Print this page

Supervising your representatives’ business communications

This is Information Sheet 283 (INFO 283). It provides guidance for market intermediaries, including investment banks and participants of exchange and over-the-counter (OTC) markets, on appropriate supervision of their representatives’ business communications to prevent, detect and address misconduct and contraventions of financial services laws.

It provides guidance about:

In this information sheet, we consider business communications to include any written, voice or electronic communications used by market intermediaries and their representatives to carry on their financial services business. This includes, but is not limited to, communications reasonably required to meet record-keeping obligations and enable monitoring of compliance with financial services laws.

The importance of supervising representatives

Market intermediaries play an important role in upholding the integrity of financial markets.

In order to prevent and promptly detect misconduct and poor behaviour, market intermediaries need to adequately supervise their representatives. We expect market intermediaries to take reasonable steps (in line with the potential harms from misconduct) to actively monitor and store business communications, in keeping with their obligations.

Market intermediaries should also ensure they have appropriate governance frameworks for their businesses to detect and respond to misconduct and poor behaviour by their representatives, consistent with their existing obligations under the financial services laws.

Managing risks from unmonitored business communications

A market intermediary that is an Australian financial services (AFS) licensee must (among other things and unless exempt):

  • take reasonable steps to ensure that its representatives comply with the financial services laws (section 912A(1)(ca) of the Corporations Act 2001 (Corporations Act))
  • have available adequate resources (including financial, technological and human resources) to provide the financial services covered by the licence and carry out supervisory arrangements (section 912A(1)(d) of the Corporations Act), and
  • have adequate risk management systems (section 912A(1)(h) of the Corporations Act).

The ASIC market integrity rules for securities and futures markets require market participants to (among other things):

  • have appropriate supervisory policies and procedures to ensure compliance by each person involved in its business with the market integrity rules, the operating rules of the market and the Corporations Act (Securities Markets Rule 2.1.3 and Futures Markets Rule 2.2.8)
  • maintain records of instructions received from clients (Securities Markets Rule 4.1.1 and Futures Markets Rule 2.2.4), and
  • record, via telephone lines and/or other electronic devices, all conversations with clients and other parties relating to client instructions (Futures Markets Rule 2.2.7).

New communication technologies are developing rapidly and changing how market intermediaries communicate when carrying on a financial services business. While new technologies present challenges, they also offer solutions for complying with record-keeping and compliance monitoring obligations.

Market intermediaries must have adequate arrangements to supervise and record their representatives’ business communications, considering the nature, scale and complexity of the business. The supervisory arrangements that are required to satisfy the obligations may vary between market intermediaries. In addition to considering the nature, scale and complexity of the business, market intermediaries should take into account their risk appetites and assessments when designing and implementing adequate supervisory arrangements that consider risks specific or more significant to certain business functions and roles.

The use of unmonitored communication channels and encrypted communication applications in business communications can significantly increase the risk of misconduct going undetected. This is an important consideration for market intermediaries when implementing and assessing their supervisory arrangements.

Effective supervisory arrangements are important for managing the risk of harm to clients or market integrity, including harms from:

  • inappropriate or unauthorised disclosure of confidential or inside information
  • market abuse, including insider trading and market manipulation, and
  • bribery, fraud or other behaviour that may be prohibited under law or a market intermediary’s internal policies.

Supervision frameworks and controls to record and monitor the business communications of a market intermediary’s representatives must be designed to comply with workplace surveillance laws, which differ between states and territories.

The case study below is designed to help market intermediaries consider these issues and risks.

Case study: Personal devices

A market intermediary adopts a ‘bring your own device’ policy or allows the use of personal devices for business communications.

The use of personal devices for work-related purposes has increased dramatically as remote or hybrid working arrangements have become part of many market intermediaries’ normal business operations. When adopting ‘bring your own device’ policies, market intermediaries should consider their risk appetite and assessments, and how adequate supervision of representatives can be effective under these arrangements.

What does the market intermediary do?

