ASIC’s 2025 enforcement priorities – what’s on the corporate regulator’s mind?
Written By
Partner
Australia
I'm a dispute resolution and regulatory investigations partner in our Sydney office. I work with clients to solve complex issues facing their businesses, whether that is a commercial dispute or engagement with regulatory agencies.
Senior Associate
Australia
I am a senior associate in the Dispute Resolution team at Bird & Bird specialising in commercial, corporate, contractual and insolvency litigation.
Related
Practices
Trending Topics
Regions
Countries
Offices
By Jonathon Ellis, Henry Wrench & Jeremy Maybloom
ASIC has announced its enforcement priorities for 2025. If you are involved in the management of a business operating in Australia, then these new priorities should be on your radar.
When announcing the 2025 enforcement priorities, ASIC’s Deputy Chair noted the priorities reflect ASIC’s focus on protecting consumers from risks arising from cost-of-living pressures, such as credit exposure. Against the backdrop of cost-of-living being a major economic theme, ASIC’s 2025 enforcement priorities reflect how the corporate regulator understands its remit and power to regulate companies in Australia.
|
New in 2025 |
Retained from 2024 |
Out |
|
Unscrupulous property investment schemes |
Misconduct exploiting superannuation savings |
Compliance with the Reportable situation regime which applies to AFS licensees |
|
Failures by insurers to deal fairly and in good faith with customers |
Member services failures in the superannuation sector |
Enforcement action targeting gatekeepers facilitating misconduct |
|
Strengthening investigation and prosecution of insider trading |
Used car finance sold to vulnerable consumers by finance providers |
Narrowed from general gatekeeper to audit focus. |
|
Business models designed to avoid consumer credit protections |
|
|
|
Misconduct impacting small businesses and their creditors |
|
|
|
Debt management and collection misconduct |
|
|
|
Licensee failures to have adequate cyber-security protections |
|
|
|
Greenwashing and misleading conduct involving ESG claims |
|
|
|
Auditor misconduct |
|
|
The 2024 priority of taking action against AFS licensees who fail to comply with the obligation to report regulatory breaches has been removed. However, reporting failures still fall within the ambit of ASIC’s enduring priorities, so will remain an enforcement focus.
The inclusion of licensee failures to have adequate cyber security protections is an interesting development given that data breaches and cyber security issues have generally been regulated from a privacy perspective by the Office of the Australian Information Commissioner (OAIC). ASIC will presumably now also investigate cyber incidents involving AFSL holders and we may see it take enforcement action where poor cyber security measures lead to cyber incidents. The potential double-regulation of cyber security measures for AFSL holders emphasises the criticality of maintaining cyber security controls and measures.
We have been closely following ASIC’s greenwashing enforcement action and the ESG regulatory environment generally. This is clearly an issue that the regulator will continue to monitor very closely. The fact that greenwashing is included in the 2025 enforcement priorities is yet another signal for businesses to priorities putting in place controls to ensure that their ESG messaging is accurate. Failing to do so exposes businesses to a real risk of investigation by ASIC.
The enforcement priorities retain the six “enduring” priorities, representing the fundamental pillars of ASIC’s regulatory ambit and priorities.
- Misconduct damaging market integrity including insider trading, continuous disclosure breaches and market manipulation.
- Misconduct impacting First Nations people.
- Misconduct involving a high risk of significant consumer harm.
- Systemic compliance failures by large financial institutions resulting in widespread consumer harm.
- New or emerging conduct risks within the financial system.
- Governance and directors’ duties failures.
Takeaways
Businesses should consider whether the 2025 enforcement priorities require them to make any changes to their compliance processes. In particular, AFSL licence holders would do well to interrogate their cyber-security systems and data privacy strategy.
Any business with ESG messaging needs to continue to monitor the accuracy of its representations very closely – and consider whether staff training is needed.
As always, our team is more than happy to discuss how these new enforcement priorities might affect your regulatory compliance.
