ASIC’s 2025 enforcement priorities – what’s on the corporate regulator’s mind?

Written By

jonathon ellis Module
Jonathon Ellis

Partner
Australia

I'm a dispute resolution and regulatory investigations partner in our Sydney office. I work with clients to solve complex issues facing their businesses, whether that is a commercial dispute or engagement with regulatory agencies.

henry wrench Module
Henry Wrench

Senior Associate
Australia

I am a senior associate in the Dispute Resolution team at Bird & Bird specialising in commercial, corporate, contractual and insolvency litigation.

By Jonathon Ellis, Henry Wrench & Jeremy Maybloom

ASIC has announced its enforcement priorities for 2025.  If you are involved in the management of a business operating in Australia, then these new priorities should be on your radar.

When announcing the 2025 enforcement priorities, ASIC’s Deputy Chair noted the priorities reflect ASIC’s focus on protecting consumers from risks arising from cost-of-living pressures, such as credit exposure.  Against the backdrop of cost-of-living being a major economic theme, ASIC’s 2025 enforcement priorities reflect how the corporate regulator understands its remit and power to regulate companies in Australia.


New in 2025

Retained from 2024

Out

Unscrupulous property investment schemes

Misconduct exploiting superannuation savings

Compliance with the Reportable situation regime which applies to AFS licensees

Failures by insurers to deal fairly and in good faith with customers

Member services failures in the superannuation sector

Enforcement action targeting gatekeepers facilitating misconduct

Strengthening investigation and prosecution of insider trading

Used car finance sold to vulnerable consumers by finance providers

Narrowed from general gatekeeper to audit focus.

Business models designed to avoid consumer credit protections

 

 

Misconduct impacting small businesses and their creditors

 

 

Debt management and collection misconduct

 

 

Licensee failures to have adequate cyber-security protections

 

 

Greenwashing and misleading conduct involving ESG claims

 

 

Auditor misconduct

 

 

 

The 2024 priority of taking action against AFS licensees who fail to comply with the obligation to report regulatory breaches has been removed.  However, reporting failures still fall within the ambit of ASIC’s enduring priorities, so will remain an enforcement focus.

The inclusion of licensee failures to have adequate cyber security protections is an interesting development given that data breaches and cyber security issues have generally been regulated from a privacy perspective by the Office of the Australian Information Commissioner (OAIC).  ASIC will presumably now also investigate cyber incidents involving AFSL holders and we may see it take enforcement action where poor cyber security measures lead to cyber incidents.  The potential double-regulation of cyber security measures for AFSL holders emphasises the criticality of maintaining cyber security controls and measures.

We have been closely following ASIC’s greenwashing enforcement action and the ESG regulatory environment generally.  This is clearly an issue that the regulator will continue to monitor very closely.  The fact that greenwashing is included in the 2025 enforcement priorities is yet another signal for businesses to priorities putting in place controls to ensure that their ESG messaging is accurate.  Failing to do so exposes businesses to a real risk of investigation by ASIC.

The enforcement priorities retain the six “enduring” priorities, representing the fundamental pillars of ASIC’s regulatory ambit and priorities.

  1. Misconduct damaging market integrity including insider trading, continuous disclosure breaches and market manipulation.
  2. Misconduct impacting First Nations people.
  3. Misconduct involving a high risk of significant consumer harm.
  4. Systemic compliance failures by large financial institutions resulting in widespread consumer harm.
  5. New or emerging conduct risks within the financial system.
  6. Governance and directors’ duties failures.

Takeaways

Businesses should consider whether the 2025 enforcement priorities require them to make any changes to their compliance processes.  In particular, AFSL licence holders would do well to interrogate their cyber-security systems and data privacy strategy.

Any business with ESG messaging needs to continue to monitor the accuracy of its representations very closely – and consider whether staff training is needed.

As always, our team is more than happy to discuss how these new enforcement priorities might affect your regulatory compliance.