Three financial services compliance lessons from the Royal Commission

Share on twitter
Share on linkedin
Share on facebook

Today we continue to look at financial services compliance.“It’s not enough, is it… to have those policies and procedures in place? Financial advisers need to comply with them”[1].

So asked assisting counsel last week in the second round of hearings of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Royal Commission). The fallout from the last week of hearings has been extensive, including the resignation of the AMP CEO and indications of impending law reform.[2]  We discussed some issues that arose in the first round of hearings here

Photo by Rob Potter on Unsplash

This second round has focused on:

  • charging fees for financial advice that is not provided or not provided in full (fees for no service);
  • provision of inappropriate financial advice;
  • improper conduct by financial advisers, including misappropriation of customer funds.

Already there has been considerable media discussion of the failings of individual businesses and what some of the consequences might be for the financial advice industry. But today we want to take a look at some of the general compliance lessons that are coming out of the Royal Commission. What must a business – any business-  do to ensure laws, regulations and policies are actually being complied with?

  1. Record-keeping

The Royal Commission has shed light on some abysmal record-keeping practices within the financial advice industry. Key examples include:

  • Some financial advice businesses are unable to demonstrate how a given piece of advice or action (such as switching financial products) coheres with their duty to act in the best interests of the customer.[3] This makes it almost impossible to demonstrate to the customer and the regulator that the business is compliant;
  • Breach-reporting. In 2011, a notice of breach was drafted by AMP to send to the Australian Securities & Investments Commission (ASIC). But it was never sent, apparently on the basis that there was legal advice against doing so.[4] However, on questioning from the Commission, there is no clear record of this decision and why it was made.

No matter what the industry, having adequate documentation and records is crucial to demonstrating compliance, both with industry specific legislation (such as the Corporations Act 2001 and the National Electricity Law), but also general regulatory requirements such as the Privacy Act 1988 and Health & Safety Laws.

  1. Remediation

Another ongoing theme in the hearings involves a business being made aware of compliance concerns, but not dealing with them swiftly. AMP has been made aware of problems with charging fees on its ‘orphaned non-serviced policies’ (an instance of fees for no service) and that risks of the policy include “reputational damage to AMP, legal and compliance issues, possible anti-avoidance issues if AMP doesn’t dial down ongoing fees”[5]

Similarly, an external audit report from PwC in 2015 emphasised that there was no ‘root cause analysis’ process at AMP to determine underlying cause, and whether it was a result of systemic problems. Subsquently, when notification of a breach was made to the Group Risk and Compliance Committee about the impermissible charging of fees, no root-cause analysis was conducted. [6]

Also in relation to fees for no service, an independent report from Deloitte to CBA Wealth Management revealed that “systems to identify clients that have signed up to and/or receive ongoing service arrangements are inadequate” and “the process to identify and communicate with customers in a timely manner is ineffective.” Both were given a high priority for remediation, but again, action was not swiftly taken. [7]

  1. Audit Processes

Systematic internal audit is essential for a business to be confident it is meeting its regulatory obligations. Some organisations seem to be relying primarily on complaints from customers and/or self-reporting of advisors to determine if they are complying with their regulatory obligations. There is little to no systematic auditing.

For example, it was revealed that Westpac diverted resources that should have otherwise been spent on systematic auditing to getting the business reading for the ‘Future of Financial Advice’ (FOFA) reforms. There seems to be no good reason why this auditing couldn’t have been carried out by securing external auditors.[8]

If you think Compliance Quarter could be of any assistance in developing an ongoing compliance program for your business, reivewing your financial services compliance, including our automated Compliance Hub, please get in contact with us.


[1] See Draft Transcript, 20 April, p1464.

[2] For a summary see

[3] See Draft Transcript, 16 April, p1038.

[4] See Draft Transcript, 16 April, p1082.

[5] Draft Transcript, 17 April, p1166.

[6] Draft Transcript, 17 April, p1109.

[7] Draft Transcript, 13 April, p1311.

[8] Draft Transcript, 20 April, p1464.

More to explorer

solar energy

Review of the Authorisation and Exemption Framework

The Australian Energy Regulator has published a consultation issue paper titled Retail Authorisation and Exemption Review. Broadly, the Issues Paper considers the changing nature of the energy market, the risks posed by new products and services, and asks whether changes are needed to the Retail Authorisation and Exemption Framework. This is a major consultation that will have long-lasting ramifications for the energy market and consumers.  It builds on the work of the Energy Security Board, the Australian Energy Market Commission (particularly in relation to embedded network regulation) and prior work by the AER.

Sales manager

Managing the compliance of contractors

In many industries, a principal will be liable for any non-compliance by their contractors. What are some of the steps you can take to manage contractors?

Leave a Reply

Your email address will not be published.