While compliance plans document the measures that will be implemented by an RE to meet its obligations under the Corporations Act, the scope of ASIC’s review was limited to treatment of the following regulatory regimes:
reportable situation reporting
product design and distribution obligations (DDO)
internal dispute resolution (IDR) processes and reporting.
ASIC flags serious compliance plan failings
ASIC has raised significant concerns about the quality of compliance plans in the managed funds sector. This is a concern given that, combined, the REs reviewed operate 45% of all funds and hold 47% of the value of all fund sector assets of approximately $2 trillion.
ASIC’s key findings:
Critical gaps across regimes – most compliance plans failed to address key requirements under reportable situations, DDO and IDR obligations.
Omissions in regime coverage - some plans completely failed to address one or more of these regulatory regimes.
DDO treatment the weakest - shortcomings were most pronounced in DDO compliance, followed by IDR.
Improper reliance on unrelated master plans - some REs wrongly relied on a master compliance plan of a fund operated by a different RE, which meant that these funds had no substantive compliance plan (the Corporations Act only permits use of a master compliance plan across multiple funds where a single RE operates all funds).
Key questions to ask when considering ASIC’s findings
REs should closely consider the findings from ASIC’s review, together with the long-standing guidance in Regulatory Guide 132 Funds management: Compliance and oversight, when developing, reviewing and modifying fund compliance plans. Key questions for REs to ask include:
Does your plan identify all the obligations in operating the fund or funds?
Does your plan identify the functions and the officers responsible for performing and monitoring each control?
Does your plan specify how the performance of each control measure will be monitored?
Does your plan identify an adequate frequency for performing each control and for the monitoring of that performance?
Does your plan provide for the flow of useful information about control performance to the board or a compliance committee?
Does your plan require adequate record keeping?
Does your plan contain sufficient detail?
Is your plan up to date?
ASIC highlights better practice guidance for compliance plans
ASIC’s latest review provides specific examples of poor and better practice in relation to the key questions above.
Managing compliance obligations clearly
Better practice: A robust compliance plan should identify all relevant compliance obligations and map these to the specific arrangements in place to secure an entity’s compliance with these obligations - including policies, procedures, systems and controls.
Poor practice: Most plans failed to address the obligation to periodically report IDR data to ASIC. Approximately 40% of the plans did not deal with the DDO requirements at all.
Clear structure and accountability in the plan
Better practice: Compliance plans should use a table format with separate headings for each set of obligations (for each set of the reportable situations, DDO and IDR obligations) and columns describing certain information relating to control(s) for each obligation in a set.
Poor practice: Many plans failed to clearly identify who is responsible for setting compliance controls and monitoring compliance control performance – essential as two separate functions or officers in the compliance plan.
Addressing inadequacies and gaps in compliance plans
ASIC is urging REs to swiftly address inadequacies and gaps in their compliance plans. Depending on the existing state of an RE’s compliance plan, uplifts may include:
Identifying all relevant compliance obligations.
For each compliance obligation, describing the control(s) to be implemented, the function or officer responsible for implementing the control(s), the method(s) for monitoring the control(s) and the function or officer responsible for monitoring performance of the control(s).
Including objective methodology to ensure effective performance of a control measure.
Specifying a time from a triggering event, or specific frequency, for the performance of a control that will ensure statutory timeframes can be met (or, where no statutory timeframe is specified, an appropriate frequency).
Providing regular reporting to a board or a compliance committee on the operation of compliance controls, specifying the metrics to be included and what analysis of the effectiveness of controls will be included.
Specifying the types of records to be kept (for example, the attributes of investors in its target market determination).
Ensuring the compliance plan remains up to date by having a control in place as well as measures for out-of-cycle updates.
ASIC Commissioner Alan Kirkland added that ASIC “will continue to monitor the quality of compliance plans going forward. This review will not be limited to the obligations [ASIC] examined in [its] recent surveillance”.
If you require assistance in reviewing or uplifting your compliance plan and associated arrangements, our team of specialists is ready to help.