Chapter 10

Commonwealth Financial Planning Limited: ASIC's enforcement action

10.1      This chapter continues the consideration of the CFPL matter by assessing the adequacy and effectiveness of ASIC's enforcement actions against individual advisers and the organisation since 2010. In particular, this assessment considers whether the enforceable undertaking from CFPL that ASIC accepted in October 2011 was an appropriate and sufficient response to the misconduct at CFPL, and whether it has led to positive changes in the way CFPL now conducts its business.

Adequacy of ASIC's enforcement actions against individual advisers

10.2      There was some discussion in the course of the inquiry regarding the enforcement actions ASIC took against individual CFPL advisers, and whether the sanctions against these advisers were adequate given the severity of their misconduct. Consideration was also given to whether the fact that only eight advisers were subject to ASIC's enforcement action accurately reflected the number of CFPL staff implicated in the misconduct. As noted in the previous chapter, five advisers received bans of varying duration, and three provided an enforceable undertaking removing themselves from the industry for a certain period. While Mr Awkar and Mr Gillespie received permanent bans, Mr Nguyen was only banned for seven years. Asked whether the seven-year ban imposed on Mr Nguyen was adequate, ASIC responded:

I think the best way to respond to that is not to comment in relation to one individual planner but the overall outcomes: the compensation program, the eight—it is now up to eight—planners who have been banned in one sense or another, the tens of millions of dollars that the Commonwealth Bank has had to expend fixing its procedures, the entire new leadership and so on and so forth. If you put all that together, we think it is a very important outcome, allowing for the fact of those lessons that we have been talking about in some detail that we could have done better.[1]

10.3      Asked if advisers other than those subject to ASIC enforcement action might have been involved in misconduct, the CBA responded:

[O]nce issues were known and we did have a list of advisers, the business actually did go back and review all of the advisers, and that came up with a number of advisers that we did have concerns about. We then used an independent accounting firm to help us determine any patterns and they used some forensic techniques. That led to the total number of advisers that we did have concerns about which was 19 and that included Nguyen and Awkar.[2]

10.4      The CBA told the committee that some of these cases remained under review.

10.5      In its written submission, the CBA advised that in addition to the CFPL advisers named in media articles and subject to ASIC enforcement action, CFPL had 'terminated a number of other Advisers whose advice standards did not meet the level required by the CFP'.[3] Asked how many staff had left CFPL following the revelations of misconduct at CFPL and subsequent ASIC enforcement actions, the CBA told the committee that:

...a number of people left the business over the period as part of the change that we instituted in the business. Approximately 72 people in total left the business either through resignation because they were not happy with the way we were changing things or as a result of being terminated. A number of those were planners. I think a total of 12 planners were terminated, and another 11 planners resigned of their own accord. There were other staff who also left as a result of that. There were other sanctions, but those are the main ones, and that was part of the process of changing not only the people but also the attitude within the business.[4]

The enforceable undertaking and change at CFPL

10.6      On 25 October 2011, ASIC accepted an enforceable undertaking from CFPL. As the CBA explained in its submission, the undertaking 'required CFP to assess the adequacy of its Risk Management Framework (RMF) against generally accepted risk management standards. On completion of this assessment, CFPL was required to develop an Implementation Plan that would not only address deficiencies in the RMF but also specifically address certain concerns raised by ASIC in the [enforceable undertaking]'. These concerns were whether:

1. There have been adequate processes and controls in place to deal with ongoing risks of noncompliance.
2. Representative misconduct has been dealt with in a consistent manner.
3. Recurring themes have been appropriately identified.
4. Data analysis processes and reporting capabilities allow for early detection of advice process irregularities.
5. There have been adequate controls over client records.
6. There has been consistent application of CFP's complaints handling and internal dispute resolution processes.[5]

10.7      The enforceable undertaking was announced by ASIC on 26 October 2011. The media release provided the following explanation:

