Spotlight on Regulatory Risk in Financial Services

This edition of our FSR Australia Notes focuses on the concept and dimensions of regulatory risk.

We see this as an increasingly important area of financial services regulation, as following the Financial Services Royal Commission, a financial institution’s relationship with the regulators is particularly paramount.

There are many factors underpinning this observation, including the more prominent role of community expectations and the related issue of regulatory reputation. This latter concept has been given legislative recognition under the Banking Executive Accountability Regime (BEAR) (with the accountability obligation to deal with APRA in an open, constructive and co-operate way) and will likely also be reflected in similar terms in the proposed Financial Accountability Regime (FAR). This recognition was without precedent in Australian statute law.

Concept of Regulatory Risk

We start the discussion by tackling the concept of “regulatory risk” itself.

“Regulatory risk” for these purposes is the uncertainty associated with whether a regulator will take an interest in particular activities of a financial institution, leading to the possibility of action by that regulator.

The term can be defined with more granularity by reference to, and contrast with, the concept of “legal risk”.

Legal risk is, of course, the risk in relation to whether certain activities comply with the relevant legal requirements.

By contrast, regulatory risk encompasses legal risk but transcends legal risk in one of at least four major respects as follows:

  • the regulator could disagree with a particular legal interpretation and adopt a contrary or different legal interpretation;
  • the regulator could focus on criteria beyond the legal position, such as customer centricity or community expectations;
  • outside of either of the above scenarios, the regulator seeks to enforce its particular view of conduct of the financial institution, regardless of the actual legal position; or
  • reputational risk, where the relevant regulator is looking into the conduct or activities of the relevant financial institution.

Drill-down into Regulatory Risk

The different limbs of regulatory risk canvassed above require further consideration.

With respect to the risk that a regulator will take a different legal interpretation, the way in which financial institutions engage and react with the regulator will depend on the particular matter. This is a particularly important area of regulatory risk, noting an increased desire from regulators after the Royal Commission to run “test cases” on points of financial services law.

The strength of the relevant legal opinion/interpretation held by an institution is a useful starting point. The greater the strength of the legal opinion, the greater the way in which the institution can engage in good faith with the regulator to seek to arrive at common ground.

Sometimes, it will make sense for the institution to obtain an opinion from Senior Counsel, which may or may not then be provided to the regulator, noting the legal privilege dimensions here.

In general terms, a bona fide and strong legal opinion provides a good basis for engaging with the regulator, and seeking to arrive at a consensual outcome. This applies regardless of whether the regulator is projecting an image of “toughness” or focussing on enforcement: no regulator can act outside its powers, and a financial institution having a strong legal opinion about its position starts engagement with a regulator from a position of equivalent strength.

The second scenario relates to where the regulator might seek to look beyond the legal position, regardless of whether it agrees with the legal interpretation of the financial institution. In particular, there is an increasing trend for the relevant regulator to look beyond the strict black letter legal position. Further, this focus might be expressed in terms of the need for the institution to focus on customer’s interests, often expressed as customer centricity.

Naturally, as lawyers, we cannot help but consider whether such a focus has a wider legal foundation. In this context, concepts such as “community expectations” can be examined, although this latter concept is still not tied to an enforceable legal obligation.

One needs to go to the next level and consider whether the regulatory point connects to, and is supported by, a more fluid legal obligation, such as the obligation of the financial services licensee to carry out the relevant financial services, efficiently, honestly and fairly in accordance with section 912A of the Corporations Act. It is true that an obligation such as efficiency, honesty and fairness can be affected and moulded by community expectations.

Similarly, where legal remedies are conferred on consumers by pieces of legislation, such as under the AFCA jurisdiction, then obligations such as the obligation to act fairly and reasonably might be seen as interacting in this space.

This discussion then leads into the third limb raised above, which is where the relevant regulator may seek to enforce a position without specific reference to either a legal interpretation or a wider concept of fairness. This scenario really enters into the realm of negotiation with the regulator. The relevant financial institution may be influenced to resist or not resist the regulatory standpoint based on a whole range of considerations, including other current or historical engagement pieces with the regulator as well as whether the financial institution believes that the regulator’s requirement should be met based on the desire or need to look after the interests of the relevant customers, such as whether those requirements are consistent with any customer charter the institutions may have.

In this last regard, we note that abstract interests of the customer usually should not be considered, at least initially, as interests. Relevant case law supports the position that the relevant interests of customers are to be defined by the constituent documents of the financial product that confer rights on the customers, such as a contract or trust deed. This will be contrasted with a view that equates customer interest to any conceivable advantage to the customer without regard to what provisions or benefits the relevant financial product is said to confer on the customer.

Increasingly, financial services legislation contains requirements for financial institutions to prioritise the interests of the relevant clients.

Several observations can be made in this regard:

  • the concept of “interests” should be as suggested above; and
  • prioritisation duties of this nature in many cases will not prevent the financial institution from acting in its own interests, but are only activated if there is a conflict between the interests of clients and the interests of the financial institution. Exceptions of course exist to this proposition, such as where fiduciary/equitable obligations require the holder of the obligation to only act in the client’s interests and/or preclude the institution from acting in its own interests.

Turning to the fourth limb, reputational risks are often a very powerful reason why a financial institution may not wish to, or has reduced appetite to, challenge a regulator’s standpoint formally.

Regulatory Engagement Strategy (RES)

It is clear that in accordance with the above analysis and trends, there is an increased need for financial institutions to institute, evolve, update or refine their RES, depending on where they may be up to in their development of an RES.

In particular, the following areas might be relevant:

  • Focus on community expectations, efficiently, honestly and fairly and fit and proper
    1. Has the RES got enough detail around how ASIC’s increased interest in this area is being addressed?
    2. How is your RES addressing APRA fit and proper requirements, noting that this goes beyond honesty and also covers competence, diligence and judgement?
    3. What governance structures, compliance processes and procedures underpin/support this area?
  • Focus on reputation generally and regulatory reputation more specifically
    1. With the introduction of a specific accountability measure under the BEAR/FAR, does the RES deal sufficiently with this area?
    2. What is meant by prudential reputation and being open, constructive and co-operative with a relevant regulator under the BEAR/FAR in different contexts which the institution is likely to face (eg requests for waiver of legal privilege as part of openness)?
  • Dealings with the regulator(s)
    1. Given the introduction of a new duty of transparency vis-à-vis APRA in the BEAR legislation, as well as the joint regulatory role of ASIC in the FAR, does the RES deal sufficiently with what we will call the “duty of candour” towards the regulator(s)?
    2. Is there a new duty of transparency when dealing with the regulators?
    3. What does this duty involve beyond breach reporting?
    4. Is there now a duty to report events which might transcend breach reporting?
    5. How does any such duty of candour interact with the area of legal professional privilege?
    6. How does a RES seek to preserve legal professional privilege (eg in briefing of experts in regulatory matters)?
  • Arms’ length dealings
    1. Given the increased focus in the Royal Commission and ensuing focus by the regulators, does the RES deal sufficiently with how the intra-group dealings of an organisation can be explained and justified in the event of a regulator focussing specifically at the institution or at an industry level more generally?


Michael Vrisakis
Michael Vrisakis
+61 2 9322 4411
Fiona Smedley
Fiona Smedley
+61 2 9225 5828
Charlotte Henry
Charlotte Henry
+61 2 9322 4444
Tony Coburn
Tony Coburn
+61 2 9322 4976
Steven Rice
Steven Rice
Special Counsel
+61 2 9225 5584
Tamanna Islam
Tamanna Islam
Senior Associate
+61 2 9225 5160