What is an Investigation?

As the new breach reporting obligations are about to commence from 1 October 2021, ASIC has provided an explanation of what constitutes an investigation into a possible breach and what should trigger the start of a 30-day window before investigations become a “reportable situation”.

Questions have been raised as to when an investigation into a possible breach starts amid concern that too many scenarios would trigger an investigation.

ASIC has outlined several situations in RG 78 that aren’t considered starting points.

ASIC has stated that the “mere receipt of a detective control” such as a disclosure from a whistleblower, a complaint, or a regulatory request is not an investigation that needs to be reported.

Further to this, “preliminary steps and initial fact-finding inquiries into the nature of the incident”, are not considered starting points, as long as they are completed over a short time frame and as an initial response.

ASIC also advised that, “business as usual inquiries such as routine audits, quality assurance monitoring, or other internal compliance review processes, are only reportable to us if they are triggered by an incident or assess, or will be, assessing a possible breach of a core obligation”.

These explanations also include four example scenarios − including fee for no service issues and complaints, and case studies designed to illustrate when an investigation is triggered and subsequently becomes reportable.

An investigation will now become reportable on day 31 of the investigation, after which licensees will have another 30 days to lodge a report to ASIC.

If you see something, say something

Most of us have heard this phrase before. It has generally been used in the US regarding recognising behaviours and indicators of terrorism and terrorism-related crime.

So why would I use this phrase then? Surely I’m not likening financial planners to terrorists?

Not at all!

The majority of advisers I know, and work with, are doing the best they can for their clients, in trying and often confusing circumstances. They need a little guidance and coaching along the way, but generally, they know their clients and they want good outcomes.

The reason this phrase has come to mind recently is that from 1 October 2021, the new breach reporting obligations commence.

From my point of view, one of the biggest components of the new obligations is that there is now an obligation for licensees to lodge reports in relation to other licensees.

Under this new obligation, a licensee must lodge a breach report when they first reasonably know that there are reasonable grounds to suspect that a reportable situation has arisen about an individual who provides personal advice to retail clients about relevant financial products (this excludes basic banking products, general insurance products, consumer credit insurance or a combination of any of these products) and is operating under another AFSL.

Some articles that I have read are calling this the “Dobbing Obligation”.

But is it really?

We cry out to be recognised as a profession, yet there has been an inherent reluctance in the industry to report advisers who engage in misconduct or poor advice outcomes for clients.

And the reason, for most Licensees, is that they have been concerned about lawsuits and claims of defamation.

So in other words, Licensees have acted in a Ïf you see something, don’t say something, just let the problem go”.

The new obligation provides Licensees with protections when they are sharing information for reference checking protocols. This, in my opinion, is a good step, as long as the information is based in fact and evidence. It cannot be based on opinion.

But it also opens it up to the greater adviser community.

If we are truly passionate about this industry, and about providing positive outcomes to our clients, don’t we also want to ensure that the minority, who may be doing the wrong thing, are not practising or moving between licensees.

Maybe it is time that when you come across some form of poor advice from another adviser that you ask the question of your licensee, or a compliance consultant. Maybe it is time that Ïf you see something, say something”.

To Breach or Not to Breach – That is the Question?

As an outcome to the Hayne Royal Commission, current breach reporting requirements have been strengthened and have also been introduced for credit licensees.

Up until the 1st of October 2021, there have been transitional arrangements for Australian Financial Service Licensees (AFSLs) to update their systems and processes for the new requirements.

AFSLs now have a reporting obligation when it ‘knows’ that there has been, or will be, a significant breach, and where they know that there are reasonable grounds to believe that it is the case or is reckless as to whether there are reasonable grounds to believe that it is the case.

The reporting obligation now extends to the investigation stage if the investigation has continued for more than 30 days.  ASIC also requires a report on the outcome of such investigations.

AFSLs will now need to notify clients of reportable breaches involving personal advice to retail clients and must investigate and quantify any loss or damage suffered and compensate the affected clients under this requirement.

The new regime also introduces an obligation for AFSLs to lodge reports in relation to other licensees. AFSLs must lodge a report with ASIC within 30 days after they first know there are reasonable grounds to suspect that an applicable reportable situation has arisen about individual financial advisers.

As an AFSL, you must report to ASIC a range of conduct that the law describes as reportable situations.

Reportable situations include:

  • significant or likely significant breaches of core obligations;
  • investigations into whether there is a significant or likely breach of a core obligation if the investigation continues for more than 30 days;
  • the outcome of such an investigation if it discloses there is no significant or likely breach of a core obligation;
  • conduct that constitutes gross negligence or serious fraud; and
  • conduct of financial advisers who are representatives of other licensees in certain prescribed circumstances.

