20 July 2022
This year ASIC has increased its focus on ensuring that Australian financial services licensees are compliant with their general obligations under the Corporations Act 2001 (Cth). How can you ensure compliance and avoid being ASIC’s next target?
ASIC has ramped up its pursuit against non-complying Australian financial services (AFS) licensees, with its latest target being a “licensee for hire” business, Lanterne Fund Services Pty Limited (Lanterne).
On 6 July 2022, ASIC commenced civil proceedings against Lanterne in the Federal Court of Australia for Lanterne’s breach of its general obligations under the Corporations Act 2001 (Cth) (Corporations Act). Among other claims, ASIC asserts that Lanterne failed to have adequate risk management systems and failed to have adequate and competent resources, with regards to the oversight of its authorised representatives (ARs) and corporate authorised representatives (CARs) that operate under its AFS licence.
ASIC’s action against Lanterne follows its proceedings against another AFS licensee, RI Advice Group Pty Limited (RI Advice) earlier this year. On 5 May 2022, the Federal Court of Australia found that RI Advice had breached its general obligations under the Corporations Act (including its failure to have adequate risk management systems) as a result of cybersecurity attacks across its AR networks.[1] ASIC is seeking largely the same orders against Lanterne, as it did against RI Advice.
Both cases highlight ASIC’s increasing scrutiny of AFS licensees’ non-compliance with their general obligations, including AFS licensees’ oversight across their AR and CAR networks.
This article explores ASIC’s expectations of AFS licensees and the lessons learnt in light of ASIC’s current action against Lanterne and its successful action against RI Advice.
From 13 March 2019 to 5 October 2021, Lanterne did not provide financial services directly to wholesale clients. Lanterne instead ran a “licensee for hire” business, where it authorised other financial service providers to operate under its AFS licence as a CAR or an AR.
Lanterne’s CARs spanned a variety of:
ASIC claims that during the relevant period, Lanterne failed the general obligations of an AFS licensee, as listed in the table below. We also list ASIC’s expectations of an AFS licensee in regards to the relevant general obligation.
| General obligations[2] | ASIC’s expectations[3] |
1. | An AFS licensee must have adequate risk management systems | ASIC claims that Lanterne did not have a risk management framework and basic risk management tools, nor staff with appropriate risk management expertise or any external risk management consultants. Further, Lanterne only relied on its initial due diligence of potential CARs and had its CARs and ARs self-report their compliance to Lanterne. ASIC claims that this is in breach of Lanterne’s general obligation to have adequate risk management systems. ASIC instead suggests that an AFS licensee should, among other expectations, have a risk management system which:
An AFS licensee should also regularly review and update its risk analysis and risk management systems – both internally and through independent oversight. |
2. | An AFS licensee must have adequate resources available to provide the financial services covered by its AFS licence, and to carry out supervisory arrangements | ASIC claims that Lanterne did not have adequately trained and skilled compliance and risk management personnel (particularly to undertake its CAR and AR audits and reviews), nor any human resources capability, adequate information technology capability, or adequate financial management capability. Further, Lanterne also failed to consider and assess the financial resources it required to provide the financial services covered by its AFS licence and to carry out supervisory arrangements. ASIC claims that this is in breach of Lanterne’s general obligation to have adequate resources available to provide the financial services covered by its AFS licence, and to carry out supervisory arrangements. ASIC instead suggests that an AFS licensee should, among other expectations:
Further, an AFS licensee should develop and implement a response to that assessment and a disaster recovery plan. |
3. | An AFS licensee must maintain the competence to provide the financial services covered by its AFS licence | ASIC claims that Lanterne did not have responsible managers with sufficient time or expertise to oversee its CARs’ businesses nor adequate processes for ensuring that its responsible managers were appropriately qualified. ASIC claims that this is in breach of Lanterne’s general obligation to maintain its competence to provide the financial services covered by its AFS licence. ASIC instead suggests that an AFS licensee should, among other expectations, have sufficient responsible managers with the skills and experience in the financial services offered by its CARs and ARs and across the industries and businesses in which they operate (with sufficient time to effectively conduct their role). Further, an AFS licensee should have a documented and implemented process for assessing its responsible managers, and for ensuring they remain appropriately qualified over the course of its business. |
