FMA releases Supervision Insight Report

The Financial Markets Authority (FMA) has published their findings on their monitoring of financial market participants' governance and culture. The report identifies a number of significant breaches of the rules and sets out a number of regulator expectations for governance and conduct frameworks.

The FMA's media release and report are both available online.

Who needs to read it?  Why?

All licensed and authorised entities regulated by the FMA should read this report. The report sets out the FMA’s findings from the information entities provided and identifies areas for these entities to improve. In particular, derivatives issuers, authorised financial advisers (AFAs) and qualified financial entities (QFEs) should note the sector-specific findings in the report.

What does it cover?

The FMA has published general findings for all of these entities to consider as well as specific findings relating to entity types.

The general findings were:

  • Governance and oversight: There was a widespread lack of understanding of corporate governance among directors. Some directors had a limited knowledge of their entity’s obligations, resulting in a poor ability to oversee the entity’s compliance. Some directors who considered themselves “independent” had a tenure of 15 – 30 years on the board, which the FMA considered compromised their independence. The FMA expects directors to understand their role and effectively oversee the entity and provide appropriate direction to management.
  • Risk and compliance resourcing: There were insufficient resourcing of entities’ risk and compliance functions. Some entities had insufficient resources allocated to risk and compliance. Generally, responsibility for managing risk and compliance was not clearly defined and documented policies were out of date and not fit for purpose. Adequate resources need to be allocated to risk and compliance to ensure there are effective compliance measures.
  • Oversight of third-parties: There was a weakness in the oversight of third parties. Some entities had no or inadequate formal agreements with an outsource provider and no formal periodic review of performance. Entities are expected to conduct due diligence before engaging an outsource provider, enter into an outsourcing agreement and review it regularly.
  • Supervisor monitoring: Supervisors had begun to implement the previous FMA feedback however further work is required. Supervisors are expected to continue developing their risk-based approaches, including monitoring of MIS managers known risks.
  • Conduct and culture: The FMA focused on the improvements bank and insurers were making after the FMA and Reserve Bank’s report in 2019. Generally, there was a lack of board commitment to prioritising customers’ needs and the outcomes they receive from the entities’ products and services. There was no clear understanding of conduct risks and no mechanisms to identify inappropriate conduct. Some entities did not have a vulnerable customer policy, and many had inappropriate policies for handling customer complaints. Particularly worrying for the FMA, inappropriate sales incentives were common, without adequate controls to address the conflict created by the incentive. Entities need to be proactive in remedying conduct issues and risks. The FMA expects that entities assess their business against the principles in the FMA Conduct Guide.
  • Compliance assurance programs: Numerous programs did not meet minimum standards and were poorly designed. Many focused too narrowly on the NZX rules or on the obligations of the parent company rather than the entity itself. In addition, the FMA found the processes and controls in the programs were not being followed as frequently or as described. Entities should review their program to ensure it is fit for purpose and reflects current processes and controls.
  • Compliance and controls: The FMA identified several instances where entities failed to comply with their licensing obligations. These included not having the proper policies and controls necessary at the time of licensing, and concerns regarding the experience and skill of directors. All entities must ensure they fully comply with their licence conditions. The FMA has stated that concealed non-compliance or inadequate processes to detect and resolve such issues may result in the FMA taking further regulatory action.
  • Misleading information: While there were no issues for majority of entities in this area, the FMA highlighted some examples of potentially misleading conduct. These include:
    • A derivatives issuer’s website focusing on the benefits of derivatives trading without explaining the risks.
    • An AFA promoting themselves as independent, while they were party to contractual arrangements with product providers and received commissions from those providers.
    • An AFA calling themselves a broker without offering a broking service.
  • Internal policies and procedures: The FMA found numerous examples where entities’ internal policies were not fit for purpose or subject to monitoring and review. In particular, policies were generic and not suitable for the size of the entity. The FMA considers this a breach of the entities’ minimum licensing requirements. Policies should be fit for purpose, communicated to employees, adhered to and regularly reviewed.
  • Employee training: Many entities had comprehensive training programmes, however many were poorly designed. Training often involved reading articles and regulatory documents, or provision of out-of-date materials. Senior manager training also lacked coverage of licence obligations. Entities need to use a range of methods, such as facilitated sessions, webinars or online modules. The FMA encourages entities to measure employee understanding throughout training.
  • Acting without authority: The FMA found instances of entities acting on behalf of customers without obtaining the customer’s consent. This included:
    • A discretionary investment management services (DIMS) provider exercising discretion outside the scope of the agreement with the client.
    • Treating an entity as an eligible investor without obtaining the appropriate certification.
    • An AFA not formally obtaining an agreement from all trustees of a trust before implementing their investment portfolio.

Our view

This report signifies the FMA’s commitment to monitoring governance and culture as a strategic priority. It is clear the FMA was disappointed with the governance and conduct frameworks of licensed and authorised entities. The FMA has indicated that where non-compliance continues, further regulatory action may be taken. Therefore, entities need to remedy any shortfalls in their governance and conduct frameworks the FMA has highlighted in its report, particularly where it risks breaching its obligations under the Financial Markets Conduct Act 2013 or its licence conditions.

What next?

If you have any questions in relation to governance or conduct regulation or are considering how this report may affect your business, please contact one of our experts.

Who can help