In May 2023, the Australian Securities and Investments Commission (ASIC) released Issue 148 of its Market Integrity Update. The publication includes important information for market participants, including guidance for assessing cyber capabilities, reports on criminal sentences throughout the industry and — perhaps most importantly — a look at the updated market integrity rules penalty regime.
Here’s what this new regime looks like and what it means for organisations like yours.
What has changed?
ASIC market integrity rules (MIRs) apply to securities, futures and capital markets. These requirements cover everything from ensuring technological resilience and reporting suspicious activity to maintaining accurate communication with ASIC.
The previous MIR penalty regime applied to events occurring before 13 March 2019, where each individual breach had a maximum penalty of $600,000. The May 2023 ASIC update highlights several changes to this regime, the sum of which is simple: Penalties are likely to be higher going forward.
For events occurring wholly on or after 13 March 2019, a single infringement notice can carry a penalty of up to 15,000 units. As of 1 January 2023, the cost of one penalty unit was increased to $275 — so at the maximum, a single occurrence of misconduct could cost you $4.125 million.
In more serious cases, ASIC may impose civil penalties, which include court activity and potentially higher fines. Should ASIC take your organisation to court over misconduct, you could be required to pay the greater of two penalties for each individual event:
- 50,000 penalty units, which equates to $13.75 million; OR
- 10% of company turnover, capped at 2.5 million penalty units or $687.5 million.
It is the responsibility of the Markets Disciplinary Panel (MDP) to identify relevant cases of misconduct and issue infringement notices. This peer review panel considers information from both ASIC and the accused market participant when making appropriate determinations.
Why have these changes occurred?
When ASIC released these updates, it noted “the importance of complying with the market integrity rules” and sought to remind market participants of their responsibility in this area. The goal of increasing penalties, according to ASIC, was twofold:
- ‘Provide an adequate deterrent for misconduct.’
- ‘Ensure payments of penalties under infringement notices do not simply become a cost of doing business.’
Essentially, these changes are intended to create a more equitable landscape for enforcing compliance — one where misconduct comes with significant downsides even for larger organisations capable of absorbing sizable penalties.
What does this mean for you?
Although all ASIC updates have noteworthy implications for market participants, this particular reminder and its implications should be at the forefront of participants’ minds. Simply put, mistakes are about to cost a lot more.
If you fail to be proactive in identifying, assessing and addressing incidents early, or in implementing regulatory change (e.g. the new MIRs on tech and operations resilience), a number of things could happen, including:
- Increased penalties: Higher penalty units from the MDP aren’t the only concern. You’ll also be impacted by aggravating factors if systemic problems are identified but not addressed.
- ASIC questions: One or more misconduct events could cause ASIC to question wider arrangements for operating your licence. This could lead to licence conditions and other enforceable undertakings, either during or after the original infringement notice.
- Ongoing costs: If you’re forced to appoint an independent expert to review your arrangements, the costs of remediation could be higher and longer-lasting.
That means the impact on market participants like you could be significant. With recent MDP penalty outcomes ranging between $222,000 and $888,000, your entire firm will need to maintain a heightened awareness of the key risk and compliance processes that may lead to more stringent MDP outcomes. On top of that, there’s likely to be an increase in time, cost and reputational risk associated with reporting events and defending ASIC enforcement actions. This creates far more demands on already tight resources — especially at a time when compliance budgets are being squeezed.
What practical steps can you take?
The good news is that, despite serious penalties and increasing risks, there are proactive steps you can take to help protect your organisation from misconduct allegations.
Here are a few practical steps to get you started:
#1: Review and disseminate ASIC updates
While newsletters and press releases from ASIC are important sources of information, you should have a process to review all regulatory updates in a timely manner and a mechanism to disseminate what the change means for your firm.
#2: Identify and prepare for regulatory changes ahead of time
Don’t wait until a reg change comes into effect. Instead, identify upcoming requirements and implement the necessary updates to your policies, procedures and operations long before it’s necessary. This gives you ample time to tweak processes and compile proof of relevant changes.
With a regtech tool like RegsWeb, you’ll have access to reg change tools like a forward-looking calendar across all regulators and a weekly newsletter with the latest announcements. Crucially, you will also have access to a digital library of up-to-date regulatory content (including the latest MIRs) — all interlinked with digital versions of your own risk, compliance and operations policies and procedures. That way, you’ll know:
- What changes are occurring and when.
- Which processes or documents will be impacted.
- What steps you’ll take to implement updates ahead of time.
#3: Detect, escalate and remediate incidents
Structure your workflows to clearly and effectively detect reportable situations. If you catch these issues early and follow all the right steps, you may be able to prevent or mitigate significant ASIC action.
#4: Engage an independent compliance expert
Compliance experts like MIntegrity can help review and improve your compliance arrangements on a proactive basis. Try to establish a process for regular internal or external reviews of key risk areas in your business — especially before any ASIC investigations escalate.
Don’t let the risk of higher penalties overwhelm your organisation. Contact us today to learn more about RegsWeb and MIntegrity’s independent compliance expert services.
Image by wirestock on Freepik← Back to Blog