Core obligations

Under s912A and s912B of the Corporations Act 2001 (Corps Act), the core obligations are that an AFLS must:

  • do all things necessary to ensure that the financial services covered by your AFSL are delivered efficiently, honestly and fairly;
  • comply with the conditions of your licence;
  • have adequate resources to provide the financial services covered by your licence and to carry out supervisory arrangements;
  • be competent to deliver the financial services covered by your licence;
  • have trained and competent representatives;
  • take reasonable steps to ensure that representatives comply with the financial services laws;
  • have dispute resolution systems in place for retail clients;
  • have adequate risk management systems; and
  • have compensation arrangements for retail clients.

Reportable situations

RG78 outlines four types of reportable situations:

  1. breaches or ‘likely breaches’ of core obligations that are significant;
  2. investigations into breaches or likely breaches of core obligations that are significant;
  3. additional reportable situations; and
  4. reportable situations about other licensees.

A likely breach is referred to as a reportable situation that an AFSL is no longer able to comply with a core obligation and the breach, if it occurs, would be significant.

There are reportable situations that do not require a determination of significance before being reported to ASIC. 

These include:

  • additional reportable situations (gross negligence or serious fraud), which must be reported to ASIC and require no determination of significance;
  • deemed significant breaches, which are automatically taken to be significant by law; and
  • investigations that continue for more than 30 days, which require consideration of whether there may be a breach (or likely) breach of a core obligation that is significant, but do not require determination of significance before being reported to ASIC.

Other breaches or likely breaches of core obligations will require a determination of significance before being reported to ASIC.  

When is a breach significant?

  1. Deemed significant breaches—In certain situations, a breach or likely breach of a core obligation is taken to be significant.
  2. Other breaches that may be significant—In other situations, a breach or likely breach of a core obligation will need to be considered against factors to determine whether it is significant.

An accurate and complete breach register can help with timely identification and adequate reporting. For example, if you identify a single, isolated breach which is not significant, it should be recorded in your breach register or in your risk management system. Although a single breach may not be significant, multiple breaches of the same kind may result in a later breach being considered significant.

What are deemed significant breaches?

For a breach of a core obligation to be deemed significant, it will have:

  1. the obligation breached is an offence that is punishable on conviction by a penalty of 12 months or more, or if the offence involves dishonesty, three months or more;
  2. the breach is constituted by a contravention of a civil penalty provision, unless excluded by regulation;
  3. the obligation breached is with regards to misleading or deceptive conduct in relation to a financial product or financial service; or
  4. the breach results, or is likely to result, in material loss or damage to customers.

New Financial Year, New Changes

With the new financial year commencing, there are a raft of changes that your business needs to ensure it has in place to meet legislative requirements.  From changes to Fee Disclosure and Opt In, to new requirements to disclose lack of independence to new breach reporting requirements, and everything in between.

In this article, we will go through all of them.

Disclosure on lack of independence

Out of all of the changes, this one is probably, in my opinion, the easiest to implement for all financial planning licensees.

The Disclosure of Lack of Independence requires a statement to be included on the first substantive page of the financial services guide (“FSG”).

The first substantive page will be the second page of the FSG after the title page.  In ASIC’s guidance, it will be directly following the services the AFSL provides.

The statement must contain the following where relevant:

  • You are receiving commissions on the sale of life insurance products that are not rebated in full to clients.
  • You are wholly owned by an issuer of the financial products that you give personal advice on to retail clients.
  • Your AFSL, or another authorised representative that is authorised by your AFSL, receives commissions, volume-based payments or other gifts or benefits.

The statement MUST be in a box on that page and be the same font size as all other text in the FSG.  It is important to note that it CANNOT be a footnote.

For guidance and sample wording on what is expected, click here.

New Fee Disclosure and Opt-In requirements

For those who have been in the industry since 1 July 2013, you have become used to sending Fee Disclosure Statements every year and Renewal Notices (or Opt-In Notices) every two years.

The written consent must include the following:

  • The client/s’ name
  • Your name and contact details (the fee recipient)
  • an explanation of why you are seeking the client’s consent
  • information about either:
    • the amount of ongoing fees the client will pay during the upcoming year, or
    • if you cannot determine the exact amount, a reasonable estimate of the ongoing fee and the method you used to calculate the estimate
  • information about the frequency of ongoing fee deductions that the client will pay during the upcoming year
  • details about what accounts the fees will be deducted from and how much will be deducted out of each account
  • a statement about how long the consent will last
  • a statement to the effect that the client can vary or withdraw their written consent at any time, and
  • a date indicating when the consent was given by the client.

