Legal development

Treasury releases for consultation an exposure draft of the Financial Accountability Regime

Insight Hero Image

    On Friday 16 July, Treasury released for consultation its first exposure draft of the proposed Financial Accountability Regime (FAR) which will apply to authorised-deposit taking institutions (ADIs) from 1 July 2022 or six months after the commencement of FAR and to other classes of APRA-regulated institutions on the later of 1 July 2023 or 18 months after the commencement of FAR.

    What you need to know 

    • Scope:  FAR will extend the standards of conduct established by the Banking Executive Accountability Regime (BEAR) for directors and the most senior and influential executives in ADIs to all APRA-regulated entities.  At this stage, FAR will not extend to entities which are solely regulated by ASIC.
    • APRA and ASIC to jointly administer:  While BEAR was solely administered by APRA, FAR will have both a prudential and conduct focus and will be jointly administered by APRA and ASIC.
    • Financial penalties:  Although previously foreshadowed by Treasury, no financial penalties will be imposed directly on an accountable person under FAR in respect of a breach of the person's accountability obligations under the regime, though other indirect exposures may exist. In contrast to BEAR, there will be no prohibition under FAR relating to indemnification of, or payment of insurance premiums relating to, accountable persons.
    • Prescribed responsibilities:  The prescribed responsibilities which must be allocated to accountable persons aligns with the previous consultation on FAR dated January 2020, except that a small number have been removed (for example, responsibility for service provision and the setting of incentives).
    • End to end product responsibility: An end-to-end product responsibility has been introduced into the regime for domestic entities. Heads of major business divisions or, for smaller entities, CEOs are expected to have the responsibility instead of the person responsible for developing, maintaining and reviewing the product governance framework.
    • Reasonable steps to include compliance obligation: Obligations on accountable entities and accountable persons to take "reasonable steps" will expressly include taking appropriate action to ensure compliance with a particular matter, including in response to non-compliance, or suspected non-compliance.
    • Remuneration implications: The provisions relating to the deferral and reduction in variable remuneration under BEAR will be aligned with APRA's Prudential Standard CPS 511 Remuneration.  Additional requirements will apply to particular entities under CPS 511.
    • Broad regulatory powers: ASIC, as well as APRA, can give an accountable entity a direction to address non-compliance, or likely non-compliance, with the regime by the accountable entity or accountable person. The regulators can also reallocate the responsibilities of accountable persons, accept enforceable undertakings and apply for injunctions.
    • Extension of timeframes: Timeframes for submitting certain notifications to APRA/ASIC and appointing temporary accountable persons will be extended.

    What you need to do

    • Review accountabilities and arrangements: For entities who have already implemented BEAR or have commenced preparing for FAR, review accountability statements and maps to consider whether the prescribed responsibilities under FAR have been allocated to the individuals indicated by Treasury. Enhance governance, risk management and other arrangements to support compliance in relation to the prescribed responsibilities. 
    • Identify impacted group entities: Consider which entities are likely to be "significant related entities" of accountable entities and the application of FAR in relation to such entities.
    • Review "reasonable steps" frameworks: Consider whether existing or proposed "reasonable steps" frameworks support the taking of appropriate action to ensure compliance with particular matters, as well as that they are sufficient to appropriately respond to instances of non-compliance, or suspected non-compliance.
    • Review remuneration models: Review remuneration and incentives, consequence management, regulatory and breach reporting arrangements, among others, to ensure they are consistent with and support the implementation of FAR on an ongoing basis.
    • Brief accountable persons on changes: Brief directors and senior executives on potential exposures under FAR.
    • Submissions into consultation: Consider making a submission on the proposed bill, which is due by 13 August 2021.

    Background

    In its Final Report, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission) made various recommendations in relation to BEAR.  

    This included that BEAR be extended to all APRA-regulated entities, noting that there were no reasons in principle or in practice to confine the reach of the accountability provisions to the banking sector.  It was also recommended that APRA and ASIC jointly administer the extended regime upon its implementation, such that ASIC would be charged with overseeing those parts of the regime that concern consumer protection and market conduct matters, and APRA charged with overseeing the prudential aspects of the regime.

