Pressure Points: Compliance and governance in financial services in the age of Covid-19 (Australia)

This article is the third in a series by our financial services team which will explore the practical implications of Covid-19 on the financial services industry and our clients' businesses, following our articles on disclosure and operational issues.

This edition will examine how the standards, procedures and processes in regulatory compliance and governance that are being affected by Covid-19 are reflective of the particularly unique circumstances that prevail under Covid-19.

Setting the compass

The circumstances in which financial services businesses are now required to operate are, not surprisingly, vastly different from those that prevailed prior to the onset of Covid-19.

What financial institutions need to know as a priority, however, is how these circumstances affect, shape, temper or otherwise interact with a range of legal obligations, under statute and general law.

First, there is the question of whether these circumstances do have some impact and effect on a variety of legal obligations. The answer, in our opinion, is resoundingly yes.

The overarching reason for this is because a vast number of legal obligations are framed in terms of a standard of conduct which contains, deliberately, some fluidity and elasticity.

This trait is a very deliberate feature of much legislation and other law, which seeks to be fluid to accommodate evolving circumstances. A classic example is the standard of reasonable care historically under the general law (ie negligence which is now also a staple regulatory standard of conduct under statute.

The interesting aspect of this in-built elasticity is that it can adjust itself not just to industry standards of conduct (such as community expectations) but also to market conditions.

We will provide some examples of this phenomenon in four different areas.

1. section 912A of the Corporations Act;
2. statutory regulatory duties involving reasonable steps;
3. general law (common law); and
4. compliance standards.

Section 912A of the Corporations Act

As we know, this provision is now a civil penalty provision and it covers a raft of different obligations relating to the provision of financial series (see our previous edition) specifically dealing with the obligation of efficiency, honesty and fairness under section 912A).

It is appropriate to start with an analysis of efficiency, honesty and fairness from the point of view of what we have called the Covid Syndrome (CS).

Honesty is a standard of conduct that is less likely, for obvious reasons, to be affected in its scope by the CS. Last year, a new definition of “dishonesty” was introduced under the Corporations Act to provide that conduct is dishonest if it is “dishonest according to the standards of ordinary people”. The effect of this change is that unlike the test for dishonesty in the Criminal Code, it is no longer necessary to prove that the defendant knew that the relevant conduct was dishonest or had intended to act dishonestly, thereby lowering the threshold for dishonesty for the purposes of the Corporations Act.

However, the concepts of "efficiency" and "fairness" are more likely to be affected by the impact of the CS. In other words, what can be achieved and measured as efficiency will likely be impacted by the practical and operational constraints caused by the CS.

For example, the provision of efficient financial advice can depend on resourcing constraints, processing constraints and systems constraints, which are all affected to varying degrees by the CS. Moreover, each organisation may be impacted in different ways and to different extents.

This is not to say that the CS can excuse non-compliance with specific legislative or general law obligations. But it can affect the scope and content of general conduct obligations under legislation and general law. ASIC has stated that while it is prepared to provide support to entities in assisting them to respond to CS, it expects them to continue to treat customers fairly, and for financial services licensees to continue to act fairly, honestly and efficiently. There will be a point where CS disruption no longer just affects the scope and content of the general conduct obligations, but means that services can no longer be performed efficiently, honestly and fairly, which may in turn impact on the ability of the relevant financial institution to charge fees for the services.

A good example is the operation of call centres where compliance is a key part of providing financial advice and monitoring of the advice is a key part of compliance. In circumstances where staff are by necessity working from home, recording of phone calls, which otherwise might be regarded as efficient and fair, as well as part of a good compliance framework, may not be possible. So the standard of conduct, which includes the appropriate supervision of the provision of financial services, must reflect these practical exigencies to a reasonable degree. If recording is not possible, then other replacement measures may be needed. The CS may justify changing the makeup of the licensee’s compliance arrangements (eg to include more frequent training and other monitoring) if it is really not possible to record calls for people working at home. This is where the compliance framework intersects with the business continuity plan.

Dealing with the issue of a financial product interest might ordinarily mean processing the application within a certain reasonable timeframe (see discussion on section 1017E below). However, where administrative constraints are caused by the CS, one can see how this standard of conduct can be tempered/affected by the CS.

The next relevant obligation in section 912A is the obligation to have in place adequate arrangements for the management of conflicts of interest. Here some fluidity exists in the concepts of both "adequate" and "management".

What is adequate and constitutes management of conflicts may depend on what is both possible and practical under the CS. While the question of adequate is likely to be an objective test, the CS can be relevant to the question of why the arrangements were still adequate in the circumstances or alternatively, why they were not adequate despite the CS.

Having weekly compliance meetings where conflicts issues are addressed may need to be altered because of staffing issues (including employment restrictions) or systems issues (including diversion of, or limitations on, systems and resources) to prioritise other operational issues (such as dealing with redemptions and liquidity issues).

Another example of the CS at work is the obligation to take reasonable steps to ensure that representatives comply with financial services laws (section 912A(1)(ca)). As we will see later in this discussion, what is reasonable can again be impacted by the CS in terms of available resources, systems etc.

The same is true in relation to the obligation to have adequate resources to provide relevant financial services (section 912A(1)(d)). As noted above, there will be a point where CS disruption no longer just affects the scope and content of the obligation but means that the licensee does not have adequate resources to keep providing the services. While CS can move the line in relation to what are adequate resources, there is a point beyond which the resources are no longer adequate and need to be supplemented (and the CS cannot exempt the need to supplement to that minimum standard).

