“[Regulatory] trouble is a test that identifies friend and foe.”
— Khalid Hussain Channa
As a business owner, you know (and perhaps resent) that compliance is essential for your success.
Whether you are dealing with your Licensee’s internal compliance team, an external compliance consultant, a lawyer or an ASIC analyst, it is important that you understand your obligations and the rules that apply to you and your business. Remember, that one of your core obligations is to take the necessary steps to ensure that you comply with the relevant laws.
We frequently hear advisers, licensees and the voices in our heads ask “how should I answer this Notice?”.
You might adopt Rumpole’s advice (“never plead guilty”), wonder why you’ve been targeted or just take out a second-mortgage to retain a mid-tier lawyer, but the reality is that, in most cases, this type of regulatory engagement is predictable and a easily managed process.
Most licensees and advisers expect, at some point, to have to deal with ASIC. For many, this “inevitability” is at the front of their minds and they simply learn to live with trepidation, apprehension and a pinch of paranoia. They don’t need to.
In this article, we’ll provide some tips for dealing with the regulator, with the hope this may help ease your nervousness about engaging with the regulator.
1. Read the law (and your ASIC notice).
After your initial panic subsides, try to understand what the regulator has requested.
Take the time to read and understand the relevant laws and regulations, as well as any guidance or interpretive materials that are available. Engage your compliance manager (or external compliance consultant) before you do so, because they should be able to help you do this efficiently and effectively. In fact, they should be your greatest asset during this process; think of them as your wartime consigliere helping you to identify the risks and the best path forward. Of course, if you find they’re a peace-time consigliere with no real understanding of what to do, when and why or just a name-dropping self-promoter with CEO in their pocket, then call us.
You may be familiar with the advice to “measure twice, cut once” but we’d suggest that you take the time to “measure thrice”; patiently, and unemotionally, review the Notice and consider your obligations.
You might also consider seeking independent legal advice, and sometimes, that’s a prudent step. If you do, engage an advocate that really understands financial services and is experienced (and successful) in dealing with ASIC. Despite what you think, not all lawyers are the same.
2. Be proactive.
It is important to act quickly, and effectively, when you receive a Notice.
You might not have to respond immediately but you’ll seldom have the time to respond at your leisure. Further, while ASIC may grant extensions, they can also validly exercise their right to refuse an extension, particularly when you give them reason to do so.
If you haven’t received a Notice, recently or ever, take this opportunity to review your record-keeping approach. There is a clear, and reasonable, regulatory expectation that a Licensee (and an adviser) should be able to present the information requested by ASIC in a timely manner and within the notice period.
At the risk of appearing to stutter; take this opportunity to review your record-keeping policy. Believe me, you don’t want an ASIC Notice to be the first time you see what client records you can find.
Don’t wait to react to an ASIC notice. Be proactive.
if you’re aware of any potential issues or concerns that could affect your compliance with the Notice, take the necessary steps to address them now. Make an effort to read industry updates (we recommend that you read Three Hit Tuesday), understand what is happening (we recommend Three Hit Tuesday), and dare we say it, learn from others’ mistakes (we recommend that you read Three Hit Tuesday).
As tempting as it may be to rely on the industry mantra – ‘that wouldn’t happen to us’ – reflect on the various parties called before the Royal Commission despite their confidence in ‘that wouldn’t happen to us’.
Review your internal policies and procedures. Do they need to be tweaked to account for recent changes to your business or the legislative environment? Consider running your own “targeted review” to assess whether, and to what extent, you need to worry. Consider, and possibly update, your Risk Appetite assessment. Seek an objective and data-driven assessment of your advice compared to the broader advice profession.
Addressing issues before they become regulatory issues (or issues for the regulator) can save you time, money and heartache in the long run; incidentally, it will do wonders for building a positive compliance culture.
3. Communicate regularly.
Once you’ve been served a Notice, make sure that you communicate regularly with the regulator. Financial services litigator, Billy Joel, advises that if you’re dealing with a regulatory matter (and you’re encountering problems), tell ASIC about it and give them every reason to accept that you’re for real.
