The Australian Prudential Regulation Authority (APRA) has released its response to the Financial Services Royal Commission's Interim Report. The submission outlines the regulator's views on issues including the regulatory framework and practices, conduct, culture and governance and specific issues covered in the report including lending practices and codes of conduct. A high level overview of some of the issues raised in the submission is below

[Note: The Commission has not yet released submissions. However, some entities including APRA, the Governance Institute of Australia (GIA) and the Financial Rights Legal Centre (FRLC) have elected to do so. These are covered in separate posts in the 5 November issue of Governance News.

Three broad policy questions

The submission identifies three 'overarching questions' raised by the Commission with respect to regulators, namely:

• whether the regulators' response to misconduct has been appropriate
• how regulators should respond to misconduct and compliance risk
• whether the regulatory architecture or the law should be simplified.

This is the focus of much of APRA's submission.

APRA's response to misconduct

APRA's response to misconduct has been 'broadly appropriate': APRA considers that its 'response to misconduct and misconduct risk has been broadly appropriate given its core prudential mandate and risk focused approach'. APRA adds that it is 'not surprising' that some information identified by the Commission was not known to it given its current level of resourcing (200 'front line' supervisors supervising 600 entities) which necessitates, APRA writes, both its 'risk focused' approach and its partial reliance on assurances from regulated institutions that their controls are effective and compliant with APRA requirements (though APRA concedes that the Commission has demonstrated that policies have not always been implemented effectively in practice.)

APRA is reviewing its current approach: APRA writes that it is reviewing prudential standards on governance and risk to ensure that they focus not only on policies and frameworks but also on implementation in practice and outcomes achieved. In addition, APRA is reviewing its regulatory approach more generally to look at how it can 'deepen' its supervision, and increase the deterrent effects of enforcement action including in relation to its use of public enforcement action where appropriate. In particular APRA states that the review will consider:

• whether APRA should increase the breadth of issues it seeks to address through public enforcement action;
• whether APRA should take more enforcement action to hold individuals to account (including under the Banking Executive Accountability Regime (BEAR)); and
• whether APRA should take more public enforcement action including litigation to achieve general deterrence effects in appropriate cases and publicly disclose enforcement priority areas.
• APRA adds that it is also rethinking its approach to overseeing culture in light of the issues identified by the Commission. 'The Commission has demonstrated how poor culture together with weak governance within organisation can allow incentives for misconduct to persist undetected within an organisation's business operations. APRA agrees that culture is a key driver of an institution's operations but notes that regulatory oversight of culture is a relatively new and developing field. Clearly this is an area where more work is required APRA's current focus in this area is on accountability and remuneration' the submission states.
• A more 'active' approach to responding to conduct and compliance risk (but not a wholesale rethink): Though both APRA and the Australian Securities and Investments Commission (ASIC) have a role to play in guarding against/enforcing standards of governance, APRA writes, ultimately behavioural change is a matter for boards and industry must take 'more responsibility, not less, for maintaining appropriate standards of conduct and guarding against misconduct'. APRA also notes that regulatory responses to compliance need to be tailored to the circumstances of the particular breach, as taking formal legal action on every occasion could result in financial institutions becoming 'wary of all but the most simple and low risk transactions with a much reduced incentive to innovate' which would in turn limit access to/increase costs of financial services.

The role of industry codes of conduct

Supportive in principle: Commenting on the roles of industry codes of conduct, APRA writes that it 'remains supportive in principle of comprehensively adopted and robust industry codes' which in its view deliver 'flexibility within the regulatory architecture to respond to emerging risks and evolving community expectations' and avoid the need for additional legislation/regulation. Having said this, APRA notes that in practice not all entities subscribe or adhere to relevant codes. APRA goes on to say that though it does not have any direct responsibility with respect to industry codes, it does engage on the design of Codes to ensure alignment with prudential requirements. APRA comments that in its view, this approach strikes 'a reasonable balance between engagement about the robustness of industry codes, and ensuring that industry bodies and institutions that are code signatories remain accountable for effective adherence to relevant codes'.

Scope for improved enforcement? APRA goes on to say that a number of case studies considered by the Commission identified instances where a financial institution has not fulfilled its duties under the relevant industry code and that in these cases it is of the view that the industry bodies and the code signatories 'should be accountable for effectively adhering to the code in practice'.