Standards involving reasonableness

There are a myriad of provisions in relevant pieces of legislation regulating financial services which utilise the standard of reasonableness as a benchmark, including:

• the Corporations Act;
• the ASIC Act;
• the Life Insurance Act;
• the Superannuation Industry (Supervision) Act; and
• the Banking Executive Accountability Regime (BEAR) and Financial Accountability Regime (FAR) legislation.

An example that we have already addressed to some extent in our previous disclosure edition is the requirement to disclose information in a product disclosure statement (PDS).

Under section 1013F of the Corporations Act, information can be excluded from a PDS if it would not be reasonable to expect to find the information in the PDS. Sub-section 1013F(2)(c) provides that a relevant factor capable of being taken into account is "the kinds of things such persons may reasonably be expected to know".

In the CS world, certain events such as the existence of the pandemic phenomenon itself, the fact that markets have been disrupted, and the fact that the Government has allowed early withdrawal of superannuation benefits may all fit within this umbrella. This aspect is addressed specifically in section 1013F(2) of the Corporations Act, which permits the taking into account of “the kinds of things such persons may reasonably be expected to know”.

But, beyond this, there are many provisions of this and other laws which impose obligations in the nature of "reasonable steps"; for example, section 961L of the Corporations Act, which provides that a "financial services licensee must take reasonable steps to ensure the representatives of the licensee comply with sections 961B, 961G, 961H and 961J”.

Such an obligation of reasonable steps applies in other legislative regimes such as the BEAR and the proposed FAR, where various obligations exist on an entity as well as on an accountable person to take reasonable steps to ensure compliance with a particular standard. In the case of BEAR, there is a standard of reasonableness within a standard of reasonableness, where the entity must take reasonable steps to ensure that each of its accountable persons meets his or her accountability obligations, with such accountability obligations including the obligation to act with due skill, care and diligence.

Of course, what are reasonable steps or a reasonable standard of care are likely to be impacted by the extraordinary circumstances of the CS, at least temporarily.

Notwithstanding the above discussion on reasonable standards, we have found that appropriate governance standards are being approached slightly differently, particularly with the overlay of BEAR where that is applicable. Most financial services providers have implemented some form of a Covid-19 Response Team involving stakeholders from across the business with an executive management lead point of contact, which is taking over the day-to-day governance and management of the Covid-19 response. The role of the Covid-19 Response Team is critically important for a number of reasons not covered here (eg communication), but its role in enhancing the governance of a financial services provider is important. The Response Team will be amassing an enormous amount of information during this time, which is essentially stress testing each element of the business continuity plan to allow the provider to update it going forward to include, for example, additional back-up/alternative business processes to ensure continuation of critical business services.

General law

The classic example of the application of the standard of reasonableness to general law is in the area of the tort of negligence. Here, the concept of reasonable care could very well be affected by what is possible, practical, and feasible under the CS.

An example might be that ordinarily, work performed by an organisation might have safety precautions which, because of the lack of mobility of staff, might be temporarily impacted.

Of course, in evaluating what is reasonable, one must look at other ways of acting reasonably that might still be possible under the CS and where not possible, may require activity to be suspended or modified.

Compliance and governance standards

Compliance is a broad area of focus for financial services licensees. To narrow down its compass, one can start with a key area of supervision.

As indicated earlier in this discussion, supervision standards by necessity are subject to resourcing and systems constraints. Again, this area may be one where the CS effect is only of temporary impact.

A question arises as to whether it is legitimate that these obligations are subject to such constraints. This question is somewhat beside the point. The point is that compliance standards will by necessity be affected to an extent by what is possible, viable and reasonable. As observed earlier, there is again a line beyond which compliance standards cannot be reduced and the financial service should not be provided as it cannot be provided to an appropriate standard. Here, what is reasonable may be raising or using additional capital to invest in better business continuity measures and alternative monitoring systems to minimise disruption to the compliance framework.

To some extent, technology can overcome many practical difficulties caused by the CS but it will not always be the case.

Outsourcing is a prime example. Where compliance is outsourced to a third party supplier where resourcing or systems are affected by the CS, then naturally, usual compliance standards are likely to be affected.

It is then a question whether the reduction of compliance levels is reasonable in all the circumstances.

There are some particular limbs of section 912A of the Corporations Act that are relevant in this context, as follows:

1. (section 912A(1)(d), which requires adequate resources, including financial, technological and human resources, to provide the financial services covered by the relevant licence and to carry out supervisory arrangements;

2. section 912A(1)(aa) relating to management of conflicts of interests also employs the concept of adequate arrangements; and

3. section 912A(1)(f) refers to the concept of “adequately trained”.

The CS definitely can impact on all these areas. Does this mean that a licensee is in breach if there is a marked difference in these areas during the CS as opposed to prior? It is suggested that one must look at this issue holistically and not just at a particular moment. If there is a deficit, then the licensee should be afforded a reasonable time to shore up its resources and supervisory capabilities.

So again, it is suggested that, particularly due to the unusual phenomenon of the CS, a particular moment in time test is not the appropriate test point.

Risk management

The CS brings with it new risks that will need to be evaluated and responded to. In many cases, the risks are novel.

This in itself presents challenges from a risk management perspective. Identifying and responding to these risks is part and parcel of a licensee’s dynamic risk management framework and capability.

At the same time, the CS will in some organisations place stress on the risk management ecosystem in terms of pre-CS risks.

Both of these areas will no doubt be the focus of a financial institution’s risk function.

Evidence of consideration and documentation of these issues and the organisation’s response are already a first step in the management of these issues.

Action

We would welcome any examples, case studies or questions you might have in relation to the above and encourage you to email our team.

Click here to read the first article in our series

Click here to read the second article in our series