Financial adviser compliance: how much is enough?

T he Australian Securities and Investments Commission (ASIC) — or for that matter, any of the regulators — can, and often do, conduct informal as well as formal compliance audits or reviews of financial services licensees in order to check that licensees and their advisers are fulfilling their general obligations under the Corporations Act.

‘General obligations’ encompass a range of things, but broadly include complying with the conditions of your licence and complying with financial services laws, regulations, standards and applicable codes.

Put like that, complying sounds reasonably straight-forward, however, the legislation under which licensees operate is ‘principles-based’, which makes it more difficult for you to determine exactly what you need to do in order to comply — and what you need to do in order to prove to the regulator that you are complying. Very broadly speaking, licensees and their advisers must have processes in place that prove they act efficiently, honestly and fairly.

What the legislation does not do is set out step-by-step instructions explaining exactly how these processes should work at a practical level. In fact, RG104 — Licensing: Meeting the general obligations’, specifically states: “The general obligations are principles-based and designed to apply in a flexible way. For this reason, we do not think we can or should give prescriptive guidance on what you need to do to comply with them. The Corporations Act places responsibility on you to decide how to comply.”

The Government produced the legislation in 2001, but even today there are few, if any, publicly available certified courses that licensees could attend to learn techniques to facilitate a ‘new age — value added’ approach to compliance organisation and management.

Operating efficiently

Operating efficiently means having the systems, procedures, processes and controls in place to ‘document’ your capacity and your continued adherence to general obligations. In addition, and perhaps posing the greatest challenge, these systems should make it easier, not more difficult, for clients to transact or interact with you in acquiring your products or services.

Although challenging, the development and implementation of efficient systems and processes can be an exciting and creative activity involving all compliance and risk management staff. But it does involve much more than simple checking.

It means challenging every aspect of your processes to ensure that, in addition to providing the ‘proof’ of compliance, the process is operating as efficiently as possible, that it is increasing the productivity of your business and that it is adding real value to your clients by improving your service delivery.

This means a couple of things. First of all, you must have adequate resources, particularly in terms of properly qualified and trained staff who are committed to and regularly engaged in continuing professional development. Proving to a regulator that you have these properly qualified and trained staff involves recording the details of staff qualifications and ongoing training in a training and development register.

Secondly, it means regularly reviewing and testing appropriate risk management controls and strategies that provide reassurance about the ongoing viability of your business. These tests should be able to prove that your business is resilient and can continue to operate in all kinds of weather.

Proving to a regulator that you uphold the requirement to operate honestly comes down to how well your documented processes support your disclosure obligations and your transparency when dealing with clients, regulators and associations. The trouble is that this can be open to interpretation.

So, at a practical level, you need to look at your internal systems. They must be able to identify, analyse and manage any information that could influence a client’s decision about your product or service. In a broad context, this is often referred to as conflict of interest.

Conflict of interest is an often misunderstood area of compliance. Many think it refers only to perks, entertainment and gifts. In fact, it goes well beyond this definition. You must have systems in place that spell out exactly what you receive, in dollar terms, by way of commissions, bonuses, fees, promotions, research, and terms and conditions, to name but a few.

A fair go

Proving that you act fairly really boils down to one thing: having a process in place, which your staff and representatives embrace, that ensures your clients are treated fairly. This means having an effective and available complaints and dispute resolution process.

Your complaints procedure should clearly outline what happens to a complaint when it is received and how it is handled. Each part of the process must have a set of guidelines containing performance objectives as well as clearly defined levels of authority.

Even though all licensees must belong to an independent disputes resolution scheme, the clear preference is to have a process that resolves complaints internally whenever possible.

Is compliance part of your culture?

The regulators want to see evidence of a culture of compliance in the form of active, ongoing documented and verbal support of your compliance procedures from everyone within your business — from your most senior managers to operational and administrative staff.

The regulator will also want to see how well your policies and procedures (which should effectively integrate your licence obligations into your standard operating procedures) are communicated to and understood by all. They will want hard evidence that your policies and procedures are properly implemented, are a part of your operational culture and that everyone is actively engaged in the process.

This means they will want evidence that staff and representatives comply with the law and actively and willingly support your governance and compliance programs by ‘walking the talk’. Success will most likely be represented by your employees working in ways that comply with your requirements and policies and say, ‘That’s the way we do things here’.

The specifics of what you need to do in order to comply will depend on the size and type of financial services business you operate. Just like clothing, one size does not fit all.

Tim King is a director and principal consultant with Compliance & Risk Management CRM Navigators, a boutique consultancy specialising in compliance and risk management consulting, training and coaching. Their clients are primarily in the insurance, financial planning and commodities trading markets.