This article was written by Glenda Hanson, Diana Nicholson, Tim Bednall and Yiwen Chen.
The Commonwealth Government’s Banking Executive Accountability Regime (BEAR) has been introduced into the Federal Parliament. The regime is proposed to commence on 1 July 2018[i]. It is currently being reviewed by the Senate’s Economics Legislation Committee, which is due to report on 24 November 2017. The BEAR seeks to strengthen the responsibility and accountability framework of authorised deposit-taking institutions (ADIs) by making senior executives expressly responsible for specific activities of the bank and requiring certain bonuses to be deferred. It gives new powers to the Australian Prudential Regulation Authority (APRA) to investigate potential breaches, and to disqualify accountable persons for breach.
Proposed new accountability obligations
Accountability obligations under the BEAR apply to both ADIs and “accountable persons” of an ADI. ”Accountable persons” for domestic ADIs include:
- all members of the ADI Board (but not members of subsidiary or holding company boards in that capacity);
- the CEO, CFO, CRO, COO, CIO, and those responsible for internal audit, compliance, human resources and anti-money laundering; and
- any other executive with actual or effective senior executive responsibility for management or control of an ADI or of a substantial part of the ADI group’s operations.
For foreign ADIs, “accountable persons” include the person with senior executive responsibility for the conduct of all activities of the Australian branch of the ADI, and any other senior executive with actual or effective management or control of the ADI or of a substantial part of the ADI group’s operations, even if they are a director of the parent of the ADI, exercising that management or control of the Australian branch from outside Australia. The number of accountable persons may depend on the extent of the foreign ADI’s operations in Australia.
Each ADI will have to provide APRA with an accountability map, setting out who is responsible for the various Australian activities of the bank, and their reporting lines. The accountability map must cover all of the operations of the ADI group in Australia. Each ADI will also have to provide APRA with accountability statements, setting out the responsibilities for each accountable person in the ADI group. Accountable persons will need to be registered with APRA.
Both the ADI and its accountable persons will be under obligations to act honestly and with integrity, and with due skill, care and diligence. They will also be required to deal with APRA in an open, constructive and cooperative way. Accountability maps and statements are also required to cover the activities of the ADI’s subsidiaries.
A foreign ADI is not subject to the BEAR for its offshore operations or for any locally incorporated non-ADI subsidiaries, but the above requirements will apply to a foreign ADI to the extent that it operates a branch in Australia.
Both the ADI and its accountable persons, each from their own perspective, is required to take reasonable steps to prevent matters from arising that would adversely affect the ADI’s prudential standing or prudential reputation. The breadth of this obligation has been the subject of various submissions, and it is hoped that APRA will provide guidance soon.
The consequences of breach of the accountability obligations include civil penalties of up to $210 million for a large ADI. There are no civil penalties under BEAR for individuals (although individuals may still be liable to civil penalties under the Corporations Act).
However, APRA will have power to disqualify individuals who breach their obligations from being an “accountable person” for a period that APRA considers appropriate. Individuals who are disqualified by APRA will be entitled to appeal the decision to the Administrative Appeals Tribunal, on the merits and at law.
How can a banking executive meet the requirements?
Avoid the BEAR trap by taking “reasonable steps”
Once the BEAR becomes law, senior banking executives will need to be able to demonstrate compliance with their individual obligations and responsibilities (if their conduct is called into question) including taking “reasonable steps in conducting those responsibilities to prevent matters from arising that would adversely affect the prudential standing or prudential reputation of the ADI”.
The BEAR Bill contains limited guidance on the scope of the actions of an ADI or accountable person that will amount to reasonable steps in connection with its accountability obligations. It states that taking reasonable steps in connection with a matter for which the accountable person is responsible includes having:
- appropriate governance, control and risk management in relation to that matter;
- safeguards against inappropriate delegations of responsibility; and
- appropriate procedures for identifying and remediating problems that arise or may arise in relation to the matter[ii].
The BEAR Explanatory Memorandum reinforces this focus on governance processes, stating that “reasonable steps are systemic in nature”. It also recognises that the steps that an accountable person could take to meet their accountability obligations should be considered in terms of that person’s functions or responsibilities. For example, a non-executive director in an oversight role may be expected to take different actions to an executive director. It asserts that the terms used in the obligations such as “open, constructive and co-operative” are not defined because they have “a well understood common usage and, in some cases, legal application”. That may be debatable in practice. For example, communications with APRA are normally through specific channels. Could the requirement for executives to be “open” include an obligation for them individually to engage directly with APRA?
The BEAR Explanatory Memorandum also contemplates that following appropriate consultation, APRA may issue further guidance on the factors it would consider in determining what conduct will meet the accountability obligations. It would not be unreasonable to assume that APRA might take a similar approach to its 2015 Prudential Practice Guide on Risk Management[iii], which refers to a sound risk culture as involving awareness/knowledge, appropriate actions including escalation, and rewards for appropriate management behaviour. Indeed, there is much overlap between the BEAR regime obligations and what ADIs are already required by APRA to do.
