Consistent with practices overseas, the trend of regulators leveraging the industry’s interconnectedness to enable more effective surveillance and oversight has come to Australia. While in some ways this is a positive development for consumers as it could lead to an uplift in standards of conduct across the board, it means a higher compliance burden on issuers and distributors of financial products.
The financial system plays a key role in supporting broader economic activity in Australia, so it is a system which is of huge value to the community at large. Given this cornerstone role in our society, it is critical that the system operates in a way that meets community expectations. If you deposit your cash into a bank, you should have a high degree of confidence that your cash will be available to you to withdraw in the future. If you invest in a pension scheme, you should have confidence that your funds will not be dissipated by virtue of fraud or theft. Although the latter will be exposed to the normal risks of investing.
The historical approach taken by governments and Regulators to ensure the soundness of the financial system has been threefold:
- Impose obligations on firms to do certain things or abide by principles set down by legislation or regulation;
- Subject firms to regular oversight by independent auditors and impose reporting obligations on these auditors; and
- Hold Boards (and therefore Directors) accountable. And more recently, senior management, under the new accountability regimes.
For the most part, this system of obligations, checks and accountability has been successful in its objective. However, our system is framed to be ‘light touch’. Regulations are mostly principle based, Boards cannot be across all the details of all the firm’s operations, and auditors apply sample testing and various materiality thresholds when reviewing financial statements for accuracy.
In the last few years, we have observed a new regulatory trend which looks to supplement the traditional approach – the increasing role that clients and counterparties are being asked to play in monitoring conduct and compliance of industry players. In this article, we look at what this means in practice and the important role that RegTech plays in supporting these new obligations.
Investment Management oversight
Probably the most established and long-standing model is one of institutional clients (pension funds, insurers, etc) performing due diligence on those who manage their funds. The robustness of this framework is reflective of the level of risk posed and some high profile collapses through the years.
During the 1980’s and 1990’s a focus on performance returns drove a large majority of investors. This attitude changed following the global financial crisis and due diligence increasingly came to the fore as proactive risk management.
In Australia, APRA’s set out its expectations of pension providers in relation to oversight of investment management companies in 2014. And in response, the two industry bodies—the Australian Institute of Superannuation Trustees (AIST), which represents Responsible Superannuation Entities (RSEs), and the Financial Services Council (FSC), which represents fund managers and RSEs in retail superannuation — formalised the approach for operational due diligence which governs oversight arrangements today.
The model is very well established in Australia and a number of providers supply due diligence services to institutional clients in addition to larger asset owners conducting their own reviews. This has led to a lifting of the bar across the investment management industry with Investment Managers having to meet a number of minimum standards in order to be able to access these institutional mandates.
Breach reporting – dobbing in
The new breach reporting regime introduced in October 2022, introduces an obligation on a licensee to report to ASIC if there are reasonable grounds to believe a ‘reportable situation’ has arisen in relation to a mortgage broker, or individuals who provide personal advice to retail clients in relation to certain financial products.
ASIC has clarified that it does not expect licensees to take proactive steps to investigate potential reportable situations involving other licensees that it deals with in the course of its business. Rather, they are now to be obliged not to turn a blind eye to any facts that come before them through their usual practices or processes that would give them reasonable grounds to conclude that a reportable situation has arisen for another licensee.
This new obligation creates an informal oversight arrangement between issuers and distributors of certain financial products within the chain of financial services.
DDO distributor oversight
With the introduction of the new Design and Distribution (DDO) obligations in October 2021, ASIC has been clear that appropriate arrangements (governance, systems, controls) must be in place to ensure product design and distribution leads to sound consumer outcomes. ASIC has also been clear that the selection and monitoring of distributors forms part of a product issuers reasonable steps obligations. In RG274 ASIC provides that:
“[w]e will consider the steps that an issuer has taken in conducting due diligence in the selection of distribution channels, methods and distributors. Reasonable steps will generally include making an assessment of the capacity of the distributor to comply with the distribution conditions imposed and meet its own obligations as a distributor. We consider that relevant factors would include an assessment of the distributor’s resources, internal controls, past conduct, experience with the target market and competence to distribute the financial product to the target market.”
A useful starting point for product issuers is to consider what processes, systems and controls it would have in place if it were to distribute its products directly to retail clients to ensure the products are sold as intended and in line with the Target Market Determination. This could include controls and processes in relation to product, sales and compliance training, scripts / conversation guides, setting of key performance indicators and appropriate use of incentives. Global firms can also learn from their overseas counterparts who may have implemented KYD and distributor oversight programs for the rollout of MiFID II in Europe or the SFC’s product governance requirements in Hong Kong.
In some segments of the industry, this will be a paradigm shift especially where the product issuer / distributor relationship is one where distributors are seen less as business partners and more as valued clients. In these segments there may be a tension as product issuers look to achieve their reasonable steps obligations without ‘troubling’ distributors. PX Partners is supporting issuers and distributors with the KYD solution for distributor monitoring to take the pain out of the process and reduce costs for all.
Customer due diligence reliance
Changes introduced by AUSTRAC in June 2021 have created new obligations on Reporting Entities where reliance is placed on customer due diligence (CDD) conducted by a third party. These arrangements can often reduce compliance costs and provide a better customer experience so that CDD is not duplicated or repeated by multiple businesses.
However, Reporting Entities must manage the risks and regularly assess the arrangement. Entering a CDD arrangement can allow Reporting Entities to take advantage of customer identification and verification performed by a reliable third party on an ongoing basis. These arrangements also provide ‘safe harbour’ from liability for isolated breaches of the customer identification procedures – provided that due diligence has been completed and that the third party’s processes and procedures to be adequate. Reliance can be placed without a CDD arrangement on a case-by-case basis. In these circumstances, the Reporting Entity is liable for any breaches of customer identification procedures when a designated service is provided to a customer.
The Reporting Entity must ensure the third party has appropriate measures in place to comply with their obligations:
- It must be a reliable third party (as defined).
- CDD arrangements must be recorded in writing with approval from a senior managing official or governing board.
- The CDD arrangement must include an outline of the responsibilities of each of the parties to the arrangement and provisions to enable the relying reporting entity to obtain all required KYC information relating to the identity and verification details on request.
- Assess CDD arrangements regularly, at least every two years.
When managing risk under a CDD arrangement, it is important to remember that the ML/TF risk assessment of the third party may be different to your own so that the procedures applied by the third party must reflect the risk assessment of the Reporting Entity who is placing reliance.
So what does this mean for me?
- Like it or it not, there is a regulatory trend toward devolved oversight obligations being formally imposed on participants within the chain of financial services. This means that firms will have to establish oversight processes and controls to discharge these new obligations.
- Get ready for more difficult conversations with your Distribution network as the relationship is shifting away from the traditional issuer–distributor sales & relationship focus to one with an oversight and feedback loop.
- Firms should leverage and adapt existing oversight structures and resources which already exist to manage additional compliance without a substantial increase in costs.
- Regulatory technology (RegTech) solutions should be deployed by firms which can assist with efficiency and effectiveness in addition to reducing the associated resourcing costs.
firstname.lastname@example.org is passionate about supporting clients with designing fit for purpose oversight arrangements that work. Reach out to learn more about how PX Partners can help.