ASIC

We’ve issued urgent cyber warnings to Australian companies, carried out enforcement action and reminded Australians to check unclaimed money as $2.7billion sits unclaimed. Here’s what’s been happening at ASIC in May. Enforcement headlines: ▪ Federal Court orders Westpac to pay $26 million penalty for hardship failures ▪ Fund manager Rodney Forrest re-sentenced to five years and three months’ jail following insider trading appeal ▪ ASIC sues Equity Trustees alleging First Guardian onboarding failures ▪ Canva Group pays $792,000 in infringement notices for failing to lodge financial reports on time ▪ Federal Court orders $33.5 million penalty against Snaffle operator for inflating prices and overcharging on credit contract ▪ Federal Court holds Telstra Super accountable for internal dispute resolution ▪ ASIC appeals Federal Court decision dismissing case against Nuix ▪ ASIC appeals $7 million penalty in Cigno Australia, BSF Solutions, and directors’ case Regulatory headlines: ▪ ASIC calls for urgent cyber uplift as AI accelerates cyber threats ▪ ASIC moves to bring Euroclear under Australian licensing regime, strengthening market resilience ▪ ASIC and AASB launch sustainability reporting webinar series ▪ ASIC has taken further steps towards clearer regulation, expanding digital services capability, streamlining its website, and simplifying regulatory guidance ▪ ASIC issues early observations on sustainability reporting ahead of 30 June 2026 Consumer headlines: ▪ Scam alert: Scammers luring investors onto fake crypto-asset trading platforms ▪ Unsolicited business name renewal and company review notices ▪ Australians reminded to check for lost money as $2.7 billion sits unclaimed Tap the link in the comments to read more in ASIC’s Newsroom.

‘Disclosure is a levelling force.’ Commissioner Kate O'Rourke shares early observations on mandatory climate reporting at the Responsible Investment Association Australasia (RIAA) conference. 'For the first time investors can look at apples and apples, because of the consistency that is provided by having mandatory standards.’ ‘It means for all of us we’ve got a baseline for comparability and consistency of climate-related financial disclosures.’ Six early observations from our review of first wave reports: 1. Disclosure of judgments. It is important to be clear and effective in disclosing the judgements applied in preparing the climate statements. 2. Additional climate-related information. Disclosure of additional climate-related information should not obscure material climate-related financial information. 3. Cross-referencing information. Disclosure requirements should be met when cross-referencing information outside the sustainability report. 4. Disclaimer alignment with Chapter 2M sustainability reporting. Disclaimers must align with the statutory framework and objectives of Chapter 2M sustainability reporting. 5. Identify past, present and future climate risk opportunities. Identification of climate-related risks and opportunities should be based on reasonable, supportable information (past, present, future). 6. Approaches to disclosing climate-related targets vary. Early observations show different approaches applied to the assessment of targets required to be met ‘under law or regulation’. ‘We don't want the baseline to become the benchmark. We can see people thinking about this and getting better over time.’ ASIC is supporting entities through guidance, capability building, supervision and enforcement, and ongoing reporting and insights. Tap the link in the comments to read the full transcript.

‘Westpac failed the very customers who needed help when they needed it most,’ said ASIC Deputy Chair Sarah Court. ASIC has secured a Federal Court order requiring Westpac Banking Corporation to pay $26 million in civil penalties for failing to respond to customers experiencing financial hardship. Deputy Chair Court said the penalty sent a clear message to Westpac and other lenders to step up and do better when customers ask for help. Federal Court Justice McEvoy accepted the conduct was ‘grossly negligent’. What happened: ▪ Between 2017 and 2023, Westpac failed to respond to more than 200 online hardship requests within the time required by law. ▪ The requests were made by customers of Westpac and its subsidiaries St George Bank, Bank SA and Bank of Melbourne. ▪ These customers had told the bank they were experiencing financial hardship and were struggling to meet repayments on products. ▪ The Federal Court found the failures were not deliberate but arose from inadequate systems and operational failures. The impact on customers included: ▪ Some customers waited weeks beyond the legal deadline for a response. ▪ Some customers received no response at all. ▪ Some customers had adverse credit information recorded on their credit files. ▪ Some debts were sold to third-party debt purchasers. Westpac have completed a remediation program, including refunds of fees and interest and compensation for non-financial loss. ‘As Australians contend with a higher cost of living, lenders must prioritise their customers, especially those who are struggling financially, and ensure they are given the protections they are entitled to under the law,’ said ASIC Deputy Chair. Tap the link in the comments to read more.

