On August 9, the Australian Securities & Investments Commission (ASIC) issued Report 584, which analyzed the compliance measures and controls that banks should have in place to address the risk of fraud and other risks associated with access by third parties (such as financial advisers, stockbrokers, and accountants) to customers’ money in deposit accounts. ASIC stated in the report that its review was prompted by concerns raised about the use of adviser-operated deposit accounts by an Australian financial planner now in liquidation, Sherwin Financial Planners Pty Ltd, that was part of the Sherwin Financial Group (Sherwin Group). By the time of its collapse in January 2013, ASIC reported, the Sherwin Group owed nearly AU $60 million to approximately 400 clients. The founder of Sherwin Financial Planners was later convicted and sentenced in 2017 to 10 years’ imprisonment.
ASIC defined the scope of its review to include five leading Australian banks that design and promote deposit accounts to financial advisers, stockbrokers, and accountants “to allow them to transact on a customer’s behalf, including on self-managed superannuation funds (SMSFs).” In particular, it examined eight adviser-operated deposit account products that those five banks issued. It explained that it “looked at how the banks monitored use of the accounts to ensure customers’ money was not being placed at risk,” including review of “whether the banks offering these accounts had sufficiently robust compliance measures and controls in place to address the risk of fraud and other risks where an adviser has authority to withdraw the customer’s money.”
ASIC’s principal finding was that it “did not find widespread misconduct in relation to adviser-operated deposit accounts offered by the banks.” It went on to say that “we consider that the banks could do more to manage the risks to customers associated with third party access to money in customers’ accounts. Even though the instances of fraud are not widespread, the potential impact of fraud on individual customers is significant.” ASIC therefore set forth ten recommendations – some of which it indicated some banks were already implementing – for banks in relation to adviser-operated deposit accounts:
- “Application forms for adviser-operated deposit accounts should more clearly state the level of access so that customers understand the extent of any authority given to the adviser to transact on the account.
- “Follow-up communications should be sent directly to the customer after an account is opened with details of any authority given to the adviser.
- “Customers should be able to easily change the level of adviser access on the account.
- “Customer contact details should be recorded accurately and separately from the adviser’s contact details.
- “Customers should receive account statements directly or have online access to their accounts.
- “Customers should be notified whenever an adviser initiates a transaction request on the account.
- “Banks should undertake initial checks and ongoing monitoring of advisers using adviser-operated deposit accounts and their transaction requests.
- “Monitoring systems should include specific triggers to detect suspicious transactions for assessment.
- “Banks should notify ASIC of suspected misconduct.
- “Where appropriate, remediation should be provided to customers who have lost money due to unauthorized transactions by their adviser.”
The ASIC made clear that some of its recommendations “are good practice guidance for banks and are not legal requirements.” Even so, banks in Australia, and even in other regions, can make good use of the report, by comparing its recommendations to their current compliance measures and controls pertaining to customer accounts that third parties can control and see whether those measures and controls are sufficiently robust.