    Treasury released a Proposals Paper in January 2020 which set out how it would implement the various recommendations handed down in the Royal Commission's Final Report (refer to our previous Financial Services Update) (Previous Consultation).  While no initial implementation timeframe was provided in the Proposals Paper, the introduction of FAR was put on hold while the financial services sector continued to deal with the ongoing impacts of COVID-19.  Treasury has now finally settled on an exposure draft for the regime and has released for consultation the draft legislation, along with its accompanying explanatory materials and various information documents that provide additional detail in respect of the regime.

    What are the key themes and changes?

    While the nature of the obligations contained in FAR are generally comparable with BEAR, various changes have been made both in respect of the operation and administration of the enhanced regime.  A summary of the key themes and changes is set out below:

    Topic Comments
    Enhanced scope of the regime – accountable entities

    While BEAR applied only to ADIs, FAR introduces the concept of an "accountable entity" which extends the application of the enhanced regime to:

    • authorised non-holding companies (NOHCs) of an ADI;
    • general insurers and authorised NOHCs of a general insurer;
    • life insurers and registered NOHCs of a life insurer;
    • private health insurers; and
      registrable superannuation entity licensees (RSE licensees).

    FAR will not extend to entities who are regulated by ASIC but are not authorised by APRA and relevantly, the consultation papers are silent on whether FAR will be extended to such entities in the future.

    Scope of the regime – significant related entities

    FAR imposes an accountability obligation on an accountable entity to take reasonable steps to ensure that its "significant related entities" (for most entities, its significant subsidiaries) comply with certain obligations under the regime.

    Significant related entities are a subsidiary of the accountable entity which have an effect on the accountable entity which is "material and substantial".

    The following factors must be met when determining whether a subsidiary is material and substantial:

    • the nature of the body corporate's business or activities;
    • the scale of the body corporate's business or activities;the nature and extent of any interdependency between the body corporate and the accountable entity;
    • any organisational, financial or administrative arrangements between the body corporate and the accountable entity; and
    • any other relevant matter.

    A significant related entity can only be related to one accountable entity, being its closest parent accountable entity.

    Significant related entities that are superannuation entity licensees (or RSE licensees) include a wider variety of entities than subsidiaries. They includes entities such as other related bodies corporate of the licensee and entities with certain control relationships with the licensee. A connected entity can be a significant related entity of more than one RSE licensee.

    Classification of entities FAR replaces the distinction between small, medium and large ADIs that was contained in the BEAR with the concepts of "core compliance" and "enhanced compliance" entities.

    The obligations applying to each type of entity will differ, including notably that only accountable entities that meet an enhanced notification threshold set by the Minister will be required to prepare and submit accountability maps and statements to APRA and/or ASIC, as well as to notify the regulators of material changes to these documents.
    Scope of the regime – accountable persons (general principle test)

    The general principle test for whether a person is an accountable person remains largely unchanged and includes a person who holds a position in the accountable entity or significant related entity and has senior executive responsibility for management or control of the accountable entity or a significant or substantial part or aspect of the operations of:

    • the accountable entity; or
    • the accountable entity and its group of significant related entities.

    The general principle test will capture those with senior executive responsibility for management of a significant business division (which has been deleted as a prescribed responsibility – see below).

    Scope of the regime – accountable persons (prescribed responsibilities and positions)

    The concept of "particular responsibilities" has been replaced with "prescribed responsibilities and positions".

    Though they are still yet to be formalised, FAR notes that the Ministerial rules will set out the list of prescribed responsibilities that may be held by a person that will result in them being deemed an accountable person for the purposes of the enhanced regime.

    In the meantime, Treasury has released a draft list of prescribed responsibilities and positions, which comprises five sub-lists relating to the different types of accountable entities.

    The prescribed responsibilities and positions relating to locally incorporated accountable entities other than authorised/registered NOHCs include those set out in BEAR, and now also include senior executive responsibility for management of the end-to-end products responsibility (see below for further information), the entity's internal and external dispute resolution functions, any client or member remediation programs and the entity's breach reporting function.

