Limited functionality available
ASIC has now released proposed updates to its guidance on the prohibition on the hawking of financial products (‘RG 38’). The revisions to RG 38 reflect reforms brought about by Schedule 5 of the Financial Sector Reform (Hayne Royal Commission Response) Act 2020.
Anti-hawking: what will and won’t fly?
The consultation is set to conclude on 17 August (or maybe 18 August – ASIC is a bit unclear), with the final guidance to be issued in September 2021 (likely less than 1 month ahead of go-live). In announcing the consultation, ASIC Commissioner Danielle Press said:
ASIC’s guidance gives additional clarity on how the changes may affect commercial practices, systems and processes. This will help industry prepare for compliance with the new regime once it commences.
Overall, RG 38 is heavily rooted in the legislative requirements, with particular reference to the explanatory memorandum. However, ASIC has clarified some points, as noted below.
Not just real-time interactions
For a breach of the hawking prohibition to occur, the offer of the financial product must be made ‘because of’ or ‘in the course of’ unsolicited contact. This contact will be unsolicited if it is wholly or partly in any real-time interaction. However, RG 38.25 notes that the prohibition may still apply to offers, requests or invites that take place through a medium other than one that is a real-time interaction. For example, emailing a consumer an offer during or directly after an unsolicited outbound call would be ‘because of’ that call.
While this interpretation is in accordance with the legislative provisions, we expect that it may create consequences not previously contemplated by the industry. With many organisations looking to solve for the complexities of the reform through a reliance on digital platforms, automated solutions and online advertising, this may raise questions as to where the line will be drawn on the definition of ‘unsolicited contact’.
When giving 'stuff' is not enough
An offer will only be prohibited where there is a causal nexus between the ‘unsolicited contact’ and the ‘offer, request or invitation’. The RG acknowledged that there are situations, as described in the explanatory memorandum, that will likely break the causal nexus (such as the consumer obtaining personal advice or taking active steps to consent). However, RG 38.30 further considers circumstances, which of themselves are unlikely to break the causal nexus, being:
These examples provide a little more colour to the concept of the ‘causal nexus’, by highlighting the industry needs to do more than appropriately distributing financial products (aligned with the underpinnings of the Design and Distribution Obligations) to comply with the hawking prohibitions. However, we do not expect that they will resolve any real tensions or gaps across the industry.
Contact for compliance purposes permitted
Notably, the guide did clarify that an organisation will not breach the hawking prohibition if it contacts a consumer for the purpose of communicating information in order to fulfil a legal obligation. For example, RG 38.33 described that a superannuation trustee contacting a beneficiary for the purpose of providing them with options to receive payment of the benefit would not fall within the remit of the hawking prohibition.
Toeing the line between providing information and making an offer
There is some complexity involved in understanding whether a communication will fall within the scope of the hawking prohibitions. RG 38.37 to 43 provides further guidance in this regard. Whether a communication goes beyond this is a matter to be determined on a case-by-case basis, having regard to the following parameters below. However, a key point is that one-on-one interactions involving product information, quotes and offers (whether wholly or partly in real-time) are more likely to involve the prohibited conduct:
The complex construct of consent
Perhaps unsurprisingly, the RG explores the parameters for valid consent in greater detail than any other concept under the hawking prohibition. In order for consent to be valid, the RG touches on the three key limbs.
To rely on a consumer’s consent to make an offer, request or invitation, the consent must be positive and voluntary.
At RG 38.52, the regulator noted that positive consent may involve either:
There is the need for an active step on the part of the consumer, and not mere silence or failure to act. This means that a consumer not ‘opting out’ of receiving future telephone calls or being ‘led’ to provide positive consent, will not be sufficient.
At RG 38.55, the regulator stated that the consumer must have voluntarily made the decision to be contacted, and that this must not be forced, pressured or manipulated. For example, where a consumer uses an insurance price comparison website, and is prompted with a dialogue box that reads ‘by selecting ‘yes’ you are consenting to be offered insurance, including over the phone’ (and is later made an offer over the phone) this consent will be considered voluntary.
