“Nothing sedates rationality like large doses of effortless money. After a heady experience of that kind, normally sensible people drift into behaviour akin to that of Cinderella at the ball. They know that overstaying the festivities – that is, continuing to speculate in companies that have gigantic valuations relative to the cash they are likely to generate in the future – will eventually bring on pumpkins and mice. But they nevertheless hate to miss a single minute of what is one helluva party. Therefore, the giddy participants all plan to leave just seconds before midnight. There’s a problem, though: They are dancing in a room in which the clocks have no hands.”
— Warren Buffett
The cost of (non)compliance
In a recent article, Matt Kelly calculated that Wells Fargo, an iconic UF financial services company, has spent $11.8 Billion dollars on outside consulting services since 2017.
Let that number sink in for a moment.
We’ve written about Wells Fargo previously, so you’d appreciate that they engaged in misconduct to a scale unmatched (probably) by our local banks. When their misconduct was discovered, as it inevitably is, they followed the standard operating procedure by blaming bad apples, dismissing a senior executive (with thanks and a large payout) and by engaging consultants to provide advice and reassurance that the bad days are over.
In a mark of restraint, Mr Kelly first asserts “staggering compliance costs” of $11.8 BN before adding that
“we can safely say that Wells Fargo has spent more than $20 billion on compliance-related costs since its woes came fully into the light four years ago. “
To be fair, and at the risk of depressing James Shipton and Daniel Crennan, over $3.5 BN was paid as fines to the Securities and Exchange Commission, Justice Department and Consumer Financial Protection Bureau. Had ASIC received that amount, industry levies might have been held to reasonable increases.
Prevention is better (or at least cheaper) than cure
While we might be tempted to dismiss this as an irrelevant example in our jurisdiction, I think it’s worth considering for the following reasons.
First, AMP, CBA, Westpac, NAB, ANZ and Macquarie have all directed significant financial and human resources to similar remediation programs. While the cost may not be comparable, the misconduct, and the mismanagement that allowed the misconduct, share remarkably similar roots.
Second, it shows that even in a highly regulated environment, participants discount regulatory and reputation risks.
Third, despite all the evidence, few participants comprehend that an investment in compliance is, and will be, a source of competitive advantage in highly regulated market.
We’d find this ludicrous, particularly given their “culture(s) of compliance” but a recent industry survey concluded that:
72% of respondents agree on some level that it is more financially viable to invest in a contingency [or remediation] fund than to proactively invest in compliance training.” Only 6% strongly disagreed. Despite this, 91% of respondents agree on some level that their organisation has a culture of compliance.
The Royal Commission emphatically confirmed that licensees do not have, and have never had, the luxury of ignoring systemic issues. Their conclusions, and ASIC’s unwavering focus on this topic, should reinforce the critical importance of investing in compliance.
Yet, few licensees (except Impact Seekers) invest in compliance other than reactively (and often also grudgingly).
Rational or irrational decisions
Under-investing in compliance may reduce costs in the short term, but it’s like capitalising interest on a regulatory debt. When it’s called in, the consequences are far greater than the incremental steps you could have taken.
At the risk of enraging behavioural economists, it seems a lot like present bias; licensees over-value the immediate cost/benefit and discount the future consequence/risk. Present bias at a corporate level.
Of course, it could be simple pragmatism. Why assume costs to prevent an event unlikely to be uncovered or to mitigate an event for which you are likely to be held accountable?
As pragmatic as this might have once appeared, the compliance calculus has fundamentally changed.
A more active regulator, a whistleblowing regime, more prescriptive regulatory ‘guidance’ and a deeper, more integrated regulatory environment mean that discovery is far more likely now.
Intellectually, most Licensees understand that Monitoring and Supervision, Consequence Management and Remediation are three elements of a compliance framework that best highlight, or expose, their capability and competence. Not only do they reveal fundamental aspects of their competence but, more importantly, they expose its values, principles and standards.
From a public policy perspective, the complexity, cost and resource requirements of formal remediation programs may encourage licensees to appropriately invest in compliance to prevent non-compliance and misconduct.
Unfortunately, the complexity, cost and resource requirements may also prove prohibitive for some licensees and drive consolidation that concentrates and increases compliance risks.
