CPD: 2025 Regulation and compliance schedule – what advisers must know

Regulatory framework for financial advice will continue at pace in 2025.
The evolution of the regulatory framework for financial advice will continue at pace in 2025, giving advisers and licensees little respite from changes which can impact them, their businesses, and their clients.
In addition to the well-publicised Delivering Better Financial Outcomes (DBFO) Tranche 1 reforms that come into effect in 2025, advisers must also be conscious of changes to the broader regulatory framework applying to advice businesses – including legislation relating to privacy and cyber security for example – as well as the areas the corporate regulator, ASIC, is likely to have a heightened focus on for the year ahead.
By understanding this regulatory ‘big picture’, advisers can not only ensure their compliance with confirmed changes, but they can also better position their businesses for the future, by factoring reform trajectories into critical business decisions in areas such as technology, processes, people, and even business models.
This article will therefore serve as a primer for advisers to understand what changes are locked in, what changes are coming, and what areas ASIC will be paying extra attention to in 2025.
Structure of this article
This article will be organised into three main sections, firstly looking at the DBFO legislation, and the related changes taking effect in 2025 (some of which were only detailed at the end of 2024). The second will examine two pieces of legislation that are not financial services specific, but which will still impact many licensees and advisers. And finally, we will recap those areas under to be put under the microscope by ASIC over 2025.
1. DBFO: Key dates in 2025
Key Date number 1: January 10, 2025
Two important DBFO changes become effective on this date. One, relating to trustee oversight of advice fees authorised by members, has being controversial, with some experts believing the legislation is poorly worded and could see some ultra-conservative (and/or non-adviser friendly) funds choose to scrutinise every single SOA before agreeing to a fee deduction.
While ASIC, and Minister Stephen Jones, have gone to great lengths to provide assurance that this is not the intent[1], many advisers are holding their breath, awaiting the proof that will come in the form of actual trustee behaviour post January 10.
A recap of that change:
- Amendments to the SIS Act (s99FA) intended to clarify the legal basis for trustees to pay advice fees agreed to by a member. Trustee obligations include the following:
- Ensure the advice given is personal
- Ensure the cost of advice aligns with the term of the member’s written consent
- Ensure the appropriate consent requirements are met, including ongoing fee arrangements.
The second change to take effect on 10th January relates to Ongoing Fee Arrangements, effectively giving advisers much more flexibility around timing and format.
Key aspects of this reform include:
- Remove the requirements to provide clients with a Fee Disclosure Statement
- Require advisers to obtain client consent for ongoing fees via a standardised written consent form
- Replace “anniversary date” with “reference date” for determining the renewal period, with a new consent required between
- Up to 60 days before, and
- On or before 150 days after the reference date.
(This last change introducing far more flexibility than the current 120-day period commencing on the anniversary date of the arrangement).
Introducing the new reference date
The reference date concept – introduced as part of the change to ongoing fee arrangement consents – has caused confusion for some. ASIC have produced examples which help clarify the setting and changing of reference dates, which can be found in their Information Sheet 286, updated and reissued in November 2024[3].
Key date number 2: July 9th, 2025
On this date, new consent requirements become effective for life insurance commissions. In simple terms, life commissions which are (a) within the limits prescribed by the Life Insurance Framework requirements, and (b) accompanied by the appropriate client consent, will be exempt from the ban on conflicted remuneration.
The consent – a new document – must include the following information:
- Name of the insurer
- Commission rate
- If more than one monetary benefit will be given in connection with the issue or sale of the relevant product, the frequency of giving those monetary benefits and the period over which monetary benefits covered by the consent could be given, including any renewals;
- The nature of any services that the AFSL or authorised rep will provide the client in relation to the relevant product;
- A statement that “it is a requirement of the law that client consent must be obtained before payment of an insurance commission”; and
- The fact that the consent is irrevocable.
Importantly, these guidelines mean that – provided the rate of commission on renewal does not exceed that disclosed in the initial consent – no further consents are required, meaning the consent is a one-off, for the life of the policy.
ASIC updates regulatory guidance to support DBFO changes
In November 2024, ASIC issued 4 new information sheets[4] – and updated several existing Regulatory Guides – in response to DBFO Tranche 1.
The new Information Sheets are:
- INFO 286 FAQs: Ongoing fee arrangements and consents
- INFO 287 FAQs: Non-ongoing fee requests or consents
- INFO 291 FAQs: FSGs and website disclosure information
- INFO 292 FAQs: Informed consents for insurance commissions.
Updates were also made to RG 246, and 175.
The Information Sheets in particular are very helpful, containing practical examples of the changes in action, and it is recommended readers familiarise themselves with these resources as soon as possible.
So what about DBFO Tranche 2?
Advisers busy in the lead up to the end of 2024 could be forgiven if they missed the announcement by Treasury about DBFO Tranche 2, made public on 4th December[5].
The more significant of the two tranches, in terms of its capacity to improve the accessibility of advice, Tranche 2 may well prove to be the most contentious, tackling issues such as Statements of Advice and Safe Harbour, while also introducing a new tier of advice.