We expect that organisations may need to do a stocktake of the various points at which they collect consent to contact consumers to ensure that these satisfy the 'positive and voluntary' test. That is, checking to ensure that the consent is not merely inferred by a failure to respond (e.g. setting the communications preferences to require an ‘active step’ of opting in, rather than the reverse).
A consumer’s consent to be contacted must be clear, such that a reasonable person would have understood that the consumer consented to the contact.
Consumers must understand
At RG 38.57, the regulator set out that a consumer’s consent must not only be clear to a reasonable person, but must also demonstrate that the consumer understood the purpose and consequences of the contact. Clear consent (in relation to the financial need, product or classes of products), means consent that is not vague or ambiguous. For example, if a consumer responds to a chatbot conversation with a response such as ‘umm…okay?’ when asked if they would like to be contacted via telephone about a product, this language is unlikely to indicate a clear understanding of the purpose of the subsequent contact.
The upshot of this is that the offeror must be satisfied on a reasonable basis that the consumer was sufficiently informed to understand the consent provided may result in an offer, request or invite. At RG 38.62, the regulator makes suggestions on how to address this:
a) encourage consumers to specify the financial products or classes of financial products they wish to discuss;
b) provide consumers with enough information in a sufficiently prominent way to allow them to carefully consider whether to consent to the contact, and the form of that contact; and
c) confirm the scope of the contact to which the consumer gives consent.
We foresee that this approach may be challenging for organisations to embed. In the example provided, there is a heavy reliance on front line staff (e.g. chatbot operators and sales) to be properly trained and educated on the various nuances presented by the hawking prohibitions. Further, the suggestions provided to address this may be cause for confusion – for example, how can an offeror ‘encourage’ consumers to specify the products they wish to discuss or ‘confirm the scope’, without asking a leading question or eliciting consent?
When to stop
In some cases, the offeror should stop relying on consent if it becomes evident during the contact that the ongoing consent is no longer positive, voluntary and clear. For example, if the consumer:
Some examples of ‘reasonably within the scope of consent’
For consent to be valid, the offer, request or invite must be for the particular financial product or for a financial product that is reasonably within the scope of the consumer’s consent. The RG does not provide any substantive additional guidance from what was set out in the explanatory memorandum, but does provide some examples as to the application of these provisions.
Interestingly, the regulator did note at RG 38.71, that the fact that two products could be or often are offered together at the point of sale does not in and of itself mean that those products are reasonably within the scope of a consumer’s consent. This also applies to bundled products – that is, the consumer’s consent must be broad enough to encapsulate the entire bundle to be validly made an offer, request or invite. Organisations must draw a clear distinction between a product which is ‘so closely related to the product within the scope of consent’ and a ‘bundled or packaged product’. We have already seen several organisations needing to transition operating models, particularly as this relates to multi-policy discounts.
Products with multiple features do not fall into the same fate as bundled products. At RG 38.74, the regulator explains that for such multi-feature products, consent is required at the product-level, not for each individual feature. However, where the consumer’s consent specifically excludes a particular feature, that multi-feature product can no longer be offered.
Being a medium on the medium of contact
Where a consumer has indicated a preferred form of contact, the contact must be in that form. At RG 38.82, the regulator notes that contact – through means other than those specified – will not be covered and will therefore be unsolicited. It is the regulator’s expectation that an offeror will ask or clarify the form of communication that the consumer wishes to receive.
This expands what was previously envisaged under the legislative provision from a mere need to abide by the contact form if it was stipulated, to having to proactively determine what these forms are. We anticipate that this will likely lead to a tightening of record keeping, and a reliance on systems and technology to be informed of this.
