ASIC Changes: Dispute Resolution and Breach Reporting

ASIC has recently taken another step to rebuild and repair consumer trust in the Australian financial system. How? By introducing Regulatory Guide 271 Internal Dispute Resolution.

Issued on 30 July 2020, RG 271 covers updated requirements for how financial firms deal with consumer complaints under internal dispute resolution procedures.

The guide comes after extensive consultation with consumer and industry representatives and will supersede RG 165 Licensing: Internal and external dispute resolution.

With the introduction of enforceable standards, ASIC also released RG 78 Breach reporting by AFS licensees on 30 March 2020. This means your financial services business now has a greater responsibility to report breaches of your obligations to ASIC.

Careful consideration of ASIC’s regulatory guides and how ASIC interprets the law is crucial to remaining compliant.

To help you navigate the changes, this blog provides answers to the key questions that arise in response to these regulatory changes.

What does RG 271 aim to achieve?

Following the Royal Commission into Financial Services, ASIC has identified the need to raise internal dispute resolution (IDR) standards across the financial sector. This is especially of concern with COVID-19 increasing financial hardship and vulnerability of consumers.

“At this time of economic uncertainty, consumer access to fair and timely complaints handling is more important than ever.”

ASIC Deputy Chair Karen Chester

The goal, as always for ASIC, is to encourage financial institutions to act in the best interests of consumers. RG 271 aims to create a positive complaint management culture through robust IDR processes within each financial firm.

What are the key changes from RG 165?

Key updates from RG 165 include:

· A broader definition of complaints, which now includes any expression of dissatisfaction, including those expressed on social media

· Shorter timeframes required for responding to IDR complaints

· Content to include in written IDR responses

· The option to offer a customer advocate as an escalation point

· Guidance on identifying and managing systemic issues

What financial institutions are subject to the requirements?

In RG 271, ASIC is very specific about which financial institutions must comply with the IDR standards. This includes:

· AFS licensees

· Authorised representatives

· Unlicensed product issuers and unlicensed secondary sellers

· Superannuation trustees

· Australian credit licensees

· Credit representatives

· Unlicensed COI (carried over instrument) lenders

· Exempt SPFEs (securitisation entities and fundraising special purpose entities)

· Credit licensees acting on behalf of exempt SPFEs under a servicing agreement

· Fintech businesses

What are the dispute resolution requirements?

A. IDR response content

Written communication to a complainant (referred to as an IDR response) is to inform them of:

· The final outcome of the complaint

· Steps taken to resolve the complaint

· The complainant’s rights to report to the Australian Financial Complaints Authority (AFCA) if not satisfied

· Contact details for AFCA

If a financial firm closes the complaint within 5 business days of receipt because of resolution or informing the complainant of no further action possible, then no IDR response is required.

B. IDR response timeframes

Do these timeframes also apply to IDR processes with internal appeals or escalations?

Yes, to ensure complainants are not disadvantaged. ASIC suggests that most complaints are resolved at the initial point of contact by customer facing staff.

C. Role of customer advocates

Financial firms can offer the complainant the option of appealing to a customer advocate as an alternative to going straight to AFCA after an IDR response is issued. However, firms cannot present this as a mandatory step in the complaints process.

D. Escalation to AFCA

Appropriate links need to be established between a firm’s IDR processes and AFCA. Not only are details of how complainants can access AFCA to be included in the IDR response, but also in:

· Financial Services Guides

· Product Disclosure Statements (including short-form PDSs)

· Credit guides

· Periodic statements

· Forms & notices issued under the National Credit Code

· Broader communications about complaints (e.g. complaint management policy, relevant brochures and website content, call centre scripting)

E. Systemic issues

ASIC views consumer complaints as a key risk indicator for systemic issues within a financial firm. Boards are required to set clear roles and responsibilities for complaints handling, including how systemic issues identified through complaints are managed.