CFP has agreed to conduct a comprehensive review of its risk management framework and legal and regulatory obligations regarding the provision of financial services, financial advice and the monitoring and supervision of its representatives...Under the [enforceable undertaking], CFP will proceed to develop an implementation plan to address any unresolved deficiencies identified by the assessment of its risk management framework. The implementation of the plan will be the subject of review and ongoing reporting to ASIC over the next 2 years by an independent expert (whose engagement is to be approved by ASIC). Where a client is found to have been adversely impacted by the conduct of a representative, CFP will consider the circumstances and appropriately remediate the client.[6]

10.8      One of the issues addressed during the committee's consideration of the CFPL matter was whether the CFPL enforceable undertaking had been effective in driving improvements in the CFPL's business operations. Both the CBA and ASIC argued that the enforceable undertaking had been successful in this regard; other witnesses, however, contended that the enforceable undertaking was a weak and poorly targeted response to the misconduct at CFPL, and that it had failed to bring about the necessary changes in the way the business operated.

CBA on cultural and system changes at CFPL

10.9      The CBA reported that as a result of the revelations of misconduct at CFPL and the subsequent enforceable undertaking, it had 'significantly transformed' its financial advice business, in terms of 'the management, the culture, the processes and the business systems'.[7]

10.10         In its appearance before the committee, the CBA emphasised that the 'cultural change component was a very big piece of the change process' in its financial advice business. The current executive general manager of the CBA's Wealth Management division, Ms Marianne Perkovic, explained to the committee that a key factor in this cultural change was a revision of remuneration structures at CFPL:

The main driver of changing that culture was restructuring the remuneration and also the KPIs of not just the planners but all of the management within the advice business, up to my level as well. Two of the key changes in that were gate openers across remuneration payment, firstly, for risk culture and, secondly, for adherence to compliance. Each of those needs to be met before any remuneration is paid to the adviser. And then we have moved to a more balanced scorecard approach, where the focus is absolutely on quality advice and quality advice measures for the advisers but also for people across the business—so the managers of advisers as well.[8]

10.11         The CBA added that to drive cultural change in its financial advice business, it had sought to encourage people within the business to 'speak up' when they had concerns.[9] The CBA also told the committee that there was no-one currently in the CBA's wealth management advice leadership team who was in the team in 2010. The bank added that none of the advisers 'who were found to have issues' remained employed at CFPL.[10] 

10.12         Whereas the CBA's financial advice business was previously under Colonial First State, the CBA reported that the business now reported directly to the CBA's Wealth Management division. This change, it suggested, reflected:

...the scale and importance of the business, and also addresses any conflict or perception of conflict of interest with regard to Colonial First State, so advice now is a stand-alone business.[11]

10.13         The CBA explained that it had implemented major changes in how its compliance and risk management operations were structured in relation to CFPL. It told the committee that whereas risk and compliance functions were previously located within CFPL, parts of these functions were now located:

...outside of the business, as well as there being enhanced risk and compliance inside the business, with an enhanced adviser insurance team operating risk and advice solutions teams inside the business as well as an enhanced focus on risk and compliance from outside the business, and an independent organisation reporting to the [chief risk officer].[12]

10.14         One of the most blatant failures of the CFPL revealed in evidence was its inadequate file management system. The CBA noted that a large proportion of the discussion regarding CFPL's failures had focused on its poor file management, and that it recognised:

...it is very important to be able to have access to files and we have spent $25 million putting in a document management system so that we will be able to have online access to our files and file retention.[13]

10.15         The CBA also reported that it had made a substantial investment in its IT infrastructure in order to develop an 'early warning system' to facilitate investigation and compliance:

This [system] has factors like concentration risk, risk profiles and generally the activity of the investment that is happening. These systems allow us to immediately be notified if there are issues or concerns across any of the investments of our customers and any behaviours across advisers. So that system is our first point of call and is working; it has worked in the business for coming up to 12 months now.[14]

