internal audit report advice banking and operations … to issues summary judith charlton, ......

Internal Audit Report

Advice & Banking and Operations

AMP Financial Planning - Buyer of Last Resort (BOLR)

12 November 2015

.. Inadequate .. " C

I Requires

l w Improvement

I 0 Effective <.>

Report approved by:

Effective Requires

Improvement

Inadequate

Quality of Risk Management Practices

David Barry, Director, Internal Audit

Issue Ratings 10 ~--------------9 +--------8+--------7+--------6+--------5+--------4+--------3+--------2+--------

~ t:::::::••-==== High

Ill IA identified Ill Management identified

Go to Issues Summary

Judith Charlton, Head of Internal Audit, Insurance, Superannuation, Operations and Advice

AMP .6000.0006.4421

Summary of Issues Arising - Management Identified

Non dial down of on-going fee arrangements in the BOLR pool

Operational failures relating to the dial down of on-going fee arrangements for policies transferred into the BOLR pool have occurred resulting in a reportable breach and financial loss (due to client compensation being required).

Governance and oversight across the end to end BOLR process

Under current organisational structures, Management has created and appointed a single owner of BOLR process (Head of Licensee Value Management (LVM)). A forum is being developed to bring together key parties to oversee the end to end BOLR process and assess impacts across the AMP Group. Further, whilst regular management reporting which provides a co-ordinated view of the financial impacts of BOLR is produced and distributed to Advice and Banking LT, day to day process owners require greater understanding of up and down stream impacts of their actions. Enhanced management reporting (for example over pipeline activities, BOLR policy exceptions, policies with unfavourable attributes, ageing analysis, complaints and BOLR pool assessments) would be beneficial to help oversee the inherent and emerging risks associated with the BOLR pool.

A review of the end to end L VM governance frameworks is currently underway in parallel to the work being undertaken through Project Derby, which is a holistic review of the BOLR ecosystem (refer to Appendix 2). A key step in doing this will be the definition of Delegations of Authority across the end to end process.

Practice Termination Framework

Guidance, documented procedures, checklists or monitoring procedures (for example exception reporting) outlining the steps to be completed by the Relationship Managers I Heads of Financial planning (HoFPs) and other teams when processing a practice termination are not in place. Multiple handoffs and fragmented processes with limited peer review were observed, resulting in key tasks being overlooked or missed.

Management has identified the clients requiring compensation and has implemented a short term manual process to prevent re-occurrence. As part of Project Derby, a longer term solution in respect of the non-dial down of ongoing fee arrangements is being investigated.

As part of the existing LVM governance review, Management to enhance the governance forum to oversee and manage the risks associated with the end to end BOLR process. This forum should ensure that the cross function impacts (Operations, Advice and Banking, Finance) and any impacts from projects are appropriately considered and managed. Once defined, key responsibilities supported by appropriate delegations (refer to IA/ISOA/1517/11) throughout the process will be documented and communicated.

Enhanced management reporting which provides a co-ordinated view of the up and down stream impacts of BOLR will also be investigated and ownership defined.

Management will ensure that appropriate consideration is given to BOLR transactions as part of the end to end termination frameworks being developed. This should ensure appropriate procedures and checklists (which require sign off) are developed. In addition, errors identified by Internal Audit will be reviewed and appropriate action implemented.

Management will also investigate the feasibility of implementing exception reporting which captures practices terminated for further review.

Internal Audit Report -AMP Financial Planning - Buyer of Last Resort Go to Top

Project Derby business case: 15 Jan 2016

Implementation of business case:

15 Jan 2017

L VM Governance Review completed by:

15 Jan 2016

Implementation of LVM Governance

Recommendations: 15 June 2016

Enhanced Management Reporting captured by Project Derby business

case: 15 Jan 2016


15 Jan 2017

15 May 2016

5

6

7

of 19

Summary of Issues Arising - Management Identified continued

Current due diligence and compliance processes are not sufficient to ensure accuracy in valuations and on-going quality of policies transferred back into the BOLR pool. Deficiencies in records management exist, resulting in lost client files or files not accessible in a manner.

BOLR-related technology deficiencies

Management to review the Project Derby scope to ensure processes and responsibility for records management is appropriately captured. In addition, criteria for high priority process improvements will be determined.

Limitations in the Register Valuation (RV) tool exist, leading to inaccuracies Management to progress the implementation of RV system improvements following in system driven valuations, and increased risk of valuation error due to over- confirmation of future state terms as part of Project Derby, and request funding reliance on manual processes operated by a key person. Actions relating to through submission of a business case in Q4 2015. technology enhancements are pending finalisation of future state BOLR terms.

Client File Compliance Reviews

Client file compliance reviews are not being performed prior to registers being sold to AMP and no discounts have been applied to a BOLR valuation under this Policy requirement. In addition, risks associated with Financial Disclosure Statements are not suitably considered.

BOLR future State terms

Management is presently reviewing existing BOLR terms and policies to ensure they reflect changing industry and business models. Management's aim is to ensure that the model is sustainable and aligned to AMP's Advice strategy in the long term.

Quality and peer review

Team leader reviews to check case manager assessments of BOLR notification and eligibility policy requirements, are not being completed. In addition, Quality Assurance (QA) reviews conducted do not include the completion of BOLR checklists and are based on the volume of repeatable tasks so may not be sufficient to fully mitigate the risks.

Management to assess the completeness and suitability of the annual Financial Advice Review audits when considering potential BOLR transactions. Where this is deemed appropriate, Management will review the requirements / ratings applied and ensure risks associated with FDS requirements are appropriately considered.

