Overview: The proposed new Financial Accountability Regime (FAR)
Following the release of a proposal paper in January 2020 (summarised) and consultation on draft legislation (summarised) in July-August 2021, the Financial Accountability Regime Bill 2021 (Bill) and the Financial Sector Reform (Hayne Royal Commission Response No 3) Bill 2021 were introduced into the House of Representatives on 28 October 2021.
In broad terms, the approach to establishing the Financial Accountability Regime (FAR) in the FAR Bill is largely consistent with the approach contemplated in earlier consultations with some exceptions. A high level overview and discussion of the key measures is below.
What is the FAR?
If legislated, the FAR (which will replace the existing BEAR) proposes to extend strengthened, but broadly BEAR-like, accountability requirements to other APRA-regulated entities and to the directors/senior executives of those entities. This is in accordance with the government's response to several Hayne Commission recommendations.
Importantly, unlike the existing BEAR, the FAR will be administered jointly by APRA and ASIC.
Why is the FAR being introduced?
The FAR will implement the government's response to the following Hayne recommendations.
- Recommendation 3.9 – the BEAR be extended to all RSE licensees
- Recommendation 4.12 – the BEAR be extended to all APRA regulated insurers
- Recommendation 6.6 – ASIC and APRA jointly administer the BEAR
- Recommendation 6.7 – the obligations be amended to make clear that an ADI and accountable persons must deal with APRA and ASIC in an open, constructive and co-operative way
- Recommendation 6.8 – the BEAR be extended to all APRA-regulated financial services institutions and that APRA and ASIC should jointly administer those new provisions.
The explanatory memorandum makes clear that the new individual and firm-level accountability framework that will be introduced by the FAR is intended to lift the standard of risk and governance culture across the financial sector, consistent with the spirit of the Hayne recommendations.
The explanatory memorandum states:
'A key objective of the Financial Accountability Regime is to improve the operating culture of entities in the banking, insurance and superannuation industries and to increase transparency and accountability across these industries—both in relation to prudential matters and conduct related matters'.
Implementation of Recommendation 1.17 (end-to-end product responsibility)?
The consultation policy paper accompanying the July-August 2021 FAR consultation (consultation policy paper), indicated that individual end-to-end product responsibility would be 'subsumed' into the FAR by including it in the list of 'prescribed responsibilities and positions' for accountable persons, to be set by the Minister in 'rules'. This would implement the government's response to Hayne Recommendation 1.17.
However, it is not clear whether this remains the government's intention.
As yet, the Minister's rules have not yet been released.
The Treasurer's 28 October 2021 announcement listed the Hayne Recommendations which the government considers that the Bill responds to.
No reference was made to implementation of Recommendation 1.17.
Who will the FAR apply to?
If legislated, the FAR would impose accountability obligations on 'accountable entities', ie:
- ADIs and their authorised NOHCs
- general insurers and their authorised NOHCs
- life insurers and their registered NOHCs
- private health insurers
- RSE licensees
These obligations would also apply to foreign accountable entities (in the banking or insurance sectors) but only to the operations of their Australian branch (s15(2)(b) of the Bill).
While the FAR will not impose direct legal obligations on the 'significant related entities' of accountable entities, accountable entities will be required under the new regime to take 'reasonable steps' to ensure that their 'significant related entities' comply with certain FAR obligations. A 'significant related entity' of an accountable entity other than an RSE licensee is defined differently to a 'significant related entity' of an RSE licensee.
The board and certain senior executives within accountable entities, referred to in the Bill as 'accountable persons', will also be directly regulated by the FAR and face potential sanctions for non-compliance with their FAR obligations.
Accountable entities will need to determine who within their organisation is an 'accountable person' by reference to the considerations in s10 of the Bill. Namely:
- whether the person holds a position (either within the accountable entity or within a significant related entity) that has 'actual or effective senior executive responsibility' for either: a) the 'management or control of the accountable entity'; or b) 'a significant or substantial part or aspect of the operations of the accountable entity or the accountable entity or the accountable entity's relevant group'; or
- whether the person holds one (or more) of the prescribed responsibilities or positions listed in 'rules' to be made by the Minister.
