Latest Products

Part II: Interview with Pip Bell

Tuesday 1 May 2018

Helping financial service providers keep up with changes in the regulatory landscape 

An Interview with Pip Bell from PMC Legal continued. Click here to go to part I of this interview.

One of the things mentioned in your presentation in March is that, despite the fact ASIC had ‘back-flipped’ ASIC Regulatory Guide (RG 97), they were still expecting product issuers to use their best endeavours to comply with the current requirements. What were some of the challenges with RG 97 and why has ASIC ‘back-flipped’ on this?
RG 97 is about fees and cost disclosure in Product Disclosure
Statements and periodic statements for managed investment and superannuation products offered to retail clients.
What the regulator wanted to do is improve the transparency and consistency of disclosures across different product providers so investors could better understand fees and costs and make more meaningful comparisons between products.
ASIC modified the law in a class order to achieve this objective, which was first issued in 2014. Unfortunately, perhaps, while it sounds simple, in reality it has not been so easy to achieve.
ASIC took a prescriptive rather than a principles-based approach, and this has proven difficult for the regulated population to apply in practice. Consequently, after consultation and industry agitation, a number of amendments were made to the class order, and the commencement of the new requirements was postponed to extend the transition period.
So, bearing in mind this was a 2014 class order, the hard compliance deadline upon which ASIC was insisting was 30 September 2017.
However, there were still a lot of concerns remaining about how it would actually be implemented in practice, as well as a number of industry participants who said they needed more time or that it was not possible to comply with the standard as written.
With the deadline looming, and the regulator insisting there would be no further extensions, product issuers went ahead, making significant investments, to incur significant costs in re-issuing their PDS’ to meet their deadline. Then, less than three months later, ASIC all-of-a-sudden agreed to continue the “facilitative approach” to compliance and commissioned an independent review of RG 97. That’s why we describe it as a “back-flip”. I guess, at the end of the day, it’s better late than never!
Ultimately, however, it is preferable that ASIC acknowledges there are problems with this policy, rather than not at all.
Their timing was very poor, though, and if they had been prepared to admit the shortcomings of the regime at an earlier point in time, plenty of money, time and energy could have been saved or at least put to better use.
In this second quarter of 2018, I believe we might see some movement from ASIC, and there are a list of the issues in the feedback they received. Some people are not confident there will be anything more than small changes, but it can’t hurt to consider it further. Hopefully, current lobbying efforts will prove more successful than previous ones.

This is a speculative question, but is this indicative of a change in the relationship between regulators and their regulated entities?
Since ASIC was restructured several years ago into stakeholder teams, there has been more of an outward focus. I also think there is a better understanding of the importance of communication with the regulated population.
APRA, as prudential regulator, obviously does a lot of that, and hopefully, the interaction taking place with this review will become something of a more normal ongoing dialogue. That would be helpful.
I do think, however, that ASIC are beginning to value more outside input. This is evidenced by the setting up of a number of advisory committees in recent tim
What are your thoughts on the Financial Adviser Standards and Ethics Authority (FASEA) draft Code of Ethics?

It’s interesting. FASEA has been established as an independent body to set training, education, and ethical standards for financial advisers who are giving personal advice to retail clients.
It will be phased in over the next few years, and the idea is to make financial advisers more educated and accountable for their actions.
Historically, we have had industry associations like the Financial Planning Association, and there are codes within those industry bodies, but the difference here is that compliance with the Code of Ethics will be a legal obligation. This means it will have more ‘teeth’. And, because FASEA has that independence, there will be more monitoring and oversight. Ideally, this will result in financial advisers taking ethics more seriously.
At the moment, the Code is in draft form. That came out on 20 March, with consultation remaining open until 1 June. That’s a nice length for a consultation period. Sometimes, there are more significant things that allow only two weeks, if you’re lucky!
There is some clear overlap between the Code of Ethics and some of the Corporations Act provisions that govern advice. ASIC will still, obviously, deal with breaches of the law in the same way they do now.
But, perhaps, FASEA’s sanctions might be invoked a little more quickly for code breaches, and in a less formal setting; hopefully, this will result in problematic behaviour being dealt with more swiftly, containing its impact before greater numbers of clients suffer higher losses.
That said, like any profession, there will always be a few ‘bad apples’ in the industry, but hopefully with the FASEA Code of Ethics, combined with other aspects of the regulatory regime, these incidents will be further and fewer between, and discovered before they can do too much damage.

