ComplianceKeeping Customers and
Regulators Happy
Delia Rickard
Deputy Executive Director
Consumer Protection
2
ASIC
• Consumer protection regulator for the financial services sector
• Undertake surveillances of our regulated population to ensure compliance
• Also focus on unlicensed activity• Take enforcement action• Seek to educate consumers so that they
can make informed choices.
3
Our compliance role
• Helping industry understand their legal obligations & our expectations.
• Providing incentives for industry to tell us about problems early
• Monitoring compliance with the law by conducting surveillance
• Intervening in serious non-compliance.
4
The many angles of compliance
• Lots of angles to compliance
• You can focus on what customers want
• You can focus on what the law requires
• Each reinforces the other but you do need to look at it from both angles.
5
Some universal principles• Our focus today is on compliance &
financial services but the principles apply to all goods & services.
• Consumers and the law both want consumers to be safe & in a position to make confident & informed choices amongst goods & services of a reasonable standard.
• Start by asking is this the right thing to do rather than just is this legal.
6
The Regulator’s perspective
• Unrealistic to expect no breaches• They will occur from time to time• Regulators want you to have compliance
measures though that:– Prevent;– Detect;– Remedy; & if necessary– Report
• The quality of these measures will impact on how we respond to breaches.
7
Cradle to grave (life cycle) approach to compliance
UK FSA’s work on treating customers fairly translates well to a compliance philosophy re points of engagement
• Product design• Product manufacture and maintenance• Marketing practices• Sales process (including advice &
information)• Complaints handling & redress
mechanisms.
8
Where the problems are
• Breaches occur at all of life cycle stages.
• Good product design and marketing models though are likely to minimise risk
• Need Compliance’s involvement from the start.
9
Internal Tensions• We see the tensions b/n compliance & the
marketing &/or business arms all the time.• You need strategies to overcome these.• Use Data to show the business case of treating
customers well.• High level support & sign off• Use the regulator to help you here too• Don’t presume that because a competitor does
something it is OK.• Do let regulators know if competitors are doing
the wrong thing.
10
Identifying breachesSources of info include• Internal & external audits• Your complaints data, EDR complaints• Patterns of problems like defaults• Look at what EDR schemes & regulators are getting
excited about & check yourself• Your own testing & monitoring – do your own shadow
shop, market research• Talk to your customers Talk with groups like ACA –
find out what people are calling them about.• Encourage staff to self-report• Look for the patterns!
11
Reporting Systemic Issues
Reporting systemic issues
• Licensees: breach notifications to ASIC (s 912D of the Corps Act)
• Approved EDR schemes (e.g. BFSO, FICS) report systemic issues and serious misconduct to ASIC
12
Licensee Breach Notifications
• Section 912D:– notify ASIC of significant breach or potential
breach– within 5 business days of Licensee becoming
aware
• In some circumstances, Licensees may have to report a breach that is discovered in the course of investigating a consumer complaint
• See ASIC’s ‘Breach Reporting Guide’• Form FS80 – optional, but helpful
13
Licensee Breach Notifications
What is significant?• number or frequency of similar previous
breaches • impact on the licensee’s ability to provide the
financial services• extent to which it indicates licensee’s
compliance arrangements are inadequate• the actual or potential financial loss to
clients or the licensee
14
Licensee Breach Notifications
What does ASIC do with this information ??• Receive and record (many cases)• Receive and seek more information (most
cases – use of FS80 may help avoid this)• Require remedial action• Require remedial action with report• Conduct inquiries (eg, surveillance)• Enforcement action in only 4% of
reported breaches
15
IR06-14 “Industry embraces early notification of breaches” – May 2006
Since 1 July 2005, ASIC has received 690 notifications including: – 258 from the general insurance and
superannuation sectors
– 35 from deposit taking institutions
– 33 from life insurers
– 37 from stockbrokers.
16
IR06-14 “Industry embraces early notification of breaches” – May 2006
• Of the 690 breach notifications received since 1 July 2005: – Licensees dealt with breach without ASIC
intervention in 431 cases – ASIC is monitoring 63 cases – ASIC has varied the conditions on 6 licenses– surveillances are being conducted in 30 cases. – formal investigations are underway in the case of
25 breaches.
17
Licensee Breach Notifications
Approach to breach notification:
• Err on the side of caution
• Maintain a breach register– and clearly document decisions whether to
notify ASIC.
18
Catching the eye of the regulator
• More likely to focus on those firms or sectors with few or no breach notifications.
• Risk based approach – ie focus on impact & probability– What is the impact of the risk crystallising– What is the probability of the risk
crystallising
19
Breach notification guide updated – May 2006
New sections explain:– how ASIC handles breach notifications– what ASIC takes into account in deciding
whether to take further action– what Licensees can do to reduce the need
for ASIC to take action
20
EDR Scheme Reporting
Policy Statement 139• Approved EDR schemes must report to ASIC:
– systemic issues– serious misconduct
• Reports are lodged quarterly• Most issues are reported to us without
identifying scheme members
21
EDR Scheme Reporting
• Quarterly scheme report - used by ASIC to identify trends/emerging issues
• No enforcement action has yet been taken based on information contained in reports
• Issues referred to in reports generally addressed by schemes
22
Annual Reports• Scheme annual reports also deal with
systemic issues• Often issues not legal breaches but areas of
major customer dissatisfaction• An invaluable indicator of what should be
addressed by both firms and in self-regulatory codes.
• The ongoing appearance of an issue is likely to direct government’s mind to law reform.
23
Concurrent investigations
• Sometimes, there may be concurrent ASIC/EDR scheme investigations into systemic issues:– Licensees may receive duplicate
notices/requests to product documents– However the investigations generally have
different intended outcome– In cases of genuine duplication we talk with
the EDR scheme to work out the best approach.
24
Improving customer service –integrate the consumer into compliance
At the end of the day remember the golden rules of:
– Know your client– Help them to understand what they need to
know about your product or service– Understand their needs & wants– Design & deliver products that meet them– Continually monitor for problems & patterns– Fix things when they do go wrong– Tell the regulator if the problem is significant
Top Related