ASIC released Regulatory Guide 274 Product design and distribution obligations (RG 274) for issuers and distributors of financial products that must comply with the design and distribution obligations. The changes will significantly alter the way financial products are formed, marketed, and promoted, with the commencement of the new laws scheduled from 5 October 2021.
What you need to do
As part of this requirement, Issuers and distributors must implement and maintain robust and effective product governance and monitoring arrangements to ensure that they comply with the design and distribution obligations.
Robust product governance arrangements will help issuers and distributors avoid similar outcomes to those identified by the FSI (financial system inquiry) and the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission) and assist in the management of non-financial risk. The FSI highlighted that weaknesses in processes for, and controls on, product distribution to consumers have led to significant consumer losses.
To get started, assess your organization’s current product governance arrangements against what ASIC has outlined as its expectations for such arrangements in RG 274. Map out and document the characteristics of the target markets for each of the products you issue or distribute that are within the scope of the obligations.
The design and distribution obligations impose requirements at each stage of developing and distributing a financial product.
These stages are depicted in the above figure. These stages are:
(a) product design
(b) product distribution
(c) monitoring and review
All of these must be considered when implementing and maintaining product governance arrangements.
Product governance arrangements must include ongoing control monitoring and feedback loop for product performance through which issuers address problems when they arise. The feedback provides issuer knowledge on how consumers in the target market using its product and outcomes.
- An issuer must notify ASIC if it becomes aware of a significant deal in the product that is not consistent with the target market determination as soon as practicable (within 10 business days).
- A distributor must notify the issuer if it becomes aware of a significant dealing in the product that is not consistent with the target market determination as soon as practicable (within 10 business days)
Control Monitoring for the issuer
Product governance arrangements must include appropriate processes and controls. Effective communication needs to include those responsible for designing the financial product and those responsible for marketing and distributing the product. Automation of control monitoring and reporting will play a critical role not only in managing risk but also in driving better consumer outcomes. Below are some example control objective scenarios
Control Monitoring for the distributor
Examples from RG 274.210 (Reasonable steps for distributors)
Direct life insurance is sold to consumers by insurers or their sales partners over the phone, online or face-to-face. These products are sold with general advice (meaning a consumer’s individual circumstances are not considered), or with no advice (meaning only factual information is given).
In REP 587, ASIC found that sales practices for direct life insurance and the design of the product itself were leading to poor consumer outcomes. Practices such as pressure selling and inadequate explanations of future costs and product exclusions resulted in high rates of cancellations during the cooling-off period, short-term lapse rates, and poor claims outcomes.
Therefore, for this product, ASIC expects distributors to consider the following as part of their reasonable steps obligations:
- the level of oversight to apply, including the provision of training and scripts to set clear professional standards for sales conduct (e.g. setting standards for how distributors behave with vulnerable consumers);
- the appropriate controls to apply, including implementation of quality assurance, audits that monitor sales conduct and policies that resolve poor consumer outcomes;
- the product’s distribution conditions;
- the choice architecture employed; and
- sufficient monitoring of consumer outcomes to ensure that the distribution processes are performing in line with expectations.
Contact us (firstname.lastname@example.org) to schedule a time to discuss below
- Product design & distribution obligations and requirements
- Automation strategy for issuer & distributor
- Risk management strategy & mitigation plan
- Demo of RG 274 compliance automation
Conduct risk is the risk of not meeting expectations that customers’ interests come first. Expectations can be regulatory, societal, and contractual. Typically it covers market integrity as well as investor/customer protection. To be addressed effectively, conduct risk must be defined explicitly for your organization, taking into account activities, staff, and customers.
As expectations change, emerging themes need to be considered and addressed by all providers of financial products and services. Customer concerns and Complaints (IDR/EDR) are an excellent way for firms to learn more about their customers and essential drivers to manage conduct risk.
It is crucial to identify the key indicators that you want to monitor and measure as a first step.
- Customer concerns: Identifying customer concerns early is a great strategy not only to improve the customer experience but also to identify areas for improvement in product design, distribution, competitive strategy and gaps in terms and conditions. The volume of concern and repeatability are key attributes that need to be measured.
- Complaints (IDR): Complaints need to be identified as early as possible. The severity, volume, type and root cause of complaints play an important role.
- Complaints at AFCA (EDR): When a complaint ends up with the ombudsman body AFCA, it is a red signal. Although it is not necessary, it is always the firm who is at fault, given the fact that it has ended up at AFCA, highlights systemic risk.
AFCA’s complaint resolution approach may include
- legal principles
- applicable industry codes or guidance
- good industry practice
- previous relevant determinations of AFCA or predecessor schemes.
Besides the above principles, AFCA considers what is fair in all the circumstances. Since AFCA’s complaint resolution approach covers many of the fundamental criteria of conduct, some of these indicators should be incorporated in conduct risk measurement. Each of these criteria can be allocated a KRI to develop a risk-driven model.
To understand the full list of criteria and conduct risk mapping strategy, contact us (email@example.com) today for a free workshop.
