ASIC has been training investigators and working through the legal minefield of bitcoin, ethereum and other digital assets while it marks out the boundaries of the largely unregulated sector. It is also testing where it can quickly step in and act.

ASIC chairman Joe Longo has nominated crypto among his list of priorities and this has put it in the game when it comes investigating fallout from the $US32bn ($47.2bn) collapse of crypto exchange FTX. Administrator KordaMentha is piecing together what is left in the Australian offshoot which could see up to 30,000 Australian investors face heavy losses, and this is being closely watched by ASIC.

It comes as the regulator is also shortly expected to make a final decision on whether to make a full stop order on crypto asset manager Holon investments. Last month ASIC issued an interim stop order against Holon, preventing it to market three funds to retail investors because it wasn’t taking into account their financial objectives.

While a final decision has yet to be made the Holon case, it is the first major step up of ASIC using its brand new target market determination (TMD) powers to step in on a crypto product.

When it put the temporary stop on the Holon funds ASIC used the broadest definition of an investor and still considered three crypto funds which separately invested in bitcoin, ethereum and filecoin as too high risk to market to retail investors.

For its part Holon says it followed all industry standards when it came to drafting its target market determination for the funds it was marketing.

It also noted target market determination powers and digital assets are “new regulations and activities for ASIC”, and it was important for the regulator and industry to work together on this to support the industry and build consumer confidence.

For now, crypto currencies and digital assets operate in a vastly unregulated space. Some investment schemes have attempted to test ASIC by claiming that by dealing in crypto the usual rules around advice and financial products don’t apply. This is why the industry is watching the Holon case as temporary measure before rules are expected to be put in place.

ASIC has now suspended the financial services license that was recently granted to collapse crypto exchange FTX. Here the digital exchange was eyeing a push into crypto future-style products, which represent another layer of risk.

Even with the collapse of FTX the crypto industry will continue to slowly move into the financial mainstream. The Reserve Bank of Australia is investigating whether it can play a role in issuing a digital currency that can be used between big banks and others in the financial system. Elsewhere ANZ recently launched the first ever Australian-bank issued Australian dollar stablecoin. The ASX is betting all or nothing on its clearing and settlements platform which is built around the blockchain technology which also underpins bitcoin.

Australian Taxation Office figures suggest more than one million taxpayers have interacted with the crypto assets over the past four years. This probably suggests a great deal more are operating outside the official economy. Increasingly crypto-style products are being marketed through football to the Grand Prix. Even actor Matt Damon has been promising the world with crypto ads.

The FTX collapse is set to hurt investors but it will speed up the need to regulate digital assets in a way to moderate some of the risks they represent retail investors, but hopefully without stifling the innovation the new technology represents.

NSW Liberal senator Andrew Bragg got the ball rolling late last year when he remarkably secured broad support around a series to move crypto into the regulatory net and put in place rules for digital exchanges to protect client funds.

Treasury has a “token mapping” review underway which will identify exactly what needs to be regulated and how rules can be practically applied. However this is not expected to be finalised until early next year. Then there is a process around law reform committee which will represent a further delay. Until that all comes together ASIC will be working on the edges of the industry.

Medibank faces music

Medibank has been given a much-needed confidence boost around its handling of its massive cyber attack, including a decision to stand firm against demands for a $15m ransom in exchange for the return of highly-sensitive stolen data on millions of its customers.

Wednesday’s annual meeting was an important moment for Medibank and its customers after a harrowing few weeks where the health insurer’s data hack has played out in real time. By no means is the crisis over yet.

Here the Medibank board gave strong public support to Medibank’s under-pressure chief executive David Koczkar and his staff.

At the same time Medibank’s board, chaired by former insurance boss Mike Wilkins, has found its own support. The company still has the firm backing of big investors even as they have seen the value of their shares slump 20 per cent since last month’s attack and a reputational hit that will take years to rebuild.

By having a board, management and big investors on the same side means the company will be better placed in dealing with the fallout from the attack, including the long road ahead of winning back trust from customers.

The health insurer received overwhelming shareholder backing for its remuneration report with a 94 per cent support as did the three directors facing re-election to the board.

This would have been the moment for shareholders to whack Medibank if they had deeper concerns over its handling of the attack.

All companies are closely watching the Medibank drama, with scale of the attack and the sickening use of customer details as bargaining chips the first for corporate Australia. Medibank’s decision to publicly disclose and reject the demands of cybercriminals is also been watched. For now this is a significant factor in keeping customers and investors onside in its decision not to pay.

The Medibank chief executive is keen to frame the incident as an attack on all Australians – this is important to keep politicians and the broader public onside while it plays out.

Addressing shareholders, Koczkar said the cyberattack was bigger than Medibank and maintained that rejecting the ransom demand was the right thing to do. The attack was a “watershed” moment for the community and “harsh reminder of the new frontier in cybercrime”, he added.

“What has happened is deeply distressing. The weaponising of the private data of many Australians – our customers – is malicious. We are steadfast in our resolve to not reward this criminal behaviour, nor to strengthen a business model that is based on extortion,” Koczkar said.

Meanwhile Wilkins said even before the attack, cybersecurity had been top of mind in terms of risks that many of the board from banks to insurers he had been involved in.

At Medibank there were regular talks in the boardroom around reducing risk and they also simulation of what might happen in the event of a cybercrime. It was this playbook that was deployed during the Medibank attack, he added.

Wilkins also outlined an independent review is underway of by audit firm Deloitte of how the attack happened and gaps in security. He promised to publicly release the review.

Hopefully it is through this that company can address the bigger question about why such sensitive health information on millions of current and former customers was held in the one spot and could be easily identified.

While the insurer is working with police and security agencies, it is helpless as its watches private data and in some cases sensitive health details of customers slowly released onto the dark web. Medibank has also appealed to social media giants to also play a role in preventing the data jumping from the dark web and spreading through their platforms.

johnstone@theaustralian.com.au

More Coverage

Medibank execs to keep millions in bonuses despite hack

JARED LYNCH

Originally published as ASIC starts planning for its crypto crackdown