What you need to monitor
You need to show that you have regularly monitored your compliance procedures and updated them where relevant. We suggest you keep dated notes on file about your compliance monitoring activities.
ASIC has indicated the most common compliance risks you can avoid through regular monitoring are:
- Not replacing a key person
- Not maintaining the competence of representatives
- Not supervising representatives
- Not maintaining adequate financial records
- Insufficient financial resources to meet licence conditions
- Inappropriate handling of client’s money
- Not notifying ASIC of a breach
- Not providing your services efficiently due to lack of supervision of an outsourced IT contract
- Not maintaining an internal dispute resolution procedure and access to an external dispute resolution scheme
- Not including adequate information in promotional materials.
- Managing Conflicts of Interests.
Your business must be fully compliant with the spirit and letter of the requirements relevant to your licence(s) and authorisations on an ongoing basis. This means you have to:
- Keep your documented compliance procedures up to date;
- Regularly monitor how your procedures work in practice;
- Make changes where problems occur; and
- Contact ASIC regarding any problems that are defined as notifiable breaches.
You may need to implement new procedures if you find problems and inform ASIC of any systemic breaches.
Use an external consultant to assist to independently review and audit your systems from time to time. Many licensees confirmed to ASIC when applying for their licence that they would use an external consultant annually.
When you do an internal review, keep your review notes on file so that you can show ASIC auditors that you have undertaken regular monitoring and modifications to your procedures. Make sure that you update manuals and documents as you go.
You need to be able to show ASIC that you are managing the risks within your business that may negatively affect consumers using your services or the markets in which you operate.
To maintain compliance with the new regulatory regime you must identify and manage these risks. This will involve taking steps to address them through specific operational procedures and dealing with breaches as they arise.