Written by Elizabeth Cavdarovski.
Overview
The Financial Accountability Regime (FAR) is the Government's proposed extension of the existing Banking Executive Accountability Regime (BEAR) to cover all APRA regulated entities, including RSE Licensees. We have published a general overview of FAR on our website.
A key objective of FAR is to improve the operating culture of APRA-regulated entities and to increase transparency and accountability across these sectors - in relation to prudential and conduct matters. This means that FAR is regulated both by APRA and ASIC.
This update focuses on the specific impact of FAR on RSE licensees.
When?
At this stage, and subject to a ministerial declaration, it is proposed that FAR will apply to RSE licensees from the later of 1 July 2023 or 18 months after FAR has commenced (which will depend on when the legislation passes Parliament).
It is expected that FAR will apply to ADIs on 1 July 2022. This date is important for an RSE licensee within an ADI group. If the RSE licensee is a "significant related entity" of the ADI (we discuss significant related entities below), the RSE licensee may need to be FAR-compliant before 1 July 2023. Given FAR is new territory for RSE licensees, this presents real practical implementation challenges for these RSE licensees.
What?
Although the BEAR regime has been in place for some time for ADI's, for RSE Licensees, FAR is new territory. While the task for ADIs will be to modify existing BEAR frameworks so as to fit within FAR, for RSE Licensees the task will involve building new FAR frameworks. Experience with BEAR shows that this can involve significant work and lead time, particularly when discussing things like accountability maps with the regulators.
FAR imposes obligations both on accountable entities – that is, the RSE licensee – and directly on accountable persons of those entities (see below for who are accountable persons). This means FAR, and the regulators, will directly regulate the conduct of accountable persons. FAR also extends indirectly to a significant related entity of a RSE licensee and the accountable persons of the significant related entity. RSE licensees will need to have policies and processes in place designed to comply with its FAR obligations and to support its accountable persons to comply with their FAR obligations.
Briefly, FAR imposes four sets of obligations on RSE licensees and their accountable persons:
1. Accountability obligations
RSE licensees and their accountable persons will have obligations:
- to conduct their business with honesty and integrity, with due skill, care and diligence;
- deal with the regulator in an open co-operative manner (an obligation that is open to different interpretations depending on the scenario); and
- conduct their business in a manner that prevents adverse impact on the entity's prudential standing.
Accountable persons also have obligations to ensure that the accountable entity complies with a list of laws set out in the draft legislation that are typically applicable to financial services businesses (see below for our more detailed commentary on this obligation). Accountable entities must also:
- ensure that each of their accountable persons meet their accountability obligations; and
- ensure that each of their significant related entities complies with the accountability obligations as if it was an accountable entity.
2. Key personnel obligations
RSE licensees will be required to ensure that all areas of their operations and those of their group are attributed to accountable persons. There can be no "gaps" in accountability for the operations of an RSE licensee business – all operations must be accounted for. Other personnel obligations that extend to both RSE licensees and their significant related entities are ensuring that no accountable person is prohibited from being an accountable person (which will be another check in the fitness and proprietary checks) and to comply with a direction by a regulator.
3. Deferred remuneration obligations
RSE licensees to defer at least 40 per cent of the variable remuneration (for example, bonuses and incentive payments) of accountable persons for a minimum of 4 years, and for their variable remuneration to be reduced where accountability obligations are breached. The interaction between the deferred remuneration rules in FAR and draft CPS 511 remains problematic and (at this stage) seems unlikely to be aligned so RSE licensees will have to comply with both regimes.
4. Notification obligations
RSE licensees will have new regulator notification obligations in relation to:
- registered persons;
- material changes; and
- breaches.
Further, large superannuation funds with more than $10 billion in FUM will need to develop and lodge accountability statements and maps with the regulators. RSE licensees should expect significant comments on these statements and maps from the regulators and so should factor in appropriate regulator consultation time into their FAR planning.
Who are accountable persons in an RSE licensee business?
Accountable persons are those who have actual or effective senior management responsibility or control of all or a significant part of the fund. The draft explanatory memorandum suggests that this would involve directors, the Chief Executive Officer and his or her direct reports.
However, persons with prescribed responsibilities will also be accountable persons. The consultation materials outline 14 prescribed responsibilities: finance, risk, operations, information technology, internal audit, compliance, human resources, AML, product, dispute resolution, remediation and breach reporting.
RSE licensees have an additional 4 prescribed responsibilities being member administration, investments, financial advice services and insurance.
Three issues arise for RSE licensees in relation to accountable persons:
- Some RSE licensees may not have clear accountabilities for all the prescribed functions to one or two executives. Alternatively, the senior executives currently responsible for these functions in relation to the RSE licensee business may not currently sit at the ex-co level or may report directly to the CEO of the holding company. For these organisations, compliance with FAR may require changes to delegations and reporting lines.
- There is clear overlap with the responsible person regime under the APRA Prudential Standards, but there are differences. As yet, there is no indication that APRA will change the responsible person rules as a result of FAR.
- While important in many retail funds, it is not clear whether the head of an Office of the Superannuation Trustee (OST) would be considered an accountable persons. Our experience is that OST functions vary across organisations in terms of structure, size and seniority and so it could be that there would be different FAR outcomes in different organisations. It may be that whether the OST function is an accountable person will depend on each particular OST’s role and responsibilities within the RSE licensee’s organisation.