Your conditional license
As an AFS Licensee, you have (or are expected to have) the ‘measures, processes and procedures’ required to comply with the financial services laws and your licence conditions. Training, disputes resolution, due diligence, capital adequacy and cashflow monitoring, breach reporting and record keeping are all very important parts of your compliance infrastructure.
In an advice business, the principal source of risk are the advisers themselves and the advice they produce, (but they are not the only risks to consider).
Accordingly, the compliance framework should properly focus on their conduct and identify those acts and omissions that contravene, or do not comply with, the financial services laws. Given the obligations to act ‘efficiently, honestly and fairly’ and ensure their representatives comply with the law, how the Licensee monitors and supervises its representatives is critically important to the sustainability of its brand and business.
Errors and compliance failures occur in even in the best, well managed businesses. You cannot prevent every failure, or avoid every risk, so early identification, effective management, and swift resolution of compliance failures is the best way for you to satisfy your clients’ expectations while minimising your financial liability and the risk of regulatory sanction.
Take a moment and review the policies and procedures that comprise your supervision framework. After you’ve reviewed your internal ‘measures, processes and procedures’, review the reporting provided to you to ensure the compliance reports adequately and explicitly address:
- the nature, frequency and root causes of the complaints received, regardless of source and outcome;
- the sampling methodology used for adviser reviews;
- recurring or common issues in adviser review reports;
- any relevant ASIC surveillance of associates or competitors;
- concentration risks (clients, products or submission timing);
- commission trends and outliers.
Ensure that you are regularly considering relevant data (complaints, incident and review data) to identify the broader impact of the identified failure.
ASIC’s RG 256
ASIC’s Regulatory Guide 256 “Client review and remediation conducted by advice licensees” documents the Regulator’s proposed guidance on the scope, design and implementation of remediation processes, communicating with affected clients, governance structures and review mechanisms.
ASIC’s Guide suggests that client review and remediation should occur where “a systemic issue in relation to the advice has been identified” to “place affected clients in the position they would have been if the misconduct had not occurred”.
In our view, it’s important to acknowledge that remediation is a scalable obligation. Many of the principles outlined in RG 256 can be as effectively applied to isolated issues as to systemic ones.
In fact, we’d suggest that an obligation to remediate inevitably follows a Licensee’s identification of an issue and not its formal decision to assume accountability for the resolution of identified issues.
The intention of remediation is to restore the client to the position they would have been in but for the identified issue, incident, act or omission. Essentially, the remediation process should:
- ensure that clients are not be disadvantaged by the Licensee’s failure, act or omission (or the failures, acts or omissions of the Licensee’s representatives);
- provide correction, restitution or compensation; and
- prevent the recurrence of similar or associated issues.
The limits of Remediation
It’s important to acknowledge that not all failures (or their underlying causes) can be appropriately addressed by a Remediation Plan.
Some conduct risks – such as fraud, theft, misrepresentation and deliberate non-compliance – are behavioural or conduct failures that require an administrative or disciplinary response.
Similarly, it is difficult to effectively remediate issues when an adviser doesn’t acknowledge their responsibility for the failure, or has no interest in remediating it.
Recalculating regulatory risks
If there is one indisputably positive outcome from the Hayne Royal Commission it is this; most Licensee Boards finally have an accurate perspective of their risks and liabilities.
As a result, vertically-integrated licensees realised that the costs of owning distribution far exceeded the benefits of owning it. As a result, and without any legislative catalysts, the Institutional Licensees (with some notable exceptions) rethought their strategy for fighting the “land war of advice” declared some years ago. The war continues, but the tactics and the players have changed.
The newer players, or rather, the competently run-newer players, seem to take a very different approach to compliance. Contrary to their institutional predecessors, they recognise compliance, governance and risk as an investment, rather than a cost and use it to provide impact for their business.
This sector of mid-sized licensees are questioning, rejecting and disrupting their predecessors’ tradition of trivialising governance, risk and compliance.
They’re growing, innovating and flourishing.
Over time, their advantage over their peers is only likely to increase. Those that continue to underinvest in compliance, might be best advised to consider other industries where the value they place on mateship and mismanagement is less costly.