Mackay Chapman May ASIC Update

ASIC BLOG:

‍

In this month’s ASIC update:

‍

• Federal Court rejects ASIC’s case against TelstraSuper 
• Businesses warned to prepare for AI-driven cyber threats
• ASIC intensifies crackdown on unlawful “finfluencers”
• Former director sentenced over false invoice scheme
• Federal Court penalises Money3 over responsible lending failures
• ASIC’s case against Nuix dismissed by Federal Court
• Crypto and digital asset firms urged to prepare for licensing deadline
• Changes proposed for client money rules and cash common funds

‍

Read on for the full story.

‍

Federal Court rejects ASIC’s case against TelstraSuper 

In a not insignificant blow to ASIC, the Federal Court has rejected ASIC's 'efficiently, honestly and fairly' case against Telstra Super.  Despite finding numerous breaches of 'complaints handling' requirements regarding timing, content and notice, Justice Neskovcin of the Federal Court rejected ASIC’s allegation that those breaches amounted to a contravention of the requirement under section 912A of the Corporations Act 2001 (Cth) to provide financial services efficiently, honestly and fairly.

This type of case by ASIC - where it alleges a multitude of lower level, 'compliance' breaches then seeks to elevate the conduct to a breach of the civil penalty provision 912A(1)(a) by weight of numbers - has been commonplace in recent years.

In cases in which we have been involved, the number and volume of evidence of the alleged compliance breaches has been so great as to overwhelm the respondent, often a party with disproportionately less resources available than to the regulator.

Obviously that is not the case with Telstra Super.

The judgment provides useful analysis not only of the overtly complex complaints handling requirements in question (whose force and effect must be traced in some instances to regulatory guidance rather than actual legislation) but also of the court's approach in assessing the requirements of 912A(1) in a 'weight of numbers' ASIC civil penalty case.

A penalty hearing will proceed at a later date. 

Businesses warned to prepare for AI-driven cyber threats

ASIC has urged Australian financial services businesses to strengthen their cyber security measures as artificial intelligence increases the speed and sophistication of cyber attacks. In a recent open letter, ASIC warned that emerging AI tools could rapidly expose vulnerabilities across financial systems, making strong cyber resilience more important than ever.

The regulator stressed that cyber security is not just an IT issue, but a core governance and licensing responsibility. ASIC called on boards and executives to review cyber risk frameworks, strengthen incident response plans, improve patch management and minimise exposure to cyber threats. The update also reinforces ASIC’s expectation that businesses proactively manage cyber risks before incidents occur, rather than responding after the fact.

The regulatory risks posed by cyber threats to Australian Financial Services Licence holders are well known and evidenced by the ASIC actions against RI Advice and Fortnum.  But similar regulatory risks extend beyond AFSL and Australian Credit Licence holders, arguably to the boards of all public companies and professional services firms.

ASIC intensifies crackdown on unlawful “finfluencers”

ASIC has expanded its enforcement action against social media “finfluencers”, working alongside international regulators to target creators suspected of providing unlicensed financial advice or misleading investment content online. 

The regulator recently issued warning notices to several online creators and reviewed AFS licensees responsible for supervising influencer activity under their licences.

There is growing concern about the influence social media has on financial decision-making, particularly among younger Australians. ASIC cited research showing many Gen Z consumers rely on social platforms for financial information and often trust advice shared by online creators.

The regulator expects active supervision and proper compliance processes where creators are engaged to promote financial products or services.

Former director sentenced over false invoice scheme

Former NSW company director Mark Barnes has been sentenced to one year and 10 months’ imprisonment after dishonestly obtaining more than $2.4 million through a false invoice scheme. The sentence will be served under an Intensive Correction Order, including 12 months of home detention and 300 hours of community service.

ASIC alleged Mr Barnes submitted falsified invoices, emails and bank statements to secure advance payments from a funding company between 2018 and 2019. While repayments were made initially, further false invoices were issued to maintain cash flow. The conduct ultimately left the lender out of pocket by more than $270,000.

Following his conviction, Mr Barnes has also been automatically disqualified from managing any company for five years.

Federal Court penalises Money3 over responsible lending failures

The Federal Court has ordered car finance provider Money3 Loans Pty Ltd to pay $1.55 million in penalties after finding the company breached responsible lending obligations when providing loans to vulnerable consumers.

The Court found Money3 failed to properly assess borrowers’ financial circumstances across several vehicle finance loans issued between 2019 and 2021. It further found the lender did not adequately review or verify customers’ living expenses, despite having access to bank statement data that could have identified potential affordability concerns. 

In one case, the company also failed to properly assess the borrower’s requirements and objectives before approving the loan.

ASIC’s case against Nuix dismissed by Federal Court 

The Federal Court has dismissed ASIC’s continuous disclosure proceedings against software company Nuix Limited and its directors. 

ASIC had alleged the company failed to properly disclose information to the market and misled investors by reaffirming financial forecasts shortly after its 2020 IPO, and that by doing so its directors breached their duties.

The Court dismissed all of ASIC’s allegations, finding Nuix did not breach its continuous disclosure obligations and rejecting claims that the company’s board failed to take reasonable steps to prevent misleading statements being made to investors.  Importantly, the Federal Court accepted that Nuix had reasonable grounds for making the relevant representations to the market because its forecasting methodology, based upon a structured and clearly documented process, was reasonable.  Additionally, the Court affirmed ASX Guidance that variations of 5% or less should be presumed as immaterial, and such variances alone may not meet the threshold for disclosure under the continuous disclosure regime, and rejected ASIC’s allegations that Nuix ‘sat’ on a revised forecast on the basis a company is entitled to sufficient time to forecast properly before disclosure to the market.

The loss is a blow to ASIC after a lengthy and costly court action stemming from conduct almost exactly five years before the judgment was delivered.

Crypto and digital asset firms urged to prepare for licensing deadline

ASIC has reminded digital asset businesses that they may need to obtain an AFS licence before the regulator’s temporary no-action position expires on 30 June 2026. 

Businesses that fail to apply for the required licence or authorisation by the deadline could face significant civil and criminal penalties for unlicensed conduct.

A new licensing regime for digital asset platforms and tokenised custody platforms is scheduled to commence in April 2027. ASIC has encouraged affected businesses to assess their obligations early and begin the application process as soon as possible.

Changes proposed for client money rules and cash common funds

ASIC is seeking industry feedback on plans to remake a legislative instrument relating to how AFS licensees handle client money in cash common funds. 

The current instrument is due to expire in October 2026, and ASIC has indicated it intends to continue the relief without making substantive changes.

The instrument allows client money received by an AFS licensee to be deposited into a registered cash common fund, while maintaining existing consumer protection requirements under the Corporations Act. 

Stakeholders have been invited to provide submissions as part of the consultation process before ASIC finalises the updated instrument.

Updated guidance released on financial reporting and audit relief

ASIC has updated its guidance on financial reporting and audit relief, with the release of a revised Regulatory Guide 43 (RG 43). 

The updated guide is intended to simplify existing guidance and reflect legislative changes that have occurred since the guidance was last reviewed in 2011.

‍

The contents of this article do not constitute legal advice and it is not intended to be a substitute for legal advice and should not be relied upon as such.  It is designed and intended as general information in summary form, current at the time of publication, for general informational purposes only.  You should seek legal advice or other professional advice in relation to any particular legal matters you or your organisation may have.

‍