The Australian Prudential Regulation Authority (RBA)

Other regulators whose roles and powers are relevant to banking and finance lawyers
The Council of Financial Regulators (CFR) is made up of the Australian Prudential Regulation Authority (APRA), the Australian Securities & Investments Commission (ASIC), the Reserve Bank of Australia (RBA) and the Australian Treasury. APRA, ASIC and RBA work together for a coordinated approach to resolve matters relating to the stability of the Australian financial system, and the CFR provides advice to the Australian Government on the adequacy of Australia’s financial regulatory arrangements.
In addition to the CFR, practitioners are likely to come across a number of other regulators. They include:
• Australian Transaction Reports and Analysis Centre (AUSTRAC);

For example, a failure to carry out applicable customer identification procedures before providing designated services may attract civil penalties to the maximum of $18,000,000.
OAIC
OAIC is an independent statutory agency. The agency is headed by the Australian Information Commissioner. Some practitioners may be familiar with the name “Privacy Commissioner”. It is useful to note here that the Office of the Privacy Commissioner has been integrated into the OAIC.
One of the most important definitions practitioners need to be familiar with is “personal information”. Personal information as defined by the Privacy Act 1988 (Cth) (Privacy Act) is “information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable”. Sub-sets of personal information include credit information and sensitive information (such as information regarding health).
The legislation that are most are relevant to OAIC’s work are:
• Privacy Act, which regulates how personal information is handled;
• Australian Privacy Principles (APPs); the APPs are contained in schedule 1 of the Privacy

With regards to its privacy function, OAIC’s powers are extensive. The powers that practitioners are more likely to come across include:
• commence a Commissioner initiated investigation to investigate a potential breach of the Privacy Act; and
• assess whether an entity is compliant in terms of its obligations under the Privacy Act in the handling of personal information.
With regards to its freedom of information function, OAIC has oversight of the operation of the FOI Act. It has powers to review of decisions made under the FOI Act. Following a FOI request, if an individual is not satisfied with the outcome, they may seek a review by the OAIC.
OAIC’s APP guidelines (https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/) is a useful tool for practitioners because (among other things) they outline the mandatory requirements of the APPs and how OAIC will interpret the APPs. Importantly, practitioners will find information on what OAIC may take into account when exercising its functions and powers under the Privacy