Regulator update from Michelle Huckel

On Christmas eve, the Government released for consultation draft legislation which will implement recommendation 6.9 of the Hayne Royal Commission. This will oblige ASIC and APRA to:

  • cooperate with each other
  • share information to the maximum extent practicable
  • notify the other whenever it forms the belief that a breach of the law for which the other regulator has enforcement responsibility has occurred.

These obligations are supplemented by the earlier release of the updated Memorandum of Understanding between ASIC and APRA, which implements recommendation 6.10 of the Hayne Royal Commission.


While cooperation is an ongoing part of the current operations of both regulators, the bill amends the AISC Act and the APRA Act to mandate that the regulators cooperate with each other as far as practicable. The new cooperation requirements will operate alongside existing cooperation and coordination provisions which often relate to specific circumstances in areas of regulatory responsibility.

Information sharing

Under the mandatory information sharing provisions of the bill, if either regulator requests information or documents from the other regulator, that regulator must comply with the request and provide the information or documents. The document and information subject to the mandatory scheme are those that have been given to the regulator in writing and must be relevant to the exercise or performance of the requesting regulator’s functions and powers.

By way of example, the types of information that would be included are:

  • audit documents prepared for a company and disclosed to a regulator
  • information that has been compulsorily collected from a regulated entity
  • information that has been voluntarily provided to either regulator about the types of financial products a person or company is offering to consumers
  • mandatory reports of filings provided by a company to a regulator.

Information that is subject to a claim of legal professional privilege is out of scope of the mandatory information sharing regime.

Once information is shared under the mandatory information sharing regime, the ASIC and APRA Acts provide protections and govern how information can be used and shared by the receiving regulator.

There are specific limitations that exist on the use of certain information that may be shared through the mandatory information sharing scheme. For example, where a party has enlivened their privilege against self-incrimination with one regulator, this would apply to the information or documents in the hand of the next regulator.

There are also a number of protections and limitations on use and disclosure of information that apply under existing Commonwealth legislative provisions or the general law. Some examples of these are:

  • privacy legislation
  • equitable duties of confidence
  • whistleblower protections.

These protections and limitations will continue to apply to any document or information that has been shared between the regulators in compliance with a request, and will limit how that regulator is able to use that document or information after receiving it.

Return to Insights