New RegTech100 winners for 2021 just announced. We are glad that Cognitive View has been selected in the RegTech100 for 2021!
The Regtech 100 is a recognition of the world’s most innovative technology providers that address the challenges of regulatory compliance. This recognition is a true reflection of our commitment and passion for innovation.
RegTech Analyst reported significant growth of the Regulatory Technology industry in the last few years. Over $5bn have been invested in RegTech companies so far in 2020, driven by the compliance challenges exacerbated by the shift to remote working this year.
Cognitive View is a transformative Regtech that automates Compliance, Customer Experience, Conduct Risk, and Fraud. It analyzes customer communication channels, including contact centres’ voice data, identifying conduct-related issues, customer experience, and complaints, and ensures the staff meets its policies and quality standards
With over 1,000 long-listed companies, the competition was stronger than ever. A panel of analysts and industry experts voted top 100 finalists for their innovative use of technology to solve a significant industry problem, or to generate efficiency improvements across the compliance function.
For the complete RegTech100 list, visit www.RegTech100.com
The OECD Global Blockchain Policy Centre has recently invited Cognitive view to showcase its distributed ledger technology addressing public policy issues.
Cognitive view analyzes customer communication data to automate compliance, customer experience and conduct risk monitoring. It’s Regtech essentially helps firms improve consumer fairness, public trust in our financial services and enhance market integrity.
Continuous monitoring & reporting automation using Blockchain
Most organizations spend a great deal of time and energy wrestling dirty, poorly integrated data. They either cannot find the correct data or cannot trust the information they find. On top of that, they must deal with multiple industry regulations that are barriers to self-service and data democratization. As a result, they try to fix their data through various labour-intensive tasks, from writing custom programs to global replace functions – overall diminishing their productivity as data analysts and data scientists.
The opportunity is for regulated entities in continuous control monitoring and regulatory reporting that is much more efficient addresses the data quality issues and substantially reduces operational and non-financial risk. We believe technology has advanced enough and brought us to a stage that we can think beyond the boundaries and make regulatory compliance more efficient, cost-effective, and shift the paradigm.
Cognitive View generates a lot of data in real-time with its continuous control monitoring technology and analysis of unstructured data. Hence the opportunity to enable continuous monitoring and reporting with the right foundation.
We have introduced a private blockchain-based foundation that addresses some of the pressing needs of regulated entities in internal auditing & regulatory reporting. Blockchain-based audit/reporting is a new and still an optional feature; for regulated entities, provide the below capabilities when enabled.
Cognitive View monitors on a real-time basis for any compliance failures and generates incidents and breaches. All the breach information is written to an internal private blockchain. A smart contract is a digital contract that can self-execute automatically will create an alert when breach conditions are met.
Risk and compliance officer assesses the breach and decides to report to the regulator if meets significant breach reporting criteria. The transformative technology that enables a shift in the focus of compliance staff from information gatherers to information analysers. It is time for a paradigm shift in the financial services industry and the way regulatory compliance departments operate.
A private blockchain will allow regulated entities to
- Standardize the internal data reporting requirements
- Improve information flows between 3-lines of defence that is auditable & transparent
- 1LOD automation to ensure material risks/issues logged, prioritized, and then escalated. Addresses many of the data quality issues
- Detect & prevent instances of fraud and misconduct from occurring in the first place
- Trace obligations from frontline oversight through to Executive and then Board reporting
Regulators play a vital role in considering new policies, frameworks, standardization efforts, and ownership models for better industry adoption. Regulator publishes new regulations and assesses reports of significant breaches from the regulated entities. So any automation that does not include the regulator is incomplete. Regulator and regulated entity collaboration are absolutely critical in reducing the cost of compliance.
The future operational model and opportunities in a blockchain-based collaboration consortium
A hybrid blockchain framework can enable a consortium model. The regulated entities will have their own private Blockchain and will be able to join with the regulator’s public Blockchain based on regulatory engagement requirements and approval.
Firms will, for example, be able to measure their level of compliance in real-time, as will regulators. Indeed, as organizations within the financial sector become more technology-driven, this approach makes increasing sense – financial services organizations are already, in many senses, largely IT environments.
What are the Role Regtech or Suptech’s play in such collaboration and blockchain-based consortium?
Many mid-sized and smaller firms do not have resources and skills to build, whereas large firms may decide to build their own in-house technology solution. Regtech and Suptech will play a vital role in the consortium and technology adoption by regulated entities. Below diagram some of the key roles the Regtech and Suptech plays.
The Australian government has recently started a new set of measures for Deregulation with a laser focus on reducing the regulatory compliance burden on business. The measures are to reduce red tape, making it easier for businesses to invest, create jobs and grow the economy. The Deregulation Taskforce is also working on opportunities to adopt technological or ‘regtech’ solutions which make it easier for business to cost-effectively navigate and comply with regulatory requirements. The de-regulation does not necessarily have to be fewer regulations, rather increasing automation and operational efficiency will drive increasing de-regulation in all sectors.
