Regulation in Australia

Find out about regulation in Australia, including what a regulator does and what the difference is between regulations.

Regulation in Australia

Australian businesses operate under a variety of what are called “regulatory regimes” in Australia depending on several factors, including:

  • the business structure.
  • location of operations.
  • activities of the business – what are the goods and services.
  • size of the business and number of employees.
  • what kinds of licences are required to operate.
  • the risk of harm to any individuals from the operation of the business.

The big picture in regulation

When you are building an obligation register and figuring out the range of details you need to consider in your compliance risk assessment, there will be multiple layers of requirements you need to comply with either as a ‘one-off’ – for instance, when establishing the business entity – or ongoingly, such as annual financial reporting.

What’s the difference between regulations?

An organisation may need to comply with any of these regulations: legislation, regulation, guidance and voluntary codes or standards.

So, what does each mean? To summarise:

  • Legislation – are generally laws created by a parliamentary process, which can be federal (Commonwealth) or state.
  • Regulations – are requirements created by regulatory or statutory bodies, standards bodies, or other recognised entities like this. These requirements often go out to stakeholder consultation before being considered ‘in force’, but don’t go through a parliamentary process and are usually enforced or policed by the same body that created them.
  • Guidance – documentation issued by the regulatory or statutory bodies to support understanding of the regulation issued. Guidance is intended to be just that and isn’t usually in itself policed to the letter by a regulator. Still, enforcement activities can happen in reference to the regulations if an entity’s practices are well outside the expectations expressed in the guidance. So, the two are often closely intertwined.
  • Voluntary codes or standards – could be industry-created standards or codes businesses ‘sign up’ to. Disciplinary action may be taken for breaches, but it is usually related to trust and industry integrity rather than legal consequences.
    Other codes or standards – these might be created in the same way by a recognised entity and either policed by them or another party. They may be mandatory and have consequences at a reputational, operational or licence level.

What does a regulator do? What is enforcement?

Regulators do a variety of things. They may administrate licencing and look after organisational registrations and registers. They may have responsibility for penalising organisations when they break the law or breach regulations.

They might take consumer complaints, mediate, or make organisations remediate with consumers. They can issue regulations, guidance, and other documents for the market they look after. They may actively work to support the industry or sector they regulate to raise standards and have a close working relationship with their stakeholders.

Their delegated powers are documented on their websites and can be quite specific.

Regulators can share responsibilities across pieces of legislation or markets and may work closely with each other to look after different areas of responsibility without unnecessary overlap.

Each regulator takes a different approach to working with the entities they are responsible for, depending on how critical issues are in particular sectors, the risk of harm to individuals or other businesses, resources and the breadth of their responsibilities.

Other laws may be enforced by state or federal agencies, including the police. As you can imagine, there is a big difference between issues that stray into the territory of requiring police action versus other regulatory enforcement.

How many regulators are there?

The short answer is quite a few, and potentially more when you remember your state-level equivalents if you conduct activities in other states.

However, here are some of the key players as a starting point. If this is the first time you have thought about your organisation’s obligation register, it’s worth walking yourself through your whole organisation’s operation, thinking about where obligations might impact, and looking up which regulator looks after those requirements.

For example, in the financial services sector you will find:

Regulators and Watchdogs

  • Australian Securities and Investments Commission (ASIC)
  • Australian Prudential Regulation Authority (APRA)
  • Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • Office of the Australian Information Commissioner
  • Dept Foreign Affairs & Trade (Australian Sanctions Office)
  • Dept Home Affairs (Modern Slavery Register)
  • Australian Tax Office
  • Australian Financial Complaints Authority
  • Financial Services and Credit Panel
  • CDPP and AFP
  • State gaming regulators
  • NSW Liquor and Gaming
  • Victorian Commission for Gambling and Liquor Regulation

Regulatory Regimes

  • Australian Financial Services Licensee
  • Australian Credit Licensee
  • Reporting Entity (AML/CTF)
  • Authorised Deposit Taking Institution
  • Authorised Insurer
  • Registered Superannuation Entity
  • Registered Private Health Insurer
  • Licensed Gaming Venue

Penal Regimes

  • Commonwealth Criminal Code
  • State Crimes Acts
  • Sanctions laws