On 14 November 2024 ASIC announced its new enforcement priorities for 2025 setting out the issues and key areas where it will direct resources in the new year [1]. ASIC’s priorities are reviewed annually and reflect emerging issues affecting consumers, businesses, and the economy.
It should come as no surprise that the 2025 priorities were heavily influence by the current cost of living pressures. Crucially, priority areas cover issues such as misconduct within property investment schemes, failures in cyber security protection, and greenwashing or misconduct involving ESG claims, all of which are important risk areas frequently highlighted by Bellrock publications.
The 2025 ASIC enforcement priorities focus on:
- Misconduct and exploitation in respect of superannuation savings
- Unscrupulous property investment schemes
- Failures by insurers to deal fairly and in good faith with customers
- Strengthening investigation and prosecution capability around insider trading
- Business models designed to avoid consumer credit protections
- Misconduct impacting small businesses and their creditors
- Debt management and collection agency misconduct
- Licensee failures in respect of adequate cyber-security protections
- Greenwashing and misleading ESG claims
- Member services failures in the superannuation sector
- Auditor misconduct
- Used car finance being sold to vulnerable consumers by finance providers.
As published by ASIC in its 2023–24 Annual Report, ASIC has seen an increase in the number of investigations by over 25% when compared to 2022-23. The agency has also increased the volume of civil enforcement actions taken against individuals and entities by 23%.
Managed property investment scheme
ASICs deputy chairwoman Sarah Court stated that ASIC is seeing the loss of superannuation savings via unscrupulous property investment schemes and that these would be a target in 2025.
Throughout 2024 ASIC stepped in to halt offers being taken on a major retail property investment scheme following concerns about its management and operations including the use of investor funds as loans for associated companies of the managing directors. Ms Court referred to this action as an example of the types of issues ASIC would be homing in on.
Increased focus on greenwashing
It is no surprise that greenwashing has been featured amongst the priority areas for 2025. In a landmark case for ASIC, in August 2024, the Federal Court ordered Mercer Superannuation (Australia) Limited to pay an $11.3 million penalty after it admitted it made misleading statements about the sustainable nature and characteristics of some of its superannuation investment options.
Further to this, in the past year, ASIC has issued seven infringement notices to several companies totalling $110,520 for greenwashing conduct [2]. One such company had issued a Product Disclosure Statement (‘PDS’) stating that a particular managed investment scheme would seek to avoid the investment of the Fund’s assets in a range of excluded activities, including in fossil fuels. Despite the PDS the fund actually used revenue thresholds to invest in companies that derived up to 33% of their revenue from those excluded activities. ASIC contends these revenue thresholds were not disclosed to the Fund’s investors and were contrary to the statements contained in the PDS.
As stated in our article Greenwashing scrutiny among key trends in 2023 (October 2023) [3], for companies to thrive in this evolving environment, they must not only assess their ESG risks comprehensively but also integrate sustainable practices into their core operations. By doing so, businesses can position themselves for long-term success while addressing the growing expectations of stakeholders as well as contributing to a more sustainable future.
Cyber security risk management
A string of high-profile cyber incidents continues to reinforce the need for businesses operating in Australia’s financial system to have robust cyber capabilities. It should therefore come as no surprise that cyber security risk management is an enforcement priority for ASIC.
We expect ASIC will pursue more enforcement actions against financial services licensees in a vein similar to the landmark outcome of the RI Advice case. In that decision a Financial Services Licensee failed to implement effective cyber security risk management systems and was found to be in breach of their statutory obligations under the Corporations Act 2001 (Cth) and was ordered to pay ASIC’s costs, fixed at $750,000.
To enhance their cyber risk resilience, many Bellrock clients have benefitted from the cyber risk assessment service undertaken by our expert panel. Where clients have worked with our experts, they have had the benefit of far more favourable terms as the cyber assessment supports subsequent mitigation plans leading to breach preparedness and overall cyber maturity, and ultimately more insurers were prepared to quote their cyber risk. Focusing on cyber and operational resilience practices for companies is crucial to deter digitally enabled misconduct.
To speak to an advisor for further advice or support on any topic raised in this article please contact here.
[1] https://asic.gov.au/about-asic/news-centre/find-a-media-release/2024-releases/24-252mr-asic-announces-new-enforcement-priorities-with-a-focus-on-cost-of-living-pressures/?altTemplate=betanewsroom
[2] https://download.asic.gov.au/media/nwridckz/asic-annual-report-2023-24_full.pdf
[3] https://www.bellrock.com.au/greenwashing-scrutiny-among-key-trends-in-esg/