Don’t be afraid of breach reporting
facebook Twitter LinkedIn RSS
In this edition:
- Dont be afraid of breach reporting;
- ASIC enforcement report; and
- New digital disclosure measures.
Don’t be afraid of breach reporting
ASIC Commissioner Greg Tanzer has emphasised that financial services firms should not be fearful of reporting breaches. In fact, the Commissioner has said that ASIC understands that it is normal for a certain number of breaches to occur and therefore firms with an empty breach reporting log are far more likely to attract attention.
It’s believed that recent media reports including those related to IOOF allegedly breaching their reporting obligations by not issuing warnings to senior staff, may be prompting some firms to under-report or to at least equivocate their logs.
ASIC released further guidance on breach reporting in May to remind all AFS licence (AFSL) holders that they must notify ASIC in writing of any ‘significant’ breach (or likely breach) of their obligations under sections 912A and 912B of the Corporations Act 2001 (Cth) (Corporations Act) as soon as possible, or within 10 days of becoming aware of the breach or likely breach. The regulatory resource also clarified what a ‘significant’ breach was and which forms a licensee needs to fill out.
Whether a breach is significant will depend on individual circumstances however factors which can help to determine that a breach is ‘significant’ include the:
- number or frequency of similar previous breaches;
- impact of the breach or likely breach on the licensee’s ability to provide the financial services covered by the licence;
- extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate; and/or
- actual or potential loss to clients or the licensee itself.
In case of doubt, ASIC encourages AFSL holders to report a breach, using form FS80 or a written report sent to ASIC.
Penalties apply for not reporting significant breaches, or not reporting them within the required time frame and there are no viable excuses for not doing so, according to ASIC’s Regulatory Guide 78(Breach reporting by AFS licensees).
Once a report has been made to ASIC, determining the consequences of the detected breach/es becomes a matter for the reporting licensee and ASIC. As demonstrated by the recent National Australia Bank (NAB) and IOOF cases, these reports, when not done correctly or in a timely manner, can result in adverse media coverage and reputational repercussions.
Commissioner Greg Tanzer has said in relation to the NAB investigation that ‘it is important for entities to ensure that, where errors do occur, that they are identified as early as possible and appropriately rectified.’
ASIC released Report 44 (Report) last week outlining the enforcement outcomes it has achieved during the first six months of 2015. The report gives a high-level overview of ASIC’s enforcement priorities, primarily tackling poor culture, and it also highlights important decisions made by the regulator in the first half of 2015.
From 1 January to 30 June, ASIC has achieved a total of 323 enforcement outcomes including criminal and civil and administrative actions. Ten individuals were charged with a total of 82 criminal charges and 25 individuals were banned from the financial services or credit industries during this period.
ASIC’s three current enforcement priorities are:
- tackling poor culture;
- retail margin foreign exchange trading; and
- illegal phoenix activity.
Tackling poor culture
The Criminal Code Act 1995 (Cth) defines ‘culture’ as including attitude, policy, rule and course of conduct or practice. ASIC focuses on culture because it’s a key driver of conduct in the financial services industry, and ASIC’s Commissioner Greg Tanzer has disclosed that culture will remain a major priority over the next six months and beyond.
Poor culture can generate costs for businesses including remediation or compensation costs, fines and costs associated with damaging a business’ brand or reputation. The Report suggests a fundamental shift in the culture of the financial industry to developing a culture that focuses on achieving and rewarding good conduct and outcomes for customers, as issues with poor advice and mis-selling of financial products to consumers are all too common. We’ve previously published an article which details how organisations can improve culture, identifying the ‘3 C’s’ framework on culture risk: communication, challenge and complacency.
ASIC’s recent remediation work to improve culture includes working with an organisation to ensure that consumers who have suffered loss due to systematic failures within that organisation are compensated appropriately. Of note is the case where Australia and New Zealand Banking Group (ANZ) refunded $75 million to approximately 235,000 customer accounts after overcharging interest repayments for mortgage accounts.
Retail margin FX trading
The risk of retail margin FX trading comes from the ability of investors to trade with borrowed money and most FX trading products are highly leveraged meaning that the investor only has to pay a fraction of the value of the trade upfront.
Despite the risk, an increasing number of businesses have applied for an AFSL to set up and operate these retail margin FX broker businesses and over the last 12 months, ASIC has shut down, suspended, restrained and cancelled the licences of numerous organisations in Australia. For example, the cancellation of Rainbow Legend Group Pty Ltd ‘s AFSL after an ASIC investigation found that the company had:
- falsely promoted, on a number of websites, a non-existent insurance compensation scheme for clients of up to $2.5 million;
- used ASIC’s logo on its websites leading clients to wrongly believe that the company was endorsed or approved by ASIC; and
- failed to comply with a number of reporting obligations including EOFY financial statements and auditor’s reports.
