Breach Reporting : A shortcut to avoiding a regulatory uppercut

"An easy and cost-effective way to effectively minimise breach reporting – Parapliance - Trustworthy, Robust and Independent Pre-Vetting (review) of financial advice."

The Move towards Independent Pre-Vetting of Financial Advice

Although Licensee post-vetting of advice helps to detect advice and implementation issues and has many other benefits, it does little if anything, in prevent them from occurring.

Let’s face it, prevention is better than cure so it makes sense that you should pre-vet your advice.

The vast majority of reportable matters will likely relate to the provision of financial advice. Additionally, once advice has been given the opportunity of prevention and making changes to the advice is gone, and the issue now becomes all about remediation, which can have massive consequences to your bottom line, professional indemnity insurance, future business, and reputation.

Regular pre-vetting of advice can help to avoid ‘sleepers’ (issues that go undetected for relatively long periods of time) that have the real potential to significantly damage if not end a financial advice business.

As seen below breaching best interest duty and/or appropriateness of advice is classified as a ‘deemed significant breach’ meaning you must report those breaches to ASIC as those obligations are civil penalty provisions.

The increasing move towards self-licensing and generally a greater desire for quality control means that an easy way to safeguard against such a scenario is to have a reasonable proportion of your advice pre-vetted by a trustworthy and independent compliance professional.

Incorporating a review into the advice creation process you can quickly and cost-effectively create and review advice significantly increasing the quality of advice and reducing the risk of having to breach report.

The Nitty-Gritty – The Who, What and the How

Investigating and remediating misconduct

These new amendments will update s912 of the Corporations Act 2001 and capture two categories:

1. reportable situations about core obligations (referred to as core reportable situations); and

2. additional reportable situations

Who does it apply to and what is it?

Notify, Investigate, Remediate, Keep Record obligations are to start on 1 October 2021 and applies to AFS Licensees and their representatives. Breach reporting obligation requires licensees to self-report specified matters to ASIC.

According to ASIC (21-080MR) entities are not required to report every instance of non-compliance or trivial breaches, but a targeted set of ‘reportable situations’ defined under the law.

Operationally Licensees will be required to adhere to 4 Key areas.

1. Notify

• (Part A) – Take reasonable steps to notify clients affected by certain breaches of the law in writing within 30 days of the breach.

• (Part B) - Take reasonable steps to notify affected clients in writing of the outcome of the investigation within 10 days of the investigation end date.

2. Investigate - the nature and full extent of those breaches within 30 days of identification

3. Remediate - take reasonable steps to pay affected client’s remediation of an amount equal to the loss or damage within certain timeframes (within 30 days of investigation concluding).

4. Keep records - Licensees must also maintain records to show compliance with these obligations.

How do I know when my obligations are triggered?

Start by checking that:

1. Personal advice (excludes general advice) was provided to a client

2. You have reasonable grounds to believe that a relevant reportable situation has occurred.

3. You reasonably suspect that the affected client suffered, or will suffer loss or damage as a result of the relevant reportable situation

4. You reasonably suspect that the affected client has a legally enforceable right to recover the loss or damage from the licensee.

What’s a Relevant Reportable Situation?

A significant breach of a 'core obligation' (section 912D(1)(a) of the Corporations Act would constitute such a situation and/or conduct that constitutes gross negligence or serious fraud. Furthermore, ‘Core obligations’ mirror the existing obligations that may need to be reported to ASIC if they are breached.

Core Obligations are broad and (e.g., including obligations under Chapter 7 of the Corporations Act and Division 2 of Part 2 of the ASIC Act) cover items relating to general licensee obligations such as ensuring that representatives are adequately trained and to take reasonable steps to ensure that its representatives comply with financial service laws (e.g., pre and post vet advice review/audit: Quality of advice and failure to act in interests of the client (civil penalty provision) to adequate compensation arrangements.

From RG78 (attachment 1 to CP 340), according to ASIC Figure 1 above shows that Reportable situations that do not require a determination of significance before being reported to ASIC are shaded dark blue and as such Licensees must report breaches (or investigations that take longer than 30 days to determine significance of a breach has or will occur) committed by the licensee and by its representatives.

Therefore, Licensees will still need to assess and make a subjective determination of significance prior to reporting to ASIC that fall outside the above dark blue boxes i.e. you are only required to report breaches (or likely breaches) of core obligations that are ‘significant’ (covered s912D (5) of the Corporations Act 2001 (Cth))

Deemed Significant Breach

Generally, ‘Deemed a significant breach’ comprises of a breach where:

1. 1. The offence is punishable on conviction by a penalty that may include imprisonment for:

   1. three months or more if the offence involves dishonesty; or

   2. 12 months or more in any other case.

2. Breaches that result, or are likely to result, in material loss or damage to clients, or to members of a managed investment scheme or superannuation entity, For example:

   1. If you identify conduct by financial advisers acting as your authorised representatives that indicates they have failed to comply with their duty to act in the best interests of clients (in breach of s961B of the Corporations Act) or provide appropriate advice (in breach of s961G of the Corporations Act), you must report those breaches to ASIC as those obligations are civil penalty provisions.

Loss or Damage

‘Loss or damage’ in the context of the deemed significance test has its ordinary meaning, which is extensive. The term includes financial and non-financial loss or damage.

‘Material loss or damage’ is not defined however the Parliamentary intent in the Explanatory Memorandum (Financial Sector Reform (Hayne Royal Commission Response) Bill 2020) states that such materiality may vary for each person and will depend on the person’s circumstances which may include the persons financial situation.

The total loss or damage to persons resulting from the breach may, when aggregated, amount to material loss or damage to persons, thereby satisfying the significance requirement.

Finally, ‘likely to result in material loss or damage’ is intended to mean that there is a real and not remote possibility that loss or damage will occur as a result of the breach.

Legally enforceable right

The relevant legally enforceable right against the licensee is the right to seek to recover loss or damage the client suffered or will suffer as a result of the reportable situation. In this sense, it does not require that an affected client already has an enforceable judgement against the licensee, but rather, a right to seek recovery of the loss or damage e.g., fees for no service.

After investigation a licensee may conclude that there is no liability to remediate as the licensee does not have reasonable grounds to believe that a client suffered or will suffer loss or damage to which they have a legally enforceable right to recover. These may include circumstances where at the end of the investigation:

• the licensee finds that there were no clients affected by the reportable situation; or

• the client does not have a cause of action, or does not have a legally enforceable right against the licensee in relation to the reportable situation; or

• the client suffered no loss or damage as a result of the reportable situation.

Nikolas Kloufetos, Managing director, Advice Compliance Support

Disclaimer: Advice Compliance Support makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Inadvertent errors can occur and applicable laws, rules and regulations may change.

The information contained in this article is general and is not intended to serve as advice be it legal advice/opinion or otherwise. No warranty is given in relation to the accuracy or reliability of any information. Users should not act or fail to act on the basis of information contained in this article or on this site. All data and information provided here and on this site is for informational purposes only.