As yet, the Minister's rules have not been released. Attachment A at p6 of consultation policy paper, set out a full list of proposed prescribed responsibilities and positions. There has been no more recent update on the government's intentions.
Application to a much broader range of functions within FAR entities?
Consistent with the approach proposed in the July-August consultation, the explanatory memorandum for the current Bill indicates that, in practice, the FAR is intended to apply to a fairly limited group – ie. to 'typically include the directors and senior executives of an entity, such as the Chief Executive Officer and officers reporting directly to the Chief Executive Officer' rather than to lower level executives.
However, the indicative list of prescribed responsibilities and positions included in the consultation policy paper (which may not be indicative of the final approach) is still much broader than under the BEAR.
The proposed FAR accountability framework
Similar to the BEAR, the FAR will impose:
- accountability obligations;
- key personnel obligations;
- notification obligations; and
- deferred remuneration obligations on APRA-regulated entities.
Similar to the BEAR, and consistent the approach in previous consultations, the FAR will require (s20 of the Bill) accountable entities to take reasonable steps to:
- conduct their business with honesty and integrity, and with due skill, care and diligence;
- deal with APRA and ASIC in an 'open, constructive and cooperative way';
- in conducting its business, prevent matters from arising that would (or would be likely to) adversely affect the entity's prudential standing or reputation; and
- ensure all accountable persons and each of the entity's significant related entities meet their accountability obligations under the FAR.
Similarly, accountable persons will be required to: a) act with honesty and integrity, and with due skill, care and diligence; b) deal with APRA and ASIC in an open, constructive and cooperative way; and c) take reasonable steps in conducting their responsibilities to prevent matters from arising that would (or would be likely to) adversely affect the entity’s prudential standing or reputation.
New obligation: In addition to these obligations, the FAR would introduce a new obligation (ie not included in existing BEAR obligations) requiring accountable persons to take reasonable steps in conducting their responsibilities as an accountable person to prevent matters from arising that would (or would be likely to) result in the entity's material contravention of specified laws governing the entity (see: s21(d) of the Bill).
Section 22 of the Bill sets out a non-exhaustive list of what may constitute reasonable steps in meeting this and the other relevant accountability obligations listed above, being the following (the last one of which is an addition to the equivalent list in the BEAR legislation):
- having appropriate governance, control and risk management
- having safeguards against inappropriate delegations of responsibility
- having appropriate procedures for identifying and remediating problems that arise or may arise
- taking appropriate action in response to non compliance, or suspected non compliance
Interestingly, 'taking appropriate action to ensure compliance', which was included in the draft Bill as an additional example of 'reasonable steps', does not appear in the Bill.
Key personnel obligations
If legislated, accountable entities will be required to ensure that:
- the responsibilities of their accountable persons (ie. the accountable persons of the accountable entity and its significant related entities) cover all aspects of their business;
- every accountable person is registered with the regulators before occupying an accountable person role (with certain exceptions, eg. where the person holds the position for 90 days or less)
- accountable person applicants have not been disqualified by the regulators from holding an accountable person position.
Register and registration process
An information paper included as part of the July-August consultation suggested, that to streamline this process, registration of accountable persons will occur through a single portal. This portal would also function as a single point of contact for FAR-related requests, queries and data collection more generally, on an ongoing basis. Information submitted by accountable entities through the single portal would be made available to both APRA and ASIC, removing the need for entities to submit the same information to each regulator separately.
We are not aware of any more recent update on whether this remains the government's intention.
Under the Bill before Parliament, the regulators may make any of the information contained on the register public on the internet (s.40(5)). In addition to the information that the draft Bill contemplated would be required for registration, the Bill requires that the register contain details of the responsibilities that cause a person to be an accountable person of the relevant entity (s.40(4)(f)).
