ASIC roundup: unconscionable conduct over account fees, and trading concerns

The Australian Securities & Investments Commission’s latest actions and news, September 18 – 22, 2023.

A$2.1m penalty for unconscionable conduct over fees – September 22, 2023

The National Australia Bank Ltd (NAB) had been ordered by the Federal Court to pay a A$2.1m ($1.35m) penalty for unconscionable conduct. The NAB charged periodic payment fees even though it knew that by levying them it was wrongfully overcharging its customers.

Between January 2017 and July 2018, NAB charged such fees on 74,593 occasions. With 2,888 personal banking customers and 513 business banking customers, of a total value of A$139,845 ($90,063).

During this period, some were charged a periodic payment fee of:

  • A$1.80 or A$5.30 when they were entitled to an exemption under NAB’s terms and conditions; or
  • A$5.30 when the correct fee was A$1.80.

Justice Derrington said that the bank “deliberately and cynically took advantage of its customers’ unawareness”, and called the A$2.1m penalty “woefully insufficient in the circumstances”. A breach of the ASIC Act after March 2019 would have resulted in at least a penalty of A$15.65m ($10m).

In addition to the penalty, NAB will also pay about A$9m ($5.8m) in remediation to affected customers, pay ASIC’s costs and publish an adverse publicity notice on its website.

 “Such moral dereliction would seem to reflect an inherent sense of entitlement, possibly precipitated by a view that no real harm would come to the bank even if its conduct was detected.”

Justice Derrington

Crypto exchange sued for alleged design and distribution failures – September 21, 2023

Bit Trade Pty Ltd, the provider of the Kraken crypto exchange, has been sued over allegedly failing to comply with the design and distribution obligations for the margin trading product it offers on the exchange.

According to ASIC, Bit Trade failed to make a target market determination for the product, something legally required, before offering it to Australian customers. 

ASIC further alleges that Bit Trade’s margin trading product is in effect a credit facility because it offers credit for selling and purchasing certain crypto assets on the Kraken exchange, this despite the fact that Bit Trade describes this offering as ‘margin extension’.

Since the design and distribution obligations commencement on October 5, 2021, at least 1,160 Australian customers have used the margin trading product, incurring a total loss of approximately A$12.95m ($8.3m).

Bit Trade was notified in June 2022 regarding the regulators concerns of failing to comply with its design and distribution obligations, but continued to offer the product without undertaking a target market determination.

The ASIC is seeking declarations, a monetary penalty along with injunctions prohibiting the ongoing alleged contravening conduct.

“These proceedings should send a message to the crypto industry that products will continue to be scrutinised by ASIC to ensure they comply with regulatory obligations in order to protect consumers.”

ASIC Deputy Chair Sarah Court

Interactive Brokers pays A$832,500 for ‘negligent’ and ‘reckless’ conduct – September 20, 2023

Market participant Interactive Brokers Australia Pty Ltd (Interactive Brokers) has paid a penalty of A$832,500 ($536,148) to comply with an infringement notice from the Market Disciplinary Panel (MDP). MDP found that Interactive Brokers was ‘negligent’ in its failure to identify suspicious trading by one of its clients – and was ‘reckless’ by letting it continue after ASIC raised concerns about the trades.

ASIC’s concerns arose from certain Closing Single Price Auction (CSPA) orders that were placed by one of Interactive Brokers’ experienced clients on the ASX between March 10 and November 5, 2021. The MDP believes that Brokers should have suspected that the orders were suspicious for many reasons, including that they:

  • were entered or amended late in the CSPA;
  • were for a very small volume and value;
  • were returned or held the price for Orthocell Ltd (OCC) to or at the high of the day; and
  • were inconsistent with the client’s previous trading during the relevant day.

ASIC contacted Interactive Brokers to let the firm know that its client’s trading had triggered ASIC alerts, but the firm allowed the client to continue trading and enabled the placement of further suspicious orders. This despite the fact that Interactive Brokers own surveillance systems triggered 44 ‘marking the close’ alerts in connection with the client’s trades.

According to the MDP, Interactive Broker’s response and follow up to the suspicious activity was inadequate, because it:

  • took too long to close alerts;
  • failed to have meaningful notes in the reviews of the alerts;
  • failed to address the trading conduct of the client; and
  • did not lodge the suspicious activity report to ASIC until November 5, 2021.

The MDP characterised this failure as negligent because Interactive Brokers should have realised that it did not maintain the necessary ‘organisational and technical resources’ to ensure and uphold integrity of the market.

ASIC news week 38

On September 18, ASIC Chair Joe Longo spoke at the Australian Financial Review Cyber Summit. There, he drew attention to the parallels between today’s cyber threats and a demonstration of a purportedly “confidential and secrue” wireless telegraph system by Guglielmo Marconi in 1903. A system was ‘confidential and secure’ – but yet soon to be shattered when it had been jammed by the British magician and wireless pioneer, Nevil Maskelyne. Or in today’s terms – hacked.

By drawing on this historical example Longo tried to highlight the fact that “every system is vulnerable”, and urged organisations to take an active approach to evaluating and managing their own and third-party cyber risks. He also spoke of the need to go beyond security and to build up resilience – to have the ability to respond to and recover from an cyberattack, and to test such plans regularly.

ASIC Chair Joe Longo.
Photo: ASIC

Longo pointed out that the major cyber-attacks against Australia’s Optus and Medibank last year were a ‘wake-up call’ for many Australian companies and that costs connected to global cybercrime are predicted to grow by 15% annually over the next three years, reaching $10.5 trillion by 2025. Ransomware attacks alone are predicted to exceed $265 billion by 2031.

“For all boards, cyber security and cyber resilience have got to be top priorities. If boards do not give cyber security and cyber resilience sufficient priority, this creates a foreseeable risk of harm to the company and thereby exposes the directors to potential enforcement action by ASIC based on the directors not acting with reasonable care and diligence.”

Last year, Home Affairs and Cyber Security Minister Clare O’Neil, announced that Australia planned to be the most cyber secure country in the world 2030.

Update on licensing and professional registration activities

On the 21, ASIC released the 772 Licensing and professional registration activities: 2023 update (REP 772) – its annual licensing report. It outlines the Commission’s licensing and professional registration activities, new and proposed changes to processes, and other activities that that affects licensees.

Between July 2022 and June 2023, ASIC:

  • received 1,272 Australian financial services (AFS) licence and Australian credit licence (credit licence) applications;
  • finalised 1,464 AFS and credit licence applications;
  • granted 332 new AFS licences and 149 new credit licences;
  • approved 867 AFS and credit licence variation applications from existing licensees; and
  • approved the registration of 118 company auditors, 44 SMSF auditors and supported the approval of 29 liquidators.

Furthermore, during that period:

  • 401 licence applications were withdrawn or rejected for lodgement;
  • 515 licences were cancelled;
  • 26 licences were suspended;
  • 51 professional registration applications were withdrawn; and
  • 4 were refused.

“We are continuing to make a number of improvements to ASIC’s Licensing processes and systems. These include increased engagement with stakeholders during the application process, ongoing work to develop a new licensing portal and streamlining our workflow systems to make it easier for stakeholders to interact with ASIC,” said Warren Day, ASIC’s Chief Executive Officer.

Extended date for financial adviser registration requirement

ASIC has extended the date by which financial advisers must be registered to February 1, 2024, because the Treasury Laws Amendment (2023 Measures No. 1) Bill  remains before parliament.

Once the Bill passes into law, ASIC will also issue regulatory guidance, conduct webinars, and open the registration portal to commence accepting applications for registration.