The market intermediary’s policies and procedures are updated to outline its expectations in relation to the use of personal devices and applicable confidentiality requirements for business or client data. There are various ways the market intermediary could adequately record business communications conducted on personal devices to meet record-keeping and compliance monitoring obligations, considering the nature, scale and complexity of its business. For example:

  • installing technology on devices to give access to, record and monitor specific applications or communications
  • manually recording or summarising the business communications on a communication channel available for compliance monitoring (e.g. email, order management systems), based on a documented policy and procedure
  • transitioning client-initiated communications onto an approved communication channel at the earliest opportunity (e.g. transmitting an order through to the office immediately if out with a client).

Supervisory arrangements to monitor business communications

Market intermediaries should ensure their supervisory arrangements for monitoring business communications are adapted as the business develops and its risk profile changes over time: see Regulatory Guide 104 AFS licensing: Meeting the general obligations (RG 104).

Some important measures to consider include:

  • policies and procedures that identify communication channels approved by the market intermediary for business communications and outline how to handle communications through unapproved channels for record-keeping and compliance monitoring purposes
  • ongoing training on relevant policies and regulatory requirements that include real-life worked examples. Representatives should regularly attest that they have read, understood and will comply with internal policies
  • consequence management frameworks and actions for breaches of policies or regulatory requirements that provide a visible and credible deterrent
  • supervisory arrangements for monitoring business communications that reflect the market intermediary’s risk appetite and are reviewed regularly to consider emerging conduct risks and the impact of communication applications, with input from all relevant stakeholders (e.g. front office, compliance, legal, operations, IT and HR), and
  • processes for regular independent review and testing of the effectiveness of surveillance controls and supervision frameworks (e.g. by internal audit) to ensure the arrangements remain adequate and comply with financial services and other applicable laws.

The scenarios below are designed to help market intermediaries consider these issues and risks, but they are not exhaustive.

Scenario 1

A representative of a market intermediary contacts a client on an encrypted messaging app from their personal device to discuss trading strategies.

What does the market intermediary do?

Business communications on unapproved channels increase the risk of misconduct or poor behaviour going undetected. Adequate arrangements for recording and monitoring business communication channels will vary across market intermediaries. In this scenario, the market intermediary has policies that clearly identify approved and monitored channels for representatives to conduct business communications. The policies also specify certain unapproved channels and set out what representatives should do if a client or other third party initiates business communications through an unapproved channel, to ensure those business communications can be recorded and monitored appropriately.

When the market intermediary detects a representative has used an unapproved communication channel, the market intermediary conducts reasonable investigations of whether the communications and related conduct comply with the market intermediary’s policies and the law. Following the investigation, the market intermediary applies its fair consequence management frameworks, which are clearly outlined for representatives in its policies, to retrain, discipline and deter representatives as needed.

Scenario 2

A client asks a representative of a market intermediary to use a messaging app that is outside its approved and monitored business communication channels.

What does the market intermediary do?

The market intermediary’s policies and procedures address how representatives are to deal with business communications outside of approved channels to ensure the business communications can be recorded and monitored to adequately supervise representatives’ conduct. The market intermediary may decide to decline permission for the representative to use the messaging app. Alternatively, it may determine how to record these communications for compliance monitoring, in line with their risk appetite and assessment.

Approaches to recording and monitoring may vary. Formal and documented approval and governance processes may be used to assess, test and approve the application. Alternatively, the business communications could be recorded and monitored through established processes involving compliance, surveillance or other internal stakeholders to effectively monitor the business communications, in line with the market intermediary’s record-keeping and supervision obligations.

Scenario 3

A scheduled review of a market intermediary’s business communications finds several representatives discussing business on their personal devices or unapproved channels.

What does the market intermediary do?

This scenario does not comply with the market intermediary’s record-keeping and supervision obligations and falls short of the expectations for representatives set out in its internal policies and procedures. The market intermediary decides to conduct an in-depth investigation of its representatives’ business communications to assess compliance with its policies and procedures and whether its representatives have engaged in suspicious activity or misconduct, or otherwise failed to comply with financial services laws. The findings are reported to the relevant management, committees and/or the board, with recommended action items to address and remediate any deficiencies in its existing arrangements and any proposed disciplinary action to be taken under its consequence management frameworks.

