The sheer number of ASIC investigations each year – leading to criminal prosecutions, bannings, enforceable undertaking and licence conditions – is testament to the fact that many people are granted licences but should not have been.
A considerable proportion of ASIC’s resources are devoted to detecting and stamping out misconduct so you can see why they want to make it harder to get a licence.
But the question that has to be asked is this – will just tightening up the current regime achieve this? Or is the problem one of fundamental design?
I refer of course to responsible managers.
Theoretically, responsible managers play two roles. First, they’re the people whose capability and experience demonstrate to ASIC that a licence applicant has the ‘organisational capacity’ to provide the authorised services and is suitable to be granted an Australian Financial Services (AFS) or credit licence.
Second, they’re supposed to be responsible for ensuring that the licensee complies.
In 2016, it’s questionable whether this is really borne out in practice.
Regulatory policy requires responsible managers to be a senior manager or director who is directly responsible for day-to-day decisions about the provision of financial services.
Because ASIC in effect approves their appointment, they need to satisfy one of five somewhat confined experience and capability options.
For AFS licensees, these options were established in 2002 at a time when existing businesses were transitioning to the new regime. They worked well for that purpose at that time but the world has moved on.
In our experience, as often as not, the entrepreneurs responsible for driving financial services and credit businesses don’t personally meet those experience and capability requirements.
Frequently, they’re highly capable people, with successful backgrounds in building and running businesses.
Fintech businesses provide a stark illustration of the issue. They’re not reliant on the vagaries of human service delivery.
Once an algorithm is developed correctly, it’s set. So generally, the prevailing capability is either rapid start-up or technology. Financial or credit services are the enabler of the business, not the core driver.
Current regulatory policy prevents ASIC from taking these indicia of ability into account when assessing organisational competence. Go figure!
The only available options to these businesses are: find an employee, any employee, who happens to have three out of the last five years’ experience in the relevant services and the right educational qualifications.
On paper, a three year-out graduate could qualify! But a seasoned senior manager who’s the go-to person when there’s a problem and who handles complex issues or important accounts might not be acceptable.
When form prevails over substance in this way, responsible manager selection can skew in favour of people with basic skills and away from those with sophisticated experience.
As one credit fintech (which incidentally, is already up and running in another jurisdiction) said to me recently, “ASIC just wants anyone who has worked three years at a mortgage broker/bank branch.
"So we have a named director with a small piece of the equity as our responsible manager, as he has experience in filling in customer loan applications.”
Another common practice is to hire in a responsible manager – which would be fine, if the person was actually working in the business overseeing the key decisions about the way its services are provided.
But more often than not, they’re not. And at upwards of $4,000 per month, it’s an expensive luxury that few businesses can afford. Especially start-ups.
Lucky the nominal director, given shares only because he happens to fulfil the responsible manager criteria, if the business turns into the next Google and his only contribution was to lend his three years of filling out loan applications!
It’s pretty clear that neither of these situations meets the underlying intent of the regulatory policy.
Let’s look at the second role of a responsible manager.
Because ASIC has no effective power to hold individual responsible managers culpable for a regulatory failure (unless they’re the perpetrator), the concept that they are responsible for ensuring compliance is a fiction.
There’s no disincentive for people who are not truly responsible for day-to-day service provision to be appointed as responsible managers.
In an industry with the potential to do so much harm, it’s reasonable for the regulator to want to be satisfied that a licence applicant has the capability to provide the financial or credit services honestly, efficiently and fairly.
But the methods for demonstrating this have become largely artificial and arguably ineffective.
So isn’t it time for a rethink of the way we demonstrate suitability to hold an AFS or credit licence?
I’m not saying for a moment that it’s easy. But here are a few ideas to consider:
- Recognise that if businesses don’t employ the appropriate resource, it’s acceptable for them to insource resources to ensure they operate compliantly (eg, impose a licence condition regarding the adequacy and availability of the resource).
- Consider other criteria for demonstrating organisational capacity (eg, demonstrated competence in running businesses in a regulated environment) – if the technical financial services or credit expertise can be insourced, the experience shouldn’t necessarily need to be within.
- Give truth to the current fiction that the responsible managers are ultimately responsible for the compliant operation of the business, by giving ASIC clearer powers to take action against them.
Claire Wivell Plater is the managing director of The Fold Legal.