10.16         The CBA has also implemented a IT system called Connect, which it claims provides:

...a single view of the adviser, consolidated information around that adviser—including their qualifications, their actions, their clients and, importantly, particularly their customer complaints—so that we are able, with the click of a button, to see all of that with regard to individual advisers.[15]

10.17         In response to a question taken on notice, the CBA informed the committee that whereas on 1 January 2008 CFPL had 15 staff employed in compliance officer roles, as of 1 January 2014 there were 43 compliance officers.[16]

Critics of the enforceable undertaking and its impact

10.18         One former client of CFPL suggested that ASIC's decision to seek an enforceable undertaking, rather than pursue court action against CFPL, was indicative of ASIC's tendency to privilege the interests of CFPL over the interests of CFPL clients. The submitter was of the view:

ASIC's willingness to accept enforceable undertakings instead of taking Court action against CFP for breaches of legislation and reported criminal activity, fraud and forgery, suggests preferential treatment and protection of CFP over the actual victims of those crimes.[17]

10.19         Mr Morris explained that while the enforceable undertaking might have brought CFPL 'up to current minimum industry standards', he was not convinced that it had addressed the underlying problems at CFPL. He suggested that while CFPL might well be complying with the enforceable undertaking, the problem remained that:

...the subtleties that allow a place like CFP to operate are not picked up in the [enforceable undertaking]. For example, at Commonwealth Financial Planning one of the big problems was that because it is basically a bucket shop and a sales channel, the overwhelming proportion of the advice that I saw and most of the advice that Nguyen gave is what is called defined scope advice. By narrowing the scope down to advice to invest in a certain product, you basically wipe out all your duties to the client to take into account other considerations. All you are going to do is invite them to invest in this product and the [enforceable undertaking] does not address that problem.[18]

10.20         Mr Morris seemed to suggest that the changes implemented at CBA were a case of 'too little, too late'; he argued it was unlikely these changes would have addressed the underlying problems at CFPL:

[W]hat they have done is what they had to do and it has probably taken the firm to where it should have been six years ago. To have taken this long to put in an electronic system to store documents seems incredible to me, particularly when a sister business of Commonwealth Financial Planning had that system in place years ago. What they have done, I think, is basically enough to address the Don Nguyen situation, but what remains is, I think, symptomatic of broader problems in the industry, in that, although they have changed their remuneration model, when you look at the detail of their submission, they do not say that the bonus scheme is now based purely on quality of advice. There is a reduced emphasis on sales volumes. I do not know exactly what that means. I have a difficulty with any professionals with a fiduciary duty where you are also making them salesmen. I think that is an impossible conflict of interest to reconcile. As well, I have broader concerns about vertical integration in the industry based on what I have seen at CFP and what happened there.[19]

10.21         Assessing the enforceable undertaking within the context of ASIC's overall handling of the entire CFPL matter, Mr Morris, argued that ASIC's enforcement actions were designed more to disguise ASIC's incompetence than punish CFPL/the CBA:

I submit that, as the ineffective regulator responsible for the industry, ASIC has a fundamental conflict of interest in exposing the full extent of the corruption and dishonesty of such a major institution such as CFP/CBA; as that would in turn be such a damning indictment of their own incompetence and abysmal failure in supervision that it must in turn have implications for ASIC itself.

ASIC has therefore chosen to ignore the full extent of CFP/CBA's malfeasance in favour of lauding itself for the easy wins of imposing an Enforceable Undertaking and banning seven crooked planners—all of whom were actually offered up by CFP/CBA rather than being caught by ASIC.[20]  

ASIC's assessment of the impact of the enforceable undertaking

10.22         ASIC told the committee that whereas the CICP lacked a 'clear delineation' of what CFPL needed to do to satisfy ASIC's requirements, the enforceable undertaking had been more rigorous in this respect. Pressed to explain the differences between the CICP and the enforceable undertaking, ASIC told the committee that the undertaking had stronger mechanisms for driving cultural and system changes at CFPL:

