The FMA’s approach to enforcement
Recent cases and guidance from the Financial Markets Authority (FMA) suggest that regulated entities can no longer expect a light touch response to unintentional regulatory breaches – even where those breaches are self-reported and corrected.
Previously, an entity which inadvertently breached its obligations might expect to work with the FMA on an appropriate resolution out of court. However, recent cases and guidance make it clear that regulated entities should be prepared for more court action. It is therefore more important than ever for regulated entities to ensure that they have invested in their systems and processes for managing compliance risks, and to take care when engaging with the FMA.
A shift in approach?
A few years ago, when problems arose, regulated entities were able to liaise with regulators to focus on compensation and rectification rather than prosecution. For example, in 2016, the FMA entered into a settlement with Westpac (and the Commerce Commission) to resolve an issue involving some $4 million in fees which had inadvertently been overcharged to New Zealand customers using ATM machines in Australia. Westpac prudently self-reported this issue when it became aware of it and agreed with the regulators to pay compensation to affected customers.
Similarly, in 2017, the Commerce Commission, with the FMA’s involvement, entered into a settlement agreement with Tower Insurance to resolve an overcharging issue. Tower informed the regulators of the issue and the matter was resolved by Tower compensating affected customers and making a charitable donation to reflect its inability to reimburse some customers. No proceedings were issued, and no penalty was paid.
Fast forward a couple of years, however, and we saw the first proceedings issued under the fair dealing provisions in the Financial Markets Conduct Act 2013 (FMCA) for similar – or even less serious – breaches. For example, in 2019, ANZ Bank informed the FMA that it had identified issues with some of its credit card repayment insurance policies. It had issued multiple policies to a small number of customers and issued policies to an even smaller number of customers who were ineligible to claim under their policies because of their age. These errors were inadvertent, and their monetary value was relatively low – particularly compared with earlier cases. ANZ reimbursed the affected customers in full, with interest. Unlike the previous cases, however, the FMA issued proceedings against the bank, which were ultimately resolved with the bank admitting the claim and agreeing to pay an agreed penalty of $280,000. While the proposed penalty was agreed in a settlement agreement, as proceedings had been issued, it took the form of a fine imposed by the Court.
The FMA has taken a similar approach to certain issues raised by AIA Insurance, issuing proceedings in 2021. AIA had identified and self-reported three issues in 2018 as part of the FMA’s review of life insurers at that time: a purported enhancement of policy benefits, charging premiums after the termination of a policy and treating policies as terminated when they should have remained in force, and incorrect inflation adjustments. AIA has admitted the claims in the proceedings and the FMA has indicated that the parties have agreed on a joint penalty recommendation of $700,000, which remains subject to a penalty hearing in court which has been set down for 3 February 2022.
The FMA also announced in early December 2021 that it has filed proceedings against Kiwibank for false and misleading representations in breach of the fair dealing provisions in the FMCA. Kiwibank self-reported to the FMA that its general terms and conditions provided that customers would not pay transaction fees on their accounts if they also had their home loan with Kiwibank. Inadvertently Kiwibank charged fees to its customers. Self-reporting was prompt and remediation will refund overcharged customers and include use of money interest. Nevertheless, the FMA decided to issue proceedings to seek a declaration of contravention and a penalty, stating the “nature of the underlying conduct will always be the driving factor”.
This shows that the FMA is keen to get penalties confirmed by the courts and is less likely than before to reach an out of court settlement.
The FMA’s comments on enforcement
he FMA’s enforcement approach was recently commented on by Ms Karen Chang, Head of Enforcement and Acting General Counsel of the FMA, in a speech setting out the FMA’s views on self-reporting, remediation and inadvertent breaches and how these inform the actions the FMA may take to regulate breaches.
n this speech, Ms Chang commented that “none of what I’m saying should be novel” but observed that regulated entities have expressed surprise when enforcement action is commenced for inadvertent breaches that have been self-reported. Ms Chang stated that the FMA considered that enforcement action is often justified in these circumstances as the breaches may be indicative of a wider problem, such as an inappropriate deferral to a marketing team or under-investment in systems or processes. Insufficient investment in compliance processes may be evidence of an intent to prioritise profits over compliance – particularly as, in the FMA’s view, manual exceptions processes are destined to fail. Enforcement action may, therefore, be used to incentivise the allocation of sufficient resources to systems and processes to comply with obligations to customers.
Further, while self-reporting would colour the FMA’s view of an entity’s conduct, the FMA regards self-reporting as a minimum requirement. It is “a sign that entities take their legal and licensing obligations seriously – and by informing us, they will endeavour to fix the issues quickly”. However, for an entity to receive any credit for self-reporting an issue, the self-reporting should be proactive (rather than made in response to a request for information) and prompt; entities should not “wait until they have fully unravelled” any problems engaging with the FMA.
While proactive and early self-reporting will be taken into account when the FMA considers its enforcement response, it does not insulate an entity from litigation. Enforcement action is more likely to be taken where there is customer harm or serious misconduct – particularly as the FMA considers that regulated entities have had enough time to understand and meet their obligations. While the FMA may have been willing to take an educative approach to early regulatory breaches, entities that have been regulated since December 2016 can expect to be met with less patience.
Finally, Ms Chang confirmed that customer remediation is regarded as a “bare minimum”. Relevant to the FMA’s view of how the entity has conducted itself includes whether remediation “was timely, well organised and communicated or whether there were delays and mistakes”.
The key message from Ms Chang’s speech and the FMA’s recent enforcement actions is the importance of devoting appropriate resources to managing and monitoring compliance risks.
What to consider?
Consider whether your systems are operating correctly and whether you have an effective process for escalating issues. Keep records of your efforts and ensure that when issues do arise, they are self-reported promptly and that they are remediated quickly and effectively. Care must also be taken when engaging with the FMA to ensure that correct and complete information is provided.