Management and Consequence Management
How Licensees approach Consequence Management should be appropriate for the ‘nature, scale and complexity’ of their business. and their Risk Appetite. What APRA have effectively done is articulated their expectations, which are similar to ASIC, that a Licensee’s consequence management policy needs to be consistently applied and must apply ‘direct and proportionate’ consequences for misconduct and improperly managed compliance failures.
In this respect, a licensee’s consequence management policy is a critical component of your organisational culture; it embeds accountability and promotes an unambiguous statement of individuals’ responsibility. If it’s also consistently applied, it will significantly reduce both the incidence and impact of non-compliance.
Start with your Risk Appetite and build a conceptual framework to explain when you'll take remedial actions - fixing the problem - and when you'll take Administrative actions - addressing the conduct and the cause.
Review your remuneration framework at the same time and eliminate any inconsistencies you identify.
Clearly define your expectations and remember that the responses you propose for failures need not be mutually exclusive.
In an advice business, you might conceive of your framework to look like this:
It’s disappointing that few of the entities surveyed by APRA have any effective way of identifying and consistently reacting to incidents, breaches and contraventions.
To be clear, consequence management is not a complete solution; monitoring, supervision and remediation are equally, if not more, important. Consequence management is, however, an effective and efficient way to both manage regulatory risk and maintain a good corporate 'culture'. Properly applied, it may also help you better manage your reputation and your resources.
Consequence management is not only about the framework for responding to incidents - consequences must be clear, cascaded and enforced. APRA did not find this to be the case. Instead, consequences were found to be inconsistently applied throughout the businesses. The business’ willingness to insist on accountability varied depending on the seniority, role or influence of the offending party.
This is the core of APRA’s call for Licensee’s to enhance their consequence management framework.
While APRA found that senior executives had clarity about their roles and responsibilities, the clarity they had was not shared by those at lower levels. If you are in any management role, it is incumbent on you to gain clarity of your role and responsibilities and communicate these (and the Licensee’s expectations) in a manner that ensures that understanding and accountability cascades throughout the business.
It’s easy to see Consequence Management as a compliance obligation but it’s a key indicator of corporate culture; it improves your retention and recruitment of ethical staff, enhances your reputation and brand and ensures your business’ alignment with community expectations.
It’s also a particularly useful point of focus given that ASIC’s wealth management investigations increased by 129% since February 2018.
If you need help refocusing on Culture, Conduct or Consequences reach out to us.