Section 912A Corporations Act – Compliance, or a recipe for running a successful business?
One of the problems with reading legislation is that it is sometimes drafted in a way that obscures its true purpose. (I apologise to any parliamentary counsel that may be reading this article.)
Take s912A of the Corporations Act for example. This sets out the general obligations of a financial services licensee. It reads like a list of things you must do and, of course, in one sense, it is exactly that. A list consists of separate items, so, unfortunately, that is the way we think of them. One needs to:
- “do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly” – nice and specific; very helpful; thanks for that – no internal tensions there!;
- “have in place adequate arrangements for managing conflicts of interest” – OK done, yeah right!;
- “comply with the conditions on the licence” – well, that seems easy enough, until I find out that not all the conditions are actually on the licence, but are also to be found in Corporations regulation 7.6.04, and in ASIC legislative instrument CO 14/923 (just thought I’d slip those in);
- “…have adequate risk management systems.”
I could go on, but it is not my purpose to exhaustively list the 10 obligations in s912A or to point out the difficulties. What I’d like to do is to simplify things and get to what this section is really on about.
It’s a recipe; not for baking a cake, but for running a successful business. It is about governance.
Like a recipe, it’s not the individual list of ingredients that produces the magic; it’s the way they come together.
The first obligation to “do all things necessary…” is really a general description of the cake we are about to bake. It’s saying we are about to list the ingredients that will produce a cake that is not only yummy, but is actually good for you as well. Translation: “We are going to produce a business that is not only efficient (contributing to a healthy and profitable sector of the economy), but that also produces good outcomes that are just and fair for clients and consumers”. Although these intended outcomes compete with each other to some extent, we are going to find a balance that achieves all of them to some degree.
There then follows the list of ingredients – or business/governance systems. The conflicts of interest framework, the risk management framework, the dispute resolution system (including internal complaints handling procedures), the training measures, the supervision (or monitoring and supervision requirements) and the requirement to have adequate IT, financial and human resources. If all of these systems are in place, and if the information from each system is informing the others, the result will be a well-run business that is profitable for its owners, and that also achieves good outcomes for its clients/customers.
For example, identifying the risks to our business, and how to control those risks, should be informed by information received from our complaints handling system. This information will also inform our controls such as monitoring and supervision and training. Identification of conflicts of interest will enable us to identify more risks and work out how to control them. It will lead to considerations such as whether we have the right IT systems, do we have the right people and enough of them in the right places, not just in the compliance department, but in marketing and business development and all the other areas we need to run the business well, and do we have the money to pay for all the things we need? Do our staff need upskilling, not just in compliance but in our business activities (the financial services covered by the licence)?
Understanding the ingredients of the cake requires us to know who our “representatives” are. This is a defined term in the Act. It includes our directors. (There is a tendency to look down and out, not as in “appearing down and out” but as in looking down the hierarchical chain and across it rather than up.) Are our directors trained in relation to governance? Does our conflicts management extend to them? Are they setting the right cultural tone for the business? Our representatives also include “anybody acting on behalf of the licensee”. This is a question of fact rather than one of design. Might there be people that others think are acting on behalf of the business even though they are not properly or formally authorised to do so? This can be as much a matter of appearance as anything else.
So, I encourage you every so often to pull out your various registers and put them side by side.
Look at the training register – does the training content address issues that have been picked up by your monitoring and supervision program?
Does your incident reporting result in items being added to your risk management framework?
Does it trigger questions such as “did this occur due to a lack of resources?”
Are we missing out on business opportunities because we don’t have any latent capacity to pursue them?
When your perspective about section 912A changes, compliance (terrible word that) becomes so much easier because you realise it is not about compliance, it is about running a good business; and that is something we all genuinely want to do.
Most of the licensees and financial advisers I meet are sincere in wanting to treat clients and operate their professional advice businesses well.
Here’s the thing, many of the well-run businesses are doing some or all of the things required by s912A without thinking of them in that way.
If you’re having regular board meetings and the board is considering such things as risk management, operations, people and finance, if you have committees and reporting lines appropriate to the size of the licensee so that you know what is going on in the business, and if you’re considering regulatory obligations as a routine part of business decision making, then you will be doing most of the things required by s912A.
However, recognising s912A has something to say about running a good business, I encourage all licensees to look at the list of ingredients and see what the ASIC has to say about them in its regulatory guides and in the Australian or international standards referred to in the regulatory guides.
There is, for example, some excellent material in the standard on risk management.
Conceptually, the risk management framework could provide an umbrella under which the other systems required by s912A could sit; or, at the risk of carrying my first analogy too far, a binder for keeping the list of ingredients together.
For example, the risk of breaching the law is a regulatory risk to the business, the risk of having inadequate IT resources, financial resources or human resources is an operational risk – as well as regulatory risk – to the business, conflicts of interest present a risk to the quality of our decision-making and advice service delivery.
Controls for these risks include ensuring we have appropriate resources, good monitoring and supervision, training, and good dispute management, etc.
In other words, our risk management framework brings all the ingredients together in the form of either identified risks or controls.
By using your risk management framework as a binder to hold the various ingredients together you can take a risk-based approach to your business, which leads to an efficient allocation of resources in achieving our business objectives.
In this way the risk management framework becomes a key tool in managing the tension inherent in the “efficiently, honestly, and fairly” obligation referred to at the beginning of this article.
If you need to pull your risk register, or any of the other registers, out from under the computer monitor, where it is performing the ergonomic function of ensuring correct monitor height, or have had to blow the dust off, please read this article again.
Author: Grant Holley (Managing Partner)
This article was first published in Money Management.