Transcript Document

Compliance
Keeping Customers and
Regulators Happy
Delia Rickard
Deputy Executive Director
Consumer Protection
ASIC
• Consumer protection regulator for the
financial services sector
• Undertake surveillances of our regulated
population to ensure compliance
• Also focus on unlicensed activity
• Take enforcement action
• Seek to educate consumers so that they
can make informed choices.
2
Our compliance role
• Helping industry understand their
legal obligations & our expectations.
• Providing incentives for industry to
tell us about problems early
• Monitoring compliance with the law
by conducting surveillance
• Intervening in serious noncompliance.
3
The many angles of
compliance
• Lots of angles to compliance
• You can focus on what customers
want
• You can focus on what the law
requires
• Each reinforces the other but you do
need to look at it from both angles.
4
Some universal principles
• Our focus today is on compliance &
financial services but the principles apply
to all goods & services.
• Consumers and the law both want
consumers to be safe & in a position to
make confident & informed choices
amongst goods & services of a reasonable
standard.
• Start by asking is this the right thing to do
rather than just is this legal.
5
The Regulator’s perspective
• Unrealistic to expect no breaches
• They will occur from time to time
• Regulators want you to have compliance
measures though that:
–
–
–
–
Prevent;
Detect;
Remedy; & if necessary
Report
• The quality of these measures will impact
on how we respond to breaches.
6
Cradle to grave (life cycle)
approach to compliance
UK FSA’s work on treating customers fairly
translates well to a compliance philosophy
re points of engagement
• Product design
• Product manufacture and maintenance
• Marketing practices
• Sales process (including advice &
information)
• Complaints handling & redress
mechanisms.
7
Where the problems are
• Breaches occur at all of life cycle
stages.
• Good product design and marketing
models though are likely to minimise
risk
• Need Compliance’s involvement from
the start.
8
Internal Tensions
• We see the tensions b/n compliance & the
marketing &/or business arms all the time.
• You need strategies to overcome these.
• Use Data to show the business case of
treating customers well.
• High level support & sign off
• Use the regulator to help you here too
• Don’t presume that because a competitor
does something it is OK.
• Do let regulators know if competitors are
doing the wrong thing.
9
Identifying breaches
Sources of info include
• Internal & external audits
• Your complaints data, EDR complaints
• Patterns of problems like defaults
• Look at what EDR schemes & regulators
are getting excited about & check yourself
• Your own testing & monitoring – do your
own shadow shop, market research
• Talk to your customers Talk with groups
like ACA – find out what people are calling
them about.
• Encourage staff to self-report
10
• Look for the patterns!
Reporting Systemic Issues
Reporting systemic issues
• Licensees: breach notifications to ASIC
(s 912D of the Corps Act)
• Approved EDR schemes (e.g. BFSO,
FICS) report systemic issues and
serious misconduct to ASIC
11
Licensee Breach Notifications
• Section 912D:
– notify ASIC of significant breach or potential
breach
– within 5 business days of Licensee becoming
aware
• In some circumstances, Licensees may have
to report a breach that is discovered in the
course of investigating a consumer complaint
• See ASIC’s ‘Breach Reporting Guide’
• Form FS80 – optional, but helpful
12
Licensee Breach Notifications
What is significant?
• number or frequency of similar previous
breaches
• impact on the licensee’s ability to provide the
financial services
• extent to which it indicates licensee’s
compliance arrangements are inadequate
• the actual or potential financial loss to
clients or the licensee
13
Licensee Breach Notifications
What does ASIC do with this information ??
• Receive and record (many cases)
• Receive and seek more information (most
cases – use of FS80 may help avoid this)
• Require remedial action
• Require remedial action with report
• Conduct inquiries (eg, surveillance)
• Enforcement action in only 4% of
reported breaches
14
IR06-14 “Industry embraces early
notification of breaches” – May 2006
Since 1 July 2005, ASIC has received 690
notifications including:
– 258 from the general insurance and
superannuation sectors
– 35 from deposit taking institutions
– 33 from life insurers
– 37 from stockbrokers.
15
IR06-14 “Industry embraces early
notification of breaches” – May 2006
• Of the 690 breach notifications received since
1 July 2005:
– Licensees dealt with breach without ASIC
intervention in 431 cases
– ASIC is monitoring 63 cases
– ASIC has varied the conditions on 6 licenses
– surveillances are being conducted in 30 cases.
– formal investigations are underway in the case of
25 breaches.
16
Licensee Breach Notifications
Approach to breach notification:
• Err on the side of caution
• Maintain a breach register
– and clearly document decisions whether to
notify ASIC.
17
Catching the eye of the
regulator
• More likely to focus on those firms or
sectors with few or no breach
notifications.
• Risk based approach – ie focus on
impact & probability
– What is the impact of the risk crystallising
– What is the probability of the risk
crystallising
18
Breach notification guide updated
– May 2006
New sections explain:
– how ASIC handles breach notifications
– what ASIC takes into account in deciding
whether to take further action
– what Licensees can do to reduce the need
for ASIC to take action
19
EDR Scheme Reporting
Policy Statement 139
• Approved EDR schemes must report to ASIC:
– systemic issues
– serious misconduct
• Reports are lodged quarterly
• Most issues are reported to us without
identifying scheme members
20
EDR Scheme Reporting
• Quarterly scheme report - used by ASIC
to identify trends/emerging issues
• No enforcement action has yet been
taken based on information contained in
reports
• Issues referred to in reports generally
addressed by schemes
21
Annual Reports
• Scheme annual reports also deal with
systemic issues
• Often issues not legal breaches but areas of
major customer dissatisfaction
• An invaluable indicator of what should be
addressed by both firms and in self-regulatory
codes.
• The ongoing appearance of an issue is likely
to direct government’s mind to law reform.
22
Concurrent investigations
• Sometimes, there may be concurrent
ASIC/EDR scheme investigations into
systemic issues:
– Licensees may receive duplicate
notices/requests to product documents
– However the investigations generally have
different intended outcome
– In cases of genuine duplication we talk with
the EDR scheme to work out the best
approach.
23
Improving customer service –integrate
the consumer into compliance
At the end of the day remember the golden rules
of:
– Know your client
– Help them to understand what they need to
know about your product or service
– Understand their needs & wants
– Design & deliver products that meet them
– Continually monitor for problems & patterns
– Fix things when they do go wrong
– Tell the regulator if the problem is significant
24