    In respect of each of the further prescribed responsibilities referred to above,

    Treasury has indicated that the senior executive responsible for the development, maintenance and review (rather than execution) of the relevant framework targeted at managing the relevant part of the entity's operations is intended to be captured as an accountable person. This is with the exception of the particular responsibility for management of the accountable entity's end-to-end product responsibility, which should be held by the heads of major business divisions or, in the case of a small accountable entity, the CEO.

    A number of additional prescribed responsibilities proposed in the Previous

    Consultation have been deleted. They are the responsibility for management of a significant business division (captured in any event under the general principle test), the responsibility for service provision and maintenance and the responsibility for the setting of incentives.

    Further prescribed responsibilities and positions for locally incorporated insurers and RSE licensees, Australian branches of foreign accountable entities and authorised/registered NOHCs are also set out in this document and include the following:

    • Insurers: responsibilities for management of the accountable entity's actuarial function and claims handling function (but not underwriting framework, as contemplated in the Previous Consultation).
    • RSEs: management of the accountable entity's member administration operations, investment function, financial advice service (if any) and insurance offerings.
    • Foreign ADIs: responsibility for the conduct of all the activities of the Australian branch of the foreign ADI (e.g. head of branch) and Senior Officer Outside Australia.
    • NOHCs: the prescribed responsibilities and positions will likely cover members of the NOHC's board, the CEO or similar, CFO, CRO and Head of Internal Audit.

    The extended list of prescribed responsibilities and roles is not intended to capture middle or lower management who may only have day-to-day responsibility.

    End-to-end product responsibility

    The Royal Commission identified that there is a lack of clear end-to-end accountability for product management across the financial services sector, which has led to adverse customer experiences and outcomes.

    Following an initial consultation period in 2019, it was determined that an ADI should identify and register an accountable person to hold end-to-end product responsibility for each product it offers as part of its compliance with BEAR. The outcomes of this consultation have been subsumed into FAR, with this now forming part of the particular responsibilities and positions for all locally incorporated entities other than NOHCs.

    End-to-end includes the following:

    • all steps in the design, delivery and maintenance of all products and services offered to customers;
    • customer remediation;
    • linkages to IT systems and data quality;
    • outsourcing; and
    • incentive arrangements of frontline staff.

    It has been noted that the key to meeting this prescribed responsibility will be ensuring that the relevant senior executive is supported by robust governance arrangements targeted at proactive and holistic management of the product value chain. These arrangements must also be such that the accountable person is able to form a view as to the adequacy of the support functions around products, even where these functions have been outsourced. However, it is not necessary for an individual holding the end-to-end production responsibility to have the technical expertise on every stage of the product value chain.

    Accountability obligations of accountable entities The accountability obligations for accountable entities under FAR are generally comparable to those contained in BEAR. There are, however, a few differences between the regimes, with the first being that accountable entities must now also deal with ASIC in an open, constructive and cooperative way, in addition to the existing obligation to deal with APRA in this manner.

    The obligation under BEAR on an ADI to ensure that its non-ADI subsidiaries comply with the accountability obligations now applies in relation to "significant related entities" of an accountable entity (see above).
    Accountability obligations of accountable persons The accountability obligations of accountable persons are proposed to be the same as those set out in the Previous Consultation. They relate to both conduct-related and prudential matters.
    In addition to dealing with APRA in an open, constructive and cooperative way as required under BEAR, accountable persons will be required to deal with ASIC in the same way under FAR.

    An additional accountability obligation has also been included in FAR, which requires an accountable person to take reasonable steps to ensure that the accountable entity complies with certain laws relating to the financial sector.

    The accountable person would only be required to take reasonable steps to ensure compliance by the entity with the laws that apply to the business of the entity that is within their area of responsibility (this is already typically covered in the accountability statements of accountable persons of ADIs who are currently subject to BEAR).
    Accountability obligations – reasonable steps
    Additional detail is provided on what amounts to taking "reasonable steps" to support proactive compliance by accountable persons and accountable entities, rather than a set-and-forget attitude.

