The second 2022-23 Federal Budget was announced on 25 October 2022.
There is nothing in the 2022-23 Federal Budget 2.0 that will create a UK style crisis.
Most funding initiatives appear to be a reallocation of previous Government initiatives. And, the commodity driven $54.4 billion improvement in tax receipts has largely been banked, not spent.
With seven months before the 2023-24 Budget released in May 2023, this Budget is a shuffling of the deck not a new set of cards. And to continue the pun, we need to play the hand we have been dealt, buffeted by externalities – war, floods, and global uncertainty.
Check out the article to learn more 👉 2022-23 Budget 2.0
If we can assist you to take advantage of any of the Budget measures, or to risk protect your position, please let us know.
As always, we’re here if you need us!
Australian super funds gorge on cryptocurrency
The value of cryptocurrency assets inside Australian self managed superannuation funds (SMSFs) increased by 589.9% ($1.17bn) between June 2019 and June 2022, according to the latest ATO statistics.
While cryptocurrency is a relatively small asset class at only 0.16% of the $837bn held in SMSFs, it is a growing asset class, larger than collectibles and personal use assets, and overseas property. Smaller funds, with an asset value below $200,000, are more likely to have a larger proportion of their value in cryptocurrency.
ASIC warns of SMSF cryptocurrency scams
Earlier this year, the Australian Securities and Investments Commission (ASIC) issued a warning on an increase in marketing encouraging Australians to switch from retail superannuation funds to SMSFs so they can invest in ‘high return’ portfolios. The regulator states that crypto-assets are a high risk and speculative investment and best practice is to seek advice from a licensed financial adviser before agreeing to transfer superannuation out of a regulated fund into an SMSF. An example of one of these schemes was A One Multi Services Pty Ltd that was shut down by ASIC late last year. The company promoted a scheme encouraging investors to roll their superannuation into an SMSF, then for the SMSF to loan money to A One Multi to generate “returns of between 10% and 20% on the investment and perhaps as high as 26%.” Over 60 SMSFs transferred $25 million into A One Multi’s accounts between January 2019 and June 2021. The money “invested” for the clients, between $7 million to $22 million of Bitcoin, was held in the name of one of the directors. An additional $5.7m was used by the directors to acquire property and luxury cars.
Investing in crypto
Trustees are free to invest in assets that meet the requirements of the fund and comply with the regulatory requirements:
- Trust Deed – must allow for cryptocurrency assets. Most SMSF trust deeds are drafted broadly to enable trustees to invest in assets permitted by the superannuation laws and leave the investment strategy to manage the choice of assets and their appropriateness. However, it is important to check.
- Investment strategy – With cryptocurrency’s high volatility and risks, there must be clearly articulated information in the Investment Strategy. That is, it must articulate the trustees’ plan for making, holding and realising assets in a in a way that is consistent with the retirement goals of members being mindful of the member’s individual circumstances.
- Separation of assets – cryptocurrency assets must be held in a wallet in the name of the SMSF and the IP address is provided to the SMSF auditors to verify the transactions (against the fund bank account). Problems often arise when a wallet (in the name of the SMSF) is connected to a personal credit card to acquire cryptocurrency. In these cases, the payment may be considered as either a contribution or a loan to the SMSF.
- Sole purpose test – Your SMSF needs to meet the sole purpose test to be eligible for the tax concessions normally available to super funds. This means your fund needs to be maintained for the sole purpose of providing retirement benefits to your members, or to their dependants if a member dies before retirement.
Lessons from a data breach
The Optus data breach is top of mind for a lot of Australians, particularly those who have had their data breached.
For business, the breach is a timely warning on the importance of understanding what data is held on your customers (and should you hold it?), how it is secured, how your systems work and the process to identify gaps and deficiencies, the appropriate actions if and when a breach occurs, and the impact on your relationship to your customer. This is not something that can be outsourced to IT but a whole of business issue.
The obligations on business
We all know that no system is 100% secure. For Optus, this is not the first time. In 2015, Optus agreed to an enforceable undertaking for breaching the Privacy Act in 2015.
A data breach happens when personal information is accessed or disclosed without authorisation or is lost. If the Privacy Act 1988 covers your business, you must notify affected individuals and the Office of the Australian Information Commissioner when a data breach involving personal information is likely to result in serious harm. The notification must be as soon as practicable but is expected to be no later than 30 days. Every day counts.
A business must take all reasonable steps to comply with its obligations to prevent data breaches occurring. These obligations are not limited to preventing cyber attacks. Malicious or criminal attacks represent 55% of all reported data breaches. But, human error is responsible for 41% and 4% through system faults. Where human error was involved, 43% was where personal information was emailed to the wrong recipient and 21% the unintended release or publication of personal information.
How to apologise
Your relationship with your client is about trust. Beyond the breach notification requirements, the other issue is the client relationship.
So, how should a business apologise? University of Chicago economist John List, Professor Benjamin Ho from Vassar College along with other academics studied this issue for Uber ride sharing – the experiment came about after John List, who was at the time Uber’s Chief Economist, had a bad ride sharing experience. The bottom line? The apology must come at a cost to be effective. That cost can be reputational, a commitment to do better in the future (the cost is the higher standard), or a monetary cost. The paper states: First, apologies are not a panacea – the efficacy of an apology and whether it may backfire depend on how the apology is made. Second, across treatments, money speaks louder than words – the best form of apology is to include a coupon for a future trip. Third, in some cases sending an apology is worse than sending nothing at all, particularly for repeated apologies and apologies that promise to do better.
Helping to protect against data breaches
- Understand your Privacy Act obligations. Specific industries and businesses that hold specific types of data often have advanced requirements.
- Review the personal information held on customers. Is their full date of birth a necessary part of what your business does? If you need to verify identify, do those identification documents really need to be stored once they have been validated? Or is positive confirmation enough? Is the data held securely and is access limited to only those who require access?
- Ensuring systems have multifactor authentication
- Improving staff awareness of not only cyber threats and how to prevent them – phishing, fraudulent messages etc, but reviewing how personal data is managed and accessed.
- Understanding your systems and how they work together to prevent security gaps or ‘backdoor’ systems access.
