Introduction

The financial services regulatory issues you might face during the COVID-19 crisis will depend on the type and makeup of your organisation, your company constitution, your organisation's purpose, key members and stakeholders.

REMEMBER: If you are a company or non-incorporated body you should carefully review your insurance policies and any exclusions to these policies1, particularly around pandemics, health risks and viruses. If you are in doubt, we recommend that you seek specific legal advice.

What governance and contingency planning should I consider?

You should consider:

  • appointing a COVID-19 team lead and point of contact at an Executive Management level;
  • forming a response team headed by a point of contact lead, with key personnel identified from various parts of the business (for example, HR, compliance, legal, IT etc.);
  • regularly communicating with team members;
  • creating a response team to prepare a key document covering issues such as reporting, communications protocols, and meeting agendas;
  • forming a response team to create, update and apply a crisis response plan; and
  • scheduling regular meetings to discuss developments as well as the organisation's response.

What should I be considering for my communications to stakeholders?

Internal roles should be assigned in order to communicate to staff and stakeholders.

Staff should be kept up-to-date on:

  • when a crisis response plan will be implemented (or whether it has already been implemented);
  • actions they need to take in order to prepare, and when the crisis response plan is passed;
  • how, and how often, they will receive communications during the COVID-19 crisis; and
  • how their safety has been considered.

Clients, customers or any other stakeholders should be kept up-to-date on:

  • whether there are any impacts on their ability to communicate with your organisation and for how long;
  • details of any alternative communication channels that your organisation intends to use and for how long;
  • delays to "business as usual" – i.e. revised response / processing times where they are not "the norm"; and
  • reasons behind the delay in order to manage relationships with, and expectations of, stakeholders.

What should I be considering for my communications with regulators?

You might receive requests from regulators for further information. If you do, you should consider and prepare for how to manage and respond to these requests.

REMEMBER: You should keep up-to-date with any updates or guidance provided by the regulators as well as government generally.

What else should I be considering?

Public companies must hold an Annual General Meeting once every calendar year and within 5 months of the end of their financial year. You should look to alternative measures, such as appointing a proxy to vote for members in line with your constitution.

If employees who are usually resident in Australia are working remotely overseas, you should consider whether this will give rise to any Australian financial services licensing or visa issues in these jurisdictions or whether any taxation issues will arise because the employee is working outside of Australia for extended periods.

You should review your current agreements and, in particular, look at obligations, conditions or warranties and whether there are any force majeure or termination clauses that have been triggered. You should also ensure new agreements and contracts include a force majeure clause (i.e. contractual relief provided due to unavoidable or unforeseeable events) as well as termination for convenience provisions. These clauses need to be very carefully drafted.2

Is there any other regulatory guidance available?

ASIC released a special issue of its Market Integrity Update, stressing the importance of:

  1. business continuity plans – regularly reviewing, updating and testing your plans, incorporating new information and addressing emerging challenges;
  2. back-up arrangements – ensuring your arrangements operate as planned with your allocated resources - also consider human and technological resources, for example, capacity, location, internet load and system licences;
  3. stress testing – of systems and financial positions; and
  4. surveillance system alerts – focus on client risk limits as well as potential increased risk taking by clients and traders.

A copy of ASIC's Market Integrity Update is available here.

APRA's Prudential Practice Guide CPG 233 – Pandemic Planning (CPG 233)3 provides guidance on managing risks posed by widespread outbreak of contagious diseases that could affect the operations of regulated institutions. It also supports its other standards and guidance on Business Continuity Management - requirements for continuity management for authorised deposit-taking institutions, RSE licensees, life companies and general insurers.

AUSTRAC has released an update which notes that the regulator will work constructively with its reporting entities as they manage their anti-money laundering and counter-terrorism financing risk during this disruptive and uncertain period. It has implemented its own business continuity plan so that it is able to maintain its core functions and has offered to consult with reporting entities that have concerns about their compliance with AML/CTF laws, and the impact that COVID-19 will have on their business.

A copy of AUSTRAC's update is available here.

Footnotes

1 For example, business interruption, public liability, building and contents and travel, as well as directors' and officers' liability insurance.

2 Some contracts may include a mutual right for parties to terminate if an intervening event occurs for a specified period, which will usually require a party to provide notice before termination occurs. It may also be arguable that the contract is discharged for frustration, if an unforeseen event (e.g. governmental direction or change of law) causes a fundamental change in the basis on which the parties entered into the contract, or makes performance impossible. Given the potential for costly and time- consuming litigation and a large damages claim for wrongful termination, we strongly recommend that you obtain legal advice before you consider terminating any contract.

3 Under CPG 233, institutions' pandemic plans should address alternative work arrangements, staff health and welfare measures, alternative processing arrangements, controls and compliance, technology options, communications plans, resource priorities and succession and decision planning, as well as testing of the plan. Further information on and access to APRA's guidance on pandemic planning is available on APRA's website.

\

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.