Over the past year, one of my clearest take outs from consulting to licensees and large practices regarding compliance is that it’s almost never actually about “compliance”.
If you look hard enough, almost all licensees have gaps in relation to regulatory requirements and best practice. The extent of the gap is largely driven via the quality and the skills capability of their people, the culture, the advice process, systems and controls and the risk appetite and governance within the licensee.
At a time when advisers and business owners are screaming out for confidence that they are safe, we need to acknowledge that everything is linked and take a step back and look at what is happening upstream (i.e. earlier in the process), so the “compliance” issues can take care of themselves.
Editor’s note: this is the second in a series of columns written by a compliance expert exclusively for Professional Planner considering the future impacts of today’s policy and regulatory decisions. Read previous contributions here.
The fact is, no single licensee or wealth management business has built the perfect mousetrap when it comes to compliance in the ‘new world’ environment. Many have developed attributes and adapted; one group’s strength might be another’s weakness. This article is designed to highlight some of the common strengths and shortcomings I am seeing in the marketplace today.
ASIC notices make things clearer
When an ASIC notice is received there is often a mad scramble to get data and information (often within very tight deadlines) and it’s a huge challenge with paper-based files, turnover of staff etc. One gap we often see highlighted at this time, is the varied ability and consistent use of the CRM system. We often find that when you really need it, data is not updated, workflow systems remain unused and there is often poor version control (“Which was the final SOA?”) and these gaps are only highlighted in the event of an ASIC notice or remediation event.
Some licensees are fantastic at embedding the use of the CRM tool, but many have provided mixed levels of training, some haven’t even mandated its use, and to be fair, front-line advice practices have “done their best”, but don’t know what they don’t know.
This underlines the importance of induction, guidance regarding the use of the CRM and the strength of the supervision model in terms of gradually improving / de-risking practices over time, as you never want to wait for that notice to figure out that you have a gap.
People are everything
As licensees try and navigate through the vast amount of regulatory change (in addition to trying to run and improve a business that is valued by its advisers), their people, who are critical in helping to mitigate risks for advisers, are stretched, and this is being felt by advisers. In many larger/institutional licensees, advisers are on the receiving end of non-negotiables rolled out to them with little time, engagement or forethought to enable a smooth landing. This is largely due to a lack of resourcing, the volume of change and an urgency to get things out to meet a deadline.
Culture is also huge. If the licensee staff are feeling the pinch and struggling to keep up, whilst advisers are feeling like they are just on the receiving end, an “us and them” mentality is a ready and often repeated outcome. Many licensees have managed to get this right and have a true two-way street, but in my view many of these licensees may not have been through the ASIC radar yet. On the flip side, there can also be a tendency by some licensees to lean too far to keep advisers happy and avoid making the hard decisions to help protect the licensee (and their advisers in the long run). When we look to solve for this with new emerging advice business models, I think getting it right around true alignment of interest is critical.
Risk controls need to be well designed
In the mid-tier space, the latest ASIC Report 636 – Compliance with Fee Disclosure Statement and Renewal Notice Obligations – highlights that more than half of the licensees surveyed did not have effective processes to remind them when renewal notices were due or to turn off the ongoing fees.
While some may look at this and think that it further signifies an industry that has not got its act together, I think of the guidance we have struggled to collectively articulate around Ongoing Service Agreements, how to ensure services are delivered and documented, clarity regarding FDS dates, lack of centralised controls, ineffective use of technology etc as the real causes, rather than any frontline malfeasance.
Clearly annual renewal requirements, once passed, will help, but the underlying principal is that any change that is rolled out needs to be holistic, well thought through and delivered with adequate training. Any control owned by frontline staff who are expected to remember to do something is probably likely to fail at some point as you’re relying on people, who are by their very nature imperfect (FDS breaches are one of the most common incidents for many licensees).
Let’s throw policies and policy change on top. Releasing a policy and simply expecting adherence will never work. There needs to be adequate engagement and a rollout plan that is supported by effective change materials and training to have any impact on advisers. In addition – and I know this sounds simple but therein lies the secret sauce – before its released, it’s critical for the licensee support teams have a coordinated approach and all be on the same page. Support teams include a paraplanning team, the auditors, the policy team, the pre-vet team and the training team.
Ask the right questions
Around governance, the challenge is to continually evolve and improve. Many roll their eyes at structured and regular risk and compliance committees but given the state of the industry there has never been a more important forum. Tomorrow’s remediation could be a direct output of the decisions of today.
Some areas to focus on around governance:
- Is your licensee delving deep enough regarding incident, audit and complaint issues to determine if they are systemic or have further customer detriment? How do they know? What was the root cause of the issue?
- If an adviser has failed an audit, can the licensee defend the veracity of the consequence?
- Does the licensee have clear minutes of decisions taken for the future? This is critical around reportability decisions.
- Is the licensee across key risks, thematics and forward-looking indicators?
- Does the licensee have sufficient resource to cope with regulatory change for the years ahead and if not, what is the plan? I know this sounds painful but FASEA, Code of Ethics, independence disclosure, Code Monitoring Bodies, LIF review, grandfathered commissions, annual renewal, reference checking etc aren’t going to go away any time soon.
- At the practice level, do you have a meeting in the diary at least once a quarter to talk about / train staff regarding compliance – actions from your latest audit finding, complaint learnings, new standards which have come out, regulatory change and what everyone needs to do?