The perfect regulatory reform storm

"timeliness, transparency and vigilance are key themes"

What is the forecast?

The perfect regulatory reform storm is brewing: October 2021 sees the commencement of a number of critical new regulatory requirements for the financial services industry.

Recent ASIC regulatory guidance and legislation passed in December 2020 introduce requirements that will require sharper focus on customer fairness and conduct risk.  Astute observers will note the connections between the ‘Hayne-inspired’ incoming expectations across the areas of breach reporting, complaints management, product governance and customer remediation.  There are significant civil penalties for non-compliance and, as the industry well knows, the broader consequences for failing to meet community and regulatory standards in the current climate can be severe.

Under the new regimes, financial service providers will be subject to more rigorous expectations with regard to the appropriateness of their products and the conduct of their people, and more prescriptive requirements when compliance concerns do arise:  timeliness, transparency and vigilance are key themes. For credit licensees and new entrants, some aspects may be new, and implementation may be particularly challenging. While enhancing the scrutiny of financial advisers and mortgage brokers continues to be a primary focus, the new regulations will apply more broadly to banks, credit providers, superannuation trustees, insurers, fund managers and FinTechs (amongst others). 

Ahead of the October deluge, we urge you to plan ahead to understand the changes, consider the interplay between these regimes, and determine the most efficient and effective approaches to review and reset policy settings, uplift systems and processes, and upskill your people. It is clear that as the pressures of COVID abate, the intensity of the regulatory change agenda will resume, and continue to challenge institutions throughout 2021.

Here, we outline the new requirements and explore the interconnectedness of the regulatory changes, including key considerations to successfully tackle the convergence of regulation in October 2021. 

Read about the regulatory changes

Preparing for the perfect storm?

Risk appetite	How will you adjust risk and policy settings to ensure you have sound and consistent mechanisms and thresholds to determine if the new requirements to notify, investigate or report, or take other action, are triggered? How will you practically assess whether complaints and enquiries or incidents and issues that arise warrant further action, or are outside risk appetite? Are you prepared to be ‘called out’ in ASIC’s publication of the breaches you report?
Internal processes	How can new processes be designed or processes revised to efficiently manage complex scenarios requiring transparency with customers and the regulator and adherence with strict timeframes, while managing internal investigations?  What improvements to record keeping and data management protocols will be necessary to ensure you are able to provide evidence of compliance?
Organisational structure and accountabilities	Is your organisation structured to ensure a coordinated approach to the new regimes, to properly manage the interconnected information flows and not ‘trip itself up’? How do the new regimes and requirements impact accountabilities and what changes are required to escalation protocols, internal reporting and delegated authorities?
Training and capability	What training and upskilling is required for legal, risk and compliance teams, as well as complaints and other customer-facing staff, to ensure the requirements are well understood and consistently interpreted? How will you assist front line to be attuned to their important obligations and equipped to appropriately exercise judgment and escalate where required? Are you adequately resourced in the critical areas of your business to manage the increased volume of reporting and internal investigations as well as the flow on impact to complaint volumes and remediations.
Technology	What reconfiguration or upgrade to your existing risk and compliance systems and technology solutions is required to create the required workflows, alerts and automation to adhere to the strict timeframes under the various new regimes?
Implementation	What value can you achieve through a holistic, integrated approach, and how will you ensure the new regimes are implemented and operate coherently, efficiently and consistently?  What are you doing now to ensure you are ready in October 2021?  What steps will you take to test the effectiveness post- implementation, and to embed a continuous-improvement mindset?