ASIC's recent reporting arising out of its financial advice industry review and the start of FOFA obligations give financial advice licensees even greater incentives to ensure their governance, risk and compliance frameworks are sufficiently robust and embedded into day-to-day operations.
ASIC recently released its Report 13-197MR (Phase 2 Report) signifying the end of a lengthy engagement process with the financial advice industry concerning financial advice practices.
The release of the Phase 2 report coincides with commencement of mandatory compliance with the Future of Financial Advice (FOFA) reforms in July 2013. Some of the observations in ASIC's Phase 2 Report may see licensees tweaking their compliance systems further as they begin post-implementation reviews and backfilling processes.
ASIC's review of the financial advice industry commenced in December 2009 and initially involved ASIC making inquiries with 20 of the largest AFS financial services providers to retail clients and over 13,000 individual advisers. The first report (REP 251) was published in September 2011.
The recent Phase 2 Report completes the investigation process and includes findings arising from ASIC's inquiries with a further 30 licensees and additional 4436 individual advisers (representing the next tier down of financial advice providers from the top 20 licensees reviewed initially).
Key messages from the Phase 2 Report
ASIC raises concerns in its Phase 2 Report that many corporate structures of the licensees interviewed posed issues of actual or potential conflicts of interest. More specifically, ASIC highlights its concern that structural conflicts of interest may arise where there is full or partial ownership of a licensee by a product issuer. This was identified by ASIC as a "critical risk" that requires "ongoing attention from licensees". ASIC goes on further in its report to highlight that it considers white labelling platforms represent a potential conflict of interest and may result in a failure to comply with the best interest duty, unless proper justification for recommending the platform can be evidenced for each client.
ASIC also identifies a "significant risk" for licensees is product concentration where a product failure particularly in these circumstances, is likely to present a risk for both clients and licensee income (ie. the greater the concentration of the product the more widespread the impact if the product fails).
We consider a robust monitoring and supervision framework for financial advice will be critical under the new FOFA framework to ensure licensees comply with obligations such as the best interest duty. It is therefore not insignificant that one of the key concerns identified by ASIC in its Phase 2 Report was that some licensees may not have sufficient resources to properly conduct reviews on individual client files.
Reference checking was noted as a downfall for some licensees which allowed "bad apples" to move between licensees. Industry would be aware that this has been a focal point of ASIC for some time and we consider it is likely to become of increasing importance under the new FOFA obligations.
In a record-keeping context, ASIC observes that many licensees have a decentralised record-keeping approach to client files which it considers could pose problems with accessibility to client files, in responding to inquiries, responding to complaints and may also raise difficulties in complying with the best interests duty (because of limitations in monitoring and supervision under this model).
ASIC acknowledges in its Phase 2 Report that Approved Products Lists (APLs) will continue to be used by licensees under the FOFA regime. However, ASIC warns against the risk of relying heavily on external advice in developing APLs. ASIC also encourages licensees to develop processes which make it easier for advisers to recommend products outside of a licensee's APL; it specifically says this is a necessary element in complying with the best interests obligation.
Based on our recent experience of ASIC surveillance and enforcement activities, we consider the adequacy and application of risk profiling when providing financial advice under the FOFA obligations will be a key focus for ASIC.
Consistent with this view, risk profiling features prominently in ASIC's findings in the Phase 2 Report and several concerns are raised by ASIC in this context. In particular, ASIC notes licensees should be mindful of whether a client "actually has the ability to absorb the level of risk identified by the risk profiling tool".
Recommendations for licensees
The Phase 2 Report highlights key areas of focus for ASIC which are clearly centred around the adequacy of governance, risk and compliance frameworks such as risk management, monitoring and supervision, product and strategic advice, complaints handling and compensation arrangements.
ASIC provides 12 recommendations in Table 1 of its Report which include:
a greater focus on risk management for greater impact and higher probability risks (such as the risk of inappropriate advice and staff retention) in existing risk frameworks (Recommendation 3);
provision of up-to-date and ongoing training for advisers on regulatory and product changes (Recommendation 4);
increased accountability for non-compliance with monitoring and supervision procedures (Recommendation 5);
robust reference checking and recruitment processes (Recommendation 6);
breach reporting awareness and compliance with ASIC breach reporting requirements under the Corporations Act (Recommendation 7);
ensuring licensees have direct access to individual client files (Recommendation 8); and
higher controls for "more risky or complex strategies" (Recommendation 11).
Of interest is ASIC's omission of any specific recommendation for dealing with the structural conflict identified by ASIC in the context of ownership of licensees by product issuers. At a minimum, we consider these specific conflicts of interest or potential conflicts (where applicable) should be identified in a licensee's conflicts of interest register and appropriate controls put in place and to manage these conflicts.
Also notable is an increased focus by ASIC on risk-based approaches to risk and compliance arrangements. For instance, ASIC recommends that monitoring and supervision processes utilise risk-based methodologies for choosing client files for QA reviews in addition to internal risk classification for products on APLs and increased controls and adviser competency where advice consists of high-risk strategies (such as margin lending, gearing and double-gearing advice).
What you can do now
Based on ASIC's comments that it will focus on the key risks identified in its Reports for future surveillance activities, we believe licensees should consider any concerns and recommendations arising out Phase 2 Reports and where necessary, adjust compliance systems and processes as part of any post-FOFA backfilling processes over the next six months.
In particular, we recommend:
Undertaking a QA review on your FOFA due diligence files and extending this to individual client files, in particular adequacy of evidentiary documentation retained on client files;
Reviewing monitoring and supervising structures and procedures in light of ASIC's recommendations and in particular, considering any relevant risk-based approaches which may need to be implemented;
Testing SOA templates and advisor guidance;
Refreshing your conflicts register and verifying adequacy of controls; and
Cross-checking your advice/model assumptions and consider a third party/independent review.