It is that the CICP process did not involve a commitment to change the remuneration structures. The underlying drivers of the bad culture and the bad advice were not removed. At that stage it would have been a difficult thing to require as part of a less formal, non-enforcement agreement for those things to change, because they were the structures that were throughout the industry. They were driving the culture of the entire industry. For an informal agreement to say this firm rather than any other has to change its remuneration when we did not have any backing from the law in terms of bans on commissions or anything would have been a very difficult thing. I think that, by the time we got to the [enforceable undertaking] with the serious threat of investigation and legal action, that pushed them that extra step to start changing those remuneration structures. I think that, in terms of really changing things going forward, changing the culture and what drives the planners within the firm was the big difference.[21]

10.23         ASIC told the committee that it appeared that positive changes had taken place at CFPL:

We have seen a lot of progress in that respect. There is an entirely new management and leadership team. There are different remuneration structures, different management structures and so on and so forth.[22]

10.24         At the same time, ASIC acknowledged that change at CFPL remained, in some respects, 'a work in progress'. In particular, ASIC noted that the CFPL still needed to improve its breach reporting to ASIC, and indicated this remained an area that ASIC would continue to monitor closely.[23] The need for CFPL to improve its breach reporting to ASIC was, in fact, noted in the final report from PricewaterhouseCoopers (PwC), the independent expert appointed in respect to the enforceable undertaking. Specifically, the independent expert report, which was provided to ASIC on 5 October 2013, found that CFPL appears to take longer than the required timeframes to determine whether issues and incidents within the business are significant and therefore reportable to ASIC.[24] Mr Kell underlined this issue at the public hearing on 10 April 2014:

I just wanted to note that one of the core problems that we had with CFP was the adequacy of their breach reporting. Indeed, it remains an ongoing issue. While most elements of the enforceable undertaking have been carried out and implemented to our satisfaction, we are still requiring CFP to test the effectiveness of their breach reporting procedures. We still have concerns in that area, and that is an area where we are following up with them. We do take that very seriously. It has not been an area where we have been happy with the standard of the reporting.[25]

10.25         Asked if ASIC maintained that an enforceable undertaking was the best mechanism to address CFPL's conduct, and whether it achieved what it was intended to achieve, ASIC concluded:

We do believe the enforceable undertaking allowed us to make much more wide-ranging changes at CFP than a more formal court based process would have allowed for, including major changes to their compliance systems and record keeping along the lines that we have just indicated. It is also worth remembering that the penalties available to apply through a more formal court process against CFP at the time this occurred were around $170,000...

...The key issue here is: have we in fact required or forced CFP to make the sorts of changes that mean that it offers much higher quality advice to its clients? That is really what we needed to achieve at the end of the day to lift its game very dramatically. We think in many of those areas that it has happened, and in some areas where we still have concerns there is ongoing work. But that has been occurring within the framework of the [enforceable undertaking], and I mentioned earlier breach reporting is one of those ongoing areas.[26]

How independent was the 'independent expert'?

10.26         There was also some discussion during the public hearing about whether the independent expert appointed under the terms of the enforceable undertaking, PwC, had a potential conflict of interest, given it also acts as the CBA's auditor. The CBA rejected the idea that PwC had a conflict of interest in its appointment as independent expert:

As auditors, PricewaterhouseCoopers have to be independent of us. You may be aware that Sarbanes-Oxley requirements in the US drove a big change in how auditors must be independent of the companies that they audit. So PricewaterhouseCoopers have to maintain an arm's length from us in order to be our auditors generally. When it comes to the actual [enforceable undertaking], they and we and ASIC were comfortable that their independence as auditors allowed them to be the independent expert in the case of the [enforceable undertaking].[27]