Registration of accountable persons – no veto power over new appointments
As recommended by the APRA Capability Review, the original proposal document released in January 2020 proposed to give APRA a new (reserve) 'veto' power over the appointment/reappointment of directors and senior executives 'where APRA holds existing relevant information regarding a particular person that conflicts with the obligations that would be placed on him or her as an accountable person'.
This was not included in the draft Bill consulted on in July-August and has not been included in the Bill now before parliament.
Section 41 of the Bill makes clear that provided that the registration application meets certain requirements – that: a) the application is complete (ie contains all the information required) and submitted in the approved form to the regulators; b) includes a signed declaration that the accountable entity is satisfied the person is suitable to be an accountable person; c) is accompanied by an accountability statement for the person (where required); and d) is supplemented by any further information requested by the regulators in relation to the application - the person is required to be registered within 21 dates of the regulators receiving their application.
Where further information has been requested, the regulators will register the person 21 days after it is provided to the regulators.
Deferred remuneration obligations
Broadly, the FAR will require all accountable entities and their significant related entities to defer at least 40% of the variable remuneration for each of their accountable persons for a minimum of four years (except in limited circumstances), if the amount that would be deferred is AU$50,000 or more (or another amount if prescribed in the Minister's rules).
Variable remuneration means so much of a person's total remuneration (including cash and equity based remuneration) that is conditional on the achievement of objectives, such as performance metrics and service requirements according to the explanatory memorandum.
There would be no requirement to defer variable remuneration if variable remuneration is not a feature of a particular accountable person's remuneration structure (eg, if the accountable person receives only fixed pay (eg, salary and superannuation).
Four year deferral requirement
The explanatory memorandum states that the four year deferral requirement is 'intended to be consistent with provisions of APRA’s prudential standard to regulate remuneration in regulated industries (Prudential Standard CPS 511 Remuneration), that also requires deferral of variable remuneration for an overlapping class of persons in those industries. This approach will provide for consistent compliance requirements under the two frameworks'.
Interestingly, APRA's prudential standard CPS 511 Remuneration (summarised) requires a higher deferral of 60% of the CEO's total variable remuneration for CEOs of significant financial institutions (as defined). APRA has indicated [CPG 511 Remuneration] that entities are expected to comply with both FAR and CPS 511.
Requirement to reduce variable remuneration
Under s25 of the Bill, accountable entities will also need to ensure their remuneration policy 'requires' a reduction in the variable remuneration of accountable persons who fail to comply with their accountability obligations.
The reduction must be proportionate to the failure (potentially to zero) and need not be limited to variable remuneration relating to a period in which the failure occurred.
Accountable entities will also be required to take reasonable steps to ensure that their significant related entities comply with these obligations. The deferred remuneration obligations will not apply to an accountable person:
- while the person is filling a 'temporary or an unforeseen vacancy' (provided the person is not registered as an accountable person), for the first 90 days that they fill the position (s30 of the Bill); or
- whose deferred variable remuneration for the financial year does not meet a minimum $50,000 threshold (unless the Minister makes specifies a different amount) (s29 of the Bill)
If legislated, entities will not be classified as small, medium and large (as is the case under the BEAR) but instead split into two categories: 'core compliance entities' (which will not be required to submit accountability maps/statements to the regulators) and 'enhanced compliance entities' (which will have to do so).
Core compliance entities
All accountable entities will be required to provide the regulators with certain 'core' information about the entity and its accountable persons (set out in s31(1)(a) and s32 of the Bill). This information includes notifying the regulators if certain events or compliance failures occur, using an approved form, generally within 30 days of the event occurring.
Notification requirements will be triggered where:
- a person ceases to be an accountable person
- an accountable person of the accountable entity (or of a significant related entity) is dismissed or suspended because the person has breached their accountability obligations under s21
- a reduction is applied to the variable remuneration of an accountable person of the entity (or of a significant related entity) because the person failed to comply with one or more of the person’s accountability obligations under s21
- a 'material change' occurs to information included on the register of accountable persons about an accountable person
- the accountable entity has reasonable grounds to believe that:
- 'the accountable entity has failed to comply with one or more of its accountability obligations under section 20 or of its key personnel obligations under section 23; or
- an accountable person of the accountable entity, or of a significant related entity of the accountable entity, has failed to comply with one or more of the person’s accountability obligations under section 21'.
