MIU - Issue 165 - March 2025

Contribute to ASIC’s discussion on public and private capital markets

We are calling for feedback and debate on key questions related to the shifts in public and private capital markets raised in a discussion paper released in late-February.

The paper, Australia’s evolving capital markets: A discussion paper on the dynamics between public and private markets (Discussion paper), opens the conversation on ASIC’s regulatory approach and seeks actionable ideas for it to consider to enhance the operation of Australia’s capital markets.

The paper explores the changing dynamics in capital markets, in Australia and abroad, including declining listings on public markets, the rapid growth in investment capital allocated to private markets and the influence of superannuation funds on markets.

ASIC Chair Joe Longo said, ‘ASIC is determined to achieve dual goals with this paper by ensuring Australia’s markets are attractive to companies and investors while protecting against risks.’

We encourage industry to engage with ASIC and help us answer the questions we have posed.

To provide feedback on any or all of the discussion questions, send your submission to markets.consultation@asic.gov.au by 5pm on 28 April 2025.

In conjunction with this discussion paper, ASIC commissioned a research report by Dr Carole Comerton-Forde, Evaluating the state of the Australian public equity market: Evidence from data and academic literature (REP 807), which has informed ASIC’s approach in the discussion paper.

• Read the media release.

Back to top

Promoting competition through new ASIC Clearing and Settlement Rules

Exercising new powers under the Competition in Clearing and Settlement (CiCS) services reforms, ASIC has made new clearing and settlement rules to promote competitive outcomes.

The new ASIC CS Service Rules 2025 will require the ASX to provide its clearing and settlement services on a transparent and fair basis, supporting the agency’s goal to promote strong and innovative development of the financial system.

In accordance with these new rules, ASX must ensure its clearing and settlement services are offered in a transparent, non-discriminatory way. ASX will have to take all reasonable steps to:

• ensure that the pricing of its clearing and settlement services is transparent, fair and reasonable
• provide access to its covered services (including data) on commercial, transparent and non-discriminatory terms, and
• ensure that its core technology systems are designed and developed in a way that facilitates third-party access.

ASIC Chair Joe Longo said, ‘This is about limiting ASX’s ability to misuse its monopoly power to deter new entrants,’ Mr Longo said.

The new rules were subject to public consultation, industry stakeholder engagement and input from the RBA and ACCC. The new rules will come into effect on 24 May 2025.

• Read the media release.

Back to top

Putting futures market participants on notice about inadequate risk management limits

ASIC is putting futures market participants on notice about having appropriate risk limits in place to protect investors and maintain fair trading practices, having recently observed that a number of futures market participants did not have prudent risk management procedures in place.

to comply with their obligations under Part 2.2 of the ASIC Market Integrity Rules (Futures Markets) 2017 (the Rules), futures market participants must demonstrate prudent risk management procedures, including but not limited to requirements to:

• set and document appropriate pre-determined order and/or position limits on each of its client accounts, including a volume per order limit, an aggregate loss limit and an aggregate net session limit, based on the market participant’s analysis of the clients’ financial resources or other relevant factors;
• set and document appropriate pre-determined order and/or position limits on each of its house accounts, including a volume per order limit, an aggregate loss limit and an aggregate net session limit, based on the market participant’s analysis of its financial resources or other relevant factors;
• set and document maximum price change limits;
• ensure the limits referred to above are input by the market participant;
• ensure market participant’s order systems have limit setting capability which reflect prudent account risk management, including order rejection capability to reject orders where orders are in excess of limit parameters set by the market participant; and
• to have processes in place for the market participant to assess and amend the pre-determined order and/or position limit based on the market participant’s analysis of the clients’ financial resources (in the case of a client account) or its financial resources (in the case of a house account) or other relevant factors.

We’ll continue to undertake targeted reviews of futures market participants’ compliance with their obligations in Part 2.2 of the Rules and take regulatory action, where appropriate.

Back to top

New technical guidance for OTC derivative transaction reporting

We have updated our technical guidance on OTC derivative transaction reporting for reporting entities and their reporting services providers under the ASIC Derivative Transaction Rules (Reporting) 2024  (the 2024 Rules).

The updated guidance takes into account our observations on and industry’s experience with the 2024 Rules since their commencement on 21 October 2024. It also responds to industry’s requests for further clarification.

Among the key updates to our guidance are:

• emphasising reporting entities’ responsibilities to create Unique Product Identifier (UPI) codes for accurate reporting
• recognising circumstances where ‘effective date’ and ‘event timestamp’ are reported on a back-dated basis
• clarifying certain aspects of ‘block trade’ reporting.

• Read the updated technical guidance.

For further information, please visit our derivative transaction reporting webpage.

