The Financial Accountability Regime (FAR) consultation closed on 14 February 2020 and the Government intends to introduce legislation by the end of 2020 (no date specified). The Financial Services Royal Commission recommended to extend the Banking Executive Accountability Regime (BEAR) to all APRA regulated entities (provided joint administration to ASIC) including not only authorised deposit-taking institutions (ADIs) but also:

  • All general and life insurance licensees;
  • All private health insurance licensees;
  • All registrable superannuation entity (RSE) licensees; and
  • Licensed non-operating holding companies.

Similar to the BEAR, the FAR will impose the following obligations:

  • Accountability obligations, such as taking reasonable steps in conducting business to prevent matters from arising that would adversely affect the entity’s prudential standing or prudential reputation;
  • Key personnel obligations, such as ensuring the responsibility of an accountable person cover all aspects of the operations of the entity (and its significant or substantial subsidiaries) including the conception of ‘end-to-end accountability’ for product responsibility (design, delivery and maintenance of all products offered by ADIs including customer remediation, linkage to IT systems and data quality, outsourcing and incentive arrangements);
  • Accountability maps and accountability statements, are required for each accountable person for enhanced compliance entities showing (i) reporting lines and lines of responsibility within the entity, and (ii) detail areas of responsibility over which they have effective management and control (to ensure no gaps in product responsibility over its lifecycle), respectively;
  • Notification obligations, as under the BEAR; and
  • Deferred remuneration obligations, requirement to defer 40% of the variable remuneration for all accountable persons for a minimum of four years if the amount to be deferred is greater than $50,000.

The FAR classifies entities as ‘core compliance entities’ or ‘enhanced compliance entities’ depending on the size and complexity of the entity with total assets used as the determining metric. Enhanced compliance entities are as follows:

  • ADIs and RSE >$10b
  • Life insurance >$4b
  • General and private health insurance >$2b

An ‘accountable person’ is a person in a senior executive position with actual or effective management or control of the entity, or the management or control of a substantial part of the operations of the entity and its significant and substantial subsidiaries. This may include a senior executive responsible for (i) management of a significant business division, (ii) management of the entity’s dispute resolution function (internal and external), (iii) service provision and maintenance (service responsibility), (iv) setting incentives (staff incentives and outward facing incentives such as loyalty programs) and (v) breach reporting.

APRA will have a non-objection power to veto the appointment or reappointment of accountable persons which brings it in line with international regulators and strengthen its capacity to pre-emptively regulate problematic executives moving from one entity to another (i.e. disqualification power).

Steps to be taken now

The FAR affected entities should start commencing their preparation now as implementation can be time consuming. Steps to be taken now should include:

  • Analysis of the entity’s overall governance framework;
  • Review organisational structures to understand where the authorities and accountabilities reside;
  • Identify accountable persons and their key responsibilities; and
  • Consider whether the existing compliance framework and internal documentation require revision.

Penalties for entities are (i) 50,000 penalty units (currently $10.5m), (ii) 3x the benefit derived or detriment avoided, or (iii) 10% of annual turnover to a maximum of 2.5m penalty units (currently $525m); and for accountable persons (new provision) are (i) 5,000 penalty units (currently $1.05m), or (ii) 3x the benefit derived or detriment avoided.

Entities cannot indemnify or pay the costs of accountable persons breaching the FAR but accountable persons can obtain insurance to cover the financial loss arising from a civil penalty order against them.

In summary, the FAR is in line with similar legislation in the UK extending a new focus on the accountability for the lifecycle of financial products and increase focus on non-financial risks (particularly, those risks associated with misconduct such as compliance risk, conduct risk, regulatory risk and operational risk).

It is clear that enhanced compliance is the new normal and the financial business landscape has fundamentally changed, therefore we all need to prepare and adapt to remain relevant.