Product responsibility
It is proposed that one of the prescribed responsibilities will be end-to-end product responsibility, although they won't need to have the technical expertise on every stage of the product value chain.
The consultation materials suggest a wide interpretation of "product responsibility" to include design, delivery and maintenance of products and services (presumably, including DDO compliance and, for RSE licensees, the member outcomes framework), remediation, IT, outsourcing and incentive arrangements for frontline staff. This description overlaps with other prescribed responsibilities.
The broad nature of the term and the associated ambiguities raise significant issues for RSE licensees given many aspects of this product description fall outside the activities that product teams normally perform. We expect that this will be a recurring theme in the submissions on the draft legislation.
A quadruple jeopardy for RSE licensees
FAR imposes an obligation on RSE licensees to act with honesty and integrity and with due skill, care and diligence (section 18(a)).
An RSE licensee has similar obligations under the covenant in section 52(2)(a) and (b) of the Superannuation Industry Supervision Act 1993 (Cth) (SIS Act) to exercise honesty and to exercise, in relation to all matters affecting the entity, the same degree of care, skill and diligence as a "prudent superannuation trustee" would exercise. While the honesty obligations appear to be similar, the SIS standard of care is higher than the FAR standard of care. Further, FAR imposes integrity obligations which are not found in the SIS Act.
Importantly, the FAR penalties are much higher compared to the penalties for breaching a SIS Act covenant. This means that FAR potentially increases the penalties for dishonest conduct. While the FAR penalties for breaching the standard of care are higher than those for a breach of the SIS standard of care, it should be easier for RSE licensees to satisfy the FAR standard of care.
As an AFS licence holder, an RSE licensee is also required to provide financial services efficiently, honestly and fairly. With the new financial service of providing a superannuation trustee services, the obligation to act efficiently, honestly and fairly covers all parts of a superannuation business. Again, there is significant overlap between the FAR obligation and the AFSL obligation given that both cover honesty and integrity. The penalties for breach of the efficiently, honestly and fairly obligation are the same as the penalties for the breach of the FAR standard of care.
In addition, a director of a RSE licensee has duties care and diligence that are owed to the RSE licensee (although we note that these are overridden to the extent of any inconsistency with the SIS Act covenants).
It's not clear how these overlapping obligations will play out in practice if a regulator were to pursue an RSE licensee (or a director). Theoretically, penalties could be imposed under all regimes (a concept often referred to as "double jeopardy" or this case "quadruple jeopardy") because the draft legislation does not contain any carve-out for penalties imposed under another regime. Alternatively, the regulator may be inclined to pursue breaches under the regime that is easier to enforce and could result in the higher penalty.
Doubling up of regulatory tools
Under FAR, the regulators have powers to:
- Conduct investigations;
- Conduct examinations;
- Request information;
- Issue directions;
- Request enforceable undertakings; and
- Issue injunctions.
These powers are similar to the powers the regulators already have under other legislation an RSE licensee is already required to comply with, but there are some misalignments. For example, APRA's directions power under the SIS Act permits APRA to give a direction where APRA "has a reason to believe" the RSE licensee has contravened a provision of the SIS Act. Under FAR, APRA may give a direction where it "reasonably believes". The FAR wording imposes an objective test (which is arguably stricter) whereas the SIS Act test is subjective.
Interaction with section 56 solutions
A related body corporate cannot indemnify an accountable entity against the consequences of breach a FAR obligation or pay the premium for insurance that covers the consequences of breach of a FAR obligation. If a RSE licensee is going to rely on an indemnity from a related body corporate to address potential insolvency risks caused by the changes to section 56 of the SIS Act that applies to liabilities incurred on or after 1 January 2022, that solution will not be able to used for FAR penalties.
What does it mean for implementation by RSE licensees?
Substantial work will be required by RSE licensees. Detailed work will need to planned for and undertaken to:
- identify accountable persons of the accountable entity and of the significant related entities;
- educate them on their new liabilities,;
- prepare accountability maps for the accountable entity and ensure maps are also prepared by each of its significant related entities;
- prepare accountability statements for each accountable person and ensure statements are also prepared for each accountable person of its significant relates entities; and
- review and if needed, change risk and control processes to align with the FAR obligations (e.g. reviewing existing policies, procedures, risk registers, breach reporting procedures, fit and proper checks).
The volume of work should not be underestimated. Given APRA and ASIC will be requesting drafts of accountability maps and statements prior to implementation, the work will need to begin well before the regime commences. Based on our experience with BEAR, the regulators become heavily engaged in reviewing these documents and it should be expected that there may be two to four iterations before the regulator is satisfied. In short, obtaining the regulators' approval of the draft accountability maps and statements is unlikely to be a simple or short process.
For some entities, structural changes and redesigned governance arrangements will be needed in order to ensure accountabilities operate effectively, that there are no "gaps" in accountabilities and that risk and governance frameworks align with FAR.
Conclusion
We have supported our banking clients to both meet the initial implementation requirements of BEAR and its ongoing application. Submissions on the Exposure Draft closed on 13 August 2021, and the industry now awaits the Government's response.
Even through the details of the FAR regime are yet to be finalised, RSE licensees should start considering whether their governance and compliance regimes meet their expected FAR obligations. We have extensive experience in this area and would be happy to assist.