It’s good advice and following it simply means keeping ASIC informed about your business and any changes or developments that may affect your compliance with their notice. For example, the nominated contact person within the AFSL is about to go on Leave (bad timing we know), you speak to ASIC and provide ASIC with an alternate contact with whom they can deal.
Be courteous, and respectful, at all times. A good working relationship with the regulator is worth its weight in glowing audit reports.
4. Seek help from subject matter experts.
If you are unsure about how you have interpreted the Notice (or relevant sections of the law), seek help immediately. External guidance and advice may come at a financial cost, but you might find it invaluable (and much cheaper than defending a banning order or closing down your business).
More than a few licensees (and advisers) prioritise “feeling better” over “being better” but if you get a Notice, you need to toughen up immediately. Try to uncover compliance issues before they become compliance problems. Seek out problems instead of waiting for someone else to find them.
If you’re not sure what you should be looking for, remember that we offer training, webinars and resources that are designed to help licensees understand their obligations and how to comply with them.
5. Be prepared for investigations or surveillance.
ASIC’s responsibilities are surprisingly broad, they oversee and regulate a wide range of entities and individuals within our industry, as you can imagine, not too many entities want to provide documentation to ASIC on a voluntary basis.
ASIC has compulsory information-gathering powers that require you to:
- Provide documents and information
- Attend an examination to answer questions and/or provide reasonable assistance.
ASIC will utilise their compulsory information-gathering powers in two broad areas of regulatory activity:
- Surveillance; and
- Formal investigations
An ASIC surveillance involves gathering and analysing information to test compliance with the law. A surveillance can be initiated on a reactive basis, i.e., response to a complaint or proactively to test a concern or practice. The purpose of the surveillance is to test and ensure compliance with the law through ASIC’s review of documents and disclosure information. If you think that you’re too small/too regional/too experienced to ever attract attention, take the time to think about how exposed you are in an environment of mandatory reporting, broad breach reporting obligations and inter-agency data-sharing; you might be more naked than invisible.
For many, the mere prospect of an ASIC surveillance is what compels individuals and Licensees to review internal policies and processes, react to incidents and breaches, report incidents to their Licensee and breaches to the regulator. Do this but, finally and most importantly, quickly remediate any issues you identify (in a manner consistent with RG277) .
If, during the surveillance, ASIC suspects a contravention of the law may have occurred, and enforcement action is necessary, the surveillance will be referred to the Enforcement team. If you think our Reviewers are shockingly intimidating and scarily smart, wait until you engage with the Enforcement Team. The Enforcement team, who will commence a formal investigation into the suspected misconduct, are the lever ASIC use to conduct compulsory examinations of people who may have information that will assist with their investigation.
Receiving a Notice, and going through a surveillance, can be stressful and time-consuming, but being unprepared will not help. You could prepare by engaging us to conduct a Licensee Review and provide you with a methodical, objective and considered assessment of your compliance, risk management and governance arrangements against internal requirements and your legal and professional obligations. Your review will identify key points or issues that you will want to address, as well as reviewing materials and key information that you will need to provide to ASIC during a surveillance.
6. Be responsive to concerns or issues.
If ASIC raise any concerns or issues during a surveillance, or at any other time, take their feedback seriously and work to address the problems in a timely manner.
It’s in your best interest to ensure any areas of improvement required are addressed promptly, so develop a plan for addressing the issue(s) and obtaining guidance from subject matter experts where necessary.
Being responsive to ASIC will help to demonstrate your commitment to compliance and change, helping to build a positive relationship with them moving forward.
7. Don’t BS (or try to hide anything).
“With our thoughts, we make the world”
— Tathagata Buddha, “Monkey”
If you make a mistake or violate a regulation, don’t try to cover it up. This will only make things worse, and could result in penalties or other consequences.
Instead, seek advice and be upfront, work with regulators to remediate it.
This may involve corrective action, such as implementing new policies or procedures, or providing additional training to your employees.
It may be counter-intuitive for institutional licensees but being honest and transparent, will help you demonstrate your commitment to compliance and build a reputation built on trust and credibility.