Compliance breaches will occur no matter what the size of your business, or how well it is run.
According to APRA ‘the compliance function should be deeply embedded in an entity’s everyday commercial culture’ and there is a strong likelihood that a commercially well-run company ‘is also by nature honest, open, professional and prudent.’1
Organisations with practical, operational internal breach escalation and reporting mechanisms are more likely to possess a good compliance culture and operational compliance framework.
Even if your organisation has a functional compliance framework in place, its effectiveness may be affected by:
- the size of your organisation, including: the number of group entities or funds, departments or business units across those entities; how many compliance teams or reporting lines sit within the various business units;
- whether there is a centralised breach reporting function;
- the adequacy of systems to document, assess and learn from incidents including low-level incidents; and
- the number of legacy compliance systems embedded across the various business units and whether those compliance systems ‘talk’ to each other or integrate well enough to identify low level through to ‘significant’ breaches.
Lack of consistency in breach reporting across an organisation as a whole could impact upon the organisation’s ongoing obligation to identify and report all significant breaches, or likely breaches, under superannuation laws.
Here are 6 ways to get greater consistency in your breach reporting.
- Standardising Compliance Methodologies & Systems
Superannuation trustees are required to constantly monitor, maintain and improve risk management frameworks, including frameworks for identifying and managing compliance breaches. The organisation should therefore be aware of:
- where its legal, risk and compliance function ‘sits’;
- what systems (proprietary, external, electronic and/or paper) are in place to record, report and escalate breaches (where necessary); and
- who the individual or team responsible for reporting ‘significant’ breaches or likely breaches to the relevant regulator is/are.
A cornerstone of consistent breach reporting is an organisation’s ability to compare ‘like with like’, as far as possible, in order for the organisation to get a clear idea of whether compliance breaches are systemic and recurring.
- Regular Compliance Training
Compliance is growing increasingly complex in highly regulated industries such as superannuation. Investors want to know that their investment is being protected, and laws and policies are constantly evolving to meet the needs of members. A strong risk and compliance culture is only as good as the organisation’s legal, risk and compliance team. Part of their role is to ensure that the fund acts consistently with the Trustee’s obligations under the ‘Risk Management’ Superannuation Prudential Standard (SPS 220) and this can be assisted by regular cross-organisational compliance training (in systems usage and new regulatory obligations). This will also assist in greater consistency of breach reporting.
Systems (including online apps such as the Hive Legal Super App referred to below) which capture data and identify areas of systemic weakness and risk assist with developing the areas of focus and content of training programs.
- Minimising Systemic Inefficiencies
Identifying whether systemic inefficiencies (e.g. electronic or paper-based systems) exist that could be reduced or done away with will also assist with consistency. Software or operational upgrades may seem costly in the short term, but if these aren’t done, the medium to long term effects on an organisation may be significant; particularly if legacy systems that aren’t working well or integrating into the wider compliance framework are left in place. Further, identifying systemic duplications or areas of overlap will enable an organisation to cut down on costs and inefficiencies (e.g. service provider, staffing and other resourcing costs).
- Better Communication Across All Compliance Teams
Good communication and close working relationships across all legal, risk and compliance teams within an organisation are crucial to increasing consistency in breach reporting. An organisation’s legal, risk and compliance functions should meet regularly and be structured to enable every professional within the organisation to feel comfortable using others as a sounding board. A strong culture of compliance should embrace more reporting over less reporting as there is more likelihood then of breaches or likely breaches which are ‘significant’ being identified and escalated (and not ‘falling through the cracks’).
- Adequately Documenting All Breaches
In line with doing a regular ‘health check’ of risk and compliance systems and methodologies across the organisation, implementing a base level system where all incidents and breaches (regardless of materiality) are comprehensively assessed, documented and reported should be a priority. A pattern of ‘low level’ breaches may indicate a wider systemic issue that an organisation will not pick up unless all breaches – regardless of materiality – are adequately assessed and documented. Even where ‘low level’ breaches do not give rise to a reporting obligation they are potentially an opportunity to make operational improvements.
- The Smart Use of Technology
Technology solutions which combine intelligent software with sophisticated legal logic provide invaluable systems to ensure consistency in breach reporting for superannuation trustees. This technology can assist an organisation to understand, identify, properly manage, rectify and escalate (where necessary) breaches or likely breaches and may help to minimise liability and reduce the likelihood of enforcement action by APRA and/or ASIC. It enables good documentation of a compliance incident including requirements to detail:
- the breach or likely breach;
- whether the incident is considered ‘significant’;
- the impact on members;
- the financial impact on the relevant fund or company;
- the similarity or recurrence of other known compliance incidents;
- which legislative provisions may have been breached; and
- whether any internal policies have been breached.
The ability to consistently capture printable information surrounding compliance breaches or likely breaches – whether ‘significant’ or not – will allow an organisation to improve the quality of the documentation that may be required by regulators and internal decision makers.
David Reckenberg, Consultant, Hive Legal
Rebecca Lim, Senior Associate, Hive Legal
Hive Legal has developed the Hive Legal Super App, used by Superannuation Trustees to understand, identify, properly manage, document considerations, rectify and (where necessary) escalate breaches or likely breaches of superannuation funds.
For more information and for a free one month trial of the Hive Legal Super App please click here.