QUESTION
Critically analyse the security of ePayment system in Australia, make suggestions for a better ePayment security system in Australia if possible based on relevant legislations and codes.
SOLUTION
The rapid growth of technology has led to a gargantuan increase in electronic transactions, resulting in the rise of electronic Payments (Hassan, Md. 2020:2). These payment methods offer convenience and efficiency, but they are also vulnerable to security risks such as fraud, hacking, and disputes (Zhang, 2019:3). To address these concerns, the Australian Parliament enacted the "ePayments Code, 2011" to establish regulations and protect parties involved in unauthorized and mistaken ePayments. This paper critically analyses the security measures implemented by the Code and assesses their effectiveness. Additionally, it provides recommendations for enhancing the ePayment security system in Australia.
The voluntary (The Treasury, 2021) ePayments Code, 2011 aims to regulate and enhance the security of various electronic transactions, including internet/mobile banking, online payments, and card-based transactions (ePayments Code, 2022). Most financial institutions in Australia have adopted this Code to provide an additional layer of security to consumers (ASIC, 2011). Despite existing financial services regulations like the ASIC Act and NCCP Act, the Code offers key protections such as passcode security, unauthorized transactions, mistaken payments, transparent disclosure of terms and fees, and a complaint resolution process. Some of these provisions are further analyzed below.
The ePayments Code, 2011 imposes requirements on financial institutions to ensure that customers use secure passcodes for accessing electronic payment services. As per Clause 12.5 of the Code, some passcodes, such as those based on birthdates or easily identifiable with the user's name, may be prohibited. Clause 12.2 however, specifies three scenarios that would constitute a violation: voluntary disclosure of the code to others, storing the codes together with a device making the entire access method susceptible to simultaneous loss or theft, or recording all the codes on a single item or multiple items vulnerable to simultaneous loss or theft. Regarding the latter two cases, under Clause 12.3, users are allowed to record the codes, provided they take reasonable measures to safeguard the security of the record, either through code obfuscation or preventing unauthorized access. Further, extreme carelessness in passcode protection, such as storing them without adequate security measures, is prohibited (ePayments Code, 2022, cl. 12.4).
The ePayments Code has been further amended in 2022 based on the recommendations received by the banking institutions (ABA, 2021) so as to redefine “unauthorized transactions” and the rules regarding their determination. The ASIC has clarified such transactions to only be limited to those which are performed fraudulently by a third party and without the prior knowledge/ consent of the authorized user (ePayments Code, 2022, cl. 9.3). Clause 10 sheds further light on the liability obligations of the parties and absolves account holders from any liability for losses under certain circumstances. However, as per Clause 11, liability can be imposed upon the user if he was found to be involved fraudulently or through mishandling of passcodes in the transaction, if the user had shown extreme carelessness in leaving the card in an ATM, or if there was an unreasonable delay in the reporting of such losses.
There is an inevitable nexus between the provisions of clauses 11 and 12 and the 2022 code seeks to clarify it by providing for an express prohibition on disclosure of passcodes, which if breached, would inadvertently contribute to an unauthorized transaction. However, there must also be an objective demonstration of the balance of probability of how such disclosure of the passcode contributed to the loss on the part of the consumer (ePayments Code, 2022, cl. 12.6).
The Code has laid out an exhaustive framework to deal with such transactions where funds are mistakenly transferred to another unintended user due to an error in the entry of bank account information or payment details (ASIC, 2021). While the 2022 Code does not apply to scam-related mistaken payments (ASIC, 2022), in order to ensure enhanced security for consumers, a new requirement has been included, mandating the prompt submission of a request, within a two-day period, to the Authorized Deposit-Taking Institution (ADI) (ePayments Code, 2022, cl.29).
Furthermore, the scope of the Code has been expanded to include situations where only a portion of the funds is accessible in the unintended recipient's account. The amendments provide the ADI with the authority to determine the suitable course of action based on the circumstances, whether it involves returning the complete funds, a partial amount, or no funds at all.
The ePayments Code has undergone updates to adapt to changes in the payments industry and tackle emerging challenges and technologies. The updated Code addresses a range of issues, there are still unresolved matters that need attention.
While the amendments could have brought out more strategic and practical changes to the way E-Payments are handled in the country, the 2022 changes nonetheless, represent long-discussed adaptations as Australian payment providers shift their focus towards embracing innovative services driven by mobile and other emerging payment systems. Such advancements are quintessential for enhancing Australia's payment ecosystem, particularly as it has been ranked 12th out of 14 regional countries in terms of mobile payment platform maturity, lagging behind its Asia-Pacific neighbors.
QUESTION
Would it be possible to make effective changes in relation to disclosure of Australia superannuation funds? Critically analyse the issues relating to disclosure requirements imposed on Australia superannuation fund, discuss its advantages and disadvantages of making these changes based on the relevant legislations.
SOLUTION
Superannuation involves compulsory prescribed levels of monetary contributions made by employers to pension funds, providing post-retirement benefits to employees (ATO, 2022). These funds operate as trusts (Cowan v. Scargill), with trustees acting under APRA RES licenses. The trustees are responsible for the effective management of superfunds and their effective allocation of investment strategies (ASFA, 2022). Following the Cooper Report's recommendations, superannuation funds are now subjected to strict disclosure requirements to protect beneficiaries' interests (ASIC RG 181, 2004), which are outlined in legislations such as the Corporations Act 2001, SIS Act 1994, and APRA guidelines. This article aims to analyze the legal issues surrounding disclosure requirements and propose enhancements to its regulatory framework.