Where annual Financial Advice reviews cannot be utilised, Management will ensure a separate compliance review (as per the BOLR policy) is performed prior to registers being sold back to AMP.

Management to ensure that as part of reviewing the BOLR future terms, key stakeholders are fully aligned with regards to the changes and how these will be implemented into the business operating model.

Management to re-introduce team leader review of the full and partial BOLR checklists. In addition, planned quality assurance (QA) work to be undertaken by Operations Support should include an appropriate level of review of completed BOLR checklists.


L


15 Jan 2017



15 Jan 2017

15 April 2016



15 Jan 2017

15 April 2016

8

9

10

11

11

of 19

Summary of Issues Arising - Internal Audit Identified

An established operating framework or Terms of Reference that outlines the purpose, remit, activities and delegations of the BOLR Exceptions Committee is not in place. Formal Committee minutes are not maintained nor has the evidence required to support the exception been defined. In addition, clear guidance or procedures {for Regional Practice Managers {RPMs) or HoFPs) detailing the information required when submitting policy exemption requests is not in place. We acknowledge that management have plans to review the Licensee Value Management {LVM) governance framework and will consider the terms of reference for this committee as part of that review.

Risk Management Practices

A review of the key risks, controls and evidence required to support the quarterly attestation is required to ensure the control self-assessment {CSA) process within Matrix accurately reflects the risks and controls across the end to end BOLR process. In addition, requirements to record known incidents in the Incident Management Database {IMD) are not being met.

Delegations of Authority

Delegations of Authority {DOA) across the BOLR process require review to ensure it is aligned to current processes and organisational structures. Defining DOA is a key step to defining /informing the future LVM Governance Framework and future roles and responsibilities across the end to end BOLR process {IA/ISOA/1517/02).

Compliance with the AMP End User Developed Application Standard

The Corporate Superannuation Calculator used to value corporate superannuation policies within a BOLR client register have not been reviewed and assessed for compliance against AMP Group End User Developed Application {EUDA) Standard.

As part of the management identified issue {MIi) relating to the review of the LVM Governance Structures {refer to IA/ISOA/1517/02), management will assess the ongoing requirement to maintain the Exceptions Committee as part of Project Derby. Where this Committee is to remain, Management will ensure a terms of reference outlining reporting lines, roles and responsibilities, membership, remit and delegations of the Committee is implemented.

In addition, clear guidance/ procedures for RPMs and HoFPs outlining the details required when submitting policy exemption requests will be established.

Management to work with the Head of ERM Advice, to agree a single ERM contact in respect of BOLR who can provide appropriate guidance and support across the end to end process and help to ensure the right controls are in place to mitigate the risks. Once agreed, Management will update the CSA to ensure risk and controls relevant to the end to end BOLR process are captured and appropriate evidence to support the quarterly attestation is maintained. The two known incidents will be captured in IMD and refresher training on the AMP risk management framework provided. In addition, ERM will ensure a single business partner is assigned to assist with the development of the risk and controls register and content for Matrix.

Review the BOLR DOA framework to ensure it is updated to reflect the current organisational structure, and includes requirements for a 'functional' BOLR pool owner to approve BOLR related matters up to a pre-determined limit. A proposal for a revised delegation framework will be presented to the Advice Leadership Team.

Management to review the Corporate Superannuation Calculator and assess its criticality in line with the AMP EUDA Standard. Where this spreadsheet is deemed to be business critical, appropriate controls to be implemented. Project Derby to incorporate a review of current and proposed spreadsheets used within the BOLR process for compliance with AMP EUDA Standard.


L

15 April 2016

30 June 2016

15 January 2016

Corporate Super Calculator to be reviewed by 15 February 2016, with

all other critical spreadsheets reviewed as

part of Project Derby.

13

14

15

15

of 19

Inadequate policies/ procedures / business rules

Inadequate controls monitoring I reporting/ governance

IA/ISOA/1517/01 Non dial down of on-going fee arrangements in the BOLR pool

Policies with on-going fee arrangements or which have commissions that have been 'dialled up' by the adviser above the base commission rate, are required to be 'dialled down' to base level upon transfer of policies to the AMP BOLR pool. This is because AMP does not currently have a process in place to dispatch the required Fee Disclosure Statements (FDS) or service the policies for which the on-going fee arrangement (OFA) is charged. As a result, any value associated with these policies (and included in the RV tool calculation) is lost on transfer (sale} of the policies to AMP.

A Management review of existing obligations for OFAs for policies within the BOLR pool identified this process has failed, resulting in fees being incorrectly charged for services not rendered. Management estimates that up to July 2010, approximately 25,400 customers were charged OFAs and of these 8,300 paid such fees until May 2015. It is estimated that client remediation payments of approximately $6m - $Sm will be required.

A high rated IMD incident (IMD 3087) was raised in April 2015 with the following main action points:

• Implementing a temporary manual process to stop further failures of the manual dial down process for BOLR and non-BOLR transfers. This included reinforcing existing BOLR internal processes, implementation of monthly reporting over the non-advised pool and the completion of a reconciliation between EDW and the BOLR Pool to determine any other policies requiring review.

Whilst we note that existing processes have been reviewed and management reporting implemented, there are limitations over the effectiveness of these controls, specifically:

o Filters were applied to the list of dialled down policies increasing the risk that not all policies impacted have been identified and reviewed,

o Management reporting has only recently been implemented and thus we were unable to confirm completeness. The Project Team has also highlighted concerns regarding the completeness and accuracy of the reports produced, and

o The reconciliation between the Enterprise Data Warehouse (EDW) and the BOLR pool to detect policies in the BOLR pool still paying the full fee has not been completed (as at the end of September).

