.124 The mandatory code of conduct may require industry participants who are subject to the code to share information with a code monitoring body. This may be information relating to breaches of any provision in the mandatory code of conduct. This information should be shared between the industry participants subject to the code and a code monitoring body, and if significant, also shared with ASIC under breach reporting obligations.

1.125 Once the regulations have been made, a person to whom the code applies must not contravene a mandatory code of conduct. The breach of a provision in a mandatory code of conduct may attract ASIC enforcement. [Schedule 1, items 4 and 10, section 1101AF of the Corporations Act and section 238G of the Credit Code]

1.126 Under the mandatory codes of conduct regime, the regulations may prescribe civil penalty provisions with a maximum of 1,000 penalty units. The penalty amount prescribed is the maximum amount that can be applied by a court following a breach of the specific provision. [Schedule 1, items 4 and 10, section 1101AE of the Corporations Act and section 238F of the Credit Act]

1.127 In prescribing the level of penalty associated with a breach of a civil penalty provision, the Government may decide to set a maximum penalty amount of less than 1,000 penalty units. To determine the appropriate maximum penalty for each civil penalty provision, the Government may take into account factors such as the nature of the industry to be subject to the mandatory code, its participants and other relevant matters.

1.128 The maximum penalty amount of 1,000 penalty units highlights the significance of the breach. The maximum penalty is set at this amount to achieve an effective and meaningful level of deterrence. Further discussion about the appropriateness of the pecuniary penalties is at paragraph 1.144.

1.129 The standard pecuniary penalties contained in sections 1317G(3) and (4) of the Corporations Act and sections 167B(1) and (2) of the Credit Act do not apply to mandatory codes of conduct. [Schedule 1, items 4 and 10, section 1101AE of the Corporations Act and section 238F of the Credit Act]

1.130 Any regulations creating mandatory codes of conduct will be subject to disallowance under section 42 of the Legislation Act 2003 and therefore subject to parliamentary scrutiny.

Enforcement

1.131 ASIC and individual consumers have a range of enforcement options available to them for breaches of civil penalty provisions under the Corporations Act and the Credit Act.

1.132 Where a person or entity ceases to subscribe to an approved code of conduct, that person or entity will still be liable for any contraventions of the code that occurred during the period that the person or entity was a subscriber. ASIC or individual consumers can still take action in relation to any breach that occurred during that period. [Schedule 1, items 1 and 9, section 9 of the Corporations Act and section 5 of the Credit Act]

1.133 ASIC should use its regulatory judgement as to what breaches, and what remedies, it applies in using their regulatory enforcement tools.

1.134 Commissioner Hayne recommended that remedies modelled on those set out in Part VI of the Competition and Consumer Act 2010 should be available for a breach of an enforceable code provision in an approved code of conduct or a civil penalty provision in a mandatory code of conduct.

Infringement notices

1.135 Schedule 1 allows ASIC to issue an infringement notice for a breach of an enforceable code provision in an approved code of conduct, or a breach of a civil penalty provision in a mandatory code of conduct. [Schedule 1, items 6 and 12, section 1317DAN of the Corporations Act and section 288K of the Credit Act]

1.136 This amendment adds enforcement of the code provisions to the existing infringement notice regime administered by ASIC under the Corporations Act and the Credit Act.

1.137 Infringement notices are an administrative tool that ASIC can use to deter and punish breaches of the enforceable code provisions in an approved code of conduct and civil penalty provisions in a mandatory code of conduct. This can be used as an alternative to other civil or administrative proceedings.

1.138 ASIC may issue an infringement notice if it believes on reasonable grounds that a person has contravened an enforceable code provision in an approved code of conduct or a civil penalty provision in a mandatory code of conduct. This must be given to the subscriber within 12 months after the day on which the contravention is alleged to have taken place. ASIC may give a person a single infringement notice for one contravention, or multiple infringements notices for multiple contraventions (section 1317DAM of the Corporations Act and section 288J of the Credit Act).

1.139 Under the Corporations Act, the amount of an infringement notice payable to ASIC for the breach of an enforceable code provision in an approved code of conduct or a civil penalty provision in a mandatory code of conduct is 12 penalty units for an individual and 60 penalty units for a body corporate.

1.140 For multiple contraventions, the amount payable is calculated by multiplying the number of penalty units by the number of contraventions (section 1317DAP(2) of the Corporations Act). This follows the existing penalty unit regime within the Corporations Act.

1.141 Under the Credit Act, the amount of an infringement notice payable to ASIC for the breach of an enforceable code provision in an approved code of conduct or a civil penalty provision in a mandatory code of conduct is 50 penalty units for an individual and 250 penalty units for a body corporate.