Reviewing the effectiveness of supervisory arrangements for business communications

Market intermediaries should periodically review their arrangements for supervising business communications to ensure they are operating effectively and remain adequate. The following questions should prompt market intermediaries to consider and review their supervisory arrangements, considering the nature, scale and complexity of the business.

Scope of supervisory arrangements

  • Are supervisory arrangements adequate to record and monitor the business communications of representatives and identify potential misconduct, considering the risk of harm to clients or market integrity?
  • Do supervisory arrangements incorporate reasonable steps to detect the use of unapproved communication channels, incomplete conversations on approved communication channels or insufficient record keeping?
  • Are supervisory arrangements clear in how representatives should appropriately transfer client-initiated communications onto approved and monitored channels?
  • Are supervisory arrangements reviewed frequently enough to assess and adequately manage the risk posed by new and emerging communication channels that have not been authorised?
  • Do periodic reviews of supervisory arrangements consider whether the controls and residual risks are consistent with the market intermediary’s risk appetite?
  • Is the list of representatives subject to business communications monitoring decided by the market intermediary, updated frequently enough to reflect changes in roles, risks and business activities?

Business communications controls

  • Are communication surveillance systems effective and updated frequently enough to adequately supervise the business communications of representatives?
  • Is the underlying communications data used by surveillance systems to supervise business communications complete, accurate and timely?
  • Are the alerts generated by the surveillance systems used to monitor business communications timely and accurate?
  • Are communication surveillance systems able to access and store business communications from encrypted channels?
  • To what extent does the range of controls and surveillance systems implemented identify potential misconduct? Examples may include surveillance alerts, lexicon analysis and other analytics to identify language suggesting potential misconduct.
  • Are alerts of potential misconduct adequately documented and reviewed in a timely manner to disrupt suspected misconduct and any resulting harms?
  • Are business communication controls appropriate for the market intermediary’s business activities and the risk of harm or market abuse from misuse of confidential information?

Governance of supervisory arrangements and controls

  • Have the market intermediary’s supervisory arrangements been subject to appropriate governance and approval processes?
  • Does the market intermediary maintain adequate resourcing (human and technical) to perform supervision of business communications appropriate to the nature, scale and complexity of the business?
  • Are appropriate contingencies and back-up arrangements in place to mitigate disruptions to the supervision of business communications, considering the risk of harm to clients or market integrity?
  • How does the market intermediary deter representatives from using unapproved communication channels and/or from circumventing supervisory arrangements?
  • Are internal governance arrangements relating to the development and use of supervision arrangements and controls effectively documented and are there clear lines of accountability?
  • Does the market intermediary have clear accountability measures for representatives and how is this accountability captured (e.g. periodic attestations, accountability statements, etc.)?

Record keeping and training

  • Are appropriate records of business communications being kept to facilitate monitoring, reviews and audits in accordance with regulatory requirements?
  • How do representatives record informal communications that may arise with clients or other parties that are required to meet the market intermediaries’ record-keeping and other obligations under financial services laws?
  • Does the content and frequency of representative training adequately reinforce the expectations of policies and procedures?

Where can I get more information?

For more information, ask a question online.

Important notice

Please note that this information sheet is a summary giving you basic information about a particular topic. It does not cover the whole of the relevant law regarding that topic, and it is not a substitute for professional advice. We encourage you to seek your own professional advice to find out how the applicable laws apply to you, as it is your responsibility to determine your obligations.

You should also note that because this information sheet avoids legal language wherever possible, it might include some generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases, your particular circumstances must be taken into account when determining how the law applies to you.

Information sheets provide concise guidance on a specific process or compliance issue or an overview of detailed guidance.

This information sheet was issued in June 2024.

Report suspicious activity

If you are a market participant and you see or suspect market misconduct you must notify ASIC

Lodge a suspicious activity report

Subscribe for updates

For the latest regulatory developments and issues affecting market intermediaries subscribe to our monthly Market Integrity Update.

What's new

More financial markets releases

Last updated: 26/06/2024 12:32