It’s back to school this week signalling that the holiday period is well and truly over. Back to the grind with the addition of rapid antigen testing this year! Over the break, we have been reflecting on the year that was in 2021 and what is to come in 2022.
Without doubt, the past year was almost unprecedented in the amount of regulatory change. This year offers some much-needed reprieve with few changes announced for the year thus far. Government and Regulatory bodies are actively consulting with industry and other stakeholders to shape the next round of changes. And industry is using this time to take a breath, review and iterate what has been done in 2021. Given the confluence of change in October last year, we see a number of deliverables which were deferred to ‘day 2’ rightfully getting attention now. To help out with your planning, we’ve compiled a short list of things consider for the year ahead.
1. File your AML/CTF Compliance report with AUSTRAC
The filing period opened in January so no doubt this is already near the top of your list. We note with interest some of the new sections / questions in the report:
- New questions about outsourcing the development of your AML Program and ensuring it is tailored to the business. This highlights the importance of an entity-specific Program and a sign that AUSTRAC sees this as a current weakness in AML Programs that have been reviewed.
- The mandated independent review is subject to further interrogation this year – whether or not the timeframe for independent reviews is specified in the AML Program (e.g. every two years). If it is not, an explanation as to why is required. This may be data gathering in preparation for a regulatory update mandating specified review timeframes.
- The Regulator is also now seeking details of transaction monitoring in place, querying the level of automation in the process, potentially signaling future guidance over requirements for the testing of automated components as a part of the independent review.
Lastly, you may want to refresh yourself with the changes to the AML/CTF Act that came in to effect in June 2021, particularly around reliance on third party customer identification and verification. Current practices in Europe and Asia see product issuers conducting due diligence on distributors as part of broader distribution governance arrangements (e.g. DDO).
Complete your compliance report before 31 March: AUSTRAC compliance reports | AUSTRAC
2. Review your Whistleblower policy & Modern Slavery Statement
In October 2021, ASIC sent a letter to CEOs detailing findings of its Whistleblower policy review and reminding them of their whistleblower requirements per 2019’s RG 270 Whistleblower Policies. The results of the review of some 100 policies found that the majority of policies provided unclear, incomplete or inaccurate information about how whistleblowers could raise a matter, and what protections they are afforded under the Corporations Act. Additionally, ASIC noted that some policies still referenced obsolete requirements and that others omitted or inaccurately described whistleblower protections.
Fortunately for recipients, ASIC have included detailed observations and commentary as to better practices at the individual requirement level which gives reasonable insights into their expectations of a well-written policy. See the full media release here.
At the end of last year, Monash University released their analysis of the Modern Slavery (MS) Statements of the 100 largest listed companies on the ASX. The results were widely reported in the media and contain some good learnings particularly around the importance of due diligence and remediation. While the importance of a well written policy and robust framework may seem of less importance for unlisted companies, we expect this area to come in for more scrutiny by institutional clients (e.g. superannuation funds) and other gatekeepers in line with the increasing focus on ESG matters. If you have a MS Statement, consider the Monash report and whether enhancements are required.
3. Re-visit the proposed systemic issue analysis and day 2 activities for your Internal Disputes Resolution (i.e. complaints)
RG271 brought about significant changes to the complaint management processes (capturing, responding to, analysing and reporting). Some firms did not treat enhancements to their complaint management processes as day 1 activities so it is worth re-visiting the final decisions on responsibility, frequency, and any details of how these will be performed. Another area that has been left in the day 2 bucket at many firms is settling on how the effectiveness of the IDR process will be monitored, by whom, and at what frequency. Similarly, linking and leveraging analysis performed across both incidents and complaints to ensure systemic issues are identified is key, and an area that may not have been given adequate attention in the scramble leading up to go live in October 2021. We can see these matters becoming issues if left unaddressed for too long, particularly at board reporting time.
4. Perform distributor due diligence and review distributor governance agreements (Regulatory Guide RG 274 Product design and distribution obligations)
We saw a real focus on TMDs as the perceived day 1 critical activity for DDO. But DDO is much more than just TMDs and focus should already have shifted to implementation of governance arrangements including the review and monitoring of distributors. While Programs should already outline how distributors will be monitored (e.g. understanding processes and controls in place via questionnaires, reviews, etc.), they may not consider some of the more practical aspects like what to do with incomplete and inconsistent information from distributors (and exactly who will be making these determinations). In addition, given that some target market determinations will need to be reviewed by October 5, it’s a good time to start formalising the finer details of the review process.
5. Revisit your controls
The quantity and quality of documented controls varies across firms but it is always a good exercise to give them another look. Time bound review periods can help identify duplicated, obsolete or outdated controls and is an opportunity to document any known, but yet to be documented, controls. If you are looking to enhance your risk and control regime, it is good practice to follow a specific taxonomy ensuring controls are documented in a consistent format and structure helps ensure that controls are applied against the correct risks allowing for a more accurate residual risk assessment. When controls follow a consistent taxonomy and documentation standard, the population of controls can be analyzed to highlight over-reliance on certain types of controls (e.g. manual detective controls) or under-use (e.g. lack of monitoring controls).
6. Get ready for CPS 511
If you want to be on the front foot of one of the next significant regulatory changes, CPS 511 comes into effect from 1 January 2023 for ADI SFIs, with a further staged implementation until 1 January 2024, when it comes into effect for all other APRA regulated entities. Presumably this is being done in conjunction with FAR requirements (where applicable) but this will be new requirements for some. Given that it deals with the often contentious issue of remuneration, we’d suggest allowing additional time for consensus and approval of requirements such as variable vesting, payout schedules and downward adjustment processes.
See the final draft here: Final Prudential Standard CPS 511 Remuneration
7. Get involved with some consultation
We know that it is difficult to find the time to participate in the consultation process but we know that Government and Regulators find these insights invaluable when shaping rules and regulation. It is often more efficient to participate through submissions coordinated by industry bodies (e.g. FSC, FPA) or through services providers which have industry wide reach (e.g. Accounting or Legal firms, custodians) Some to watch for this year:
- regulatory relief for Foreign Financial Service Providers (closed 12 January 2022)
- Implementing Corporate Collective Investment Vehicles (closed 21 January 2022)
- Draft terms of reference of the quality of advice review (due 4 February 2022)
- Financial adviser education standards (due 1 February 2022)
- Employee Share Schemes (due 4 February 2022)
- Consumer remediation draft guidance (due 11 February 2022).
Without the hard deadlines imposed by regulatory change, the to-do list this year has a bit more flexibility but certainly no shortage of action.
Talk to email@example.com about how PX Partners is supporting clients with implementation and iteration in 2022.