This article was written by Nathan Hodge, Sarah Yu, Rebecca Williams and Daniel Goldblatt
On 16 July 2021 Treasury released consultation draft legislation to introduce the Financial Accountability Regime (FAR). FAR is the Government’s proposed extension of the existing Banking Executive Accountability Regime (BEAR) to cover all APRA regulated entities, in response to recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 of the Financial Services Royal Commission.
The draft legislation broadly follows the model described in Treasury’s January 2020 proposal paper (summarised in our February 2020 update). While the draft legislation clarifies many of the ambiguities present in the existing BEAR legislation, it is beset by many of the same problems seen in the 2020 model – including the creation of overlapping accountabilities and potential “double jeopardy” scenarios, for entities and executives alike.
At this stage, FAR is expected to commence:
- for authorised deposit-taking institutions (ADIs) and their licensed non-operating holding companies (NOHCs), no earlier than 1 July 2022; and
- for other APRA-regulated entities, no earlier than 1 July 2023.
Consultation on the exposure draft is open until 13 August 2021.
Scope – “accountable entities” and “accountable persons”
As anticipated, the new regime will cover ADIs, trustees of APRA-regulated superannuation funds (RSE licensees), general, life and private health insurers, and NOHCs. Large or diversified corporate groups are therefore likely to include several “accountable entities” for FAR purposes.
Accountable entities must also take reasonable steps to ensure their “significant related entities” comply with certain FAR obligations (including the “accountability obligations” below). This can extend the impact of FAR to non-APRA regulated entities within a corporate group, and so result in increased compliance obligations. For most entities this will mean subsidiaries with business activities that are material or substantial to the accountable entity. For superannuation trustees, however, “significant related entities” includes the concept of a “connected entity” and therefore may include parent entities as well as subsidiaries. This raises the possibility of a subsidiary trustee being liable for the acts of the trustee’s shareholder.
The draft legislation makes some effort to minimise overlapping accountabilities for entities within a group, and to provide legislative guidance as to when a related entity is likely to be “significant” (rather than relying on guidance from the regulators). Nonetheless, institutions will need to undertake a detailed mapping exercise to ensure the correct “accountable entities” are identified and supported to comply with FAR obligations.
FAR will retain BEAR’s “dual” approach: both directors and senior executives will be “accountable persons” if they either satisfy a general principles test (i.e. management or control of a significant / substantial part of the ADI / group’s operations) or hold a “prescribed responsibility or position”.
The “prescribed responsibilities and positions” will be determined by the Minister, rather than being legislated as is currently the case under BEAR. The consultation materials indicate that the prescribed responsibilities and positions will include:
For all accountable entities
Additional positions for insurers
Additional positions for super trustees
- Member of the Board
- Chief Executive Officer
- Chief Financial Officer
- Chief Risk Officer
- Chief Operating Officer
- Chief Information or Technology Officer
- Senior executive responsible for any of the following:
- Internal Audit
- Anti-money laundering
- End-to-end product responsibility (e.g. head of a business division)
- Customer / member remediation (including hardship)
- Breach reporting
- Dispute resolution function (internal and external)
For foreign entities, the accountable persons’ responsibilities relate only to the entity’s operating Australian branches.
Senior executive responsible for any of the following:
- actuarial function
- claims handling
For foreign insurers, the accountable persons’ responsibilities relate only to the entity’s operating Australian branches.
Senior executive responsible for any of the following:
- member administration
- financial advice service (if any)
- insurance offerings
For ADIs, this will include appointing new FAR “accountable persons” for roles that are not currently BEAR accountable roles – including executives with responsibility for the ADI’s dispute resolution function, client/member remediation programs, breach reporting and end-to-end product responsibility.
Accountability for some of these prescribed responsibilities would ordinarily attach to executives below the ExCo level, which may create overlapping accountabilities at different levels of seniority. The explanatory materials state that, in practice, Treasury expects that only CEOs and their direct reports will be accountable persons under FAR – which will likely have the practical effect that those same accountable people would need to have multiple prescribed responsibilities.
It should also be noted that the consultation material confirms that accountable persons do not have to be located within or employed by the accountable entity or its significant related entities. This means that they can be located within or employed by other parties of the group.
Importantly, there will need to be an accountable person with end-to-end product responsibility, although they won’t need to have the technical expertise on every stage of the product value chain. Consultation material suggests a wide interpretation of “product responsibility” to include design, delivery and maintenance of products and services (presumably, including DDO compliance and, for RSE licensees, the member outcomes framework), remediation, IT, outsourcing and incentive arrangements for frontline staff.