Illegal phoenix activity
Phoenix activity generally involves current or previous directors of an indebted company intentionally and dishonestly transferring assets of that company to a new company to avoid paying creditors, tax or employee entitlements. This kind of illegal activity leads to high costs for the Australian economy (estimated between $1.78 and $3.19 billion each year).
To combat this illegal activity, ASIC revealed in the Report that they’ve taken the following action:
- the construction of an industry statutory declaration campaign;
- the creation of proactive phoenix and registered liquidator surveillance programs;
- joined the Australian Tax Office (ATO)’s new Phoenix Taskforce;
- made submissions to the current Senate Inquiry into Insolvency in the Construction industry; and
- made submissions to the current Productivity Commission Inquiry into business set-up, transfer and closure.
More to come
ASIC has been busy over the last six months. It has:
- commenced 136 investigations;
- completed 137 investigations;
- brought 82 criminal charges (some of which resulted in jail time);
- banned 25 individuals;
- accepted six enforceable undertakings; and
- disqualified 19 directors;
However, Commissioner Tanzer says there is more to come. The Commissioner said in an ASIC media release regarding the Report that ‘ASIC is committed to holding those who intentionally break the law to account so that trust and confidence in our financial services industry and markets is strong’.
ASIC is planning to incorporate examinations of culture into their role as regulator. Examinations of culture will be included in their risk-based surveillance reviews and the findings will be used to better understand how culture is driving conduct.
ASIC introduces digital disclosure measures to facilitate financial services delivery
New ASIC guidelines and relief instruments enable businesses to digitally communicate important information to financial services consumers. Regulatory Guide 221 Facilitating digital financial services disclosure was introduced in July 2015 and aims to remove previous barriers to electronic disclosure and facilitate innovative uses of technology in the delivery of information to consumers. The changes remove legal and legislative barriers in order to:
- enable default delivery of digital disclosure; and
- allow for more innovative forms of product disclosure statements (PDS), FSGs and SOAs.
What are the new guidelines?
ASIC has introduced the guidelines and provided relief via ASIC instruments from various provisions of the Corporations Act to facilitate the use of digital financial services disclosures.
The new guidelines enable businesses to send disclosures to consumers digitally as the default option. The affected types of disclosures include:
- ongoing disclosures;
- periodic statements;
- confirmations of transactions;
- annual superannuation information;
- financial services guides and statements of advice;
- product disclosure statements (PDS);
- additional information provided by a superannuation trustee;
- unsolicited offers to purchase financial products off-market; and
- additional information on request.
Consumers are able to request postal delivery of physical documents if this is their preference. These guidelines aim to facilitate disclosure between businesses and consumers and to encourage innovation in the communication of information about financial products and services. These guidelines will also enable companies to reduce their printing and mailing costs.
What are the effects of the changes?
Under previous regulation, although providers were able to deliver most ongoing disclosures digitally (usually by publishing them on a website and giving a notification), the provider was generally required to agree to this method of delivery with the consumer. As a result, the default method of disclosure remained printed disclosures sent to a postal address.
An estimated 55 million letters are sent to consumers by financial providers as a result of the regulatory regime’s inability to allow the participants to choose the most effective method of disclosure.
This new approach will benefit consumers who do not currently engage with a paper disclosure e.g. renters who move postal addresses frequently.
A disclosure regime that is technology neutral would allow financial service providers to choose the most appropriate method of communication, without unnecessarily limited choice.
The previous regulations maintained the default of printed disclosure on the basis of consumer protection, given that digital communication was a relatively new phenomenon for some consumers. However, given that 92% of Australian adults are online and that 72% of those online undertake financial transactions using the internet, this position no longer reflects the reality of consumer expectations. The benefit provided to the minority of Australians who are not online is no longer justifiable, especially given the burden on providers and consumers. ASIC’s action has removed the unnecessary red tape that prevented digital disclosure.
What is the impact on financial services providers?
ASIC Commissioner John Price stated that ‘ASIC wants industry to harness the opportunities of digitisation and is encouraging the use of more engaging forms of communication’. Mr Price believes that this change ‘can boost consumer understanding of financial services and products’.
With the change in default delivery method, providers can invest in delivery methods that meet the changing demands of consumers, such as interactive apps, videos, games and audio presentations. Given the importance of the duty of disclosure, financial service providers must ensure that they reach out to vulnerable consumers. Although safeguards are in place to ensure that providers take steps to ensure that the disclosure is delivered, the onus remains on the consumer to ensure that their contact details are updated.
Providers are still required to provide clear, concise and effective disclosure by using a method and form of delivery that best suits their client. These changes enable providers to minimise the costs associated with printed disclosures, but have the broader aim of improving consumer understanding by shifting to a delivery method that suits current consumer needs.
Compliance with Current and Future Child Protection Laws – Embedding a Child Protection Culture. How can this be achieved?