4. | An AFS licensee must ensure that its representatives are adequately trained (including by complying with the CPD provisions), and are competent to provide the financial services covered by its AFS licence | ASIC claims that Lanterne did not assess its CARs’ and ARs’ skills and competencies, nor provide or arrange training, professional development or other instructional programs for them. Further, Lanterne relied only on its ARs’ monthly self-assessment compliance reports to satisfy itself that its ARs had undertaken training. ASIC claims that this is in breach of Lanterne’s general obligation to ensure that its representatives are adequately trained and are competent to provide the financial services covered by its AFS licence. ASIC instead suggests that an AFS licensee should, among other expectations:
|
5. | An AFS licensee must take reasonable steps to ensure that its representatives comply with the financial services laws (with few exceptions) | ASIC claims that Lanterne did not provide its CARs and ARs with clear and practical guidance about the nature, extent, and discharge of their obligations under the financial services laws. ASIC claims that this is in breach of Lanterne’s general obligation to take reasonable steps to ensure that its representatives comply with the financial services laws. ASIC instead suggests that an AFS licensee should, among other expectations:
|
6. | An AFS licensee must do all things necessary to ensure that the financial services covered by its AFS licence are provided efficiently, honestly and fairly | ASIC claims that Lanterne is in breach of its general obligation to do all things necessary to ensure that the financial services covered by its AFS licence is provided efficiently, honestly and fairly, by virtue of Lanterne breaching its other general obligations (as listed above). The reference to “efficiently, honestly and fairly” has perplexed the financial services industry since the introduction of the FSR regime in Chapter 7 of the Corporations Act. From a judicial perspective, various cases have considered the phrase, with the conventional interpretation being affirmed by Justice Beach in ASIC v AGM Markets Pty Ltd (in liquidation) (No 3)[4] as follows: “First, the words “efficiently, honestly and fairly” are to be read as a compendious indication requiring a licensee to go about their duties efficiently having regard to the dictates of honesty and fairness, honestly having regard to the dictates of efficiency and fairness, and fairly having regard to the dictates of efficiency and honesty. Second, the words “efficiently, honestly and fairly” connote a requirement of competence in providing advice and in complying with relevant statutory obligations. They also connote an element not just of even handedness in dealing with clients but a less readily defined concept of sound ethical values and judgement in matters relevant to a client’s affairs. I have emphasised here the notion of connotation rather than denotation to make the obvious point that the boundaries and content of the phrase or its various elements are incapable of clear or exhaustive definition.” Despite the judicial guidance, determining compliance with this general obligation is not always clear and it will be interesting to see how this aspect of ASIC’s claims are treated by the Federal Court. |
In the present case against Lanterne, ASIC seeks:
The date for Lanterne’s first hearing is yet to be scheduled by the Court.
These orders are similar to the orders ASIC successfully sought against RI Advice earlier this year – specifically, the Federal Court:
In an Australian first, RI Advice was found to have failed to manage its cybersecurity risks and cyber resilience, in contravention of an AFS licensee’s general obligations under the Corporations Act to:
In this case, a number of RI Advice’s ARs experienced cyber security incidents (ie. ransomware and hacking attacks), where the attackers accessed sensitive client information. Inquiries and reports made on RI Advice’s behalf following the incidents revealed the following issues in its ARs’ management of cybersecurity risk:
The Federal Court of Australia found that these facts were sufficient to give rise to RI Advice’s breach of its general obligations as an AFS licensee.
It is important to note that if you suspect that a reportable situation has arisen with respect to your CARs’ or ARs’ conduct, it may be reportable to ASIC (in addition to your own reportable situations). For this reason we consider it is prudent to seek legal advice to determine the significance of the reportable situation and whether a report to ASIC is necessary.
ASIC’s actions against Lanterne and RI Advice demonstrate that obtaining an AFS licence is the easy part – ensuring that your business has the necessary resources and competence to monitor compliance, assess risks, and review systems, particularly across CAR and AR networks – is the hard part.
[1] ASIC v RI Advice Group Pty Ltd [2022] FCA 496 (5 May 2022) (ASIC v RI Advice).
[2] Corporations Act 2001 (Cth), ss 912A(1)(a), (ca), (d), (e), (f), and (h).
[3] ASIC v Lanterne Fund Services Pty Limited (6 July 2022) VID379/2022 (ASIC v Lanterne), Concise Statement, at [C].
[4] ASIC v AGM Markets Pty Ltd (in liquidation) (No 3) [2020] FCA 208 (26 February 2020), at [506]-[507].
[5] ASIC v Lanterne, Notice of Filing and Hearing.
[6] ASIC v RI Advice, at [17].
Authors
Partner
Associate
Tags
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.