Generally light on detail, Treasury’s announcement split the proposed changes into two categories:
- A ‘new class of financial adviser’, and
- Modernising financial advice.
The ‘new class of adviser’ (previously referred to as ‘Qualified Advisers’) proved to be a controversial topic throughout 2024, with critics claiming it was opening the door to the return of vertical integration.
The policy intent is to create a new tier of advisers who – by virtue of needing lesser qualifications and being restricted to very simple advice – can open up advice to a wider audience by being much cheaper.
Despite fears that this type of adviser might be limited to product providers and super funds, the December announcement clarified that this option is also open to traditional advice licensees, opening up exciting new ways for advice firms to service clients who are lower value, and/or have simple needs for episodic advice.
Licensees will be able to charge for services provided by new class advisers
Critical to making this a viable option for licensees is the government about face on charging fees for the services provided by new class advisers, with licensees being allowed to charge one-off fees for such a service[6].
New class of adviser – guidelines
- Licensees that employ the new class of adviser will be wholly responsible for the advice provided. Licensees will be subject to additional monitoring and supervision obligations (with civil penalties attached) to ensure that their employees only provide advice within their expertise and authorisation and comply with the Best Interests Duty and other obligations.
- The new class of adviser will be required to complete an AQF level 5 diploma, to ensure they have the expertise to provide high-quality simple advice.
- The new class of adviser will be restricted to advising only on products issued by prudentially regulated entities and will be prevented from providing advice on more complex and high-risk areas such as establishing a self-managed superannuation fund.
- The new class of adviser will be limited to advising existing customers of a licensee, and new customers where the new customer initiates the advice request. This will ensure the new class cannot be used to cold-call new customers or offer unsolicited advice.
- Licensees employing the new class of adviser can opt to charge a fee for the advice provided by the new class of adviser. They will not be permitted to charge ongoing fees or receive commissions to ensure the adviser is focused on providing simple, episodic advice.
Modernising financial advice
The remainder of the package includes, but is not limited to:
- Modernising the Best Interests Duty into an outcomes-focused duty and removing the existing process-based safe harbour steps.
- Replacing Statements of Advice with a principles-based record that is in plain English and addresses the client’s needs.
- Clarifying the rules on what advice topics can be paid for via superannuation.
- Reviewing and updating The Financial Planners and Advisers Code of Ethics
- Reviewing the education pathway for professional advisers with a view to increasing flexibility in support of the growth and continuing professionalisation of the financial advice industry.
Timeframe for Tranche 2
Stephen Jones has previously stated his intention to see Tranche 2 passed by May 2025[7], however with a federal election to be held before the middle of 2025, there is significant doubt about whether the legislation can be drafted, tabled, and passed before Australia goes to the polls.
While there is uncertainty around the outcome of that election, both major parties are committed to closing the loop on DBFO, with shadow financial services minister, Luke Howarth, previously stating his intention to implement the reforms if there was a change of government:
“We support the [Michelle] Levy review in full and wouldn’t go back to the drawing board. We want to get the industry reform done as quickly as possible as time is of the essence. The work has been done; it just needs to be implemented asap. We wouldn’t be reinventing the wheel.”[8]
2. New legislation around privacy and cybersecurity
Cyber Security Bill 2024 becomes law
A little left field – but very important for medium to large licensees – is the introduction of compulsory ransomware reporting from May 29th. This requirement, to apply to all businesses with turnover of $3m or more, was introduced as part of The Cyber Security Bill 2024, passed by Parliament in the last week of November[9], at the same time as major changes to the Privacy Act (discussed in more detail below).
Part 3 of the Cyber Security Act sets out mandatory reporting requirements for entities that experience a cyber security incident and elect to pay any ransom or extortion payment demanded by the perpetrator of the incident. The reporting obligations also extend to entities who are aware that another entity – e.g. an accountant or lawyer or IT consultant – has provided a ransomware payment on its behalf.
A reporting business entity must make a report – through the cyber.gov.au website – within 72 hours of making the ransomware payment or becoming aware that the ransomware payment has been made.
With the frequency and sophistication of cybercrime continuing to increase, so too will the frequency of firms electing to pay ransoms in order to restore normal business operations. Financial advice firms, with access to sensitive client data, remain an attractive target for cybercriminals which is why this requirement is particularly relevant.
Privacy reforms will also impact medium to large advice firms
The slew of legislation passed by the Federal Parliament at the end of November 2024 also included the first tranche of long-awaited reforms to the Privacy Act[10].
While the government initially intended to remove the small business exemption – which would have effectively seen all businesses subject to the 13 Australian Privacy Principles – intensive lobbying[11] by small business representatives proved successful, and the final legislation left the exemption in place for businesses with annual turnover under $3m.
