Clinic 1: Responsible Managers: Your Role and Obligations
‘In practice’ exercises — Cover sheet
Last name:...... First name(s):......
Clinic date: ...... Date submitted: ......
Presenter: ......
Academic misconduct
Cheating and plagiarism (i.e. taking and using as one's own the thoughts, writings or other work of someone else, with the intent to deceive) constitute academic misconduct. Such actions are a major violation of AFMA academic values and will be dealt with severely. Refer to AFMA’sAcademic Misconduct Policyin the Student Handbook.
Plagiarism and/or cheating occur when:
- material substantially written by someone else (either another student, a previous student, the author of a publication, or some other person) is presented as one's own work
- paragraphs or sentences written by someone else are not enclosed in quotation marks and accompanied by a full reference to the source
- the work of someone else is paraphrased, and is not appropriately attributed and referenced.
Declaration
I declare that this assessment is my individual work. I have not worked collaboratively, nor have I copied from any other student’s work or from any other source except where due acknowledgment is made explicitly in the text, nor has any part been written for me by another person.
Place an ‘X’ in the box to indicate you agree to the above terms and conditions. Any electronic responses to this submission will be sent to your email address provided on registration.
AgreementEnter XDate:DD/MM/YYYY
AFSL compliance audits [p 1-21 to 1-22]
1)Find out whether your organisation has been audited by ASIC. Describe what your organisation did to prepare for the audit. Consider the following in your response:
a.What information was collated?
b.What review or research activities were undertaken in anticipation of the audit?
c.Was a workplace audit team formed? If so, were you involved?
d.Did the team work effectively? If not, explain why.
e.How was information communicated between members of the team? Suggest one (1) way in which communication could have been improved.
f.How were staff made aware of the impending audit?
2)Suggest one (1) way your organisation could have been better prepared.
Australian Prudential Regulation Authority[p 1-23]
Find out whether your organisation is regulated by APRA in part or whole.
Australian Transaction Reports and Analysis Centre[p 1-26]
1)Who is responsible for meeting AML/CTF obligations in your organisation?
2)What steps is your organisation taking to implement its AML/CTF obligations?
3)Read your AML/CTF compliance program documentation. List three (3) steps your organisation is taking to fulfil its AML/CTF obligations. Are they communicated to staff, and if so how?
4)List any AML/CTF Act functions which your organisation has outsourced. How does your organisation satisfy itself that these functions are being carried out properly?
5)Suggest one (1) way you could improve the current procedures for managing your organisation’s obligations under the AML/CTF Act.
Privacy Commissioner [p 1-28 to 1-29]
1)Who is responsible for meeting the obligations under the Privacy Act in your organisation?
2)List current internal policy, process and procedure documents relating to the Privacy Act. How are these policies, practices and procedures communicated to staff?
3)List any Privacy Act records maintained by your organisation. How often are they updated? Who updates them?
4)List any Privacy Act functions which your organisation has outsourced. How does your organisation satisfy itself that these functions are being carried out properly?
5)Suggest one (1) way you could improve the current procedures for managing your organisation’s obligations under the Privacy Act.
What is a financial product? Makes a financial investment [p 1-31]
List any financial products your organisation offers which involve the making of a financial investment.
What is a financial product? Manages a financial risk [p 1-32]
List any financial products your organisation offers to its customers/clients which helps them to manage a financial risk.
What is a financial product? Makes a non-cash payment [p 1-32]
List any financial products your organisation offers that involve the making of a non-cash payment.
What is a financial product? Specified financial products [p 1-33]
List any specified products which are offered by your organisation.
What is a financial product? Excluded financial products [p 1-34]
List any excluded products which are offered by your organisation.
What is a financial service? Provides financial product advice [p 1-36]
Does your organisation provide financial product advice? If yes, give one (1) example of personal advice provided to a client. Give one (1) example of general advice provided to a client.
What is a financial service? Deals in a financial product [p 1-37]
Does your organisation deal in financial products? If yes, explain how.
What is a financial service? Makes a market for a financial product [p 1-38]
Does your organisation make a market for any financial products? If yes, explain how.
What is a financial service? Operates a registered managed investment scheme [p 1-38]
Does your organisation operate a managed investment scheme?
What is a financial service? Provides a custodial or depository service [p 1-39]
Does your organisation provide a custodial or depository service to its clients? If yes, explain how.
Contents of an AFSL[p 1-41]
1)Read the AFSL(s) that you are an RM for. What authorisations does it contain?
2)What authorisations are you responsible for?
3)Who can your organisation provide financial services to (retail or wholesale clients)?
4)Does the AFSL include any non-standard conditions? If so, what are they and what do they mean for your organisation?
Preparing proof documents [p 1-44]
1)Read and familiarise yourself with the core proofs in your organisation’s AFSL application.
2)List any additional proofs contained in your organisation’s AFSL application. Read and familiarise yourself with these.
Varying an AFSL or its conditions [p 1-44]
Has your organisation varied its AFSL and/or any of the conditions on its AFSL? Why was this necessary?
The retail/wholesale distinction [p 1-47]
1)Does your organisation provide financial services to retail clients? What proportion of your clients are retail clients?
2)Does your organisation provide financial services to wholesale clients? What proportion of your clients are wholesale clients?
Broad compliance [pp 1-51 to 1-53]
1)Does your organisation have a separate compliance function? If yes, describe what is involved. If no, explain why not.
2)Does your organisation have a compliance manager? If yes, do you meet with them on a regular/irregular basis? Broadly describe typical issues discussed at these meetings.
3)Do you participate in any compliance management committees? Do you receive copies of compliance management committee meeting minutes?
4)Do you have an individual key performance indicator related to compliance?