Identity of consent varier or withdrawer must be ascertained
Consent may be varied or withdrawn at any time. At RG 38.88, the regulator notes that any communication that expresses a clear intention to vary or withdraw consent should be sufficient, as long as the identity of the person seeking the withdrawal or variation is reasonably ascertainable. Consent may also be withdrawn through a different form from which it was originally provided. An example is provided whereby a consumer uses the email address linked to their account to withdraw consent after providing consent over the phone. This includes any consent variations or withdrawals through the organisation’s social media platforms, where the social media user can be reasonably identified as their customer.
We anticipate that this may be addressed by leveraging existing policies and business rules in place within other areas of the organisation to verify identification.
Get your records straight
In what is likely to be the most onerous expectation set out in RG 38, the regulator has noted that they anticipate that offerors will need to keep records in relation to obtaining consent in order to demonstrate compliance with the provisions. This includes keeping records of:
With many organisations functioning in highly-complex, often multi-faceted, business models, this is likely to be the most challenging expectation to meet by October. It shows a shift away from relying on robust monitoring and oversight arrangements, and towards a reliance on data-driven, system-enabled operating environments. Organisations must also ensure the quality and consistency of records on consent across multiple systems servicing their consumer channels.
Letting consumers know they have a right of return
Where the hawking prohibition has been breached, a consumer has a right to return any financial product issued or sold to them and to receive a refund. At RG 38.99, the regulator notes that they consider it good practice to include information about the right of return in their communication with consumers. It may be difficult for a consumer to identify whether they have been sold a product in breach of the hawking prohibitions. In such events, ASIC expects the offeror to inform the consumer about this, and this will depend on the organisation’s ability to maintain records, as explored above.
It is unclear here the extent to which organisations need to provide information as to the right of return to consumers, given that the exercise of that right is limited to circumstances where the hawking prohibitions have been breached. It may therefore make sense for organisations to include this in disclosure documents and terms and conditions, but it is unlikely for it to be appropriate in shorter-form or more consumer-friendly documents. Importantly, the regulator has provided further guidance on the scope of the amount refunded based on products – see RG 38.107 to 113.
Products and entities exempt from the hawking prohibition
Consistent with the legislative provisions, RG 38.20 noted that regulations may be made for the purpose of exempting products or classes of products from the hawking prohibition. However, the guide also set out a table of products that are exempt as a result of an ASIC legislative instrument or class order (including investor directed portfolio services, low value non-cash payment facilities, gift facilities and managed investment schemes) – see Appendix. Relief was granted on the basis that there is low risk of consumer harm.
Where to from here?
Interested parties have until 17 August (or 18 August), to respond to Consultation Paper 346 in relation to RG 38. We suggest assessing those areas that more materially depart from the strict provisions (e.g. record keeping and determining the medium of consent), as well as where more guidance would be helpful. This may include additional examples of where a product will be ‘reasonably within scope’, whether a consumer is able to ‘vary’ the scope of their consent within the course of a conversation, and the parameters for when a non-real time interaction will constitute ‘unsolicited contact’.
Most organisations are now well on their way to implementing the anti-hawking prohibitions (alongside a raft of other sweeping reform). However, some of the challenges outlined above will require careful consideration and additional procedural steps, particularly in relation to record-keeping.
Rosalyn is a partner in Deloitte's Melbourne office in the Governance, Regulation and Conduct practice. She specialises in supporting firms to design and assess frameworks to treat customers fairly, including the development of conduct, product governance, sales practices and complaints handling frameworks.
Georgia is a Senior Manager in the Governance, Regulation and Conduct practice based in Brisbane. She specialises in supporting clients across the financial services sector in designing, implementing and reviewing frameworks, policies and procedures focused on preventative conduct and promoting good customer outcomes.
Raveena is a Senior Analyst in the Governance, Regulation and Conduct practice based in Melbourne. She specialises in supporting clients across the financial services sector in relation to regulatory change and corporate governance.