ASIC has already announced plans to increase surveillance and enforcement activities and has commenced 77 investigations and completed 48 investigations between January and June 2019.
If you receive a notice from ASIC to provide information and fail to comply, the consequences may be severe, with penalties up to $18,000, or two years imprisonment, or both.
What can you do to ensure that you are informed and ready to respond?
1. Understand ASIC’s information-gathering powers
Firstly, it’s important that you know what may be asked of you. ASIC uses its information-gathering powers to monitor compliance with the law and take enforcement action where necessary. The most common power that ASIC will use is asking you to produce documents or provide information. For example, you may be required to produce client files, describe and provide information about your policies, procedures and compliance measures, or copies of documents and records.
If you receive a notice to provide documents or information, it does not necessarily mean you have breached the law or are suspected of committing an offence. ASIC also gathers information to help it provide guidance and clarity on expected standards of behaviour.
2. Be prepared
Ensuring that you have adequate compliance arrangements in place is key to being prepared for responding to any request or notice. You should document:
• your policies, procedures and compliance measures
• how your procedures will be monitored and what reporting you will do
• how frequently procedures will be reviewed and who is responsible
You could also look at the areas ASIC has identified in their corporate plan and review the adequacy of your compliance arrangements.
You should also consider:
• How quickly you could respond – do you have the resources and time?
• Can you access the information required such as access to files, current and historical documents, policies and procedures? Do you need to get information from others?
3. Don’t delay
It’s important to act promptly if you receive a notice to ensure you have enough time to understand exactly what is required and provide others enough time to assist if needed. It’s also important to completely disclose all relevant information.
What if you discover a breach while you are preparing a response? Take immediate action; a good breach report showing how you have addressed an issue will be viewed favourably by the regulator.
4. Ask for help
Lastly, if you are unsure about what is being asked for, or what your obligations are, ask for help. Talk to your compliance consultant or lawyer. And don’t be afraid to go back to ASIC and ask it to clarify its request. Knowing exactly what is required and by when will help you respond to the request and minimise the stress and disruption to your business.
Nicole Alexander, manager, compliance services, Centrepoint Alliance