• Establish a methodology for compensation and proceed with payment of compensation after approval by ASIC and required internal DOAs. At the time of this report, the compensation calculation had been submitted to ASIC for review and approval, and

• Work with IT@AMP to implement an automated solution going forward. High level requirements have been submitted to IT@AMP and a costing for these is currently


1)

2)

Management has identified the clients requiring compensation and has implemented a short term manual process to prevent re-occurrence.

As part of Project Derby, a longer term solution in respect of the non-dial down of ongoing fee arrangements is being investigated. This includes the implementation of an automated solution and development of an AMP Direct servicing capability so that policies in the BOLR pool with OFAs are able to be serviced and regulatory requirements to provide FDSs are met.

Michael Paff

Justin Morgan

Due date(s):

1:

Short terms process -Implemented

Client compensation completed by: 15 April 2016

2&3:



15 Jan 2017

of 19

""""""""""""""""""""""""" """""""""""""""""""""""""

being developed in order to submit a request for funding. It is envisaged that this automated solution will mitigate the risk in its entirety.

In addition to addressing the above specific matter, Management are also looking to develop an AMP Direct servicing capability so that policies in the BOLR pool with OFAs are able to be serviced and regulatory requirements to provide FDS are met. This will result in AMP being able to receive the value associated with these policies during the time they remain within the BOLR pool.

Implication

The inability to service OFAs associated with policies in the BOLR pool results in the loss of value upon transfer back to AMP. Process deficiencies relating to the required dial down of these fees has resulted in a regulatory breach due to fees being charged for services not rendered.

lilet'li~111 ..... IA/ISOA/1517/02 Governance and oversight across the end to end BOLR process

Inadequate controls monitoring/ reporting/ governance


Management responsibility for the end to end BOLR process is spread across a number of functional areas including Operations {Register Transfers), Advice {Strategic Allocations, Partnership Management), Banking and Finance with decisions taken by any of these areas having an impact. Given the complexity and variation in each BOLR transaction, oversight is key to ensure risks across the end to end process are appropriately managed.

Management created a new function, Head of Licensee Value Management {LVM) that is the single owner for BOLR policy, enforcement and fulfilment, working across the AMP Group. Management is working on re-building appropriate forums which bring together key parties to oversee the end to end BOLR process and assess impacts across the AMP Group.

Further, whilst regular management reporting which provides a co-ordinated view of the financial impacts of BOLR is shared at the Advice and Banking LT, it is acknowledged that enhanced reporting would be beneficial to help Management oversee the inherent and emerging risks associated with the BOLR pool to facilitate informed decision making across multiple stakeholders. Such reporting may include pipeline activities, approval of BOLR policy exceptions, complaints, policies with unfavourable attributes, ageing analysis, complaints and BOLR pool assessments and BOLR pool assessments.

Our discussions noted there is limited understanding of individuals of the up and down stream impacts of their actions. This accompanied by limited formality covering the various handovers increases the risk of tasks not being performed or falling through the gaps.

A review of the end to end L VM governance framework is currently underway in parallel to the work being undertaken through Project Derby which is a holistic review of the BOLR ecosystem taking into account: (1) BOLR model future terms, (2) End to end process review (3) Technology and Register Valuation (RV) Enhancements, (4) Legal


1)

2)

As part of the existing LVM governance review, Management to enhance the governance forum to oversee and manage the risks associated with the end to end BOLR process. This forum should ensure that the cross function impacts {Operations, Advice and Banking, Finance) and any impacts from projects are appropriately considered and managed. Once defined, key responsibilities of individuals throughout the process will be documented and communicated.

Management has identified that Enhanced reporting which provides a coordinated view on the impacts of BOLR to respective stakeholders is required. Work is underway in relation to ownership for production and review defined. Such reporting may include {but not limited to):

o Total number of BOLRs in the pipeline, who is managing and their respective stage,

o Approvals made by the Exception Committee {if it remains) or the relevant Licensee MD,

o BOLR transactions completed with total BOLR payments made, including an analysis of the policies covered,

o Monitoring of key Management Initiatives and projects,

o Complaints / Incidents in respect of BOLR,

o Assessments of BOLR Pool policy valuations,

o Policies with unfavourable attributes, and

Michael Paff

Justin Morgan

Due Date{s):

1:

L VM Governance Review completed by: 15 Jan 2016

Implementation of LVM Governance

Recommendations: 15 June 2016

2:



15 Jan 2017

of 19

""""""""""""""""""""""""" """""""""""""""""""""""""

and Financial Structures, and (5) Culture and Succession (refer to Appendix 2).

Implication

A breakdown in governance and oversight of the end to end BOLR process will increase the risk of Management's inability to effectively manage the quality and operational risks of the BOLR pool and process.

MmiiU:m ••••• IA/ISOA/1517/03 Practice Termination Framework """""""""""""""""""""""""



In certain cases, AMPFP is entitled to terminate a practice and enforce a buyback of policies if an adviser does not meet their obligations under the AMPFP Master Terms and Professional Standards policy and Practice Start Up Offer agreement. This process can be a lengthy and includes the following teams and processing steps:

• Regional Partnership Managers (RPMs) / Heads of Financial Planning (HoFP) -initiation and management of the BOLR process / transaction),

• Legal - review and approval of enforced terminations,

• Practice Finance - initiate and / or recover outstanding loans,

• Registers & Servicing - transfer policy to Register Company, request for dial down of Ongoing Fee Arrangements and make payments to cover loans,

• Strategic Customer Allocation - Valuation of policies, and

• Licensing Team - stop payments, cancellation of license and notifying ASIC.

