Advice compliance measures need to add up: Mintegrity
As financial advisers get ready to celebrate the end of year, they are reminded that meeting the Australian Securities and Investments’ Commission’s (ASIC) expectations to comply with general obligations depends a lot on the nature, scale and complexity of their business.
Advisers should not be fooled into thinking that having a suite of policies and procedures will get them over the line. There is more to consider.
ASIC expects advisers to document compliance measures in some form, implement those measures, monitor and report on their use, and regularly review the effectiveness of those measures.
These measures need to be fit for purpose and take into account the specific risks for businesses.
One size does not fit all here. For smaller Australian Financial Service Licence (AFSL) holders compliance measures may be part of their risk management systems. Larger AFSL holders may have risk management systems, compliance management processes and control frameworks. Collectively these make up compliance measures.
We know that failure to have appropriate compliance measures can lead to unfavourable regulatory outcomes such as being mandated to appoint an independent expert to review compliance measures through licence conditions or enforceable undertakings, suspension of a licence and worst case scenario could lead to a cancelation of an AFSL licence.
Advisers need to ensure that none of these scenarios eventuate.
The compliance function is the responsibility of the director, responsible manager or senior management. It needs to be independent enough to do its job, have adequate staff, resources and appropriate systems backing it.
For smaller firms this may be the responsibility of the responsible manager or director of the AFSL. Ensuring they are complying with obligations and being able to evidence that compliance is up to date is critical. These firms should consider having an independent person check that compliance obligations are being met and recorded.
For larger firms, appointing a compliance officer to manage the compliance function does not remove the accountability of the board, responsible managers and directors of the firm from ensuring the compliance measures in place are adequate for the business. They will need to document, monitor, test and report on the adequacy of the compliance arrangements. These firms should consider an independent review of these arrangements periodically to ensure they remain compliant.
This is particularly important when products and services change or a firm experiences significant growth.
Compliance is not a set and forget function.
Many firms fail to consider their broader compliance arrangements particularly after receiving an enquiry from ASIC. When ASIC asks for information or sends a notice to collect information this can often be an indicator of either ASIC is reviewing an industry behaviour or a specific behaviour at the firm. That is the time to consider if the advisers are meeting the general obligations and what can they do now to ensure that compliance arrangements are appropriate, have been reviewed recently and are up to date.
While not an exhaustive list, the questions below can help create a compliant path to ensuring that a firm’s compliance measures meet ASIC’s expectations.
Documenting compliance measures
- Who is responsible
- What timeframes do you expect things to happen
- What records need to be kept
- What reporting is required
- What checks are performed to ensure the above are being done
Implementing compliance measures
- Are your staff aware of the compliance measures
- Do your documents actually describe your practices
- How are compliance measures communicated to your staff
- What training has been provided
- How are regulatory changes integrated into the business
- Do staff know what and how to report
Monitoring compliance measures
- What needs to be monitored
- How is monitoring performed
- What control testing is being performed
- Who is responsible for monitoring
Reporting compliance measures
- What needs to be reported
- When does it need to be reported
- Who does it need to be reported to
Assessing the effectiveness
- Are there themes emerging from the reporting
- Do the compliance measures still meet regulatory requirements
- Are the risks being effectively managed
Failure to get this right can lead to regulatory outcomes and reputational damage.
In ASIC recent licensing report 772, 45 AFSL were cancelled and 24 suspended. Additional cancelations and suspensions have occurred since then.
The main reasons for cancelation or suspension of AFSL, aside from ceasing to operate a financial services business and failing to lodge financial reports, are failing to have adequate resources whether they are financial, technological or human, failing to supervise and monitor employees and representatives, not maintaining competence to provide the financial services, not maintaining membership of AFCA dispute resolution scheme and failure to comply with the key person conditions of the license.
Advisers should take a proactive approach to compliance to enhance the reputation of their firm and reduce the risk of regulatory enforcement action.
Ensuring your compliance measures are appropriate can avoid regulatory outcomes. Make sure your compliance measures add up!