How to respond to regulators and what you can do about their decisions

Even though there is always a feeling by business managers that regulators are, at the least, not there to help them, it is important that you maintain good day to day working relationships with government bodies that regulate your business.

A business should have a clear published internal policy that its officers and employees must treat regulators with courtesy and respect, and not obstruct them in their lawful activities. If they are asked by a regulator to provide information, your employees must not intentionally mislead or deceive them or destroy or conceal relevant information.

Your response to regulators will influence how they treat you as much as their own attitude and policies. The regulatory officials will quickly sense whether you are being open or trying to mislead them and this assessment will affect their dealings with you.

Your attitude to regulators should be a core part of your compliance policy and your organisation’s culture.

Your compliance policy should deal with the issue of your relationship with regulators. Usually it will require that any dealings with regulators on compliance-related matters involve your compliance officer, professional advisers and senior managers.

Procedures

Your business should have written procedures for handling queries from regulators on compliance-related matters.

Those procedures should deal with what happens if an employee receives an enquiry from a regulator on a compliance-related matter.

Any time an employee breaches or becomes aware of any other person breaching any law or code of conduct the breach must be reported in full to the Compliance Officer (or other appropriate senior manager). The Compliance Officer can then assist with resolving the breach or query.

Depending on the nature of the enquiry, the matter should be escalated to the CEO, head of internal audit, head of HR or board of directors.

Compliance and legal advisers should review available evidence (files, emails, voice tapes, order/trading records, market data, staff interviews) to determine as soon as possible whether there is any suggestion of a compliance breach by the organization. No records should be destroyed once you become aware of the investigation.

In some cases, you may be able to negotiate a delay in enforcement of a notice until you have obtained legal advice. However this is at the discretion of the investigators.

What is a Compliance Related Matter?

Compliance related matters exclude routine enquiries or reports within a person’s normal area of responsibility but include:

•     a notice from a regulator that it intends to conduct an audit or inspection;

•     a query from a regulator about a customer complaint;

•     a query from a regulator about a transaction or series of transactions;

•     a request or notice to produce documents or records (whether relating to your business or your customers);

•     a request or notice requiring a member of staff to attend an interview or hearing;

•     any query from the police, Australian Crime Commission or a state-based crime and misconduct commission.

What if You Get an Informal Request Rather Than a Formal Notice?

You have an obligation to your customers to keep their personal information confidential. However you can be compelled by law to provide information to regulators. That does not mean you should volunteer information to a regulator.

If confidentiality is an issue then the regulator should be asked to issue a formal notice. You can collate the information pending receipt of the notice.

If you receive a formal notice which on its face appears to be defective (eg addressed to the wrong company or identifying the wrong date or account number) then you should query it and get legal advice.

In some cases, you are legally obliged not to tell your customers that you have received a notice relating to their affairs.

Review rights

A regulator might make an administrative decision which has commercial consequences for you (eg refuse to grant a licence or impose unreasonable conditions on a licence).

If you are dissatisfied with a regulator’s administrative decision, you may need to legally challenge the decision if you are to change it.

Are the regulator’s internal documents accessible under freedom of information laws?

Is the regulator’s decision open to review?

In some cases, you may not be able to review findings of fact; all you can do is review whether proper procedures were followed or whether the law was misapplied.

If the decision is up to the regulator’s discretion then you may only be able to review whether the discretion was unreasonably exercised and not the actual decision. It may be that a decision was not unreasonable even if it was far removed from your expectations.

Conclusion

The nature of your relationship with a regulator is an important reflection of your corporate culture.

But you do not always have to agree with everything a regulator decides. You may have the right to review a regulator’s administrative decisions.