We identified two practices terminated by AMPFP (Billy Danawe and Mitchell Wealth Group) in 2014. Whilst debt owing to Practice Finance has been recovered, there is a lack of guidance, documented procedures, checklists or monitoring procedures (for example, exception reporting) outlining the steps to be completed by the RPMs HoFP and other teams when processing a practice termination. Multiple teams, handoffs and fragmented processes with limited peer review were observed resulting in key tasks being overlooked or missed. Specifically:

• In the two instances, we observed delays of 6-8 months in moving policies from the terminated advisers into the BOLR Pool. This was due to the RPM's failing to inform the relevant teams of the terminations in a timely manner resulting in the BOLR transfer and cessation of practice payments not being completed. These delays resulted in an overpayment of commissions to one practice (Billy Danawe) who was paid approx. $37K post termination. This amount has not yet been recovered, and

• Ongoing Fee Arrangements (OFAs) were only dialled down at the time of the transfer (i.e. 6-8 months after termination). As a result, impacted clients under the respective adviser practice codes were unlikely to have been serviced by the Adviser (from his termination date) or captured by the ongoing OFA incident that is


1)

2)

3)

0 Ageing and analysis of policies within the BOLR pool.

Management will ensure that appropriate consideration is given to BOLR transactions as part of the end to end termination frameworks being developed. This should ensure appropriate procedures and checklists (which require sign off) are developed and consider:

o Roles and responsibilities of all parties involved in the practice termination,

o The need for RPMs / HoFP to notify relevant teams within a specified timeframe of a practice termination.

o Cessation of payments on commissions and recovery action in the event of any overpayments,

o Servicing of clients impacted by a termination,

o Dial-down of OFAs (where clients are not serviced},

o Notifying license cancellation to ASIC, and

o The implementation of appropriate peer review I quality assurance activities within the process (refer to IA/ISOA/1517/08).

In addition, the feasibility of implementing exception reporting which captures practices terminated for further review will be investigated.

For the specific errors noted, Management will:

o Review the overpayment of commissions for the terminated practice and implement recovery action, and

o Review the period in which OFAs were not dialled down and determine if this requires adding (or reporting separately} to the known OFA incident.

Michael Paff/ Mario Villa / Amelia Constantinidis

1&2:

Lauren Hyde

Due Date:

15 May 2016

3:

Andrew Patchett

Due Date:

15 January 2016

of 19

""""""""""""""""""""""""" """""""""""""""""""""""""

being reviewed and addressed by Management (refer to IA/ISOA/1517/01).

We acknowledge that this issue is not exclusive to BOLR and a wider review of the terminations processes applied to advisers and practices forms part of the end to end recruitment/ on boarding / off boarding initiative (as part of the overall operational excellence program for Advice and Banking). This initiative has initially focused on recruitment and on boarding with work on off boarding to commence in November 2015. The review has already documented the end to end processes across scenarios where either a practice or adviser is terminated with or without the release of clients.

Implication

Increased risk of practices not being terminated on a timely basis, resulting in financial loss (commission overpayments/debts not recovered), regulatory breach (OFAs not dialled down) and customer complaints (lack of policy servicing).

lilet'li~111 ..... IA/ISOA/1517/04 BOLR-related process deficiencies


A number of key processes that are pertinent to manage the operational and financial risks associated with BOLR are not designed or operating effectively. Operational processes have not kept up with the evolution of BOLR and changes to the regulatory environment and marketplace.

At the time of our audit, management were in the process of reviewing the end to end BOLR process and had identified 59 possible process improvements, of which 34 had been assigned a high priority rating. There is, however, no criteria defining these priority ratings.

Through the course of our audit, we noted the design and operation of a number of key controls and processes were deficient as captured within this report. In addition, we also note:

• Financial due diligence procedures to confirm the saleability of policies within a client register are not undertaken. As part of valuing a register, external policies are valued at 4X actual revenue, provided revenue has been captured in the 12 month period prior to transfer even though the policy may now have lapsed. Current systems and processes are unable to identify these policies (referred to as 'void policies') as part of the transfer process meaning AMP will pay the adviser a value for these policies when in fact they are no longer in force. As a result, there is reliance on ensuring a manual adjustment is made or AMP will incur financial loss as well as there being other potential unintended consequences on the LVR of practice finance loans.

Management attest that at the date of this report a due diligence analyst has been recruited to undertake more extensive due diligence on all acquired registers.

• Processes to ensure the appropriate collection, review and transfer of client files and records are currently not in place. Where the sale and purchase dates are


1) Management to assess current coverage of Project Derby to ensure the following is captured within its scope:

o Assignment of ownership for records management in respect of client files and deal transactions,

0

0

The records management processes are operationalised through appropriate means of communication and training, and

Development of criteria to confirm high priority process improvements, and progress the implementation of these through submission of a business case in Q4 2015.

Where funding is not received (or the business case is not approved}, Management to re-assess the impact of these areas on the end to end risk environment and make an assessment as to any interim / additional controls that can be implemented to mitigate the risk.

Michael Paff/ Mario Villa

Justin Morgan I Andrew Patchett

Due Date:



15 Jan 2017

of 19

""""""""""""""""" """""""""""""""""

-~1~111 Inappropriate systems coding I testing

more than one month apart client records are transported to permanent storage and rarely recalled to be passed onto the eventual acquirer.

During our audit, we noted the unsecure storage of confidential client files associated with a BOLR transaction on level 5 of 750 Collins Street. These files were sent to secure storage once brought to the attention of management.

• Current operating procedures require all deal documentation to be stored in the Registers and Transfers shared drive. Our audit testing ascertained that this is not consistently applied increasing the risk of documentation being misfiled or lost.