Scam Alert: Scammers luring Australian investors onto fake crypto-asset trading platforms. We’re warning Australians who have joined ‘share trading’ or ‘stock tips’ messaging app groups that scammers are using these forums to push investments on fake crypto-asset trading platforms. How the scam works: ▪ Scammers target victims through social media advertisements and posts claiming to offer trading tips on shares. ▪ Once in the messaging app group, members receive messages to invest in fake crypto-asset trading platforms. ▪ These fake platforms show profits and trades, but in fact, there is no real trading, and the site contains fake data. Any money deposited into these platforms goes straight to the scammers. ▪ The fake platforms ask for fees to release assets or proceeds. These fees go straight to the scammers and no assets are released. We have previously warned Australians about a rise in scammers using messaging apps such as WhatsApp to conduct widespread, coordinated pump and dump schemes targeting retail investors. These schemes are illegal. Stay safe from scams: Stop. Check. Protect. ▪ Stop: Don’t give personal information or act on investment advice you have come across on social media, including in messaging app groups ▪ Check: Check the AUSTRAC VASPR to confirm if the entity is a registered virtual asset service provider. Do an internet search to see if there are warnings about the website or platform. ▪ Protect: Act quickly if something feels wrong. If you have shared personal or financial information or transferred money, contact your bank immediately. If you think you’ve been scammed: ▪ Stop sending money and block contact ▪ Report it to your bank and Scamwatch ▪ Contact IDCARE for identity support Tap the link in the comments to read the full scam alert. National Anti-Scam Centre

We continue to encourage Australians to check whether they had superannuation invested in the Shield Master Fund or First Guardian Master Fund. Around 11,000 investors invested $1.1 billion in Shield and First Guardian. Some people may not realise they were invested in these funds because they sat on well-known platforms or they were dealing with financial advisers. So far, around 3,000 complaints have been filed with Australian Financial Complaints Authority (AFCA). We’ve just sent out our 12th round of communications to investors, providing them with information on how they can make a complaint. What to do: ▪ Check your super balance or investments to see if they are linked to Shield or First Guardian. ▪ Lodge a complaint with AFCA if you believe you received poor financial advice. ▪ Head to Take Back Your Super, a website independently developed by Super Consumers Australia, that provides information on what to do. ASIC’s enforcement action continues in relation to Shield and First Guardian. We have more than a dozen court cases underway against 25 defendants and, in connection with our work, more than $420 million has been paid to thousands of investors by Macquarie and Netwealth. For more information and how to check if you’ve been impacted and to lodge a complaint, tap the link in the comments.

‘Regulatory complexity continues to be a challenge for Australian businesses by increasing costs, slowing innovation, creating unnecessary barriers and risking poorer consumer outcomes,’ ASIC Chair Joe Longo said. We’re making regulation clearer and easier to navigate by taking further steps towards clearer regulation, expanding digital services capability, streamlining its website, and simplifying regulatory guidance. In response to feedback received we have: ▪ Developed clearer guidance and simplified legislative instruments to ensure they are easy to understand, while implementing sector-based regulatory roadmaps to help small company directors and financial advice businesses understand their obligations. ▪ Improved access to regulatory information on ASIC’s website with 280 form landing pages updated to make it easier for industry to comply with regulatory obligations. ▪ Modernised digital services, which has driven a 380% increase in forms available for electronic lodgement, resulting in 45,000 fewer paper-based lodgements annually, simplifying how businesses interact with us. ‘We have listened to feedback through our extensive engagement with the regulated community and will continue to explore opportunities to remove barriers within our control.’ Over the next year we will: ▪ Prioritise working with Australian Prudential Regulation Authority and other regulators to streamline and consolidate data requests and support the Government’s law reform, promoting productivity ▪ Focus on the development of sector based regulatory roadmaps, improving ASIC registers through the RegistryConnect program, and expanding digital transactions. ▪ Progress the next stage of the RegistryConnect program to deliver streamlined digital services for company registrations. ‘Together, we can create a regulatory framework that supports compliance, fosters innovation and strengthens trust in Australia’s financial system.’ Tap the link in the comments to read the latest update on our simplification work.