    This includes taking appropriate action both to ensure compliance in relation to a particular matter and to respond to any instances of non-compliance, or suspected non-compliance, in relation to a particular matter.

    It is now also expected that an accountable entity will take reasonable steps in conducting its busines to prevent matters from arising that "would be likely to" adversely affect the accountable entity's prudential standing or prudential reputation, as opposed to only those matters that would have this effect.
    Accountable persons – temporary vacancies Accountable persons filling temporary vacancies or unforeseen vacancies have up to 90 days after becoming an accountable person to be registered as an accountable person (increased from 28 days under BEAR).

    Appointing an accountable person to fill a permanent position on a fixed-term contract will not constitute a temporary vacancy to which this longer period will apply (the vacancy itself must be temporary).

    The bill also clarifies that the deferred remuneration obligations do not apply to an accountable person while the person is filling a temporary or unforeseen vacancy providing that they are not registered or required to be registered under the Regime.
    Minimum amount of variable remuneration to be deferred  FAR requires that the amount of an accountable person's variable remuneration that is to be deferred must, at a minimum, be 40% of the accountable person's variable remuneration for the financial year in which the minimum deferral period for the variable remuneration starts.

    In comparison, BEAR presently contemplates that the minimum amount of deferred remuneration may be different on the basis of the size of an ADI, the accountable person's role at the ADI and the person's total remuneration for the relevant financial year.

    Apportioning variable remuneration is permitted such that only the amount that relates to an accountable person's role as an accountable person is required to meet the deferral requirement. Other guidance is given in relation to the application of the deferral requirement.

    It is important to note that enhanced minimum deferral amounts will apply to some accountable persons under APRA's proposed CPS 511 Remuneration. Entities that APRA deems Significant Financial Institutions (SFIs) for the purposes of CPS 511 will also need to comply with longer minimum deferral periods for their CEOs, senior managers and executive directors. Those minimum deferral obligations are six years for CEOs, and five years for senior managers and executive directors. CPS511 is scheduled to commence from 1 January 2023 for SFIs.
    Notification obligations - additional

    Under BEAR, ADIs are required to notify APRA of certain specific events, including where a person has ceased to be an accountable person of the ADI or a subsidiary of the ADI. These notifications will be required to be made to ASIC as well as APRA under FAR.

    Two new events have been included in FAR which must now also be notified to the regulators, namely where:

    • an accountable entity reasonably believes that it has breached its key personnel obligations (which include the requirement to ensure accountable person responsibilities cover all parts of the entity's operations and the prescribed responsibilities, to ensure no accountable person is prohibited under FAR and to comply with any directions APRA/ASIC gives to the accountable person under FAR); and
    • a material change occurs to information on the register of accountable persons about an accountable person.

    Any such notification must be provided within 30 days of the event occurring and be in the prescribed from.

    Notification obligations – accountability statements and map Enhanced notification entities are required to provide APRA/ASIC with accountability statements and an accountability map. A materiality threshold has also been introduced for reporting changes to accountability statements and maps to APRA and ASIC under FAR.

    The Minister rules will outline the threshold to determine which accountable entities will need to comply with the enhanced notification requirements, while APRA/ASIC may separately provide guidance on what constitutes a material change to these document.

    Notifications of any material changes must be made within 30 days of the change occurring (currently 14 days under BEAR).
    Consequences for accountable entities – civil penalties

    The maximum civil penalties which attach to breaches of an accountable entity's accountability obligations, key personnel obligations, deferred remuneration obligations and notification obligations under the BEAR have been enhanced such that they are now consistent with the increased maximum civil penalties that were introduced into the Corporations Act 2001 (Cth) in 2019. Relevantly, this means that the maximum civil penalty for a contravention by an accountable entity of the above obligations will be the greater of:

    • 50,000 penalty units ($11.1m);
    • the times the benefit derived, or detriment avoided, by the entity because of the contravention; or
    • 10% of the annual turnover of the entity, capped at a maximum of 2.5m penalty units or $555m).

    In practice, it is intended that courts would determine which method provides the greatest penalty, and then use discretion to impose an appropriate penalty up to that amount.