These changes – now more relevant to medium and large advice firms – include:
- a new cause of action in tort for serious invasions of privacy
- a new criminal offence of ‘doxxing’
- new civil penalty provisions for interfering with the privacy of individuals and new OAIC powers to issue infringement notices and compliance notices
- new Ministerial powers to ‘white-list’ countries that provide substantially similar privacy protections, in order to assist entities disclosing personal information overseas
- a new requirement for privacy policies to include information about automated decision-making
- clarifying that taking ‘reasonable steps’ to protect the security of personal information includes implementing ‘technical and organisational measures’.
FAAA expresses concern over the impact of AI on privacy
While the FAAA indicated it was supportive of the Privacy Act changes, it did express concern that the changes were not keeping pace with changes in technology, especially Artificial Intelligence, which is increasingly used by advisers when handling client data.
The FAAA noted in its submission on the changes:
“Many financial advisers are adopting technology to assist with day-to-day planning activities, which inevitably involves the handling of client personal and sensitive data. As in many sectors, it is becoming more and more common for AI tools to be used to record client meetings and transcribe these into file notes.
“Given the breadth and often sensitive nature of client data disclosed during client meetings, the use of AI software for this task, while enabling advisers to both deliver a higher quality service and also help more clients, has clear privacy implications – not least being the incidental disclosure of the client’s information to the AI provider.”[12]
3. What will ASIC focus on in 2025?
On 14th November 2024, ASIC unveiled[13] details of its enforcement priorities for 2025. These priorities indicated the areas ASIC will direct its focus, expertise, and resources throughout the year.
Priorities most impacting advisers include:
- Misconduct exploiting superannuation savings.
- Unscrupulous property investment schemes.
- Failures by insurers to deal fairly and in good faith with customers.
- Licensee failures to have adequate cyber security protections.
- Greenwashing and misleading conduct involving ESG claims.
- Member services failures in the superannuation sector.
This list is notable as much for two items it no longer includes – poor distribution of financial products and compliance with the reportable situations regime.
Whether this suggests ASIC is now comfortable with compliance in these areas is unclear. Certainly, the latest breach reporting data, published by ASIC in October 2024, showed that while small licensees have shown improvement, ASIC believes there is still a degree of under-reporting[14].
With Joe Longo telling an audience in November 2024 that he agreed the regime was too complicated15, it remains highly possible further changes – to simplify the regime – could be seen in 2025.
Summary
The financial advice regulatory big picture for 2025 remains crowded and complex. Several initiatives that will reshape advice are in play, although the timing and detail of some changes may not become clear until the second half of 2025, after the federal election.
While advisers must clearly prioritise compliance with the known changes already scheduled, an awareness of the big picture remains critical, to ensure key businesses decisions are made with the future in mind.
Take the FAAA accredited quiz to earn 0.5 CPD hour:
CPD Quiz
The following CPD quiz is accredited by the FAAA at 0.5 hour.
Legislated CPD Area: Regulatory Compliance & Consumer Protection (0.5 hrs)
ASIC Knowledge Requirements: Regulatory Environment (0.5 hrs)
please log in to start this quiz
———–
References:
[1] https://www.superreview.com.au/news/financial-advice/industry-responds-dbfo-passage-following-controversy-over-s99fa
[2] https://www.ifa.com.au/news/34962-treasury-seeks-broad-consensus-on-fee-consent-forms
[3] https://asic.gov.au/about-asic/news-centre/news-items/asic-releases-new-and-updated-guidance-in-response-to-the-dbfo-act/
[4] Ibid.
[5] https://treasury.gov.au/publication/p2024-607305
[6] https://treasury.gov.au/sites/default/files/2024-12/p2024-607305.pdf
[7] https://www.afr.com/wealth/personal-finance/advice-reforms-to-be-legislated-by-may-next-year-stephen-jones-20241029-p5km4r
[8] https://www.moneymanagement.com.au/news/financial-planning/howarth-commits-implementing-dbfo-reforms-current-form
[9] https://www.twobirds.com/en/insights/2024/australia/australias-first-standalone-cyber-security-law-the-cyber-security-act-2024
[10] https://www.minterellison.com/articles/first-tranche-of-privacy-reforms-passed#:~:text=The%20Privacy%20and%20Other%20Legislation%20Amendment%20Bill%202024%20(Cth)%20(,Parliament%20on%2029%20November%202024.
[11] https://www.afr.com/politics/federal/small-business-wants-out-of-privacy-laws-as-data-breaches-rise-215pc-20241014-p5ki4b
[12] https://www.moneymanagement.com.au/news/financial-planning/fasea-lessons-future-privacy-reforms
[13] https://www.moneymanagement.com.au/news/financial-planning/which-priorities-have-fallen-asics-enforcement-list
[14] Ibid.
[15] https://www.moneymanagement.com.au/news/financial-planning/counterintuitive-effect-asics-reportable-situations-complexity
CPD Quiz
The following CPD quiz is accredited by the FAAA at 0.5 hour.
Legislated CPD Area: Regulatory Compliance & Consumer Protection (0.5 hrs)
ASIC Knowledge Requirements: Regulatory Environment (0.5 hrs)
please log in to start this quiz
You must be logged in to post or view comments.