An obligation to take “reasonable steps” to ensure an outcome appears in a number of areas of Australian corporate regulation, from ensuring that listed entities comply with continuous disclosure obligations[iv], to ensuring that documents lodged with ASIC are not misleading[v], that an investment fund is administered in accordance with its constitution[vi] or that disclosing entities comply with financial reporting requirements[vii]. It is, of course, a test that changes with context and time, but one way the courts have approached interpretation of a requirement to take reasonable steps is only to find executives personally liable if no reasonable person in their position and circumstance would have taken the same approach[viii]. However, in the context of directors’ obligations in relation to financial accounts, the standard of “all reasonable steps” has been found to require “at a minimum, that directors take a diligent and intelligent interest in the information either available to them or which they might appropriately demand from the executives or other employees and agents of the company”[ix]. A similar approach is taken in the defence to liability under the Corporations Act for false statements to ASIC[x], namely that the person must make all inquiries that are reasonable in the circumstances, and after doing so to believe on reasonable grounds that the statement was not misleading. Outside the context of corporate regulation, the Australian High Court has recently set quite a high bar for active steps to be considered “reasonable”, in relation to the status of politicians under section 44 of the Constitution[xi].
APRA and the courts may also look to similar regimes in other jurisdictions for a benchmark against which to judge the accountability map, governance processes and standards of conduct required to satisfy the BEAR.
Reasonable steps under the UK Senior Managers Regime
In the United Kingdom, a similar accountability and responsibility framework for prudentially regulated entities commenced in March 2016. Under this Senior Managers Regime (SMR), persons identified as “Senior Managers” are required to take reasonable steps to prevent regulatory breaches from occurring in their area of responsibility. Although there is a stark difference between the two requirements, with the UK SMR only requiring reasonable steps to ensure there is not a breach of specific regulatory requirements[xii], and the BEAR requiring the more amorphous test of reasonable steps to prevent matters arising which would affect the ADI’s reputation or prudential standing, the UK guidance may still be relevant.
The Chief Executive of the UK Financial Conduct Authority (FCA) has commented that the expected steps appear to be common sense … “Behave with integrity; delegate appropriately; make sure you understand your business area; and comply with common law, existing rules and legal obligations”[xiii]. FCA Policy Statement 17/9 provides guidance on the “reasonable steps” a Senior Manager should undertake to avoid a contravention by their firm. The steps will be judged in proportion to the firm’s business, the role of the manager and their length of time in their role. They include that the Senior Manager should, in the context of the part of the business for which they are responsible:
- ensure adequate reporting or seek an adequate explanation of issues within a business area, if they are not an expert in that area;
- maintain appropriate levels of understanding about delegated issues and responsibilities; obtaining independent, expert opinion from within or outside the firm as appropriate;
- reasonably assess potential risks before permitting the expansion or restructuring of the business; and
- adequately monitor highly profitable transactions, business practices, unusual transactions, or individuals contributing significantly to the profitability of a business area or who had significant influence over the operation of a business area.
Joint and several liability
The BEAR Bill proposes joint liability where two or more accountable persons share accountability obligations within an ADI. This means that an accountable person who is jointly responsible with another accountable person for particular accountability obligations will be liable for a breach by the other person. This will be the outcome unless the banks succeed in their submissions to Government to have this aspect of the legislation modified.
Where to next?
The BEAR is likely to have a significant impact in reforming transparency and accountability in the banking industry. Having said that, the BEAR is only a stage on the journey all banks are currently undertaking, of a culture shift to a consumer-focused model with strong governance. We await with interest the Committee’s report on the BEAR Bill, which is due on 24 November 2017, and the release of guidance by APRA.
[i] For a bonus under a contract in place before the BEAR receives Royal Assent, the deferral requirements do not apply until 1 January 2020.
[ii] BEAR Bill, proposed section 37CB of the Banking Act 1959
[iii] CPG 220
[iv] Corporations Act section 674(2B)
[v] Corporations Act section 1308(4)
[vi] Corporations Act section 601FD(1)(f) and section 1157(f) in the proposed Corporate Collective Investment Vehicle legislation.
[vii] Corporations Act section 344. The guidance in ASIC’s Report 515 Financial advice: Review of how large institutions oversee their advisers, as it relates to Corporations Act section 961B(2)(g) regarding steps to satisfy the “best interests” obligation, may also be relevant.
[viii] For example, see ASIC v Australian Property Custodian Holdings Ltd (No 3)  FCA 1342
[ix] ASIC v Healey & Ors  FCA 717 at 143
[x] Corporations Act section 1308(10)
[xi] Re Canavan  HCA 45
[xii] Under the SMR, the duty of responsibility requires the regulator to prove a contravention of a regulatory requirement by the firm, and that the Senior Manager was responsible for management of the relevant activities: FCA PS17/9 at 1.10. This is somewhat similar to the “stepping stone” liability of directors in Australia where a breach of the Corporations Act by a company is the link to prosecution of individuals for breach of directors’ duties; see ASIC v Cassimatis (No 8)  FCA 1023
[xiii] Martin Wheatley, then Chief Executive of the FCA, March 2015, www.fca.org.uk/news/nothing-to-fear-from-high-standards