Widespread Failings Uncovered

Recent findings from the Australian Securities & Investments Commission (ASIC) have sent a clear message to the managed investment industry: failing to plan is planning to fail. A comprehensive review by ASIC has uncovered widespread deficiencies in the Compliance Plans developed by Responsible Entities (REs) of registered managed investment schemes. If your firm is an RE, or you manage a registered fund, this isn’t just a warning – it’s a call to immediate action to ensure your compliance framework is robust and up-to-date.

Why ASIC is Sounding the Alarm on Compliance Plans

Compliance Plans are not just a tick-the-box exercise. They are a fundamental, documented reference of the measures applied to meet the stringent obligations under the Corporations Act 2001. ASIC emphasises that an adequate and effectively implemented Compliance Plan is crucial for protecting the interests of fund investors. Inadequate plans can signal deeper governance failings and significantly increase the risk of harm to retail investors.

ASIC’s review was extensive. It focused on 50 Responsible Entities that represent 14.5% of all REs, operate 45% of all registered funds, and hold approximately $2 trillion in assets (47% of the sector’s total). This cross-section provides a significant and meaningful snapshot of the industry’s current state of compliance. See ASIC’s media release here.

The Disturbing Findings: Widespread Poor Practices in Fund Compliance

ASIC’s deep dive into Compliance Plans, specifically targeting areas introduced or enhanced in October 2021— Reportable Situations, Design and Distribution Obligations (DDO), and Internal Dispute Resolution (IDR)—revealed significant shortcomings.

Key Deficiencies Identified by ASIC:

  • Inadequate Coverage: A majority of the reviewed plans failed to adequately address the critical requirements across all three sets of obligations. Some even completely omitted one or more of these crucial areas.
  • DDO and IDR Weaknesses: The treatment of DDO requirements is identified as the poorest, closely followed by IDR. Alarmingly, approximately 40% of the plans didn’t address DDO at all.
  • Lack of Specificity and Accountability: Many plans failed to clearly identify who is responsible for implementing and monitoring compliance controls, or how the effectiveness of these controls is measured.
  • Vague Timelines for Control Performance: The use of ambiguous terms like “periodically” or “as required” is too common, failing to ensure that statutory timeframes could be met.
  • Poor Information Flow to Leadership: Reports to boards and compliance committees often lacked the specific metrics and in-depth analysis needed to assess the effectiveness of compliance controls.
  • Inadequate Record Keeping: Plans frequently lacked detail on the type of information to be recorded for compliance activities, creating a gap in audit trails.
  • Insufficient Detail and Over-Reliance on External Policies: Many plans offered only brief statements of compliance, heavily relying on external internal policies that were not properly integrated or summarised within the plan itself.
  • Outdated and Non-Compliant Plans: A concerning number of Compliance Plans had not been updated since the significant regulatory changes in 2021, meaning they do not reflect current legal obligations.

Meeting ASIC’s Expectations: A Guide to Better Practice

ASIC has provided clear guidance on what constitutes a best-practice Compliance Plan. REs must move towards a more comprehensive and proactive approach to compliance.

Key Elements of an Effective Compliance Plan:

  • Comprehensive Identification of Obligations: Your plan must identify all compliance obligations and methodically map their elements to specific, robust controls.
  • Clear Assignment of Responsibilities: Distinct functions or officers must be identified for both performing controls and monitoring their performance.
  • Measurable and Verifiable Monitoring: Your plan should specify objective methodologies to measure the effectiveness of controls, with outputs that can be verified.
  • Defined Frequencies for Compliance Activities: Controls must have specified times or frequencies for their performance that align with all statutory timeframes.
  • Robust Reporting to the Board: Regular reporting to the board or compliance committee should include specific metrics, data trends, root cause analysis of any issues, and a thorough analysis of control effectiveness.
  • Detailed Record-Keeping Protocols: Your plan must specify the types of information to be recorded, and provide comprehensive documentation of all compliance activities.
  • Sufficient Detail and Integration: Your plan should either include the material parts of relevant internal policies or clearly summarise the controls against key regulatory obligations.
  • Active and Ongoing Maintenance: Compliance Plans must be kept up-to-date through ongoing reviews, not just annual assessments. There must be clear measures for out-of-cycle updates in response to regulatory or business changes.

Don’t Let Your Fund Be the Next One Caught Out

ASIC has indicated that it is not stopping at this review. The regulator is considering a range of regulatory responses. This includes direct correspondence with Responsible Entities and formal investigations into potential breaches of Compliance Plan obligations. Continued scrutiny of Compliance Plans across the registered fund sector will continue, and ASIC is prepared to take action where necessary.

Is your Compliance Plan truly fit for purpose and ready for ASIC’s scrutiny?

As a specialist compliance consulting firm for the Australian financial services industry, MIntegrity understands the complexities of ASIC’s expectations and the critical role of a robust Compliance Plan. Don’t wait for ASIC to identify deficiencies in your fund’s framework.

How MIntegrity Can Help You Strengthen Your Compliance Framework:

  • Conduct a thorough gap analysis of your existing Compliance Plan against ASIC’s latest expectations and best practices.
  • Identify and implement comprehensive controls for all your regulatory obligations, including DDO, IDR, and Reportable Situations.
  • Develop clear responsibilities, effective monitoring methodologies, and robust reporting frameworks.
  • Ensure your plan is detailed, up-to-date, and actively managed to reflect the current regulatory landscape.
  • Strengthen your overall governance framework to protect your fund, your investors, and your reputation.

Protect your fund. Protect your investors. Partner with MIntegrity for expert compliance plan review and enhancement.

Contact us today for a confidential consultation.

Sharne Webster is an independent Compliance Consultant and Director at MIntegrity.

Back to Blog