Some of the more unworkable prescribed responsibilities flagged in Treasury’s 2020 consultation (such as responsibility for setting incentives for staff/customers) seem to have been dropped. The draft legislation also contemplates that ASIC / APRA may exclude certain responsibilities for certain entities (or classes of entities), although at this stage it is not clear how this power is intended to be used and regulatory guidance will be needed.
Once all accountable persons are determined, each accountable entity should ensure that it assigns all management and control responsibilities to persons within that group, noting that it will be open for an accountable person to have more than one of those assigned responsibilities.
Joint administration by ASIC and APRA
As recommended by the Financial Services Royal Commission, FAR will be jointly administered by ASIC and APRA. Treasury has released an additional Information Paper explaining the current proposed division of responsibility between the two regulators and how this might work in practice (although this too remains subject to consultation). At a high level, it is expected that:
- Accountable entities which do not hold an AFSL or ACL will be regulated by APRA only.
- APRA and ASIC will need to enter into a documented arrangement outlining how they will administer the regime, although this would not be published until after the legislation is passed. Information can be shared freely between the two regulators, without notice to the relevant accountable entity or person.
- The guidance is clear that, while ASIC and APRA will coordinate on any FAR enforcement action, the underlying conduct may give rise to other liability under APRA- or ASIC-administered legislation (eg the Banking Act or Corporations Act) and the regulators will independently enforce that legislation. Most FAR enforcement powers will be able to be exercised by each regulator independently – although some will need to be exercised by agreement, such as certain FAR exemptions and relief, directions and disqualification of accountable persons.
- There would be a single point of contact for all accountable entities (expected to be APRA Connect for notification/registration obligations).
Most current BEAR obligations will continue under FAR, which also imposes new obligations on accountable entities and persons.
FAR will impose the following:
Accountability obligations – under both BEAR and FAR, accountable entities and persons must take reasonable steps to conduct their business with honesty and integrity, with due skill, care and diligence, and in a manner that prevents adverse impact on the entity’s prudential standing.
FAR will impose new accountability obligations not found in BEAR – including a new obligation on accountable persons to take reasonable steps to ensure the entity complies with certain specified financial services legislation – including the Banking Act, credit legislation, life insurance and PHI legislation, the SIS Act and other laws relating to the provision of financial services. This will likely create a significant new source of potential liability for senior executives and directors – going beyond existing directors and officers’ duties and accessorial liability and potentially imposing multiple overlapping layers of liability for the same conduct. This new potential liability could have a significant impacts on management operations and decisions.
Importantly, joint accountability has been retained: where multiple accountable persons have the same responsibility for the same accountable entity, they will be considered jointly and severally liable for any breaches.
The dual administration of FAR also means that accountable entities and persons will be required to deal with ASIC and APRA in an “open, constructive and co-operative way”. It is not clear how this will operate in circumstances where, for example, a dispute is on foot between ASIC and the entity.
Key personnel obligations – each entity must register accountable persons for each of the prescribed responsibilities that are relevant to it. For ADIs, FAR does allow more time to register persons filling temporary/unforeseen vacancies, compared to BEAR.
Remuneration obligations – the FAR legislation will require a minimum of 40% of an accountable person’s variable remuneration to be deferred for a period of 4 years (or longer where an accountable entity considers an accountable person is likely to have breached their accountability obligations). It will also require variable remuneration to be reduced where an accountable person breaches their accountability obligations. The deferral requirements do not apply to an accountable person performing a temporary vacancy for no more than 90 days, for small amounts of variable remuneration (where the amount to be deferred is less than $50,000), or in other circumstances determined by APRA.
The FAR legislation simplifies the BEAR deferred remuneration regime, and clarifies a number of ambiguities in the existing BEAR legislation dealing with the deferral of variable remuneration. The FAR remuneration rules will need to be considered alongside the requirements of APRA Prudential Standard CPS 511 Remuneration and the proposed Prudential Practice Guide CPG 511 Remuneration, which is subject to ongoing consultation (see our previous article). A key area of focus in the submission process should be to ensure the FAR regime and CPS 511 are aligned so far as is possible to avoid unnecessary complexity and confusion in this area noting there are currently differences between the deferral rules proposed under FAR and CPS 511 (for example CPS 511 requires 60% of the variable remuneration of the CEO of an SFI to be deferred for 6 years as opposed to 40% for 4 years under FAR).
