ASIC has released Report 584 (“Report”) following a review of deposit accounts operated by a third party such as a financial adviser, stockbroker or accountant. ASIC found that banks could better manage the risks to customers in relation to adviser-operated deposit accounts and made recommendations for banks to improve their compliance measures and controls.

The Report serves as a warning for consumers with adviser-operated deposit accounts. Consumers should check the level of access they have granted and ensure they regularly check statements to ensure the adviser is acting in accordance with their instructions.

What is an adviser-operated deposit account?

Deposit accounts with third party access – commonly called ‘cash management accounts’ – are promoted by banks to allow advisers to view and/or transact on a customer’s behalf. Advisers must obtain the client’s authority to access a client’s account. The level of access offered to an adviser generally falls into the following categories:

  • View access – allows an adviser to view transactions but cannot transact on behalf of the customer
  • Withdrawal access – allows an adviser to transact on the behalf of the customer
  • Complete access – allows an adviser to do everything the customer can do. This includes withdraw money, change contact information and close the account

ASIC’s concern is that clients who give a third party authority are unaware of what type of authority they have provided and the risks associated with it.

What obligations do banks have?

Where an advisers helps a customer to select and open an account, the account opening procedures are often handled by the adviser. However, the bank issuing the account has an obligation under their Australian financial services licence to provide its financial services efficiently, honestly and fairly. A third-party authority to withdrawal customers’ money does not relieve the bank from the requirement to check transaction requests made by the adviser.

Banks must exercise reasonable care and skill to ensure that transactions processed are consistent with the customer’s wishes – this is known as the duty to question a valid mandate. A bank will be liable where the bank is aware, or should have been aware, that the transaction is not consistent with the customer’s wishes.

Findings and recommendations

While ASIC’s review did not find widespread misconduct in relation to adviser-operated deposit accounts, the potential risk and impact of fraud on individual customers is significant.

Most at risk are older Australians. ASIC found that approximately 73% of adviser-operated deposit account were used by individuals over the age of 50. These accounts held around 82% of total cash balances of the banks participating in the review.

ASIC key findings and recommendations are set out below:

Finding

Recommendations for banks

Application forms and subsequent communications are important for customers to understand the access given to advisers and the risks involved.

Application forms should clearly state that they give the adviser authority to operate on their account and the level of access they allow.

Follow-up communications should be sent directly to the customer after an account is opened with details of any authority given to the adviser.

Customers should be able to easily change the level of adviser access on the account.

Banks should ensure all customers can receive account statements or online access to their accounts. In some cases, customers were not notified of transactions initiated by their adviser.

Customer contact details should be recorded accurately and separately from the adviser’s contact details.

Customers should receive account statements directly or have online access to their accounts.

Customers should be notified whenever an adviser initiates a transaction request on the account.

Compliance measures and controls for protecting customers’ adviser-operated deposit accounts could be strengthened to reduce the risk of fraud.

Banks should undertake initial checks and ongoing monitoring of advisers using adviser-operated deposit accounts and their transaction requests.

Monitoring systems should include specific triggers to detect suspicious transactions.

Banks must notify ASIC of suspected misconduct.

Where appropriate, remediation should be provided to customers who have lost money due to unauthorised transactions by their adviser.