‘The clock is at a minute to midnight, if you aren’t on top of your cyber resilience already, the time to act and prepare is right now.’ We’re calling on all licensees and market participants to urgently strengthen their cyber resilience measures, as frontier artificial intelligence (AI) intensifies the global cyber risk environment. While cyber risk has always existed, misuse of frontier AI models such as Anthropic’s Claude Mythos could expose cyber security vulnerabilities at an unprecedented speed, scale, and sophistication. In an open letter to industry, ASIC Commissioner Simone Constant, emphasises the need for urgent, focused action using a principles-based, model-agnostic approach and that cyber resilience must be treated as a core licensing obligation, not simply an IT issue. Licensees and participants are required to table ASIC’s letter from early May at their ultimate board and risk governance committees. ‘Cyber risk has entered a new era. The advent of frontier AI models creates opportunity, but also materially increases risk, with the ability to expose vulnerabilities far faster than many realise. Our call to action to industry follows a recent court outcome against FIIG Securities Limited, who was ordered to pay $2.5 million in pecuniary penalties for failures to protect thousands of clients from cyber security threats for more than four years. We’re urging entities to prioritise the following: ▪ First: identify and protect critical assets and systems. Know what matters most to your business and customers.  ▪ Second: patch vulnerabilities quickly and strengthen patch management processes so you aren’t left exposed.  ▪ Third: be ready to respond. Maintain and test your incident response plans and playbooks.  We recommend entities to: ▪ Use practical guidance from trusted sources, including the Australian Signals Directorate (ASD). ▪ Use the Australian Government's free and anonymous Cyber Health Check. We will work closely with other regulators, agencies and industry to monitor cyber risks and promote consistent expectations across the financial system. Tap the link in the comments to read more.

Join Joe Longo in his final appearance as ASIC Chair alongside a distinguished panel of guests to explore how the financial system is evolving and the role regulation plays in enabling innovation while maintaining trust and stability in Australia’s financial services sector. The discussion coincides with the release of new ASIC‑commissioned research, developed in collaboration with the Digital Finance Cooperative Research Centre (DFCRC), exploring innovation is reshaping how households and businesses access financial services, in particular credit, insurance, payments, investment services and financial advice. This event is the starting point for a broader, constructive dialogue between the public and private sectors on how we support innovation while safeguarding Australians. Tap the link in the comments to learn more and to register for the event.

Do you use ASIC’s business registers or digital services? We want to hear from you. ASIC is upgrading the systems, portals and processes that businesses rely on. ‘A significant digital improvement program is underway to make our business registers and online services more secure and easier to use,’ ASIC Commissioner Kate O’Rourke said. If you currently use them, we’d like to know what your experience is like, including how you prefer to receive information and updates, so we can improve how we communicate and engage with you and your business about these important changes. About the survey: ▪ Takes 7–10 minutes ▪ Responses are collected anonymously ▪ Closes 15 May 2026. You’ll find a link to the survey in the comments.

‘In a volatile world, regulators cannot afford to work from behind closed doors. They must be active, they must be ambitious, and show that they are onto it. That’s how people can have confidence that the system is working as it should,’ said ASIC Chair Joe Longo. Speaking at the Financial Counselling Australia (FCA) Conference, Joe reflected on his tenure and ASIC’s transformation into a modern, confident and ambitious regulator. He shared some of ASIC’s recent efforts to protect consumers, including: ▪ Improving outcomes in financial hardship, such as better support from home lenders and the significant penalty ASIC is seeking against Westpac for hardship failures. ▪ Better Banking surveillance, which resulted in banks committing to refund more than $160 million to low‑income consumers. ▪ Launching ASIC’s largest consumer campaign in a decade through Moneysmart to better support Australians in retirement. ▪ Pursuing Cigno Australia and BSF Solutions through to the High Court for alleged predatory lending practices. He said today, ASIC is one of the most active enforcement agencies in the country. So far, this financial year we’ve: ▪ Secured $411 million in penalties (excluding amounts still subject to court approval). ▪ Returned approximately around $421 million to investors linked to Shield Master Fund and First Guardian Master Fund matters. ‘We are not conservative in the cases that we take on… So long as we have a reasonable basis to do so, we will continue to take on the hard cases.’ Joe also said we’re actively responding to fast‑evolving sources of harm, including: ▪ AI‑powered scams and phishing, with nearly 12,000 scam sites removed in the past year alone. ▪ Debt management, credit repair and debt collection models that rely on pressure, opacity or harm. ▪ Motor vehicle financing and small business misconduct affecting vulnerable operators. ▪ Industrial‑scale superannuation scams, exploiting lead generation models and unlicensed communications. ‘I hope my remarks today have assured you … that when you come to us with serious concerns, we’re going to listen and we’re going to get onto it.’ Tap the link in the comments to read the full transcript.