[Note: Contrary to APRA, The Financial Rights Legal Centre (FRLC) submission to the Commission calls for an end to 'self-regulation' by the industry and the introduction of a co-regulation model. This is discussed in a separate post in this issue (05/11/2018) of Governance News.]

The current regulatory architecture should not be changed

The submission argues that the current 'broad structure of prudential and conduct regulation and responsible regulators should be maintained' as the existing model has 'served Australia well in terms of economic outcomes' and as an alternative approach risks introducing more complexity and is unlikely to 'drive materially better practices'. Having said this, APRA does support some specific changes. For example in relation to the banking executive accountability regime (BEAR).

Potential expansion of the Banking Executive Accountability Regime (BEAR)

BEAR is currently limited in scope: APRA writes that in its current form, the BEAR may play a limited role in addressing the issues identified by the Commission — by helping to prevent incentives from leading to poor conduct — but that in its current form, it is 'not an answer to all types of misconduct identified by the Commission' due to its limited scope and the way in which it is intended to operate.

Follow the UK example? The submission suggests that there would be 'benefits' to following the UK example (UK Senior Managers’ Regime), and extend the existing BEAR to other financial sectors and all types of misconduct including conduct affecting individual consumers (rather than being limited to conduct that is systemic and prudential in nature). APRA suggests that this could be accomplished either through legislation or, for insurers and superannuation funds, in a 'simplified form' through APRA's prudential standards. Were this expansion of BEAR to happen, APRA suggests, it should be jointly administered by ASIC and APRA.

[Note: This view appears to be shared by the Financial Rights Legal Centre (FRLC) which also argues in its submission to the Commission that BEAR should be extended, in line with the UK regime, to include accountability measures tied to poor consumer outcomes rather than just prudential matters. 'BEAR in its current form is unlikely to compel any executive to face consequences for the string of scandals that the Royal Commission and other inquiries have identified' the submission argues. 'We believe BEAR should be expanded in similar ways, that is: BEAR should link accountability to poor consumer outcomes; and BEAR should apply to all Australian Financial Service (AFS) licensees – not simply ADIs'.]

Incentives and remuneration — total prohibition on payment of incentives is 'premature'

• Review of prudential standards: One of the questions identified by the Commission was whether APRA’s prudential standards on governance (particularly Prudential Standard CPS 510 Governance, which contains the remuneration requirements) need to be reconsidered. APRA writes that it 'agrees that a sharper focus on incentive structures is needed, both by regulators and financial institutions' and went on to flag that 'APRA intends to strengthen and modernise its governance standards on remuneration to reflect experience to date and current expectations of good practice'.

[Note: CPS 510 was one of a package of six revised cross-industry standards and guidance released by APRA following consultation, in September as part of a project to extend to all APRA regulated institutions stronger standards on board governance and renewal. See: Governance News 17/09/2018]

• Payment of incentives: On the issue of incentives, APRA writes that though they can lead to 'perverse' outcomes, 'it would seem premature to call for abolition of any incentives throughout an organisation' given the 'longstanding role' they have played across many industries. APRA goes on to caution that the wholesale removal of incentives 'could have unintended consequences, such as the conversion of variable costs into fixed costs' among others.
• Industry should 'take the lead': APRA writes that industry 'should also be expected to take the lead on improving remuneration structures to prevent misconduct from recurring. Institutions looking to enhance conduct-related performance measures should ensure these are implemented in practice'.

Increased oversight/accountability measures?

Commenting on the issue of increased oversight of APRA, APRA states that it has no 'in principle concerns' with proposals that require regulators to demonstrate their performance and accountability but notes that it is already subject to a number of oversight mechanisms and that any new requirement should ideally assess the effectiveness of existing requirements in a 'holistic manner' to streamline/harmonise, rather than add to them. 'There has been a tendency over the years to add new layers of reporting and additional accountability mechanisms on regulators, rather than assess whether/how existing mechanisms night be deficient and, if so propose how they might be improved' APRA writes. APRA states that it 'would be open' to having more frequent reviews, adding that annual reviews are unlikely to provide sufficiently new information to justify the cost.