Management acknowledge the need to assign a clear owner of client file records to ensure appropriate policies, procedures and controls are in place to facilitate the transfer and retrieval of client files, as well as records supporting BOLR transactions. Whilst details are captured the Management's initial process improvement analysis, the business case to fund these improvements had not been granted at the time of our audit.

Implication

The lack of due diligence and compliance reviews on acquired registers increases the financial and compliance risks associated with register buy backs and increases the risk of write-downs or write offs in the BOLR pool.

IA/ISOA/1517/05 BOLR-related technology deficiencies

Register Valuations (RV) Tool

The RV tool is the principal system used by AMPFP to value policies that are purchased under BOLR arrangements. Over time, despite changes to BOLR terms and regulations, the RV tool has not been updated to cater for these changes. As a result, management have identified 29 manual adjustments that are required to supplement the system-driven register calculation, in order to arrive at a valuation that is in line with the BOLR Policy. Of the 29, Management has assessed six frequently used adjustments as having a high severity (as per the RV issues log) impact on the final register valuation. These include elimination in the number of Asgard and North write offs, improved accuracy of the RV tool valuations and reduction of Flexible Lifetime Super (FLS) over valuation by the RV tool.

At the date of this report, Management attested that the RV tool has been updated to address the FLS valuation issue. We have not tested the effectiveness of this change.

Data Quality

Missing or incomplete data within the RV tool restricts the ability of policies to be packaged and on-sold. In particular, data required for the on-sell of external policies (such as FUM/API, location and contact details) is not captured. As a result, any value attributed to such policies and subsequently paid to the adviser is lost (unable to be realised} when transferred into the BOLR pool. In addition, the lack of core data inhibits


1)

2)

Management to progress the implementation of high priority system improvements following confirmation of future state terms. This will include the submission of a business case and funding request for Project Derby in Q4 2015.

Where funding is not received (or the business case is not approved), Management to re-assess the impact of these areas on the end to end risk environment and make an assessment as to any interim / additional controls that can be implemented to mitigate the risk.

Michael Paff

Justin Morgan

Due Date:



15 Jan 2017

of 19

Inappropriate systems coding / testing

the ability of practices to transact amongst themselves.

It is acknowledged that actions relating to technology enhancements (including the above) are pending finalisation of future state BOLR terms.

Implication

Financial loss due to payments for policies that cannot be subsequently transferred into the BOLR pool. In addition, poor data quality inhibits the ability of such policies to be transferred between adviser practices.

IA/ISOA/1517/06 Client File Compliance Review

The BOLR policy requires that when a practice exercises BOLR, the quality of their client files should be subject to a compliance review prior to being sold back to AMP. Where the quality of these files is inadequate, the policy provides AMP the discretion to discount the valuation of the register. This compliance review should be completed by the Audit Consultants within the Centre of Excellence Advisory Services and Quality Advice Team.

Our review of recent BOLR transactions however identified that such compliance reviews are not performed. In addition, we note:

• If reviews were performed, these would be limited in scope and quality as they would only include a high level review client file existence,

• There is no assessment of the risks relating to Financial Disclosure Statement (FDS) requirements when polices are purchased under BOLR,

• If an unsatisfactory result is obtained, an adviser/ practice can request an additional review to potentially obtain a better/ higher pass mark, and

• No discounts have been applied under this BOLR Policy requirement.

Within AMP and as part of the ongoing adviser supervision and monitoring processes, annual 'Financial Advice Review Audits' are performed across the whole Adviser base. Whilst the rating system applied to these reviews does not fully align to those outlined in the BOLR Policy (and sample sizes are restricted to five I adviser), in the absence of performing separate compliance reviews there is an opportunity for results from these annual audits to be considered as part of the BOLR due diligence process. A separate final check could then be implemented covering the FDS requirements within the BOLR process.

Implication

Poor quality advice associated with the client files transferred is not identified and considered as part of the BOLR process, increasing the risk of future financial loss.


1) Management to assess the completeness and suitability of the annual Financial Advice Review Audits when considering potential BOLR transactions. Where this is deemed appropriate, Management will:

o Review the requirements / ratings within the BOLR policy to determine alignment,

o As part of Project Derby, a new BOLR policy is likely to be created. This will include the need to obtain a suitable annual Finance Advice Review Audit result, and

0 Ensure risks associated with FDS requirements are appropriately considered.

Where annual Financial Advice Review Audits cannot be utilised, Management will ensure a separate compliance review (as per the BOLR policy) is performed prior to registers being sold back to AMP. This will include defining scope and responsibility for performing such reviews.

2) Implement a process to apply discounts as a result of poor compliance and/or annual Financial Advice Review Audit results. These discounts should be appropriately reviewed, approved and escalated.

Michael Paff

Justin Morgan

Due Date:

15 April 2016

of 19

Inadequate policies/ procedures/ business rules

The BOLR value proposition to both AMP and its planner network is based on the assumption that client registers can be bought and sold at a comparable value. In certain instances future revenue streams on policies may be compromised for a variety of reasons, including:

• Dial down of OFAs which are not able to be serviced in the BOLR pool (refer to IA/ISOA/1517/01),

• Poor data quality associated with external products(refer to IA/ISOA/1517/02), and

• Voids or lapses due to unfavourable policy attributes.

Under the BOLR Policy, AMP is required to purchase at full value from the adviser when they exercise their right under the scheme. These policies will then be revalued (written down/ off) if they cannot be on-sold.