Your presentation mentioned ASIC Regulatory Guide 259 (RG 259) as something to which responsible entities of registered managed investment schemes should be paying attention. Then APRA came out with a discussion paper looking Information Security Management. What kind of conversations are your clients having about information security? Is this something they feel that they have in-hand? Or do they just see this as belonging to the realm of the IT professional?
Earlier, I talked about the ‘f’ word. Well, another word that keeps coming up is the ‘c’ word—and that, of course, is ‘cyber-security’.
Just to give you a little background, RG 259 relates to the obligation of the financial services license holder to have in place adequate risk management systems. ASIC have given specialised guidance to responsible entities and registered schemes of what adequate risk management system looks like for that type of regulated entity.
We talked about it in our March presentation because 27 March marked the end of the 12-month facilitative compliance period.
So, we reminded responsible entities that they needed to be ready for RG 259, and cyber-risk is one of the risks mentioned in that guide. But cyber-risk is not limited to responsible entities, either—all licensees need to manage that risk.
There is also an obligation for licensees to have adequate technological resources, and to apply that in practice it means you must be sufficiently cyber-resilient to prevent malicious cyber activity from bringing your business to a grinding halt. I am not surprised to see APRA also looking to introduce a cross-industry prudential standard on information security management.
It is definitely not something you can leave to the IT department. Everybody needs to understand it. We have been helping our clients, particularly responsible entities, in the lead up to full compliance with RG 259 to include cyber-security as a risk that is managed and monitored. We also keep abreast of the warnings issued by the Australian Cyber Security Centre, and we encourage clients to do the same.
It is a risk we cannot completely eliminate. Indeed, cyber-security problems are pretty much inevitable. In the end, it’s about doing the best you can by minimising the impact of problems when they happen and mitigating the consequences.

Earlier this year, we also saw some discussion on whether ACCC or ASIC will become the lead regulator when it comes to competition in the financial services sector. What are the implications of the ASIC being given a competition mandate and does that add to your initial list of priorities from the conduct regulator?
Well, I guess there are a couple of things to note here. Competition in the financial system came up in the Financial System Inquiry report. Most things that form part of that conversation around regulation these days tend to come from that report.
So, last year, the Productivity Commission commenced an inquiry to review competition. They are due to provide their report by 1 July this year. 
As things stand, APRA, the Reserve Bank, ASIC and the ACCC have a role in supporting competition, and I quite enjoyed reading this quote from the Productivity Commission’s draft report in February, where they said, “In a system where all are somewhat responsible, it is inevitable that (at important times) none are.”
That is why the Productivity Commission wants to see a lead regulator for competition, and it is also why they have narrowed it down to either ASIC or the ACCC. Whichever agency gets that gig will need to make some structural changes in order to fulfil that function.
My guess is that it won’t have an immediate impact on ASIC’s priorities until the final report and recommendations come out or until any changes have been made into draft legislation and it has worked its way through parliament. Changes to the framework do tend to take a while to come to fruition.
However, on 28 March, we did have a Bill introduced to Parliament to amend the ASIC Act to include competition and its impact on the financial system, especially in relation to matters ASIC must consider when exercising its powers and performing its functions.
The competition mandate, to that end, will be coming in for ASIC, and in terms of the delineation of responsibilities between ASIC and the ACCC, there are already some areas where they operate in parallel.
The ASIC Act has provisions that mirror the unfair contracts terms and misleading deceptive conduct provisions found in the Competition and the Consumer Act.  ASIC has the regulatory responsibility concerning financial services. Everything else is the ACCC.
If it was carved up that way for the financial system, with the ACCC and ASIC, it would not be an entirely new concept; however, ASIC would likely need to look at bringing several new skills into the organisation because competition expertise is a specialised area.

While your presentation largely focused on ASIC priorities, are there any other regulatory changes in the financial services space to which businesses should be paying attention?
ASIC is the main regulator with which we and our clients engage most often, but we do look at what other regulatory bodies are doing as well.
One of these would be the Office of the Australian Information Commissioner, and with the notifiable breaches regime, we’ve been directing our clients to the guidance that the Australian Information Commissioner has issued.
We have also been looking at the changes to the existing external dispute resolution regime, with the Australian Financial Complaints Authority to take over from the existing three dispute resolution schemes later on this year.
Similarly, we pay attention to the anti-money laundering rules and guidance produced by AUSTRAC (as most of our clients are reporting entities) and, to a lesser extent, we observe regulatory developments involving the Australian Cyber Security Centre (as I previously mentioned), ASX, APRA, the Reserve Bank and, at a more global level, the International Organisation of Securities Commissions (IOSCO), which I like to think of as the UN of securities regulators.
To help our clients keep up-to-date with regulatory changes and developments, we produce a quarterly update summarising what’s been happening. The update also covers relevant reviews, inquiries and law reform.
There is definitely never a dull moment! Even for us, keeping abreast of all the detail is a challenge—but that’s what we are there to help with.