The regulatory framework for superannuation relies heavily on disclosure rules outlined in the Corporations Act 2001, which apply to various financial service providers. These rules aim to ensure transparency and informed decision-making. Here are some key aspects:
Under Part 7.7 and Division 2 of Part 7.7A of the Corporations Act, financial advisors offering advice to retail clients must adhere to specific obligations. This includes providing a general advice warning, preparing a Financial Services Guide (FSG) for both general and personal advice, and developing a Statement of Advice (SOA) for personal advice (ASIC RG 175.3, 2021). The FSG informs clients about the financial services offered, associated fees, and complaint-handling procedures (ASIC RG 175.110-126, 2021) The SOA, on the other hand, provides detailed advice, reasoning, and discloses any conflicts of interest (ASIC RG 90, 2017). Trustees of superannuation funds under RG 175.20 have a duty to provide appropriate advice, disclose complete and accurate information, and prioritize clients' interests in case of conflicts. These requirements ensure that beneficiaries receive clear information about the funds, hence, enabling them to compare options and make informed decisions and receive advice aligned with their financial goals and needs.
Part 7.9 of the Corporations Act 2001 outlines the regulations for the disclosure of financial products. It mandates the provision of a Product Disclosure Statement (PDS) that effectively communicates essential information to consumers. The PDS aims to facilitate understanding, enable product comparisons, and assist investors in making informed decisions. The regulatory guide emphasizes compliance with "good disclosure principles" (ASIC RG 168.5, 2021) to enhance consumer choices. Superannuation trustees are obligated to provide a PDS as per RG 168.9, which typically follows a concise format and covers specific information categories such as product details, how superannuation works, investment benefits, risks, fees and costs, taxation, and insurance options.
Mandatory disclosure requirements in the superannuation industry offer several benefits. They promote transparency and accountability by ensuring that trustees' actions are effectively scrutinized and their reporting is checked. These requirements also encourage member engagement and informed decision-making, while subjecting underperforming funds to competitive pressures (Hanrahan, 2018:39).
For instance, Section 29QB of the SIS Act mandates disclosure of specific information by RSE licensees, such as remuneration and governance details, on a designated website. This promotes accountability by allowing market intermediaries, gatekeepers, and fund members to access and utilize the disclosed information as they see fit (ASIC RG 252.3-5, 2014). It also facilitates the provision of information to potential and existing members throughout their membership and when they exit the scheme and ensures compliance with regulatory standards (The Treasury, 1997).
Similarly, to address concerns about transparency and align with global practices, the 2021 Portfolio Disclosure Holdings requirements mandate superannuation funds to disclose detailed information about their investments. This includes the identity, value, and weightings of investments across various asset classes and derivatives. By having access to this information, members can easily compare different products and select the most suitable fund for their needs.
Despite the extensive disclosure requirements imposed on trustees by legislation such as the Corporations Act and the SIS Act, the current mandatory disclosure framework may not effectively achieve its intended policy goals. Much of the information that trustees are obligated to disclose to members or potential members lack meaningfulness and makes it nearly impossible to compare funds or make informed choices.
The report by (McShane, 2018: 150-57) acknowledges that the discussions do not extensively cover broader framework questions related to the effectiveness of disclosure, specifically PDS-based disclosure, in influencing consumer decision-making. The report raises the question of whether there are alternative approaches that surpass the current system of segregated fee disclosure primarily based on point-of-sale documentation. Recognizing the challenges faced by consumers when considering cost impacts, the complexity of available information, and the limitations of supporting tools, it becomes difficult to have full confidence that the current regime is the optimal approach.
While some caution against imposing more rigorous disclosure requirements due to potential unnecessary costs, there are concerns about the integrity, utility, and value of excessive disclosure. The Australian Industry Group questions the trade-off between risks, costs, and value-added by extensive disclosure (Burn, 2007:67). RSE licensees also face challenges in determining the appropriate level of information to provide to beneficiaries. Balancing the costs of disclosure, commercial confidentiality, and the risk of political activism becomes complex (Vrisakis & Donald, 2022).
The compulsory disclosure requirements in the superannuation system serve the purpose of ensuring its overall well-being. However, it is important to carefully consider the potential costs and burdens imposed on RSEs to avoid unnecessary strain. It is crucial to evaluate whether the disclosure requirements truly benefit superfund members in making informed decisions about their financial products.
For example, the disclosure requirements for 2021 portfolio holdings have been weakened instead of strengthened, which undermines the proper allocation and informational security of the funds. The limited disclosure of unlisted simple equities, providing only the name of the fund without additional information about the asset's quality, creates ambiguity and questions its credibility (Bourlioufas, 2022). On the other hand, implementing the proposed 2022 legislation that mandates itemizing each expenditure, including political donations, marketing, third-party advertisements, fees, and costs, may impose administrative burdens on trustees without significantly enhancing consumer decision-making or returns (Boyd, 2022). A balanced approach would be to disclose only an aggregated value of expenses to address both unwarranted costs and consumer accountability.
All in all, transparency and accountability have become expected norms, and effective superannuation fund management requires reasonable and objective disclosure of actions taken and intended by the RSE on behalf of its members. It is important to strike a balance between disclosure obligations and the interests of all stakeholders involved.