External AFSL Compliance Reviews
An external AFSL review can be a costly exercise and is often underutilised as a result. All licensees should consider having their AFSL compliance framework regularly reviewed, in order to identify and rectify compliance issues, especially material and/or systemic ones. Licensees that are under ASIC investigation and/or those in litigation with the regulator may find that a review can help identify their exposures, the strengths and weaknesses of their case, and guide the remediation efforts.
Scope and Purpose
A clearly defined scope helps to ensure that the output of the AFSL compliance review process will address the questions that have led the licensee to have such a review conducted in the first place.
The scope depends on the purpose the licensee is trying to achieve. A licensee may commission a review with a broad scope to allow the reviewer to consider the entire compliance framework. Alternatively, a licensee may have a specific question in mind, for example, the adequacy and effectiveness of the monitoring and supervision of its representatives. Here the scope can be carefully defined to only cover the monitoring and supervision of representatives and the matters that may be incidental to the main purpose.
Licensees should consider having an external AFSL compliance review conducted on a regular basis. The desirable frequency depends on a number of factors, such as:
- the financial products and services provided by the licensee;
- the size of the licensee’s operations;
- whether such financial products and services are provided to retail clients;
- whether material regulatory changes have taken place since the previous review and the impact of such changes on the business;
- the human and financial resources that can reasonably be made available to such a project.
The precise methodology of a particular review project will depend on the scope and the purpose of the review and any specific requirements from the licensee. Generally, it may be worthwhile for an external AFSL compliance review to:
- review the licensee’s compliance policies and procedures against the relevant applicable regulatory requirements;
- test the level of implementation of and compliance with such policies and procedures;
- evaluate the effectiveness of the overall compliance framework as a whole, or any particular area as instructed by the licensee.
We provide a formal and detailed report to document the review, the findings and recommendations where appropriate. The licensee should then discuss the report internally and determine whether to implement the recommendations. If so, decisions need to be made about who is in charge and when the recommendations will be implemented. If any recommendations are not to be implemented, the licensee should document the reasons why it has made such a decision.