Unlike previous Renewal Notice requirements, the new written consent requirements are annual.

Click here for frequently asked questions regarding fee arrangements.

Breach Reporting

From the 1st of October 2021, enhanced breach reporting requirements will commence.  Under these new requirements, the following three circumstances require automatic reporting obligations:

Conduct constituting gross negligence or serious fraud

Breach or likely breach of a core obligation that is deemed significant

The definition of ‘core obligation’ largely reflects the existing list of obligations in section 912(1)(a) of the Corporations Act 2001 (Cth) and equivalent provision in the National Consumer Credit Protection Act 2009 (Cth).

The Act goes further and provides that several of those statutory obligations will now be taken to be ‘significant’, and therefore reportable, irrespective of the circumstances.

This includes a breach of any ‘obligation’ that:

  1. is subject to a penalty that includes imprisonment for a maximum period of three months or more (for dishonesty offences) or 12 months or more (in all other cases);
  2. constitutes a contravention of a civil penalty provision;
  3. constitutes a contravention of the prohibitions on misleading or deceptive conduct in the Corporations Act or ASIC Act 2001 (Cth); or
  4. results, or is likely to result, in material loss or damage to clients.

The range of breaches that will now automatically be considered ‘significant’ for reporting purposes is substantial.

Further, the scope for conduct to be considered misleading and deceptive (and therefore deemed significant) is wide and may encompass trivial misdescriptions that have no client impact.

An investigation into a breach or likely breach of a core obligation, and that investigation has continued for more than 30 days

If an investigation has continued for more than 30 days, it will become a reportable situation on Day 31. This will lead to a further reporting obligation once that investigation is concluded. The timing of when an investigation is found to have started and concluded will therefore be of critical importance for reporting purposes, and the Regulator has made it clear that it will be a matter of fact not for subjective determination by a licensee.

As is usually the case, an important term, being ‘investigation’ will be fact specific, and while undefined by the Act, it is acknowledged that it will vary depending on the size of the licensee’s business, their internal systems and processes, and the type of breach.

Complaints Handling

From the 5th of October 2021, you must be adhering to new Internal Dispute Resolution procedures.  These procedures, which were released in July 2020, outline how Financial Services Licensees must handle complaints.

RG271 sets out the following:

  • Reduced timeframes for responding to complaints (from 45 days to 30 days).  Please note that RG271 specifically states that it is CALENDAR DAYS and not business days.
  • What information is required in written response to allow consumers to decide whether to escalate their complaint.
  • Gives guidance about how firms can deal with representatives who are not acting in the client’s best interests.

It is also worth noting that under the new RG271 requirements, firms can no longer request additional time to respond to a complaint and, at the end of the IDR timeframe, must refer the complaint to AFCA.

Within your business planning and regular compliance committee meetings, it is important that you have implemented the requirements due from the 1st of July and have a plan in place to implement the additional changes.

If you need us to review your current IDR and Breach Management, please let us know.

Where are your priorities?

Originally published | 16th September 2016

Set out in s961J of the Corporations Act, is a rule that many advisers might gloss over. It is the conflicts priority rule.

This rule is similar in nature to the previous obligation to provide “appropriate advice”. The priority rule expressly requires an advice provider (Financial Adviser) to prioritise the interests of the client if the financial adviser knows, or reasonably ought to know; when they give the advice that there is a conflict between the interests of the client and the interests of:

  • The financial adviser; or
  • The financial adviser’s Australian Financial Services (AFS) licensee.

Read More

Your Objectives, should you choose to accept them!

Originally published | 23rd September 2016

What do most compliance managers, or quality assurance managers, question when discussing the quality of advice?

Does the recommended strategy meet the client’s goals?

The invariable discussion is that in the fact-finding stage of advice, you the adviser, must document the client’s goals. These goals must be specific, measurable, achievable, realistic and timely.

Read More

Evolution of Legislation

Originally published | 2nd October 2017

A lot of advisers I speak with still long for the good old days where advice seemed easier and the compliance burden was less.

Unfortunately, because of the sins of a few, our legislation has had to evolve to protect not only the client, but ourselves.

That’s the nature of a mature society as well, where they can evolve their legislation, and their constitution, to meet the demands of the current day.

Read More