Importantly, the draft FAR legislation contemplates that ASIC or APRA (as applicable) may have a role in determining how equity-based variable remuneration is to be calculated for deferral purposes. If ASIC and APRA choose not to specify a calculation methodology, then the deferral proportion is to be calculated based on the equity’s value at the time of the grant and assuming maximum opportunity.
Accountability map and accountability statement obligations – as anticipated in the 2020 consultation materials, “core notification entities” will only need to notify APRA/ASIC of their registered persons, material changes, and breaches. However, “enhanced notification entities” will need to submit an accountability map (which can cover multiple accountable entities within the same corporate group) and accountability statements for each accountable person – including for significant subsidiaries. The consultation materials indicate that APRA / ASIC expect to review detailed drafts before the legislation commences.
The consultation materials state that the following categories are likely to be enhanced notification entities and require accountability statements:
- ADIs with total assets > $10 billion
- RSE licensees with the combined total assets of all super funds > $10 billion
- Life insurers with total assets > $4 billion
- General insurers and private health insurers with total assets > $2 billion
Enforcement and penalties
Consistent with the existing BEAR legislation, FAR will allow civil penalties to be applied to accountable entities that fail to comply with certain FAR obligations, and substantially increases the maximum penalty available to the higher of:
- 50,000 penalty units (currently $11.1 million); or
- three times the benefit derived and detriment avoided due to the contravention; or
- 10% of the annual turnover of the body corporate (up to a maximum of $555 million).
Treasury’s 2020 consultation pack contemplated that civil penalties would also be available against individual accountable persons who had breached their accountability obligations. This appears to have been dropped from the exposure draft. However, existing BEAR enforcement options have been maintained, including the power to deregister an accountable person and to direct an entity to reallocate responsibilities to another person in certain circumstances.
Given the additional penalties and regulatory actions available to APRA and ASIC under FAR, APRA regulated entities should reassess the coverage provided under their professional indemnity and directors and officers liability insurance policies.
Under FAR, like BEAR, a related body corporate of an accountable entity cannot indemnify nor pay premiums for an insurance contract that would insure the accountable entity against the consequences of breaching FAR. Anything that purports to provide such indemnity or insurance is void, although the prohibition does not apply to legal costs. Accordingly, APRA regulated entities should ensure that their policies are drafted so that it is not in breach of this prohibition.
Interestingly, unlike BEAR, the prohibition does not extend to indemnification nor insurance cover for an accountable person's breach of FAR.
Similar issues as those raised under BEAR will apply, see our previous article. We will explore these issues and the implication of FAR for insurers further in a future alert.
Treasury is accepting submissions on the draft legislation until 13 August 2021. The consultation materials indicate the Government intends to introduce and pass the legislation during the Spring sittings of Parliament (prior to any election occurring).
Commencement will be staggered, reflecting that BEAR already applies to ADIs (and their NOHCs), and potentially allowing further staggering across insurers and RSE licensees in future:
ADIs and their NOHCs
FAR to commence from 1 July 2022 (or 6 months after FAR commences, whichever is later)
BEAR repealed once FAR takes effect
General, life and private health insurers (and their registered / authorised NOHCs)
FAR is expected to commence from 1 July 2023 (or 18 months after FAR commences, whichever is later)
A ministerial declaration will first be required to apply FAR to these entities – that declaration could specify that FAR applies to a particular class of entities (eg over a particular $ threshold)
As for insurers – ministerial declaration required
Where to from here?
Experience in implementing BEAR suggests financial institutions should not underestimate the work required to prepare for and implement FAR.
While many ADIs now have well-established accountability frameworks in place (including to address suspected breaches), those will need to be re-visited to ensure they reflect the new FAR model. In particular, FAR’s application to material subsidiaries and other APRA-regulated group entities, together with the proposed end-to-end product accountabilities, will require further review of existing governance and accountability arrangements before implementation next year.
For insurers and super trustees, substantial work will be required. For some entities, structural changes and redesigned governance arrangements will be needed in order to ensure accountabilities operate effectively and align with FAR. For all entities the detailed work of identifying accountable persons, educating them on their new liabilities, preparing maps and statements, and reconsidering risk and control processes, should not be underestimated and will need to begin well before the regime commences. We will also issue separate updates to guide insurers, super trustees and banks on the implications of FAR over the coming weeks.
King & Wood Mallesons has advised extensively on the implementation of BEAR by Australian and foreign ADIs, as well as ongoing accountability governance and issues management.
If you are interested in making a submission to Treasury (prior to the 13 August deadline), or would like to discuss how FAR will affect your institution, please reach out to our key contacts or your usual KWM contact.