Please reach out to firstname.lastname@example.org, for all the forward-looking organizations who are ready to participate and collaborate in this area.
Banks must ensure that communications and training about the code are delivered to all staff and supervisors, including any external third parties through whom they provide their services and offshore staff. This will enable banks to set expectations of what is required to comply with the Code and how the bank will monitor and report on their compliance. The Banking code compliance committee (BCCC) expects a positive customer-focused culture to be supported through training and considers that customer-facing staff are well-positioned to identify and escalate a possible breach of the Code.
Banks should review and develop KPIs & KRIs that ensure staff performance metrics promote behaviours that prioritise good customer outcomes and reflect the Guiding Principles and spirit of the Code. Senior executives understand that their organization’s measurement system strongly affects the behaviour of managers and employees. Risk plays a very important role in training and monitoring.
Risk-based supervision is largely outcomes and principles-based compared to a compliance-based approach. It seeks to assess, within a forward-looking perspective and making extensive use of judgment, the most important prudential and conduct risks posed by firms to supervisory objectives and the extent to which firms are able to manage and contain these.
Supervisors are mostly resource-constrained and requiring them to prioritize a variety of code compliance & conduct related activities rigorously. Risk-based supervision increases the effectiveness of compliance while increasing efficiency through improved resource allocation and processes. It assists in prioritization of resources to the areas of greatest conduct risk. Risks are not eliminated, but supervisors are able to address them in the most efficient and effective way of pursuing their objectives. This allows banks to address the risks in a systematic manner giving priority to what matters most.
Quick starting points on how to initiate a Risk-Based Supervision approach
- Risks need to be addressed in a systematic manner giving priority to what matters most
Risks need to be identified that would have the most significant detrimental impact. These are outcomes that would, for example, cause maximum damage to code compliance objectives. Risk-based supervision considers a combination of the effect of crystallization of risks and the likelihood that this will occur. The very highest impact firms and activities will be judged to be a potential source of systemic risk. Failure would result in extensive losses to consumers; broader reputational damage, fines, or regulator initiated a formal investigation.
2. Risk-based supervision requires the assessment and consistent grading or scoring of issues
3. Risks can originate from a variety of sources, so it is necessary to take a broader perspective and establish risk profiles
4. Risk-based supervision is dynamic and forward-looking. It allows risks to be identified and addressed early
Narrow compliance-based approaches may involve a fixed schedule of compliance checks which is relatively invariant to perceived risks. Risk-based supervision, by contrast, is a dynamic and continuous process that involves planning, risk assessment, execution of the supervisory programme and regular monitoring and evaluation on a risk-based cycle. It seeks to identify emerging areas of risk and the adequacy of management and financial resources to address these.
The emerging risks can be identified in both internal and external sources. External sources can be regulatory and ombudsman bodies like ASIC, AFCA. AFCA Insights service launched by us is a great source to learn so much on emerging risk patterns from complaint management data.
It also greatly facilitates dialogue on things that really matter. Continuous control monitoring and supervision strategies will differ from one firm to others but some foundations of forward-looking assessment based on risk remain the same.
To learn more about how to automate risk-based supervision for Banking code of practice and strategies to identify emerging risk patterns, send us an email (email@example.com)
The Australian Bankers’ Association (ABA) undertook an independent Review called “Sedgwick report” for product sales commissions and product-based payments in retail banking in Australia. The review was intended to build on the Future of Financial Advice (FOFA) reforms and identify options for strengthening the alignment of retail bank incentives, commissions and bonus payments (variable reward payments), practices and good customer outcomes.
The balanced scorecard was one of the key recommendations with the inclusion of variable pay components for individuals suggesting a range of performance criteria, not just financial measures, to ensure staff will be less focused on short-term sales/profits and, therefore, misconduct will be reduced.
Incorporating conduct risk in a Balanced scorecard
The balanced scorecard typically includes financial measures that tell the results of actions already taken. And it complements the financial measures with operational measures on customer satisfaction, operational risk, employee conduct.
Compensation tools play an important role in reducing misconduct risk by providing both incentives and performance assessment mechanisms that can help to promote good behaviour. Compensation must be adjusted for all types of risk, and not just be based on profit, and both quantitative measures and human judgement should play a role in determining risk adjustments. Performance measurement should include a firm’s risk appetite, assessed as part of risk-adjusting the overall variable pay pool/funding and/or as part of an individual’s performance assessment.
Risk and compliance should be incorporated into performance assessments at both the corporate and individual levels. At the individual level, metrics should include appropriate customer satisfaction, compliance adherence, quality of telephone calls, individual behaviour. The corporate variable pay pool is typically based on risk-adjusted profit and considering a scorecard of measures (capturing, for example, customer and risk management within the risk appetite).
So it is important not only to be able to define what conduct risk means for each business unit but also to measure it.
Sedgwick report can be downloaded here (https://www.retailbankingremreview.com.au/)
To learn more on conduct risk measurement strategy, drop an email on firstname.lastname@example.org