Business Insight

Australia's financial accountability regime is here—Are you ready?

banking background

    FAR is near—the time to act is now

    The incoming Financial Accountability Regime (FAR) will impose a stringent accountability framework for the directors and most senior executives of APRA-regulated entities. Across Australia, banks are working towards compliance by March 2024, with FAR applying to insurers and registrable superannuation entities from March 2025.

    Given the dependencies required to support compliance with FAR, the time for banks, insurers and registrable superannuation entities to act is now.

    Getting a handle on complexity

    Successful compliance with the regime will rely on understanding the complexity of FAR in the context of your entire business and aligning this with accountability across your accountable persons. Institutions will also need to remain cognisant of how regulators will use the data you provide now and in future.

    How institutions identify accountabilities for a broad range of functions across end-to-end value chains and an often wide net of accountable executives is critical. Properly cascading responsibilities through all levels will set your governance, oversight, risk and compliance management frameworks apart.

    Ultimately, an end-to-end, integrated approach to compliance with FAR obligations and other regulatory reforms will drive improved organisational and consumer outcomes.

    Getting ahead of the next frontier of data-informed regulator collaboration—recognising how to deal with both the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) as joint administrators—will be critical to avoiding potentially far-reaching directions.

    Cautionary tales from the Australian Banking Executive Accountability Regime (BEAR) and the United Kingdom's Senior Managers Regime

    Cascading accountabilities through all levels of an institution as part of the BEAR and the United Kingdom's Senior Managers Regime has proven challenging — and has failed in some of the worst cases.

    Institutions that are structured primarily by function have faced insurmountable obstacles in ensuring appropriate compliance with accountability regimes. This is particularly the case when attempting to map accountabilities across end-to-end value chains.

    It is clear from the implementation of other accountability regimes that accountable entities will need to:

    • undertake detailed planning and mapping to ensure appropriate coverage and adequate accountability arrangements, especially where responsibilities are duplicated across business areas and different accountable persons
    • ensure strong governance, risk and compliance management, with an embedded 'speak up' culture permeating all levels—this must be supported by timely and appropriate escalation processes and procedures when things go wrong, and
    • clearly document regulatory obligations, and identify and map roles and responsibilities to associated FAR requirements.

    These steps will better position accountable entities to design and operate mechanisms that are suitable for their organisation and will also drive and demonstrate compliance.

    Mitigating execution risk

    Most institutions will implement FAR at the same time as they continue to run their businesses and deliver risk or operating model transformation programs. This is alongside the concurrent introduction of inter-related key regulatory reforms that require an end-to-end view of the value chain, including remuneration (CPS 511) and operational risk management (CPS 230).

    Diagram

    Execution risk in this context will need to be carefully managed. There will need to be a focus on dependencies and interoperability to ensure frameworks, systems, policies, processes and procedures are holistic, fit-for-purpose and sufficient for managing non-financial risks like compliance and conduct risks.

    Understanding and implementing FAR in this integrated way will be a key differentiator for institutions looking to transition to, or implement, the new regime and translate it into practice as intended in a sustainable manner.

    Engaging with APRA and ASIC openly, constructively and cooperatively

    Both APRA and ASIC will administer FAR jointly, and those accountable entities subject to the regime should not expect a 'light touch' from the regulators. Rather, with increased signposting of focused enforcement approaches from both regulators, more proactive supervision, investigations and regulatory outcomes can be expected.

    There are two key drivers for this shift:

    • the enhanced powers the regulators have to give accountable entities directions to make changes to systems, business practices or operations, as well as to make organisational changes or reallocate responsibilities between accountable persons, and
    • perhaps more importantly, the next frontier of data-informed regulator collaboration, which is changing the way regulators obtain, share, use and analyse information—for example, under FAR, accountable persons will be expected to understand and appreciate the recurrent datasets on reportable situations and internal dispute resolution provided to APRA and/or ASIC, which might suggest non-compliance or suspected non-compliance, and act on the insights and trends from that data.

    In this environment, it is of fundamental significance that institutions refresh their regulatory strategies in a way that supports how accountable persons interact and engage with regulators.

    What institutions need to do right NOW to comply in time

    Given the short implementation period, APRA-regulated institutions should embrace a multi-disciplinary approach swiftly. Bringing together legal, risk and business perspectives can quickly clarify how the legislation affects institutions, and translate this into implementing FAR in a compliant manner.

    That's exactly how we help clients, with our unique integrated solutions and insights. Our legal-led consulting service brings together legal and risk expertise leveraging our extensive industry and regulatory experience, as well as our significant depth in advising financial services clients in Australia, to deliver proportionate, practical, defensible and sustainable solutions.

    Reach out if you would like assistance, and we would be happy to help you on all aspects of the regime.

    Further reading

    The Senate passed the Financial Accountability Regime Bill 2023 (Bill) on 5 September 2023, and the Bill is now awaiting Royal Assent. There were no changes to the Bill introduced earlier this year.

    FAR imposes accountability obligations, key personnel obligations, deferred remuneration obligations and notification obligations.

    As outlined in our previous article, Far is not far away, are you ready? :

    • Authorised deposit taking institutions, or banks, which are already subject to BEAR, should focus on conducting a gap analysis to determine what uplift is required to become compliant with FAR, and then evolving and maturing their accountability frameworks to support compliance with FAR and mitigate potential future exposures under the new regime. Domestic ADI should consider which entities within their groups are likely to be 'significant related entities' captured by FAR.
    • Insurers and registrable superannuation entities should take immediate action to get ahead, recognising that foundational governance, risk management, compliance and other arrangements may need to be uplifted before FAR takes effect.
    • Directors and accountable executives should be briefed on how to comply with their obligations under FAR, including reasonable steps required to demonstrate compliance.

    While there are no individual civil penalties for accountable persons who breach their accountability obligations (other than in the case of being knowingly concerned in, or party to, a contravention of certain FAR provisions), it is important for accountable entities to undertake any framework uplifts where required, given ongoing regulatory scrutiny on accountability and potential civil penalties for accountable entities of more than double those under BEAR for large ADI (up to $210 million).

    Authors: Miriam Kleiner, Partner, Legal Governance; Elizabeth Hristoforidis, Director, Risk Advisory; and Ethan Culross, Specialist, Risk Advisory.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.