Today we continue to look at financial services compliance.“It’s not enough, is it… to have those policies and procedures in place? Financial advisers need to comply with them”.
So asked assisting counsel last week in the second round of hearings of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Royal Commission). The fallout from the last week of hearings has been extensive, including the resignation of the AMP CEO and indications of impending law reform. We discussed some issues that arose in the first round of hearings here https://www.compliancequarter.com.au/royal-commission-round-one-the-home-loan-introducer-program/.
This second round has focused on:
- charging fees for financial advice that is not provided or not provided in full (fees for no service);
- provision of inappropriate financial advice;
- improper conduct by financial advisers, including misappropriation of customer funds.
Already there has been considerable media discussion of the failings of individual businesses and what some of the consequences might be for the financial advice industry. But today we want to take a look at some of the general compliance lessons that are coming out of the Royal Commission. What must a business – any business- do to ensure laws, regulations and policies are actually being complied with?
The Royal Commission has shed light on some abysmal record-keeping practices within the financial advice industry. Key examples include:
- Some financial advice businesses are unable to demonstrate how a given piece of advice or action (such as switching financial products) coheres with their duty to act in the best interests of the customer. This makes it almost impossible to demonstrate to the customer and the regulator that the business is compliant;
- Breach-reporting. In 2011, a notice of breach was drafted by AMP to send to the Australian Securities & Investments Commission (ASIC). But it was never sent, apparently on the basis that there was legal advice against doing so. However, on questioning from the Commission, there is no clear record of this decision and why it was made.
No matter what the industry, having adequate documentation and records is crucial to demonstrating compliance, both with industry specific legislation (such as the Corporations Act 2001 and the National Electricity Law), but also general regulatory requirements such as the Privacy Act 1988 and Health & Safety Laws.
Another ongoing theme in the hearings involves a business being made aware of compliance concerns, but not dealing with them swiftly. AMP has been made aware of problems with charging fees on its ‘orphaned non-serviced policies’ (an instance of fees for no service) and that risks of the policy include “reputational damage to AMP, legal and compliance issues, possible anti-avoidance issues if AMP doesn’t dial down ongoing fees”
Similarly, an external audit report from PwC in 2015 emphasised that there was no ‘root cause analysis’ process at AMP to determine underlying cause, and whether it was a result of systemic problems. Subsquently, when notification of a breach was made to the Group Risk and Compliance Committee about the impermissible charging of fees, no root-cause analysis was conducted. 
Also in relation to fees for no service, an independent report from Deloitte to CBA Wealth Management revealed that “systems to identify clients that have signed up to and/or receive ongoing service arrangements are inadequate” and “the process to identify and communicate with customers in a timely manner is ineffective.” Both were given a high priority for remediation, but again, action was not swiftly taken. 
Systematic internal audit is essential for a business to be confident it is meeting its regulatory obligations. Some organisations seem to be relying primarily on complaints from customers and/or self-reporting of advisors to determine if they are complying with their regulatory obligations. There is little to no systematic auditing.
For example, it was revealed that Westpac diverted resources that should have otherwise been spent on systematic auditing to getting the business reading for the ‘Future of Financial Advice’ (FOFA) reforms. There seems to be no good reason why this auditing couldn’t have been carried out by securing external auditors.
If you think Compliance Quarter could be of any assistance in developing an ongoing compliance program for your business, reivewing your financial services compliance, including our automated Compliance Hub, please get in contact with us.
 See Draft Transcript, 20 April, p1464.
 See Draft Transcript, 16 April, p1038.
 See Draft Transcript, 16 April, p1082.
 Draft Transcript, 17 April, p1166.
 Draft Transcript, 17 April, p1109.
 Draft Transcript, 13 April, p1311.
 Draft Transcript, 20 April, p1464.