Accountable entities will also be required to take reasonable steps to ensure that each of its significant related entities comply.
Enhanced compliance entities
Entities that meet an 'enhanced notification threshold' will be required also to provide accountability statements and accountability maps to the regulators and to notify the regulators of material changes to these documents.
The threshold to determine which accountable entities will need to comply with the enhanced notification requirements will be specified in rules to be set by the Minister (which have not yet been released).
A 'Questions and Answers' document released as part of the July-August consultation on the draft Bill (consistent with the original proposal) suggested that the enhanced notification requirements may apply to the following entities:
- ADIs with total assets > $10b
- RSE licensees with total assets > $10b (ie combined total assets of all RSEs under the trusteeship of a given RSE licensee.)
- General and private health insurers with total assets > $2b
- Life insurers with total assets > $4b
We are not aware of any more recent update on whether this remains the government's intention.
The same Question and Answers document also suggested that where an accountable entity within a corporate group meets the enhanced notification threshold, 'all other accountable entities within that corporation group including any licensed NOHCs would need to comply with the enhanced notification obligations irrespective of whether they meet the enhanced notification threshold'. Again, we are unaware of any more recent update on this question.
The Bill will give the regulators a variety of tools to administer/enforce compliance with FAR obligations. These include (among others):
- the power to direct an accountable entity to take action to address actual or likely non-compliance with FAR obligations
- the power to require accountable entities, significant related entities and accountable persons to provide information or documents to them
- the power to conduct investigations (including examinations) into possible FAR contraventions.
- the power to disqualify a person from being an accountable person for a period
- the power to accept enforceable undertakings
- the power to seek an injunction order from a Court
- the power to seek a Court to impose civil (financial) penalties
Contravention of five provisions of the Bill (s48, s52, s68, s92 and s94) could also potentially incur a criminal penalty.
If the Bill is enacted in its current form, an accountable entity that breaches its FAR obligations could incur (under s80-83) a civil (pecuniary) penalty of up to 50,000 penalty units, three times the value of the benefit derived or detriment avoided by the entity, or 10% of the entity’s annual turnover up to 2.5 million penalty units for each contravention.
The explanatory memorandum states that:
'In practice, it is intended that a court would determine which method provides the greatest penalty, and then use discretion to impose an appropriate penalty up to that amount'.
The original FAR proposal in 2020 suggested that individual accountable persons might also face civil penalties for contravention of their FAR obligations. This measure was omitted from the draft Bill, but a note within the draft Bill suggested an intention that a person (eg an accountable person) could be liable for ancillary contravention of a FAR obligation of an 'accountable entity' by virtue of the Regulatory Powers Act.
The Bill now before Parliament includes new additions: ss 81(1) and 83(3).
Section 81(1) states that a person must not:
- 'attempt to contravene a civil penalty provision of this Act; or
- aid, abet, counsel or procure a contravention of a civil penalty provision of this Act; or
- induce (by threats, promises or otherwise) a contravention of a civil penalty provision of this Act; or
- be in any way, directly or indirectly, knowingly concerned in, or party to, a contravention of a civil penalty provision of this Act; or
- conspire with others to effect a contravention of a civil penalty provision of this Act.'
A person is liable to a civil penalty if the person contravenes s81(1) (s81(2)).
Section 83(3) of the Bill provides that a breach of s81 by a 'person other than a body corporate' (which according to the explanatory memorandum includes an accountable person), would mean that the person could incur a civil penalty of the greater of either: 5,000 penalty units or 'if the court can determine the benefit derived and detriment avoided because of the contravention — that amount multiplied by 3'.