Back to top

Strengthening cyber risk management in market operations

Cyber crime is on the rise and growing increasingly sophisticated due to advancements in technology. In this environment it is crucial that market participants adopt robust cyber risk frameworks to improve their cyber and operational resilience.

Australian financial services (AFS) licensees are required by law to have adequate cybersecurity risk management systems in place. ASIC expects all licensees to prioritise and invest in systems that protect their customers and maintain integrity in the financial system and may take strong may take action where they fail to do so.

Globally respected benchmarks such as the International Organization for Standardization’s (IOS) ISO/IEC 27001:2022, provide guidance for establishing and improving systems to manage the security of data owned or handled by a company.

To meet the IOS’s key cyber risk management requirements, a business or organisation must:

• Identify and protect critical assets: Secure trading and settlement systems through network segmentation, access controls, encryption, and regular vulnerability assessments. Understanding the interdependencies between systems helps prioritise risk mitigation efforts.
• Incident detection and response: Deploy real-time threat detection and response mechanisms, including security monitoring, logging and automated alerts to prevent unauthorised access and mitigate breaches.
• Third-party risk management: Regularly assess service providers’ security postures, enforce risk-mitigation measures, and require adherence to recognised security standards to reduce supply chain vulnerabilities.
• Resilience and recovery planning: Maintain and test business continuity plans with scenario-based exercises to ensure swift recovery from cyber incidents, including ransomware attacks and data breaches.
• Cyber awareness and training: Strengthen staff capabilities through ongoing education, phishing awareness programs, and strict authentication measures to minimise risk of human error.

New guidance for SME market participants

For small and medium sized enterprises (SMEs), the new Information Security Management Systems (ISMS) Guide is a valuable resource. Developed with advice from the ISO’s information security, cybersecurity and privacy protection committee - known as ISO/IEC JTS 1/SC 27-  this guide provides practical steps to implementing ISMS, helping firms enhance cyber resilience without excessive complexity or cost.

In general, the recommended steps that should be followed by SMEs for good cyber risk management are:

• Establish information security foundations
• Understand what must be protected
• Evaluate information security risks
• Design, apply and monitor information security controls

We also recommend looking at the Australian Signals Directorate’s (ASD) small business cybersecurity guide.

All companies need to proactively and regularly check the adequacy of their cybersecurity measures.

To stay up to date on the latest in cyber security alerts and advice, ASIC's Supervisory Cyber and Operational Resilience Centre recommend visiting the ASD’s Australian Cyber Security Centre website.

Back to top

Minor updates to Markets Disciplinary Council regulatory guidance

ASIC has released minor updates to Regulatory Guide 216 Markets Disciplinary Panel (RG 216) to reflect recent Panel decisions on the application of the penalty regime imposed by the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 and current MDP processes.

The changes to the penalty regime significantly increased the maximum penalties for conduct occurring wholly on or after 13 March 2019.

The updates to RG 216 also reflect current MDP processes, including that MDP hearings can now be conducted virtually.

This updated version replaces guidance issued in January 2021.

• Read the news item.

Back to top

Recent ASIC enforcement actions

Our 2024 and 2025 enforcement priorities send a clear compliance message to the entities we regulate. Over December to March, our enforcement actions included:

ASIC sues FIIG Securities for systemic and prolonged cybersecurity failures

FIIG Securities Limited (FIIG) allegedly failed to have adequate cybersecurity measures for more than four years, according to documents filed by ASIC in the Federal Court. This enabled the theft of approximately 385GB of confidential data, with some 18,000 clients notified that their personal information may have been compromised.

• Read the media release.

ASIC sues crypto company Binance Australia Derivatives for consumer protection failures

More than 500 retail clients of Oztures Trading Pty Ltd, trading as Binance Australia Derivatives (Binance), were denied important consumer protections after being misclassified as wholesale clients, ASIC alleges in documents filed in the Federal Court.

• Read the media release.

Former Irexchange Limited Company Secretary and Legal Advisor, CEO and CFO charged after ASIC investigation

Three former Irexchange Limited (IRX) executives appeared on 4 March 2025 at the Downing Centre Local Court charged with breaches of the Corporations Act (the Act) following an ASIC investigation.

The charges relate to allegations of false and misleading conduct that allegedly occurred between 20 July 2018 and 14 February 2019, concerning an agreement regarding the shares of the founders of IRX and information about the nature of IRX’s business in the prospectus lodged with ASIC.

• Read the media release.

Insider trading and market manipulation case updates

Behzad Eghrari, of Vermont South, Victoria, has been charged with three offences of creating a false or misleading appearance of active trading following an ASIC investigation.

• Read the media release.

Separately, Antonio Stella, of Donvale, Victoria, has been indicted on two counts of insider trading following an ASIC investigation.

• Read the media release.

Back to top