    A civil penalty may be issued against an accountable entity, even if it does not relate to a "prudential matter", as currently specified in BEAR.

    Neither accountable entities nor accountable persons will be held criminally liable for any breaches of FAR itself, though the exposure draft does refer to offences relating to information gathering powers, the appointment of disqualified accountable persons, non-compliance with directions and legal professional privilege.

    Regulatory powers – direction by APRA or ASIC 

    APRA/ASIC can give an accountable entity a direction under the regime to address non-compliance, or likely non-compliance, with the regime by the accountable entity or accountable person. Similar powers exist under the Banking Act 1959 (Cth) (Banking Act) and other legislation.

    The directions can include the following in relation to the accountable entity or any of its significant related entities:

    • to take a specific action;
    • to undertake an audit;
    • to make changes to internal systems and practices;
    • to reconstruct, amalgamate or otherwise alter part of the entity’s structure; and
    • to not take a specific action.

    ASIC will now be able to issue directions. Consideration should be given to the circumstances in which the directions power could be broader in its application than ASIC's current power to impose licence conditions on holders of an Australian financial services licence.

    Regulatory powers - Reallocation of responsibilities FAR affords both APRA and ASIC the power to direct an accountable entity to reallocate the responsibilities of its accountable persons. While a similar power exists under BEAR, the power in FAR has been expanded to cover situations where an existing allocation of responsibilities gives rise to a significant and systemic non-compliance risk in addition to prudential risk.
    Regulatory powers - other APRA/ASIC's powers extend to accepting enforceable undertakings and applying to the Federal Court for an injunction. Enforcement action may also be pursed under other legislation (e.g. Banking Act and the Corporations Act 2001 (Cth)).
    Consequences for accountable persons – no direct civil penalties While the Proposals Paper contemplated that civil penalties would be introduced for accountable persons who breach their accountability obligations under FAR, this has not been included in the exposure draft.
    Consequences for individuals – compliance with a direction A director, senior executive, or other senior employee of an accountable entity commits an offence if they fail to take reasonable steps to ensure the accountable entity complies with a direction from APRA or ASIC under FAR. The maximum penalty is 50 penalty units ($11,100).

    The offence applies more broadly than just accountable persons
    Consequences for accountable persons – other  Failures by accountable persons to comply with their accountability obligations will result in the same consequences as currently set out in BEAR. This includes that a reduction in an accountable person's variable remuneration by an amount proportionate to their failure (must be applied by the relevant accountable entity), while such persons may also be subject to regulatory actions such as a disqualification or a reallocation of their responsibilities.

    Decisions by APRA/ASIC to disqualify a person, to vary a disqualification or to refuse to vary or revoke a disqualification, are subject to reconsideration by APRA/ASIC and to a merits review by the Administrative Appeals Tribunal.
    Accountable persons – insurance and indemnity There is no prohibition in the draft FAR bill relating to indemnification of, or payment of insurance premiums relating to, accountable persons. The current prohibition under BEAR will be removed.
    Joint administration  FAR will be jointly administered by APRA and ASIC pursuant to the administration and enforcement provisions set out in the exposure draft.

    There are various situations specified in FAR whereby the regulators would be required to form an agreement prior to certain powers being exercised, including in respect of the disqualification of any accountable persons.

    FAR also requires the regulators to enter into an arrangement outlining the manner in which the regulators will administer the regime. It is expected that the details of this arrangement will be published within six months of the FAR legislation receiving Royal Assent.

    When and how will the FAR come into effect?

    Once the consultation period has concluded and any appropriate feedback has been incorporated into the FAR, it will take effect progressively over time in relation to different classes of entities in the banking, insurance and superannuation sectors. 

    Specifically, the FAR will apply to ADIs and their authorised NOHCs from the later of 1 July 2022 or six months after commencement of the regime, with BEAR being repealed once the enhanced regime  has taken effect for these entities. For all other entities, it is proposed that the FAR will commence on the later of 1 July 2023 or 18 months after the commencement of the regime. 

    Authors: Silvana Wood, Partner and Jack Collins, Lawyer.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.