Reasonable Steps: Licensee obligations and regulatory risk management


Those of you following the generally negative media coverage of our leading banks will be familiar with ASIC’s action against Westpac for alleged breaches of the responsible lending obligations.

I don’t intend to recount the case in this article (instead I’d refer you to Dwyer Harris’ excellent post “The elephant in the court room”) but, very briefly, in early September ASIC announced that it had agreed to settle its court action against Westpac. The parties agreed to a “record civil penalty of $35 million” and approached the Court to approve the agreed settlement.

Justice Perram of the Federal Court refused to approve the proposed settlement.

The refusal may appear surprising, but it’s hardly without precedent.

As is clear from the authorities, the Court itself must determine the appropriate penalty in all the circumstances. This is not a process of ‘approving’ a settlement reached between the regulator and defendant. It may be convenient for parties to inform the public that for their part they have agreed upon what they consider [to] be an appropriate outcome; but [it] is by no means a ‘settlement’ that is being placed before the Court for its ‘approval’.
— Middleton J, Australian Securities and Investments Commission v Newcrest Mining Limited [2014] FCA 698 at [9]

I think it’s worthwhile reflecting on this case because I think that Licensees could draw a number of relevant conclusions from Justice Perram’s decision:

  1. judicial approval of proposed settlements for serious breaches of the law is not automatic;

  2. quick settlements often fail to establish key facts or test the relevant laws;

  3. poor processes can compromise good outcomes; and

  4. it’s not always clear what the law requires.


There are many reasons why Licensees should carefully consider Australian Securities and Investments Commission v Financial Circle Pty Ltd [2018] FCA 1644.

I acknowledge that Financial Circle may bear little resemblance to most other financial planning businesses, but the judgment makes a number of observations that have broad applicability.

Before addressing those aspects, it’s important to disclose that I provided the expert report referred to in the case. I’ll limit my comments to the publicly reported content but I must acknowledge that my objectivity may be compromised by my involvement in the matter.

I would also add, at this point, that I do not accept the proposition that the judgment is an example of farcical over-regulation any more than I accept the view that Licensees have no obligation to report the breaches of their authorised representatives. I acknowledge that some lawyers may argue the merits of these positions, but when “it’s not always clear what the law requires” it’s pragmatic to focus on the purpose and intent of the law.


Effective compliance arrangements

Financial Circle’s compliance arrangements were “fundamentally flawed” and appeared to be “designed to minimise regulatory risk rather than guide activities of the business” [127]

As you are no doubt aware, section 912A(1)(a) of the Corporations Act requires a financial services licensee to “do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly”.

As we’ve seen from the Banking Royal Commission, this is neither verbiage nor aspirational sentiment but a compendious expectation that requires consistent and demonstrable competence, capability, efficiency and integrity. It’s also an obligation that the law expects to apply equally to the Licensee and their representatives.

From a compliance perspective, Justice O’Callaghan found that the Licensee:

  • failed to have adequate policies and processes in place to ensure its advisers complied with the provisions of the Corporations Act; and

  • its advisers failed to comply with s961B (Best Interest Duty), 961G (Appropriateness) and 961J (Client Priority Rule) of the Corporations Act

In other words, there can be a failure to take reasonable steps to procure compliance, even without proof that that failure led to an actual contravention of the other provisions. [123]

Reasonable Steps

As ASIC have repeatedly stated, the reasonable steps that a licensee should take to ensure effective compliance with the laws will depend upon the nature, scale and complexity of its business. It’s a scalable obligation but, in my view, reasonable practice requires

  • policies and procedures addressing ss 961B, 961G and 961J;

  • a definition of, and commitment to, best interests, client priority and appropriateness;

  • pre-vetting or peer-review and escalation;

  • regular and targeted risk-based monitoring and supervision of Advisers;

  • effective ongoing training;

  • effective record keeping;

  • training on identifying and managing conflicts of interest;

  • no-fault breach reporting; and

  • regular review of its measures, processes and procedures.

I’ve consistently argued that these are the bare minimum requirements for a prudent and competent licensee. I’d also suggest that the Royal Commission has validated my position on risk based monitoring and supervision and the importance of effective training and transparent breach reporting.

I accept that some licensees are still struggling to refine their compliance arrangements in the face of regulatory changes, alarmist legal advice and in apprehension of regulatory action.

The reality is that the law only requires “reasonable steps” and it acknowledges that your arrangements need to be appropriate for the nature, scale and complexity of your business. While I’d suggest you need to demonstrate the elements listed above, you still have considerable discretion on how these elements are operationalised.

Validating your compliance arrangements

You should be best placed to review the adequacy of your compliance arrangements but, if you require an objective assessment, most competent compliance services should be able to provide you with a benchmarked assessment and improvement plan.

Unfortunately, not all services are equal. If you engage an external party make sure that they have the processes, capability and competence to provide the services you require.

Our Licensee Review, for example, focuses on the measures, processes and procedures you have in place to ensure that:

  • your compliance arrangements are formalised, documented and tailored to your business and the scope of your activities (particularly where you relied on pro forma documentation to support your AFSL application);

  • your financial requirements (particularly cash flow projections and assets and liabilities) are documented, correctly calculated and monitored;

  • your monitoring and supervision plan is current, effective and adequately supported by training and remediation plans;

  • your risk management plan is both adequate and documented; and

  • you have adequate dispute resolution procedures.

In accordance with our methodology, we assess a Licensee’s compliance and risk framework, by focusing on those risks that would adversely affect consumers and the provision of efficient, honest and fair financial services.

In the course of our assessment, we’ll confirm whether you have adequately documented, and regularly monitor and review, the measures, processes, procedures and resources on which you rely to ensure your continuing compliance with your legal obligations.

ASIC v Financial Circle doesn’t impose new obligations on Licensees, but it does send a clear message that Licensees can no longer ignore their compliance obligations. ASIC’s willingness to pursue civil and administrative actions, and their successes, should be enough to prompt any prudent licensee to review and refine their compliance arrangements.

If you need help, we’re here.