In the wake of ASIC Report 515, everyone in the financial services industry should be asking themselves this question: Who watches the watchers?
ASIC Report 515, “Financial advice: Review of how large institutions oversee their advisers” addresses how “effectively Australia’s largest banking and financial services institutions oversee their financial advisers”. For this report, ASIC assessed 160 client files that had previously been reviewed by the licensees themselves and identified the discrepancies.
The ASIC review observed, that:
“(a) the audit process was effective in 18 per cent of the sample files – that is, the findings by the licensees’ auditors aligned with our own file review. We observed an effective audit process only on files where no areas of noncompliance were identified by either the licensees’ auditors or our advice reviewers;
(b) the audit process was partially effective in 57 per cent of the sample files – that is, some areas of non-compliance were identified by the licensees’ auditors, but our advice reviewers found additional areas of noncompliance; and
(c) the audit process was ineffective in 25 per cent of the sample files – that is, no areas of non-compliance were identified by the licensees’ auditors, but our advice reviewers found that there were areas of non-compliance.”
As a compliance professional, I’m naturally optimistic, so let’s start with the positives. If ASIC’s observations of large licensees are broadly representative, your licensee’s audit process is likely to be effective 18 per cent of the time and partially effective 57 per cent of the time.
Given that the results of an audit may affect an adviser’s confidence, workload, reputation, ongoing employment or the sustainability of their practice, a 75 per cent chance that the audit might be partially or materially effective might be reassuring.
Seventy-five per cent seems like a good result but, if you are a licensee (or an adviser in that licensee), how satisfied would you be to learn that even after you had “significantly enhanced [your] monitoring and supervision processes”, the audit would be ineffective 25 per cent of the time.
The 25 per cent ineffective rating is concerning but not unexpected. The booming industry of compliance has attracted a wide range of experts with vastly different capabilities and competencies. As one Compliance Manager recently complained: “we’re compliance people, not lawyers. You can’t expect us to know the law.”
Despite our industry’s professed commitment to customers’ interests, the commercial interests of the employer is often prioritised by compliance staff before their employer’s legal obligations. These compromises are often motivated by the desire to minimise both conflict and friction. This motivation may be one of the key reasons for the ad hoc file “fixing” ASIC identified in their report.
ASIC’s Report 515 is too important to be dismissed as unrepresentative, unrealistic or uncommercial. Regulators, shareholders, advisers and consumers all rely on, and are affected by, the way that advisers are monitored and supervised.
Too frequently, compliance and management failures are dismissed as the actions of bad apples, the result of poor data or the failures of staff to adequately identify and escalate issues. But if the resources on whom we rely, and by whom we are affected, are inherently compromised or conflicted, can any better outcome be expected?
Report 515 is less a criticism of a licensee’s internal compliance function than a recommendation for its reframing. Notwithstanding the licensee’s loss of control, the monitoring of advisers and their “adviser audit process” would be more effectively performed by an independent third party.
An independent third party, applying industry standards and reporting benchmarks, should provide a higher level of effectiveness and transparency than ASIC observed in the large institutions.
Further, if the large licensees free their internal compliance resources from performing compromised and mechanistic processes, it will allow them to better apply their expertise and more effectively contribute to strategic, remediation and commercial decisions.
Sean Graham is director of Assured Support, a compliance management business.