At the time of the audit, Management were reviewing existing BOLR terms and policies to ensure they reflect changing industry and business models. Management's aim is to ensure that the model is sustainable and aligned to AMP's Advice strategy in the long term. Where policy changes are implemented, an adjustment (write down) to the existing BOLR pool may be required and there may be implications for the Loan to Value Ratios (LVRs) in place for adviser practice loans provided through AMP Bank.

Implication

Financial loss or reputational damage due to the impact of changes being introduced via the BOLR future states terms not being fully assessed.

Low IA/ISOA/1517/08 Quality and peer review

Inadequate training/ knowledge/ competence/ communication

The BOLR policy requires specific notification, eligibility and obligations criteria to be met by a practice, prior to the granting of BOLR. In addition to this, a number of administration checks (e.g. practice finance loan payment, dial down of fees, client file transfers, stop payments etc.) are required to be undertaken to ensure the BOLR transaction is executed in line with operating policies and procedures.

The checks required to process a BOLR transaction are documented within both the full and partial BOLR checklists and are executed by case managers within the Register and Transfers team. Depending on the notification period required (based on the tenure of the practice), the lifecycle of a BOLR transaction can exceed 12 months. As such, the execution and review of the BOLR checklists are a key operational control to ensure completeness and accuracy of processing.

Whilst standard operating procedures require a peer review by a senior team member to verify the completeness and accuracy of processing, this review has not been undertaken over the past 12 months.


1)

1)

2)

Management to ensure as part of reviewing the BOLR future terms, key stakeholders are fully aligned with regards to the changes and how these will be implemented into the business operating model.

Management to re-introduce team leader review of the full and partial BOLR checklists. In addition, planned QA work to be undertaken by Operations Support should include an appropriate level of review of completed BOLR checklists.

Consideration will be given to introducing Key Performance Indicators across the end to end BOLR process to measure compliance and quality.

Michael Paff

Justin Morgan

Due Date(s):



15 Jan 2017

Mario Villa

Andrew Patchett

Due Date:

15 April 2016

of 19

Quality Assurance (QA) reviews conducted by Operations Support quality team have now been implemented for Registers and Transfers, but no BOLR completion checklists were included in the QA sample at the time of our audit. We also note that the QA sample is based on the volume of repeatable tasks and as a result may not be sufficient to fully mitigate the risks.

Implication

Given the level of complexity and variation within the each BOLR case, the absence of a robust and consistent quality review process increases the risk of processing error.

Internal Audit Report -AMP Financial Planning - Buyer of Last Resort Go to Top of 19


An AMPFP Committee currently exists to review requests to execute BOLR transactions outside the standard policy requirements. This Committee meets weekly and includes representation from the Strategic Client Allocation and Client Registers Teams and the AMPFP Managing Director's Office. The role of the Committee is to make recommendations to the relevant delegated authority (Managing Director of AMPFP) to either approve or decline the BOLR Policy exception request in respect of AMPFP (the Committee does not currently consider other Licensees).

Given the number of teams involved in a BOLR transaction, the Exception Committee aims to fulfil an independent and crucial role in assessing the financial and operational impacts of BOLR Policy and process exceptions across the end to end business. We note the following:

• An established operating framework or Terms of Reference that outlines the purpose, remit, activities and delegations of the Committee is not in place.

• Formal Committee minutes are not maintained,

• Although a register capturing the recommendations and subsequent decision is maintained this is incomplete (i.e. final decision and the actual impact of the outcome is not tracked and through our testing, we noted five cases where we could not see a record of any decision), and

• There is no clear guidance or procedures for the RPMs and HoFPs detailing the information required when submitting policy exemption requests.

It was identified that from a sample of 19 BOLR transactions between Jan -15 and July 2015, five had been granted an exception to the BOLR Policy but were not considered by the Exceptions Committee.

It is acknowledged that Management are aware of the Governance deficiencies and are in the process of determining a new Governance Licensee Value Management framework (refer to in Management Identified Issue INISOA/1517/02). There is therefore an opportunity to review the role and responsibilities of the Exceptions Committee and subsequent reporting requirements as part of the overall framework determined.

Implication

Ineffective governance and oversight of BOLR Policy exceptions inhibits management's ability to effectively manage the quality of the BOLR pool, as well as operational risks associated with the end to end BOLR process.


1)

2)

As part of Project Derby and the management identified issue (IA/ISOA/1517/02) to oversee the end to end BOLR process, assess the ongoing requirement to maintain the Exceptions Committee. Where this Committee is to remain, Management will:

o Develop a Terms of Reference outlining reporting lines, roles and responsibilities, membership, remit and delegations of the Committee taking into account the role of the Licensee MDs,

o Assess whether the Committee should be established to cover other Licensees,

o Ensure recommendations, approvals and declines relating to policy exceptions are clearly documented within Committee minutes and / or an exceptions register, and

o Implement appropriate reporting over the number, volume and value of BOLR Policy Exceptions to inform future reviews of the BOLR Policy (refer to IA/ISOA/1517/02).

Establish clear guidance / procedures for RPMs and HoFPs outlining the details required when submitting policy exemption requests, and the protocols applied when reviewing such transactions. Once documented, these procedures will be appropriately communicated.

Michael Paff / Mario Villa

Justin Morgan / Andrew Patchett

Due Date:

15 April 2016

of 19

Inadequate training/ knowledge/ competence/ communication

The BOLR process involves a number of cross functional business units and as such there are interactions with multiple ERM business partners. This has caused a level of confusion within the business in determining where responsibilities lie for the logging and monitoring of incidents and the review of risks and controls across the end to end BOLR process. Whilst there is evidence that management action plans are in place to respond to the strategic and operational challenges facing the BOLR ecosystem (refer to Management Identified Issues / Appendix 2) , further work is required to ensure operational risk management practices are in compliance with group standards across the end to end BOLR process. We note the following in respect of Control Self Assessments (CSA) and Incident Management.

