Who gets a map in the misconduct maze?

This article has been taken from the NMP education library which has now moved to Advisely

If ASIC’s goal is to make its regulatory framework appear less byzantine, though, the latest guidance on advisers’ new breach reporting obligations isn’t doing the regulator any favours. The refreshed obligations expand the definitions of reportable situations, establish a 30-day breach reporting timeframe and require that ASIC be notified of any investigations into whether a breach has occurred if said investigation takes longer than 30 days. 

Core obligations

The definitions of “reportable situations” are split into four categories. These are:

• significant breaches or likely breaches of core obligations
• investigations into the above 
• additional reportable situations
• reportable situations about other licensees

Recursion aside, you might be wondering what constitutes a “significant breach of a core obligation”. Or, in fact, what a core obligation actually is. 

Refer to a list of definitions contained in sections 912A and 912B of the Corporations Act – although the core obligations in section 912A(1)(c), which refers to compliance with financial services laws as defined in section 761A, only pertain to “those parts of the definition set out in s912D(3)(b).” 

Pretty straightforward, right?

Significance 

Now, as to what constitutes a significant breach: for advice licensees, significance is determined based on breaches of section 912D(4) of the Corporations Act and can include:

• breaches that constitute committing an offence punishable by three months or more of imprisonment if dishonesty is involved, or 12 months or more in any other case
• breaches of relevant civil penalty provisions
• breaches of section 1014H(1) of the Corporations Act or section s12DA(1) of the ASIC Act
• breaches that result or are likely to result in material loss or damage to clients

On the last point, “material loss or damage” isn’t explicitly defined, but ASIC recommended licensees take heed of the contents of the explanatory memorandum accompanying the Financial Sector Reform (Hayne Royal Commission Response) Bill 2020. This document refers to both financial and non-financial loss or damage, which is dependent on the affected person’s (or group’s) circumstances.

Investigations

As laid out in the four categories above, though, it’s not just significant breaches that need to be reported to ASIC – investigations into potential breaches need to be reported as well if they take longer than 30 days to complete. 

What, then, constitutes a reportable investigation? It’s hard to say. ASIC acknowledges that the term “investigation” is not defined within the relevant legislation and, as a result, points to the aforementioned explanatory memorandum. 

In turn, this memorandum points to the definition of “investigation” in the Macquarie Dictionary: “a searching inquiry in order to ascertain facts”. 

That same document refers to a “relevant factor” for consideration when a licensee is determining whether an investigation is actually taking place: whether or not there is “information-gathering” or “human effort” happening which is directed towards finding out whether a breach has occurred or will occur. 

Other reportable situations

There is an additional catch-all category for reportable situations that fall outside of the above. These “additional reportable situations” include circumstances where you or an authorised representative engages in conduct constituting gross negligence in the course of providing a financial service or commits serious fraud.

That list isn’t exhaustive, though: ASIC notes that other reportable situations for advisers may arise in circumstances referred to in section 912D(2)(c) or the Corporations Act and recommends that advisers and licensees “check to see whether the regulations have specified any further additional reportable situations”. 

Reporting other licensees

The fourth category of reportable situations specified in the draft RG 78 refers to advisers and licensees’ obligations regarding other licensees. Under the updated rules, you’re now required to report to ASIC if you become aware that a reportable situation – but not an investigation – has occurred at another licensee.

This report, which also needs to be provided to the licensee you’re reporting, has to be submitted within 30 days of your becoming aware of the reportable situation or civil penalties may apply. 

However, you won’t be required to report another licensee if there are “reasonable grounds” to believe ASIC is aware of both the reportable situation and all of the information that would be required in your report about it. 

As the AFA pointed out in its submission to the breach reporting consultation, the “ASIC is aware” exemption is quite difficult to parse.

The submission posed a question: “In terms of the provision that a licensee doesn’t need to report if there are reasonable grounds to believe that ASIC is already aware, how would one licensee know if another licensee had already reported it? 

“In the case of a licensee that has already reported an adviser from another licensee on a specific matter, are they required to report that adviser on another matter in the event that they subsequently become aware of it?” 

One rule for thee

Commenting more broadly on the breach reporting guidelines, AFA (now FAAA) also expressed its amazement that their scope was limited to advisers and mortgage brokers. 

“If these obligations are appropriate to apply to financial advisers and mortgage brokers,” the submission argued, “then they are equally applicable to product providers. Why is it that the obligation to notify clients is not replicated with product providers?”

The submission continued: “We know that ASIC is not responsible for the law, however, this is just one more case where the Banking Royal Commission law reform has focussed on small businesses, as opposed to the large institutions, who were the focus of the Banking Royal Commission. 

“The banks were a big part of the Royal Commission hearings, however basic banking products have been excluded from this regime.”

The AFA (now FAAA) concluded by expressing its general concern about the complexity of the breach reporting legislation while acknowledging that ASIC was not responsible for its design or creation.