ASFA Action Issue 968, 15 October 2024
In this issue:
- Cyber security, security of critical infrastructure: Bills introduced, referred to Committee
- Update on other Bills
- Parliamentary sitting schedule for 2025
- Successor fund and intra-fund transfers: ATO guidance updated
Cyber security, security of critical infrastructure: Bills introduced, referred to Committee
The Government has introduced into Parliament a package of three Bills aiming to provide a clear legislative framework for contemporary, whole-of-economy cyber security issues.
While it contains no provisions specific to superannuation, the Cyber Security Bill 2024 will provide additional protections to Australian people and businesses, build mitigations for extant cyber risks, and improve the Government’s visibility of the threat environment to inform protections, incident response procedures, and future policy. The reforms include:
- introducing a mandatory reporting obligation for a ‘reporting business entity’ that is affected by a cyber incident, receives a ransomware demand and elects to make a payment or give benefits in connection with that cyber security incident.The definition of ‘reporting business entity’ is an entity that is a responsible entity for a critical infrastructure asset to which Part 2B of the Security of Critical Infrastructure Act 2018 applies, or an entity (that is not a Commonwealth or State body) that is carrying on a business in Australia with an annual turnover for the previous financial year exceeding the turnover threshold. The turnover threshold will be worked out in accordance with supporting rules.
- establishing a ‘limited use’ obligation that restricts how cyber security incident information provided to the National Cyber Security Coordinator during a cyber security incident can be used and shared with other government agencies, including regulators.
- establishing a Cyber Incident Review Board to conduct post-incident reviews into significant cyber security incidents.
- introducing a range of compliance and enforcement powers.
The Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024 will legislate a limited use obligation to protect information voluntarily provided to, or acquired or prepared by, Australian Signals Directorate during an impacted entity’s engagement in relation to a cyber security incident.
The Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 amends the Security of Critical Infrastructure Act 2018. That Act is the primary framework for regulation and protection of Australia’s critical infrastructure. It currently applies to 11 sectors – including financial services – and 22 asset classes, including superannuation. The amendments in the Bill include:
- expanding the definition of all types of critical infrastructure assets to include secondary assets which hold ‘business critical data’ and relate to the functioning of the primary asset
- facilitating the use of a ‘last resort’ directions power for the Secretary of the Department of Home Affairs for the purposes of managing both multi-asset incidents and the consequences of serious incidents which could have, are having, or have had, a ‘relevant impact’ on one or more critical infrastructure assets
- clarifying the operation of the secrecy and disclosure provisions – in particular to enable greater intra-government sharing of protected information and cross-industry collaboration
- creating a directions power for the Secretary of the Department of Home Affairs or the relevant Commonwealth regulator which is exercisable where it has been identified a critical infrastructure risk management program is seriously deficient
- strengthening the integrity of information in respect of an asset that is or becomes a system of national significance.
The package of Bills has been referred to the Parliamentary Joint Committee on Intelligence and Security for inquiry. The reporting date is not presently clear, however the Committee is seeking submissions by close of business Friday 25 October.
If you have any feedback you would like ASFA to consider in relation to a submission to the Committee, please forward it to Sebastian Reinehr by midday Monday 21 October.
Update on other Bills
As well as the introduction of the cyber security reform package (see earlier item), there have been developments in relation to several Bills relevant to superannuation.
Better targeted superannuation concessions
The Treasury Laws Amendment (Better Targeted Superannuation Concessions & Other Measures) Bill 2023 and Superannuation (Better Targeted Superannuation Concessions) Imposition Bill 2023 have been passed by the House of Representatives and introduced into the Senate. The Bills implement the Government’s proposed changes to the tax concessions available to individuals whose total superannuation balances exceed $3 million (see ASFA Action issue 925 for background).
Financial Regulator Assessment Authority, payment system regulation
As well as reducing the tax concessions for superannuation balances above $3 million (see above item, the Treasury Laws Amendment (Better Targeted Superannuation Concessions & Other Measures) Bill 2023:
- increases the frequency for reviews of ASIC and APRA by the Financial Regulator Assessment Authority to five years, as announced in the May 2023 Budget
- updates the Payment Systems (Regulation) Act 1998 to ensure regulators and the Government can address new risks related to payments as the provision of payments evolves and increases in complexity.
As noted above, the Bill has now been passed by the House of Representatives and introduced into the Senate.
Reforms to AML/CTF regime
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 has been passed by the House of Representatives and introduced into the Senate. As reported in ASFA Action issue 964, this proposes a range of reforms to anti-money laundering and counter-terrorism financing (AML/CTF) laws.
Value of a penalty unit
The Crimes and Other Legislation Amendment (Omnibus No 1) Bill 2024 has now completed its passage through Parliament and is awaiting Royal Assent. The Bill increases the value of a Commonwealth penalty unit from $313 to $330 for offences committed on or after commencement of the amendments (14 days after the Bill receives Royal Assent). Penalty units are used to describe the amount payable for monetary penalties imposed for criminal offences in Commonwealth legislation and territory ordinances.
Parliamentary sitting schedule for 2025
he Parliamentary sitting calendar for 2025 has been published. However, given an Election is due to be held before the end of May (assuming a regular simultaneous House of Representatives and half-Senate election), the calendar will likely undergo substantial change.
Notably, the Federal Budget has been scheduled for Tuesday 25 March.
Successor fund and intra-fund transfers: ATO guidance updated
The ATO has updated a range of technical guidance about successor fund transfers (SFTs) and intra-fund transfers (IFTs), including:
- Limited-service period for super fund transfers – this addresses how super funds can minimise impact to employers and members during the transition period
- Defined benefits for super fund transfers – this deals with how to re-report and transfer information for notional tax contributions and Div 293 deferred debts for members
- Updating product details for super fund transfers – this addresses how to provide and update Unique superannuation identifiers between funds and payment information with employers
- SFT checklist for APRA funds – this is a checklist to assist both the transferring and successor funds during an SFT
- Introduction and considerations for types of super fund transfers – this addresses how to engage with ATO before undertaking an SFT or IFT
- Successor and intra-fund transfer reporting protocol – this provides information and guidance for super providers and suppliers who will be reporting successor and intra-fund transfers
- Unclaimed superannuation money and lost member accounts – this provides information about how SFTs and IFTs impact unclaimed super money (USM) and lost member reporting
- Data and payment standards for super fund transfers – this provides information about how to process a rollover super benefit during an SFT
- Managing member accounts for super fund transfers – this provides information about how funds update member accounts, reconcile ATO super accounts, and manage transfer payments, data handover and re-reporting
- Notices and authorities and fund income tax – this explains how to action notices and authorities and fund tax return obligations during and after super fund transfers
- Super income streams for fund transfers – this explains how super funds should report super income streams to the ATO during an SFT
- SuperMatch for fund transfers – this provides information about how successor funds can access SuperMatch to obtain details of active accounts and verification.
ASFA REGULATORY WATCHLIST
ASFA’s Regulatory Watchlist (ARW) tracks developments in Legislation, inquiries, consultations
and other regulatory announcements relevant to superannuation.