ASIC issues early observations on mandatory sustainability reporting

ASIC has released its initial observations from a review of the first mandatory sustainability reports lodged under the Corporations Act, aiming to assist other entities preparing for the reporting season. ASIC welcomed reports lodged by Group 1 entities noting an overall increase in consistency and quality compared to prior voluntary disclosures. ASIC reminds reporting entities that they cannot use disclaimers that conflict with the statutory framework or instruct users not to rely on the data. Furthermore, companies must incorporate both past and forecast extreme weather impacts to identify climate risks, ensure that voluntary data does not obscure material disclosures, strictly follow cross-referencing guidelines, and explicitly account for any legally mandated greenhouse gas emissions targets, such as the Safeguard Mechanism, within their reports. Group 2 reporting entities begin reporting  on or after 1 July 2026. Group 2 applies to medium-to-large entities that meet at least two of the three following criteria for a financial year:

  • Consolidated revenue: $200 million or more.
  • Consolidated gross assets: $100 million or more.
  • Employees: 250 or more employees at the end of the financial year.

Read more here.

Organisations affected: Group 2 reporting entities

Policies affected: Reporting policies

ASIC report details progress on regulatory simplification

ASIC has released Report 830: Regulatory simplification progress report, detailing ongoing initiatives to reduce the regulatory burden on Australian businesses. Following extensive industry engagement, the regulator has expanded its digital service capability, simplified complex regulatory guidance, and updated 280 form landing pages to streamline user navigation. Additionally, ASIC has introduced targeted sector-based regulatory roadmaps to help small company directors and financial advice businesses better interpret and meet their compliance obligations. Read more here.

AFCA piloting call recording and automation tools

AFCA is adopting a highly cautious approach to incorporating automation into its operations, strictly ensuring that a “human in the loop” handles and reviews all dispute outcomes. As part of its early stage digital journey, the ombudsman is currently piloting several internal initiatives, which include testing call recording paired with artificial intelligence transcription services. To eliminate any risk of AI hallucination or misinterpretation, AFCA emphasises that human staff will diligently review and validate these automated summaries and transcripts to maintain strict accuracy during the claims and complaints resolution process.

More details here.

AUSTRAC releases risk snapshots of Australia’s financial crime landscape

AUSTRAC has released three national risk assessment updates that reveal Australia’s money laundering, terrorism financing, and proliferation financing threats are becoming increasingly complex, interconnected, and difficult to detect. A major finding in the 2026 snapshot is the escalating role of emerging technologies. Illicit actors are actively adopting artificial intelligence (AI) to fabricate identities, forge official documentation, and automate sophisticated laundering techniques that previously required manual effort, drastically increasing the overall scale of financial crime.

Reporting entities should review these updated threat snapshots against their own risk assessments to evaluate applicability to their specific business operations. Read more here.

Organisations affected: All reporting entities

Policies affected: AML/CTF Program and AML/CTF Risk Assessment

Cboe Australia: updates to Market Data Product Manual

Cboe Australia has amended its Market Data Product Manual, effective 15 May 2026, introducing stricter rules around billing, capacity management, and data distribution.

What a Cboe Participant may need to do:

  • Update cancellation procedures: ensure that any market data subscription cancellations initiated through the portal are also submitted in writing to the Trade Desk; otherwise, full-month billing will continue to apply.
  • Review testing/certification environments: assess the usage of your certification configurations. If any have been inactive for six months, note that Cboe now has the right to decommission them to manage system capacity.
  • Audit historical and extranet data usage: verify that your internal use of historical data does not cross into commercial/external distribution without proper licensing.
    • If acting as an Extranet Provider, ensure you only transmit data in the native CXA protocol, obtain prior Cboe approval before connecting third parties, and confirm that all end clients hold an active global data agreement.
  • Strengthen portal governance: review internal access controls, as participants are now explicitly held fully responsible for all security, compliance, and configuration activity occurring under their portal accounts.

Read more here.

Organisations affected: Cboe Australia market participants

Policies affected: Operational, financial, IT, and compliance policies

Contact MIntegrity today for a confidential consultation and expert regulatory support.

Back to Blog