1.142 For multiple contraventions, the amount payable is calculated by multiplying the number of penalty units by the number of contraventions (section 288I(2) of the Credit Act). This follows the existing penalty unit scheme within the Credit Act.

1.143 The infringement notice regime for codes of conduct have been incorporated into the existing infringement notice frameworks within the Corporations Act and the Credit Act. Therefore, the penalties reflect the existing frameworks and amounts that the relevant codes operate within. Creating a new framework would unnecessarily increase complexity.

Pecuniary penalties

1.144 If a subscriber to an approved code of conduct breaches an enforceable code provision, or if an industry participant subject to a mandatory code breaches a civil penalty provision, ASIC may take action against the subscriber or industry participant for a pecuniary penalty. The maximum penalty which may be applied to any such breach is established in the primary law. The specific provision to which a penalty applies will be prescribed in delegated legislation: determined by ASIC (in the case of approved voluntary codes), or by the Government (in the case of mandatory codes).

1.145 A breach of an enforceable code provision contained in an approved code of conduct may attract pecuniary penalties of up to 300 penalty units. This applies to both individuals and corporations, and is consistent with the level of penalties in industry codes prescribed under the Competition and Consumer Act 2010. [Schedule 1, items 4 and 10, section 1101AC of the Corporations Act and section 238D of the Credit Act]

1.146 A breach of a civil penalty provision contained in a mandatory code of conduct may attract pecuniary penalties of up to 1,000 penalty units. This applies to both individuals and corporations. This is the maximum penalty which may be prescribed for civil penalty provisions specified in the regulations. In some circumstances, it may be appropriate to prescribe a lower penalty amount for a specific civil penalty provision in a mandatory code. [Schedule 1, items 4 and 10, section 1101AE of the Corporations Act and section 238F of the Credit Act]

1.147 These maximum penalties are appropriate as codes of conduct aim to set standards or requirements for a wide range of behaviour. The penalties work to protect the public interest by encouraging compliance with the code of conduct and also penalising those subscribers who are operating in breach of these codes of conduct.

1.148 The court will continue to have discretion to apply an appropriate penalty up to the maximum amount. The court must consider the relevant factors in any given case, making it unlikely that the maximum penalty would be imposed in every instance. In practice, the maximum amount would only be applied in the most egregious instances of non-compliance.

1.149 The courts are experienced in making civil penalty orders at appropriate levels within the maximum amount specified in legislation to reflect the individual circumstances of a case. Factors typically include: the nature and extent of the conduct which led to the contravention; the nature and extent of any resulting loss or damage; the relevant circumstances; the size of the organisation; whether the breach was deliberate; and the need for deterrence.

1.150 A pecuniary penalty is an appropriate sanction as a breach of a code of conduct could result in commercial gains by the subscriber (in relation to an approved code) or the industry participant (in relation to a mandatory code). Therefore, where the subscriber or industry participant has made a monetary gain from consumers by breaching a code, it is in the public interest that the gain not be retained by that subscriber or industry participant. It also serves as an effective deterrent to eliminate the gain or benefit resulting from non-compliance.

1.151 The quantum of the two different civil penalties in the codes of conduct framework reflect the importance of the codes of conduct regime in ensuring consumer confidence in the financial services and consumer credit industry.

1.152 In particular, the penalty for the mandatory code of conduct reflects the seriousness of the imposition of these codes by the Government and the high penalty encourages compliance with the code of conduct. A mandatory code of conduct may be imposed where the industry has engaged in egregious conduct and it is in the public interest for a mandated code of conduct. In these instances, as a reflective regulatory action, the high maximum pecuniary penalty encourages deterrence from the egregious conduct that would otherwise bring about adverse outcomes for consumers.

Other enforcement options

1.153 All enforceable code provisions in an approved code of conduct and all provisions in a mandatory code of conduct will form part of the 'financial services law'. This means that if a subscriber breaches any enforceable code provision in an approved code of conduct, or if an industry participant subject to a mandatory code breaches any provision in that code, ASIC may take administrative action under the enforcement options available.

1.154 ASIC will have a range of other civil enforcement options that it can apply to the Court for in relation to a breach. These include applying for compensation on behalf of another person, injunctions, non-punitive orders such as corrective advertising or applying for an order that a particular contract relating to financial products or financial services be void or voidable.

Application and transitional provisions

1.155 The Banking Code of Practice ^[2] , approved by ASIC on 18 December 2019, will be taken to be approved under the new section 1101A as outlined in this Chapter. [Schedule 1, item 8, section 1671 of the Corporations Act]