This is the second part of a two-part blog series on the outcome and the lessons learned from ASIC's Report 515. (To read the first blog, and to read our first 3 lessons, click here.)

Lesson 4 – Consider these factors when auditing advisers:

ASIC reviewed a sample of files that had been subject to the licensee's "business as usual" audit. ASIC observed a wide variety of adviser audit processes – sometimes even between licensees within the same institution. Overall, ASIC's review showed that there were deficiencies in the effectiveness of the licensee's audit processes. ASIC found that the audit process was effective in only 18% of files reviewed – that is, the findings by the licensees' auditors aligned with ASIC's own file review.

ASIC observed that the auditor often failed to identify advisers who had not (a) demonstrated compliance with the best interests duty or satisfied the safe harbour steps (b) provided advice that was appropriate for the customer; and (c) prioritised the customer's interests over those of the adviser or related parties.1

ASIC also observed that auditors commonly assessed advisers as demonstrating compliance with the best interests' duty and related obligations, despite the customer file containing incomplete documentation.2

What you can do:

Review Appendix 3 of the Report which contains a checklist which sets out the factors for advice licensees and compliance consultants to consider when auditing advisers to determine whether they have demonstrated compliance with the best interests' duty and related obligations when providing personal advice.

Lesson 5 – Report breaches in a timely manner:

ASIC directed that each institution identify the advisers about whom they had compliance concerns. As part of the project, the institutions notified ASIC of 149 advisers. However, out of this number, 73 advisers had not been the subject of a breach report or other notification to ASIC. Where breach reports were provided, they were often late.

Not every instance of adviser non-compliance will trigger the need to lodge a breach report with ASIC. However, when adviser non-compliance is identified, and results in a significant breach or likely breach of the licensee's obligations, it must be reported to ASIC in a timely manner.3 ASIC is concerned that any delay may affect the breach report to ASIC and increase the risk of customer loss or detriment.

What you can do:

Establish a healthy breach reporting environment. In a healthy compliance culture, you'll find lots of breaches that have been identified and handled properly. If you identify a breach and that breach is 'significant' according to the test in s912D of the Corporations Act, you need to report it to ASIC as soon as practicable, and no later than 10 business days, after the licensee becomes aware of the breach, or likely breach.

Also keep in mind that ASIC's Enforcement Review Task Force is currently reviewing breach reporting requirements generally, with a view to appropriate regulatory reform being considered.

Lesson 6 – Communicate clearly about remediation:

ASIC engaged with each of the institutions to oversee the development and implementation of a customer review and remediation framework consistent with the principles in RG 256 Client review and remediation conducted by advice licensees. Since July 2015, ASIC held regular meetings with each of the institutions to oversee the development and implementation of their review and remediation framework and provide feedback. During this phase of the project ASIC consistently found that there was room for improvement in the quality of the communications with customers. Common areas in which ASIC required improvement included being clear about the purpose of the communication and setting out clearly the steps the customer can take to assist the progress of their remediation assessment.

What you can do:

Consider developing a customer information brochure to be sent with the initial customer communication. ASIC has been encouraging each of the reviewed institution to develop this as part of their finalised customer communication documents.

Lesson 7 – Culture is key:

Finally, ASIC is concerned about culture because it is a key driver of conduct within the AFS licensees it regulates. It is an issue that ASIC has highlighted for the financial services industry in general, and not just for large banking and financial services institutions.4 Where there are systemic failures in an organisation, the culture of that organisation is very likely to have been a contributing factor. This is because ASIC sees culture as a driver of conduct.

All of the institutions reviewed publicly stated that their core values included being customer focused, 'doing what is right' for customers, and acting with integrity.5 ASIC however found that despite these stated values, cultural factors in the institutions contributed to the failures it observed.

ASIC recognises that there is no single measure or action that will raise standards and improve culture across the financial advice industry. Rather, it is the combination of broad industry reforms as well as the work within advice firms that will improve consumer trust and confidence.6

What you can do:

A key starting point for a good compliance culture is developing your firm's values, and ensuring that these are implemented in practice. Decisions about an organisation's values begin at the top. Leaders need to ensure that firm values are understood throughout the organisation, and are "lived" by employees as part of their day to day roles.7

Next steps:

It is likely that ASIC will in future refer back to this Report when engaging with licensed advisers, with a view to identifying the extent to which advisers have taken on board the key messages ASIC has sought to deliver. So make sure that you are prepared by reading the Report and using the checklists and guidance to develop and improve your processes.


1 Para 272, Report 515.

2 Para 273, Report 515.

3 Para 166, Report 515.

4 Para 64, Report 515.

5 Para 68, Report 515.

6 Para 71, Report 515.

7 Corporate culture, corporate values and ethics, an edited version of ASIC Chairman, Greg Medcraft's speech at the launch of the Inaugural Governance Institute Ethics Index.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.