ASIC sends a message to 'Licensees-for-hire'

7 minute read 27.07.2022 Richard Batten, Prayas Pradhan and Mikaela Wan

This case is important for 'licensees for hire', which allow other businesses to use their licence. It is also a reminder for all AFS licensees to ensure they have sufficient resources to operate their business and in particular to oversight their authorised representatives.

On 6 July 2022, ASIC initiated civil proceedings against Lanterne Funds Services Pty Ltd (Lanterne) alleging various and significant breaches of its obligations under their Australian financial services (AFS) licence. This included inadequate risk management systems, insufficient organisational competence, failure to ensure compliance for representatives operating under its licence, inadequate resources and ultimately, failure to provide financial services efficiently, honestly and fairly.

Between 13 March 2019 and 5 October 2021, Lanterne authorised over 60 corporate authorised representatives (CARs) and over 130 individual authorised representatives (ARs) under its AFSL.

The CARs and ARs that relied on Lantern's AFSL included venture capital funds, managed investment schemes, wholesale funds management services, corporate advisory services, digital asset funds and others.

Organisational incompetence

During the relevant period, Lanterne had only one full time employee who was also its responsible manager and sole director. It had no back-up plans to manage an absence of that person. Lanterne also had two part-time employees but their roles were limited to administrative functions.

On this basis, ASIC contends that Lanterne did not do all things necessary to maintain competence to provide the financial services covered by its AFSL. ASIC asserts that Lanterne did not have sufficient responsible managers (RMs) with the skills and experience in the financial services offered by its CARs and ARs and across the industries and business in which they operate.

Additionally, Lanterne did not document or implement processes for assessing its responsible managers and did not have any mechanisms implemented to ensure any responsible managers remain appropriately qualified.

Key learning

The role of a RM is becoming increasingly important. ASIC's allegations against Lanterne reinforces the need for qualified and experienced RMs. ASIC has set an expectation that a licensee must have RMs with appropriate knowledge and skills not just across business undertaken directly by the licensee, but also that of the business and dealings undertaken by CARs/ARs. Licensees should therefore be regularly reviewing their RMs, making sure they are appropriate for the role as well as identifying and nominating additional 'bench' RMs to ensure sudden departures do not affect the ability to maintain organisational competence.

Ensuring representatives comply with financial services laws

ASIC considers Lanterne breached its obligation to take all reasonable measures to ensure representatives comply with financial services laws (s912(1)(ca)) as Lanterne:

failed to have a documented and rigorous due diligence and background check process in place for prospective CARs and ARs;
did not provide clear and practical guidance to prospective entities about the nature, extent and discharge of their obligations under the financial services laws;
lacked a systematic or documented audit process;
failed to document informal discussions between parties;
relied on pro-forma monthly compliance self-assessments by CARs to identify risk associated with their conduct;
failed to follow up any exceptions noted in the CAR's self-assessment compliance form; and
did not conduct any regular performance reviews of its employees, management or responsible managers.

Key learning

Clearly, it is not enough for AFS licensees to allow ARs to operate unchecked. Licensees are on the hook for the conduct of all of its representatives. It is therefore crucial that sufficient diligence be conducted on prospective ARs, including directors, key officers and internal compliance and risk management systems. Just as ASIC is now statutorily mandated to extensively review the fitness and propriety of each AFS licensee, licensees should take the same approach with respect to ARs. In addition, 'standard' AR agreements need to be tailored to ensure they respond to the industry/business' unique practices. Finally, licensees need to devise robust methods for oversight and not simply rely on 'self-attestations' to monitor the conduct of ARs on an ongoing basis. The question a licensee should ask itself is whether it can comfortably say, under the scrutiny of an ASIC investigation, it took all reasonable measures to ensure its representative complied with financial services laws.

Lack of adequate resources

ASIC found that Lanterne:

had no data disaster recovery plan, relied on outdated back up processes, failed to use a suitable software system to monitor and supervise ARs and CARs;
had no human resources plan, no staff training, no plans for periodic review of internal systems and resources, and failed to consider and assess the financial resources required to carry out its supervisory arrangements;
only had one compliance procedures manual, which did not reflect Lanterne's business of authorising CARs and ARs, and contained little information about the compliance systems of the CARs and ARs; and
until only recently, all records were only maintained via a paper filing system.
ASIC therefore alleges that Lanterne breached its obligation under s912A(1)(d) to have adequate resources as it failed to have adequately trained and skilled compliance and risk management personnel, particularly to undertake audits and reviews of CARs and ARs.

Key learning

Although it appears that Lanterne was an extreme case, this case reminds licensees to ensure they have adequate human resources, information technology and financial management capability having regard to the nature and scale of their business. ASIC's allegations regarding outdated software and systems is noteworthy in an age where cyber-resilience has become paramount. Licensees will recall that the Federal Court found licensee, RI Advice, breached its license obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cybersecurity risks. Licensees need to have fit for purpose technological resources and disaster recovery plans. This includes up-to-date hardware and software that meet the needs of the licensee's business having regard to its nature, scale and risk profile.

Training of representatives

ASIC found that Lanterne did not provide any training to its CARs or ARs, breaching its obligation under s912A(1)(f) of the Corporations Act. There were no processes requiring any verification or information about its ARs. Lanterne relied on the self-assessment compliance reports completed by the CARs/ARs to satisfy itself that the CARs/ARs had sufficient training. Lanterne did not request, obtain or inspect any CAR’s or AR's training records. No records were maintained for trainings undertaken by its ARs. Further, Lanterne did not conduct any audits of CARs and ARs.

Key learning

ASIC specifically highlighted that Lanterne should have analysed assess the skills and competency of each AR and take adequate steps to address those requirements. This could have been done in-house or externally, and it was Lanterne's responsibility to maintain a record of training and assess the effectiveness of the training at least annually. In addition, licensees should:

actively request, obtain and inspect CAR and AR training records, and provide or require professional training programs for its CARs and ARs;
maintain a record of training and assess the effectiveness of the training, at least annually; and
conduct regular performance review of its employees, management or responsible managers.

Not 'efficient, honest and fair'

In addition to the specific obligations discussed above, ASIC considers that Lanterne has breached its obligation to do all things necessary to ensure the financial services covered by its AFSL were provided efficiently, honestly and fairly, contravening s 912A(1)(a) of the Corporations Act.

Compliance order sought

ASIC is seeking an order for:

Lanterne to engage an independent expert who will review and report on the adequacy of Lanterne's existing systems, processes and controls to comply with its general obligations under s912Aof the Corporations Act. The independent expert will also need to make recommendations on the steps to be taken to make Lanterne's relevant systems, processes and controls adequate;
Lanterne to establish a risk management and compliance program and implement recommendations of the compliance report within two months of the compliance report issued; and
Lanterne to engage the independent expert to report on its implementation of the independent expert's compliance report.