5)Is the allocation of responsibilities for the compliance function clear and understood by your organisation’s directors, employees and representatives? How would you measure their comprehension?
6)Consider the following propositions:
Compliance proposition / Y/N / Explain your answerYour involvement in compliance makes a difference to the effectiveness, efficiency and profitability of your organisation.
When an audit of one of your staff or representatives reveals a poor result, you effectively manage their reaction and remedial action taken.
The way you communicate affects the conduct and outcome of compliance within your organisation.
You influence the quality of reporting for staff and representatives on compliance issues.
7)Rate your organisation using the table below from 1 to 10 (where 1 is poor and 10 is exceptional):
Commitment / Rating / How can you influence improvement?There is commitment by the governing body and top management to effective compliance that permeates the whole organisation.
The compliance policy is aligned to the organisation’s strategy and business objectives, and is endorsed by the governing body.
Appropriate resources are allocated to develop, implement, maintain and improve the compliance program.
The objectives and strategy of the compliance program are endorsed by the governing body and top management.
Compliance obligations are identified and assessed.
Implementation / Rating / How can you influence improvement?
Responsibility for compliant outcomes is clearly articulated and assigned.
Competence and training needs are identified and addressed to enable employees to fulfil their compliance obligations.
Behaviours that create and support compliance are encouraged and behaviours that compromise compliance are not tolerated.
Controls are in place to manage the identified compliance obligations and achieve desired behaviours.
Monitoring and measuring / Rating / How can you influence improvement?
Performance of the compliance program is monitored, measured and reported.
The organisation is able to demonstrate its compliance program through both documentation and practice.
Continual improvement / Rating / How can you influence improvement?
The compliance program is regularly reviewed and continually improved.
Outsourcing [p 1-55]
1)List your organisation’s outsourced activities.
2)Have you participated in a review of an outsourced product or service provider’s services? Describe what this review entailed and what steps you took to implement the findings from your review.
Financial services guide [p 1-62]
If applicable, read your firm’s FSG.
1)Have you ever talked through an FSG with a client, highlighting the key points? What did you say?
2)How did/would you ensure that a client has understood your firm’s FSG?
Disclosure [p 1-64]
How could you market test your disclosure documents to ensure that the content is easily understood and unambiguous?
Training, monitoring and supervising representatives [pp 1-69 to 1-70]
1)Are you responsible for monitoring and supervising representatives? If yes, describe the steps you take to monitor and supervise the representatives.
2)Suggest one (1) way you could improve the way in which you monitor and supervise representatives.
3)What action does in your organisation take when a representative breaches their obligations? Does your organisation keep records of these breaches?
4)How does your organisation monitor representatives who work outside your offices?
5)What processes does your organisation have in place to notify ASIC of authorised representative appointments?
Employment screening [p 1-71]
What background checks does your organisation do before it appoints representatives?
Authorised representative agreement [p 1-72]
Does your organisation have an authorised representative agreement? Does it cover the above information?
Training representatives [p 1-73]
1)Does each representative have an individual training plan? Describe one (1) of these.
2)What processes and procedures are in place to ensure that past and future training is relevant to the position and objectives of the organisation? Suggest one (1) way you could improve your current processes and procedures.
Retail clients and RG 146 [p 1-74]
1)Do any of your organisation’s representatives need to be RG146 compliant? If yes, how does your organisation meet the RG 146 training requirements?
2)Does your organisation require representatives to undertake regular training programs for RG146 compliance and/or continuing education? What kind of training programs are these (i.e. in-house/external, duration, subject matter covered)?
3)What training records does your organisation keep?
4)How does your organisation determine whether a particular training program meets the requirements for continuing education?
5)Suggest one (1) way you could improve your current processes for training representatives.
Technological resources [p 1-79]
Check that your organisation has adequate measures in place to:
- establish and review network security (password authorisation)
- establish virus and spam management programs
- define the organisation’s computer usage policy (i.e. pornography and harassment)
- incorporate the computer usage policy into the company’s employee induction program
- review privacy policies regarding electronically stored information, both corporate and personalinformation
- review physical risks to the infrastructure by restricting access to systems and facilities.
Occupational health and safety [p 1-82]
1)Check that:
- your OH&S policies and procedures are in place (and regularly reviewed)
- all staff members are aware of OH&S requirements
- there is adequate signage or posters throughout the workplace
- there are processes in place to ensure that systems or work are reviewed and continuously improved.
2)Who is on your OH&S committee?
3)How are staff members informed of OH&S requirements?
4)Suggest one (1) way you could improve your current OH&S processes and procedures.
Conflicts of interest [p 1-87 to 1-89]
1)Read your organisation’s conflicts of interest policy(s). Briefly describe how your organisation controls, manages and avoids conflicts.
2)Have you faced a conflict of interest situation in your organisation? In general terms, describe how the conflict arose, how you identified it and how you dealt with it. Note:Do not disclose any confidential or sensitive information.
3)Suggest one (1) way you could improve your current processes and procedures for managing conflicts of interest.
Breach reporting [p 1-83]
1)Does your organisation have a clear, well-understood and documented process for reporting breaches and for escalating reported breaches (including to the governing body or its delegate)? Briefly describe that process.
2)Does your organisation undertake a regular review of its compliance measures, processes and procedures in response to breaches? Describe what is involved in such a review.
3)How do you encourage a culture in which members of your staff are likely to report breaches?
4)How does your organisation identify and manage systemic compliance issues?
5)What processes are in place for reporting breaches to ASIC?
6)Suggest one (1) way you could improve your current processes and procedures for breach reporting.
7)Obtain access to your organisation’s breach register. What processes are there in place for updating it? Is it updated regularly?
8)What kinds of breaches are included?
Clinic 1‘IN PRACTICE’ EXERCISES— fourth edition PAGE 1