Systemic issues are to be managed by:

· Encouraging the escalation of possible systemic issues identified from complaints

· Analysing complaints data to identify systemic issues

· Promptly escalating to the relevant areas to investigate and resolve

· Timely internal reporting of investigation outcomes and actions taken

How you can comply

Some key activities to start now for compliance with ASIC’s dispute resolution requirements by the implementation date include:

1. Review existing IDR frameworks and processes against the required standards

- This includes the resolution of complaints processes, escalation procedures, tracking and reporting arrangements

2. Identify gaps and develop an implementation plan to fill those gaps

- For example, changes in accountabilities, updates to processes and systems underpinning complaints management, training and upskilling staff handling complaints

3. Review organisational culture in relation to complaints handling

- Is there a positive complaint management culture? How are complaints treated internally? How are consumers who raise complaints treated?

When do the requirements come into effect?

The industry has until 5 October 2021 to comply with the new requirements. Until then, RG 165 continues to apply. For complaints received by financial firms up to 5 October 2021, RG 165 will apply and later be withdrawn on 5 October 2022.

What about external dispute resolution?

As its name suggests, the new RG 271 Internal Dispute Resolution doesn’t appear to address external dispute resolution, specifically:

· Guidelines about membership of AFCA

· ASIC’s oversight of AFCA

Both these items are touched on in RG 267 Oversight of the Australian Financial Complaints Authority, which is to be read alongside RG 271. However, guidelines for members of AFCA are not covered in the same level of detail as in Section C of the current RG 165.

We expect new guidance will be released to address external dispute resolution requirements.

Are the IDR requirements enforceable?

Yes. RG 271 was released at the same time as the ASIC Corporations, Credit and Superannuation (Internal Dispute Resolution) Instrument 2020/98. The Instrument confirms the new enforceable standards applicable to IDR procedures.

Certain requirements are enforceable through obligations under s912A of the Corporations Act and s47 of the National Consumer Credit Protection Act 2009. ASIC has highlighted enforceable paragraphs within the guidance, which include:

· What an IDR response must contain

· Maximum timeframes for an IDR response

· The role of customer advocates

· Links between the IDR process and AFCA

A breach of the IDR obligations could result in civil penalty consequences.

What about the breach reporting changes?

RG 78 Breach reporting by AFS licensees gives guidance on AFS licensee and responsible entity obligations under s912D of the Corporations Act to report to ASIC certain breaches of the law.

A key change introduced by the updated version of RG 78 released in March 2020 is that breach reports must be lodged in writing through the ASIC Regulatory Portal rather than the previous paper based or email submissions, where not combined with APRA submissions.

More substantive changes to breach reporting have also been proposed as a result of the Royal Commission, through the exposure draft Financial Sector Reform (Hayne Royal Commission Response) Bill 2020 Measures. The changes are still pending, however are expected to take effect from 1 October 2021.

The Bill replaces the current reporting obligation in s912D of the Corporations Act 2001 with new obligations. It aims to reduce the subjectivity in breach reporting requirements and strengthen the overall regime for financial services licensees.

An objective test will replace the previous subjective test to determine the significance of breaches. Changes also include a broader set of circumstances for breach reporting, which will be referred to as ‘reportable situations’.

The Bill requires AFS licensees to lodge a report with ASIC within 30 days for:

· Investigations into actual or likely breaches and the outcome of investigations

· Breaches of ‘core’ obligations including:

- Breaches of s912A and s912B of the Corporations Act

- A breach in contravention of a civil penalty provision

- Any breach that may likely result in loss or damage to a client

· Situations in which the AFS licensee has engaged in conduct constituting ‘gross negligence’ or ‘serious fraud’

Comparable breach reporting requirements will also be introduced for Australian Credit licensees.

It’s important for licensees to have formal arrangements in place to record, assess and report breaches to minimise the likelihood of failing to report significant breaches. This includes documented processes and a breach register.

What next?

These new dispute resolution requirements are not a tick-a-box compliance exercise or an after-thought to squeeze in before October 2021. Well-informed decision making and strategic planning are needed to implement the changes required to comply.

That’s where we come in.

Hall Advisory can help you respond to these changes appropriately and guide you through the activities needed to achieve compliance. Our services include:

· Review of your current IDR frameworks

· Updates to your IDR processes and procedures

· Assessment of your complaints management culture

· Review of your current breach identification reporting frameworks

· Enhancements to your breach identification and reporting processes and procedures

· Assessment of your breach reporting culture

Contact us for a confidential, no-obligation consultation to talk about how we can support you on your compliance journey.