Privacy regulation enforcement can’t be industry funded: FAAA

Industry levies have become a significant source of tension for financial advisers in recent years, initially raising ire in 2023 when the federal government lifted the freeze on the ASIC levy and the cost to advisers skyrocketed.

When ASIC announced its 2023–24 funding estimate in June, the figure hit $48.4 million, which is to be divided among a total of 2,766 AFS licensees encompassing 15,371 advisers. As such, the levy will amount to a minimum $1,500 plus $2,878 per adviser.

Throw on the cost of the Compensation Scheme of Last Resort (CSLR), and advisers are looking at in excess of $4,000 each per year to fund their own regulation.

However, government as a whole considers industry funding of this function to be par for the course.

Speaking at an Association of Independently Owned Financial Professionals’ (AIOFP) Canberra Conference late last year, for instance, Minister for Financial Services Stephen Jones emphasised that “we’ve got an industry funding model right across the board, not just for financial advisers”.

One area that shouldn’t be hit with this model, according to the Financial Advice Association Australia (FAAA), is the work of the Office of the Australian Information Commissioner.

In its submission to the Senate legal and constitutional affairs committee inquiry into the Privacy and Other Legislation Amendment Bill 2024, the FAAA stressed that while it is vital that the OAIC’s work is properly funded, “we would caution against the use of industry funding for the OAIC”.

A key consideration against this measure, it said, is that the breadth of economic activity where personal data is utilised is so extensive, “it is not clear how this could be effectively targeted or apportioned”.

“This is likely to also increase the costs of trading for small businesses, where the regulatory burden already falls disproportionately,” the FAAA added.

“This would impose a double cost for businesses incurring increased compliance expense plus an industry levy. Any industry levy would flow through to increase the cost of services for consumers.”

Privacy Act amendments must be ‘fit for purpose’

Despite concerns around the possibility of further cost impositions, the FAAA said it broadly supports the amendments to the Privacy Act framework contained in the bill.

However, it also cautioned against imposing strict rules without considering the impact they could have on small businesses, such as financial advisers.

“Financial advice is one of the most tightly regulated professions in Australia,” the FAAA said.

“Due to the high existing regulatory burden, the cost impact on financial advisers and the knock-on cost for consumers, we would urge that a cautious approach is taken before additional regulations are imposed.”

The association also expressed concerns that the updates fail to “keep pace” with the rapidly changing technological developments in data gathering and processing.

“By way of example, many financial advisers are adopting technology to assist with day-to-day planning activities, which inevitably involve the handling of client personal and sensitive data,” the submission explained.

“As in many sectors, it is becoming more and more common for AI tools to be used to record client meetings and transcribe these into file notes. Given the breadth and often sensitive nature of client data disclosed during client meetings, the use of AI software for this task, whilst enabling advisers to both deliver a higher quality service and also help more clients, has clear privacy implications – not least being the incidental disclosure of the client’s information to the AI provider.

“A clarifying framework in relation to this and other technology uses – perhaps in a similar way to the mechanism for identifying third countries deemed to have equivalent data security and privacy regimes – is necessary and is an example of a key area to support sectors across the economy, but which is not clearly addressed by the proposed changes.”

Ultimately, the FAAA said, protecting consumer data is becoming an “increasingly complex” task within the evolving technological environment.

“While technology advancements assist in the protection of Australians’ personal and sensitive data, it can also expose consumers to unknown vulnerabilities and the risk of data breaches,” the submission said.

“The legislative framework must be flexible to keep pace with future privacy protection advancements and risks.”