• CSA - Whilst a controls questionnaire within Matrix exists for the register sales and purchases management process, we note the following:

•

o The current control questionnaire is limited to a small portion of the end to end BOLR process performed by the Registers and Transfers team, and does not cover the valuation or on selling activities performed by the Strategic Allocation Team,

o Identification of key risks and controls across the end to end BOLR process is not in place,

o Control questions have not been reviewed to ensure they remain appropriate, and

o Information required to support the quarterly attestation/ conclusion on the control strength has not been defined.

Incident Management - During the course of the audit, we were made aware of the following incidents, which due to oversight had not been raised in the Incident Management Database (IMD):

o A BOLR payment was made to a Western Australian practice in Q2 2015, but due to human error in processing the transfer of the policies, commissions were not stopped, resulting in an overpayment of $760k over a 10 month period. The HoFP (WA) is in the process of trying to recover these monies from the (now retired) adviser, who is disputing the repayment, and

o In relation to the above case, at the time of settlement it was also discovered that approximately $400k of the revenues were no longer valid and able to be received. As a result, the valuation (and thus the adviser payment) was $400k higher than the value of the underlying policies transferred into the BOLR book.

Implication

Failure to adequately identify and monitor risks, including the recording of incidents in /MD results in risks not being appropriately managed and non-compliance with Group Risk Management Practices.


Clarifying responsibility:

1) Management to work with the Head of ERM Advice, to agree a single ERM contact in respect of BOLR who can provide appropriate guidance and support across the end to end process and help to ensure the right controls are in place to mitigate the risks. This single contact will also be the individual to whom issues / incidents are escalated as and when they arise, and

2)

CSA:

3)

ERM will be requested to provide both the Registers and Transfers and Strategic Allocation team's refresher training on the AMP risk management policies related to incident management and control self-assessment to ensure group standards are applied.

In conjunction with Enterprise Risk Management (ERM), management will update the CSA to ensure:

o Risk and controls relevant to the end to end BOLR process are captured,

o Risk, controls and associated questions are appropriately identified and described, and

o Appropriate evidence to support the quarterly attestation and conclusion on control strength is maintained.

Incident Management:

4) The two known incidents will be captured within the IMD and a review performed to determine if there are other incidents being managed that should be captured within IMD.



Due Date(s):

1&4:

15 December 2015

2:

15 April 2016

3:

30 June 2016

of 19

Inadequate policies/ procedures/ business rules

The current AMP Delegations of Authority (DOA) was last reviewed and updated in December 2013 and provides delegation levels for both BOLR payments as well as the authority required to waive or alter business rules or conditions within the BOLR policy.

Whilst the payment authority has been structured around the 2014 Advice organisational structure, it is no longer aligned with the most recent changes to roles and responsibilities and processes and is therefore no longer effective in mitigating the BOLR risks. Further, specific roles (i.e. AMPFP & Hillross Head of Registers and Director, Network Development) no longer exist within the AMP.

As noted in IA/ISOA/1517/09, approval of AMPFP BOLR Policy exceptions sits with the Managing Director of AMPFP & Hillross and there is currently no sign off, input or oversight by the owner of the BOLR Pool (Head of Licensee Value Management).

Given exceptions will have impacts (for example hitting the pool earlier than anticipated, valuation exceptions impacting the amount being paid, allowing practices to 'gift' policies before full BOLR resulting in policies with less desirable attributes being transferred to AMP) it is now timely to review and update the applicable DoAs across the end to end BOLR process.

Defining DOA is a key step to defining/informing the future LVM Governance Framework and future roles and responsibilities across the end to end BOLR process and Management intend to address the LVM Governance Frameworks via Project Derby (refer IA/ISOA/1517/02). At the time of our audit a delegations framework proposal was being presented to the Advice and Banking leadership team.

Implication

The non-alignment of DOAs to current business structures and responsibilities will impair management's ability to effectively manage the quality of the BOLR pool/ end to end process and increases the risk of non-compliance.

1)

Low IA/ISOA/1517/12 Compliance with the AMP End User Developed Application (ELIDA) Standard


In 2014, a Corporate Superannuation Calculator (the Calculator) was created to help the Strategic Allocation Team value corporate superannuation policies following the introduction of the MySuper Regulations. The Calculator was designed by an external consultant (and reviewed by Actuarial) as the Register Valuation (RV) tool overvalues these type of policies. The integrity and accuracy of the Calculator is therefore paramount to the accuracy of RVs with a large corporate superannuation component.

The AMP EUDA Standard requires key spreadsheets used for business critical functions to meet minimum control standards in order to reduce the impact and likelihood of risks associated with corruption, failure or unavailability. Whilst the Calculator is password protected and stored securely to restrict access it has not been assessed for compliance


1)

2)

Review the BOLR DOA framework to ensure it is updated to reflect the current organisational structure, and includes requirements for a 'functional' BOLR pool owner to approve BOLR related matters up to a pre-determined limit.

Defining DOAs is a key step to informing the future roles, responsibilities and oversight across the end to end BOLR process.

Corporate Superannuation Calculator to be assessed against Group AMP End User Developed Application (EUDA) Standard,

As part of Project Derby, Management to review new and existing spreadsheets in line with the AMP EUDA Standard. Where these are deemed to be business critical, appropriate controls to be implemented to ensure they are:

o Appropriately secured and password protected,

0

0

Backed up on a regular and timely basis,

Reviewed annually to confirm functionality remains



Due Date:

15 January 2016

Michael Paff

Justin Morgan

1) Due date 15 February 2016,

2) Project Derby business case due: 15 Jan 2016, with related actions

of 19

against the AMP EUDA Standard.

