Australia: Part I: Section 912A Corporations Act - Compliance, or a recipe for running a successful business?

This is the first part of a two-part blog series about the compliance obligations contained in section 912A of the Corporations Act, and how they can be considered, not as legislative obligations, but as ingredients for running a successful business. This part will cover the introduction to s912A of the Corporations Act, unpacking each obligation as an "ingredient" and how they eventually come together.

One of the problems with reading legislation is that it is sometimes drafted in a way that obscures its true purpose. (I apologise to any parliamentary counsel that may be reading this article.)

Take s912A of the Corporations Act for example. This sets out the general obligations of a financial services licensee. It reads like a list of things you must do and, of course, in one sense, it is exactly that. A list consists of separate items, so, unfortunately, that is the way we think of them. One needs to:

• "do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly" – nice and specific; very helpful; thanks for that – no internal tensions there!;
• "have in place adequate arrangements for managing conflicts of interest" – OK done, yeah right!;
• "comply with the conditions on the licence" – well, that seems easy enough, until I find out that not all the conditions are actually on the licence, but are also to be found in Corporations regulation 7.6.04, and in ASIC legislative instrument CO 14/923 (just thought I'd slip those in);
• "...have adequate risk management systems."

I could go on, but it is not my purpose to exhaustively list the 10 obligations in s912A or to point out the difficulties. What I'd like to do is to simplify things and get to what this section is really on about.

It's a recipe; not for baking a cake, but for running a successful business. It is about governance.

Like a recipe, it's not the individual list of ingredients that produces the magic; it's the way they come together.

The first obligation to "do all things necessary..." is really a general description of the cake we are about to bake. It's saying we are about to list the ingredients that will produce a cake that is not only yummy, but is actually good for you as well. Translation: "We are going to produce a business that is not only efficient (contributing to a healthy and profitable sector of the economy), but that also produces good outcomes that are just and fair for clients and consumers". Although these intended outcomes compete with each other to some extent, we are going to find a balance that achieves all of them to some degree.

There then follows the list of ingredients - or business/governance systems. The conflicts of interest framework, the risk management framework, the dispute resolution system (including internal complaints handling procedures), the training measures, the supervision (or monitoring and supervision requirements) and the requirement to have adequate IT, financial and human resources. If all of these systems are in place, and if the information from each system is informing the others, the result will be a well-run business that is profitable for its owners, and that also achieves good outcomes for its clients/customers.

For example, identifying the risks to our business, and how to control those risks, should be informed by information received from our complaints handling system. This information will also inform our controls such as monitoring and supervision and training. Identification of conflicts of interest will enable us to identify more risks and work out how to control them. It will lead to considerations such as whether we have the right IT systems, do we have the right people and enough of them in the right places, not just in the compliance department, but in marketing and business development and all the other areas we need to run the business well, and do we have the money to pay for all the things we need? Do our staff need upskilling, not just in compliance but in our business activities (the financial services covered by the licence)?

Understanding the ingredients of the cake requires us to know who our " representatives" are. This is a defined term in the Act. It includes our directors. (There is a tendency to look down and out, not as in "appearing down and out" but as in looking down the hierarchical chain and across it rather than up.) Are our directors trained in relation to governance? Does our conflicts management extend to them? Are they setting the right cultural tone for the business? Our representatives also include "anybody acting on behalf of the licensee". This is a question of fact rather than one of design. Might there be people that others think are acting on behalf of the business even though they are not properly or formally authorised to do so? This can be as much a matter of appearance as anything else.

Stay tuned for the second and final blog which will discuss what steps you can take in light of the above information, including the review of business registers, convening regular board meetings, and taking a risk-based approach to your business and its systems.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.