Issue 874, 25 October 2022
In this issue:
Increased penalties for serious data breaches: Government announcement
The Government has indicated that it will, this week, introduce a Bill into Parliament to significantly increase penalties for repeated or serious privacy breaches. The announcement follows a number of widely reported cyber-attacks and data breaches in recent weeks.
The Attorney-General, Mark Dreyfus MP said the Government’s Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will:
- increase maximum penalties that can be applied under the Privacy Act 1988 for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of: $50 million, three times the value of any benefit obtained through the misuse of information, or 30 per cent of a company’s adjusted turnover in the relevant period
- provide the Australian Information Commissioner with greater powers to resolve privacy breaches
- strengthen the Notifiable Data Breaches scheme to ensure the Australian Information Commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals
- equip the Australian Information Commissioner and the Australian Communications and Media Authority with greater information sharing powers.
This Bill is in addition to a comprehensive review of the Privacy Act by the Attorney-General’s Department that will be completed this year, with recommendations expected for further reform (see ASFA Action issue 833 for background).
Medibank data breach: APRA warning to regulated entities
Following the widely-reported cyber-attack on Medibank that resulted in a data breach, APRA has issued a message to its regulated entities about:
- ensuring information security controls are in place and operating, along with the requirements and obligations of CPS 234 Information security
- appropriately communicating with customers to raise awareness and directing them to reputable sources such as ACSC, Moneysmart and the Office of the Australian Information Commissioner, which outline additional steps customer can take to limit the risk of fraud.
FAR and CSLR Bills: Senate Committee report
As reported in ASFA Action issue 871, the Senate Economics Legislation Committee has been considering the package of Bills to establish the Financial Accountability Regime (FAR) and Compensation Scheme of Last Resort (CSLR), comprising the:
The Committee delivered its report yesterday, after receiving a short extension of time from 21 to 24 October. The Committee majority recommended the Bills be passed, with the Coalition and Greens senators separately recommending some amendments, including:
- a requirement for greater scrutiny of the Australian Financial Complaints Authority (AFCA) and the CSLR operator
- an inquiry by the Senate into the enforcement capability and capacity of ASIC and a statutory reporting obligation “to capture any communication between ASIC and the CSLR operator and AFCA to reduce moral hazard and ensure law enforcement remains ASIC’s key focus”
- a limit on the Ministerial discretion in relation to special levies to fund the CSLR
- the imposition of civil penalties for breaches of individuals’ accountability obligations under the FAR.
New APRA statistical publication on superannuation industry
APRA has released the first in a series of new statistical publications to improve the transparency of the superannuation industry.
The Quarterly Superannuation Industry Publication includes new and expanded data collected as part of APRA’s recently introduced Superannuation Data Transformation reporting standards. In particular, it includes:
- information on the number and types of products and investment options available in the superannuation industry
- quarterly data on member demographics, such as gender, age and account balances (this was previously only published annually)
- improved classification of MySuper product asset allocations.
APRA announced the launch of a new series of quarterly and annual superannuation publications in July, after industry consultation (see ASFA Action issue 861).
WA de facto family law superannuation splitting: veterans’ entitlements instrument
As reported in ASFA Action issue 870, amendments to Commonwealth and Western Australian (WA) legislation commenced on 28 September to extend the family law superannuation splitting regime to separating WA de facto couples.
The Government has now registered the Veterans’ Entitlements Legislation Amendment (Western Australia Superannuation Splitting) Instrument 2022. This amends several existing instruments to reflect the reforms and follows the recent registration of a Determination making similar amendments for social security means test purposes (see ASFA Action issue 872).
Superannuation Data Transformation: FAQs and revocation of superseded standards
APRA has updated its frequently asked questions (FAQs) on the reporting standards issued under phase 1 of its Superannuation Data Transformation (SDT) project:
- a new general FAQ 1.25 has been added, dealing with the revocation of pre-SDT reporting standards
- general FAQ 1.02, which deals with the due dates for submission of data under the new reporting standards, has been updated
- six FAQs dealing with reporting of historical data (Historical FAQs 1.0, 1.1 and 1.4 and General FAQ 1.09) and APRA’s plans for consultation under phase 2 of the SDT project (General 1.22 and 1.23) have been archived.
As reported in ASFA Action issue 873, APRA recently wrote to registrable superannuation entity licensees to advise it would be revoking some older reporting standards that overlap with standards issued under phase 1 of the SDT project.
APRA has now registered legislative instruments formally revoking three reporting standards:
- Financial Sector (Collection of Data) (reporting standard) determination No. 18 of 2022, which revokes Reporting Standard SRS 533.1 Asset Allocation and Members’ Benefits Flows made under Financial Sector (Collection of Data) (reporting standard) determination No. 38 of 2015
- Financial Sector (Collection of Data) (reporting standard) determination No. 19 of 2022, which revokes Reporting Standard SRS 703.0 Fees Disclosed made under Financial Sector (Collection of Data) (reporting standard) determination No. 41 of 2015
- Financial Sector (Collection of Data) (reporting standard) determination No. 20 of 2022, which revokes Reporting Standard SRS 250.0 Acquired Insurance made under Financial Sector (Collection of Data) (reporting standard) determination No. 6 of 2015.
The revocation instruments commence on 28 October.
ASIC industry funding model: cost recovery implementation statement
ASIC has published the cost recovery implementation statement (CRIS) for 2021-22 under its industry funding model, after consultation on a draft version in June (see ASFA Action issue 855).
The CRIS includes:
- an explanation of the cost recovery model, including the business process, outputs and how ASIC allocates costs to calculate the levies and fees for service
- estimates of ASIC’s regulatory costs and also the estimated levies by industry subsector, based on ASIC’s planned regulatory work and estimated levies to recover regulatory costs (final levies will be published in December and invoiced between January and March next year)
- focus areas for ASIC’s work by subsector
- actual costs ASIC incurred in the previous year for each subsector and the variance between the actual costs and the estimated costs in last year’s CRIS
- an assessment of the risks associated with the industry funding model and how those risks have been managed.
Superannuation Guarantee rulings and determinations: updates
The ATO has made some updates to its suite of Superannuation Guarantee (SG) rulings and determinations to reflect recent legislative changes:
An addendum has been issued to SGR 2009/2 Superannuation guarantee: meaning of the terms ‘ordinary time earnings’ and ‘salary and wages’ to reflect:
- the removal, from 1 July 2022, of the $450 per month earnings threshold that previously applied before an employer was required to make SG contributions for an employee(see ASFA Action issue 841)
- the remaking of the Superannuation Guarantee (Administration) Regulations 1993 as the Superannuation Guarantee (Administration) Regulations 2018 (see ASFA Action issue 686).
The ATO has also withdrawn SGD 2003/5 Superannuation guarantee: how do the exclusions under sections 27 and 28 of the Superannuation Guarantee (Administration) Act 1992 interact? This reflects the removal of the $450 per month earnings threshold for SG contributions.
ASFA REGULATORY WATCHLIST
ASFA’s Regulatory Watchlist (ARW) tracks developments in Legislation, inquiries, consultations
and other regulatory announcements relevant to superannuation.