Management attest that a review of critical spreadsheets will be undertaken as part of Project Derby and we support this course of action. It is also noted, that with the transition to proposed future state, additional spreadsheets may be introduced into the process. It is therefore important to ensure that all spreadsheets used in the BOLR process continue to be monitored and reviewed in line with the AMP EUDA Standard.

Implication

Failure or corruption of critical spreadsheets utilised in BOLR register valuations increase the risk of BOLR valuations errors.


0

appropriate and there have not been any unintended changes, and

Only available to individuals where it is required for their role.

due: 15 Jan 2017.

of 19

Our audit assessed the design and operating effectiveness of key controls supporting the Buyer of Last Resort (BOLR) Process.

The detailed audit scope was previously provided to management on 13 September 2015.

As part of AMP's value proposition to helping retain and grow existing practices, AMP will support the transfer of client registers under a practice-to-practice transfer arrangement in the event that an adviser decides to exit the industry. Where a register cannot be transferred to another planner, AMP has committed to 'buy-back' the rights to the client policies associated with that register. Buy-back arrangements differ based on the distribution alliance, with the AMPFP arrangement referred to as BOLR. The buy-back arrangements in place for Hillross and Charter Financial Planning are referred to as Licensee Buy Back 'LBB', Enhanced Buy Back 'EBB' and Buyer Out Option 'BOO'. The BOLR policy sets out the terms, conditions and valuation methodology utilised in the transfer of a client register between practices, or between a practice and AMP.

Whilst BOLR has historically been a key strategic initiative to retain and grow the adviser practices, management has recognised that the current model requires review due to changing regulation and industry factors. The end to end BOLR process is managed across Licensee Value Management within Advice, and Client Registers and Remuneration within Operations. Due to known system deficiencies and complexities associated with the transfer of each client register, a significant level of manual intervention is required to complete each transaction.


As a result of the strategic and operational challenges, a BOLR project team - code named 'Project Derby' (comprising of representatives from Advice, Finance, Information Technology and Product) has been formed to analyse and recommend future state terms, process improvements, technology requirements, legal and accounting impacts, and modifications to the way registers are valued. These are summarised below:

BOLR Model Future Terms

Legal and Financial Structures

End to End process improvements

Q1 2016

H1 2016

End 2016

Technology and Register Valuation Throughout 2015 and

2016 (RV Enhancements)

Alternatives to BOLR Throughout 2015 and 2016

Culture and Succession

Throughout 2016

Review of BOLR commercial terms taking into account the sustainability and BOLR ecosystem including negotiations with the Adviser Association. Develop a sustainable model for AMP and practices that addresses current challenges and adapts to the changing industry and regulatory environment.

Ensure appropriate and efficient finance, accounting and legal structures and policies supporting AMP owned customer registers. Review of the end to end BOLR process from notification to settlement (payment) including time elapsed, review of customer files, due diligence, technology requirements and how client registers are packaged to on-sell to other financial advisers. Build an efficient, robust, scalable and verifiable BOLR process to retain value for AMP practices and customers in the transition of customer registers.

Immediate short term system fixes to improve plan valuations. A business case is also being drafted to determine funding requirements for improving the capture of data from internal and external product systems to ensure compliance with regulatory and policy requirements.

Assessment and implementation of appropriate frameworks and processes (including training, templates and tools) which encourage advisers to explore alternative options prior to invoking BOLR, for example trade sale via the AMP adviser network or the implementation of appropriate succession plans.

Cultural shift within the adviser network to support the utilisation of appropriate succession planning and trade sales with a view to reinforcing last resort principals in respect of client registers. Building an offer for succession within practices to support business owners to transition their business whilst maintaining customer satisfaction through continuity of relationship and services.


IA/ISOA/1517/02

IA/ISOA/1517/02 IA/ISOA/1517/07

IA/ISOA/1517/02

IA/ISOA/1517/09

IA/ISOA/1517/06

IA/ISOA/1517/13

IA/ISOA/1517/02

All MIis

of 19

Rob Caprioli

Wendy Thorpe

Group Executive, Advice and Banking

Group Executive, Operations

Craig Meller

Gordon Lefevre

Michael Guggenheimer

Tim Mitchell-Adams

Michael Paff

Mario Villa

Amelia Constantinidis

Stephen Colman

Andrew Patchett

Justin Morgan

Gina Mavraidis

Michael Diamante

Elizabeth Bateson

Leanne Ward

Graham Duff

Andrew Syros

Saskia Goedhart

Pally Bargri

James Brigham

Kieren Cummings

Richard Balfour

Tony Johnson

Chief Executive Officer, AMP

Chief Financial Officer, AMP

Managing Director, AMPFP and Hillross

Management Director, Charter and ipac

Director, Channel Services

Director, Operations Support

Director, Horizons

Head of Platforms and Servicing Operations

Head of Client Registers

Head of Licensee Value Management

Senior Manager, Strategic Client Allocation

Strategic Client Allocation Manager

Senior Analyst, BOLR Program and Channel Services

CFO Advice

Head of Statutory Reporting

Head of Financial Control

Chief Risk Officer, AMP

Head of ERM, Advice

Head of ERM, Operational Risk

Partner, Ernst & Young



These papers contain sensitive information for the exclusive use of those on the distribution list and should be securely maintained at all times.


internal audit report advice banking and operations … to issues summary judith charlton, ......

Documents