10.27         Speaking more generally, the CBA told the committee that it was confident in the rigour of the enforceable undertaking process and the role of independent experts therein. In particular, the CBA emphasised that independent experts appointed under the enforceable undertaking had a strong reputational incentive to ensure they undertook their work in a diligent and properly independent manner:

As you probably know, we have had other enforceable undertakings. Our experience in each case has been that the scope of the independent expert's role is very detailed, it is very clear what that role is, and the independent expert is a party to those discussions, because the independent expert obviously has to be satisfied that it can perform that scope. In terms of the actual implementation, the independent experts that we have dealt with, being major accounting firms, have their own reputation to consider. It would be risky for them in the extreme to allow business at the line management level to remain as it was and yet to report to ASIC that things had changed. We have never experienced that. I am surprised to hear that it exists, but it is certainly not reflective of the experience we have had at all. We have found that our independent experts involved in the process have been very active, have been quite prepared to speak out whenever things have not been proceeding according to plan and have been quite open with ASIC about that. We have encouraged that. I would find it curious if an independent expert were prepared to run the risk of allowing things not to change and yet report to ASIC that things have changed.[28]

10.28         ASIC told the committee that while it had the power of veto over the CBA's choice of independent expert, it had been satisfied with PwC's appointment. ASIC also noted that as part of the tender process, all tenderers (including PwC) 'had to address issues around whether there were conflicts and how they might be handled'.[29]

10.29         At the same time, Mr Medcraft and Mr Kell both acknowledged that PwC's dual roles as auditor of CBA and independent expert under the CFPL enforceable undertaking did raise questions about a potential conflict of interest:

Mr Medcraft: ...I think you make a good point, Senator; if somebody is the auditor and they want them to be the independent expert, essentially you should have a sceptical presumption about how they are going to manage the independence issue, the potential conflicts of interest. There should always be a presumption and questioning on this particular issue. I think that is an important point.

Mr Kell: And I suspect that we would take a different approach today compared to the approach we took back then.[30]

10.30         In addition to underlining issues regarding the integrity of the CFPL enforceable undertaking process, these comments also raise broader questions about the procedures around the use and appointment of independent experts in enforceable undertakings. These broader questions are considered further in Chapter 17.

10.31         In the course of the discussion about the independent expert appointed under the CFPL enforceable undertaking, the CBA was asked whether reports of these experts should be made public. The CBA indicated it would have no objection to such reports being made public, and that to do so would allow the seriousness with which the CBA regards such matters to be 'appropriately reflected in the full transparency of daylight'.[31] As discussed further in Chapter 17, ASIC also indicated that it believes there would be merit in making independent expert reports publicly available.[32] 

Committee view

10.32         The committee notes the advice provided by the CBA and ASIC on the important changes implemented at CFPL as a result of the enforceable undertaking. Among the CBA's key assertions are that it has, in respect of CFPL:

• expended millions of dollars to fix its procedures;
• cleared out CFPL staff suspected or proven to have engaged in wrongdoing;
• installed an entire new leadership at CFPL;
• significantly transformed its financial advice business; and
• achieved a cultural transformation and now encourages people to 'speak up'.

10.33         If these changes have indeed taken place and produce the intended result, the committee should generally be satisfied that they will make future compliance failures at CFPL less likely and, where compliance failures do occur, more likely to be detected and addressed in a timely and effective manner. The Future of Financial Advice (FOFA) reforms are also addressing some of the previously identified problems in the financial advice industry that were again exposed through the committee's examination of CFPL. In particular, the requirement that advisers must act in the best interest of clients and the ban on conflicted remuneration are improving standards and moving the industry away from a sales-based culture. The committee does, however, note with some concern that CFPL's breach reporting to ASIC continues to be deficient. The CBA needs to address this issue as a matter of high priority. Furthermore, the eleventh hour revelation about inconsistencies in CBA's evidence before the committee, to be considered in Chapter 12, casts serious doubts about whether the desired changes have taken root.

Navigation: Previous Page | Contents | Next Page