Enforceable Undertakings – what you need to know as a licensee
An enforceable undertaking, or EU, is an undertaking offered to ASIC, by what we affectionately refer to as “the Pingee”, which sets out in writing certain actions that the Pingee is prepared to undertake to address ASIC’s concerns. Those concerns will usually have arisen from a surveillance or investigation conducted by ASIC. Typically, that surveillance or investigation will have involved the issue of notices by ASIC to gather documentary and, perhaps, oral evidence.
The objective of the Pingee in offering an EU is, of course, to prevent further action by ASIC. That action may, depending upon the matters that ASIC is concerned about and the extent of the evidence it has gathered, be of a criminal, civil penalty or administrative nature. ASIC’s objective in accepting an EU is to obtain a good regulatory outcome without having to conduct proceedings which would require it to prove its case and that may result in an outcome that is less flexible or less comprehensive. If the Pingee breaches the enforceable undertaking, ASIC can take action for that breach without the necessity of proving the underlying activity that led to the undertaking.
ASIC’s legislation gives it the power to “accept” an EU but not to demand one. Of course, it can create the environment in which it is becomes attractive to offer one. ASIC will not always accept an EU and its guidance to industry about when it will and when it won’t can be found in RG 100.
Over a number of years we have been involved in various ways with EU’s entered into with ASIC and also with the ACCC. Our roles have included: advising clients in their dealings with the regulator, acting as expert consultants to assist clients in meeting their obligations under the EU, acting as reviewers to provide reports to the regulator on whether clients have met their obligations under the EU, and providing training mandated in the EU to directors, responsible managers and staff.
The positives and negatives of enforceable undertakings (EUs)
Most business people, if asked to comment on the state of the EU, would provide their views on the problems facing the European Union.. For those in the Australian financial services industry the question may prompt a very different answer. For example, “Our EU is costing us a fortune, we’ve had experts and consultants trawling through our business for the last 12 months” or “The training never seems to stop; I wish we could get it over and done with and get back to business”.
The financial impact of an enforceable undertaking, or EU, can be significant and may lead to cash flow difficulties for the affected business or person. Sometimes the Pingee agrees to pay compensation, but even in the absence of this, the professional fees and business interruption can be significant.
All EUs are public documents, because the transparency of ASIC’s dealings is important, and can be easily accessed through ASIC’s website. Typically, ASIC also issues a media release informing the community of the EU and this can have reputational impact.
However, there is also a positive side to EUs. Typically, the matters that raise ASIC’s concerns are breaches of what we like to refer to as ‘the ten commandments’. Not THE ten commandments, of course, but the general obligations of Licensees set out in section 912A of the Corporations Act. These are the obligations to have things like: a risk management framework, a process of managing conflicts of interest, a program for the training of staff and appropriate procedures to monitor and supervise them, a good complaints handling and dispute resolution system, and adequate technological, human and financial resources.
The way to look at these obligations is as a series of business systems, rather than as isolated regulatory obligations. One of the policy objectives of the Corporations Act is to have an efficient and healthy financial services sector. The ten commandments should be seen as a ‘how to’ for running a successful financial services business. If each of the systems is working and the information flowing from the systems is informing the other systems, the outcome will be a well run business that delivers its financial services efficiently, honestly and fairly.
For example, if the risk management framework is being properly used it will assist the business to understand the environment in which it is conducting its business. The environment will include its internal environment, which will force it to look at things like its mission, its values and its service and/or product offering. It will also include its external environment, requiring it to inform itself of the economy, upcoming changes in legislation, what its competitors are doing, what the politicians and the regulators are doing, what is on offer with changes in technology, and so on. The business can then identify the risks, which include the risk of missing out on opportunities, and to evaluate and treat them. In this way its scarce resources are allocated efficiently and the somewhat competing objectives in the obligation to conduct its business “efficiently, honestly and fairly” can be managed.
Some of the actions put in place to treat particular risks will include training. Information gathered during training can inform risk assessment. Complaints provide valuable intelligence for the business and assist in identifying client needs and ways to better meet them. That information will inform risk assessments and also the training programs.
The failure to report breaches is a common concern leading to EUs. The breach reporting obligation is a form of industry self-regulation. The regulatory regime is complex and it is difficult to know all of the obligations and to keep up with changes. It is even more difficult particularly for large licensees with geographically spread workforces to ensure that all of their representatives comply with all of the laws all of the time. I would go so far as to say that it is impossible or, to put it another way, everybody is breaching.
A failure to report breaches may therefore be more of an indication that the Licensee does not have a functioning system for identifying, considering and reporting breaches than that there have not been any breaches. It may also be indicative of a culture which seeks to hide breaches rather than to deal with them.
ASIC’s use of EU’s following the Royal Commission
This blog is further to two blogs in July 2014 about Enforceable Undertakings (EUs) . For the reasons set out in those blogs ASIC has, in the years since they were written, used EUs extensively as part of its regulatory tool kit. Commissioner Hayne gave ASIC a strong message that it should take a ‘litigate first’ approach to enforcement. If the Act contains a provision that requires certain conduct and a penalty for breaching that provision, the regulator’s first response should be to litigate unless there is a good public policy reason for not doing so. Impliedly this was a criticism that ASIC was too willing to accept EU’s instead of taking offenders to court. To the extent that the use of EUs has been used as an alternative to litigation we expect that they will be accepted less frequently.
ASIC’s sister regulator, the Australian Competition and Consumer Commission, has a similar Enforceable Undertaking power. In recent years the ACCC has had a stronger enforcement focus than ASIC. It has issued proceedings and sometimes negotiated an enforceable undertaking with those proceedings as the backdrop. It will be interesting to see whether ASIC adopts a similar approach more often.
There are good reasons for litigating. The most obvious is to punish offending behaviour and as a demonstration effect to others in the regulated community that may be tempted to act similarly. Another reason is to bring clarity to the law itself. Some provisions are not clear, or raise more questions than they answer. An example is Section 912D, the breach reporting provision. Others are, what is meant by “efficiently, honestly and fairly” and where is the line between general financial product advice and personal financial product advice? If the courts are given the task of interpreting then we ultimately get a body of judge made law that tells us what the legislation actually means. This is part of ASIC’s role, even if it may lose the odd case.
However, EUs remain a very useful tool that can bring about good outcomes for the regulated community, consumers and for ASIC. It would be a pity if one of the most useful tools in ASIC’s kit bag is put away, or put too far out of sight.
To ensure you’re prepared for if ASIC comes knocking on your door, contact us for a licensee review.
Author: Grant Holley (Partner)