Auditors and actuaries
The explanatory memorandum flags that the Bill will also extend certain existing obligations on auditors and actuaries to assist with investigations under existing legislation - the Banking Act 1959 (Cth), Insurance Act 1973 (Cth), Life Insurance Act 1995, Private Health Insurance (Prudential Supervision) Act 2015 (Cth), and the Superannuation Industry (Supervision) Act 1993 (Cth) - to include assisting with investigations of potential FAR breaches once the FAR regime takes effect.
Joint administration/enforcement of the FAR
Division of responsibilities
- If legislated in its current form, ASIC will be limited to administering or enforcing the FAR in relation to accountable entities that hold an Australian financial services licence or an Australian credit licence, their significant related entities, and accountable persons of these entities. Section 36 of the Bill identifies the provisions covered by this limitation. The explanatory memorandum makes clear that this will not prevent ASIC from 'maintaining the register of accountable persons, sharing information and making legislative instruments with APRA in relation to all accountable entities and persons'.
- APRA will enforce and administer the FAR in relation to other entities, their significant related entities and the accountable persons of those entities.
- The regulators will jointly establish and administer the register of accountable persons.
The Bill includes a number of measures intended to ensure a 'cohesive' approach on the part of the regulators.
- Section 37 of the Bill requires APRA and ASIC to enter into an arrangement outlining their general approach to administering and enforcing the FAR within six months of the commencement of the Bill, and before exercising certain powers/functions under the Bill. If the regulators fail to reach an agreement, the Minister may determine an arrangement for this purpose.
- Section 38 of the Bill specifies a number of situations requiring the regulators to form an agreement prior to making certain decisions or exercising certain powers eg the decision to disqualify an accountable person.
- The explanatory memorandum states that ASIC and APRA are 'required to share certain information necessary to enable the joint administration of the regime'. Section 39 of the Bill states that APRA and ASIC may share information that is obtained, produced, or disclosed for the purposes of FAR. APRA and ASIC are also required to share certain information necessary to enable the joint administration and enforcement of the regime.
Proposed timing and plan for implementation of the FAR
If legislated in its current form:
- the FAR will apply to ADIs and their authorised NOHCs from the later of 1 July 2022 or six months after commencement of the legislation. At this point, the BEAR would be repealed.
- the FAR will commence for insurers, their licensed NOHCs and RSE licensees from the later of 1 July 2023 or 18 months after the commencement of the FAR.
Preparing for the FAR
Given that the introduction of the FAR has been anticipated for some time, many financial services firms have already taken steps to review their existing governance structure and frameworks in anticipation.
In light of the detail now available, and in light of the impact that the COVID-19 pandemic has had on working arrangements and the flow-on effects for supervision and oversight, entities may wish to revisit these reviews, as part of their broader FAR planning processes.
Accountable entities should expect to engage with the regulators
The information paper included as part of the July-August consultation flagged that the regulators would engage with accountable entities ahead of formal implementation of the regime to support them in their preparations. In particular, it was suggested that in addition to taking the opportunity to 'properly examine and strengthen existing governance frameworks where appropriate' accountable entities should be prepared to engage with the regulators on the following issues:
- for ADIs, the regulators may seek to understand how they intend to transition from the BEAR to the FAR including how they intend to meet their new and expanded obligations;
- for 'enhanced compliance entities' the regulators will request draft accountability maps and statements to be provided for review and comment as part of the pre-implementation process; and
- for 'core compliance entities' the regulators will request information about their preparations eg a draft list of accountable persons.
Broader implications: A new minimum governance standard across the financial services sector?
In the time that has elapsed since the Hayne Commission and following the release of the initial FAR proposal in January 2020, and the consultation on the draft Bill in July 2021, stakeholder expectations around executive accountability for non-financial risk (including accountability for cultural failings) have risen dramatically in Australia and internationally. The new accountability framework that will be introduced by the FAR is arguably very much in alignment with these increased expectations.
Over time, we expect that the FAR is likely represent a new minimum standard for boards and senior management across the economy.
Interested in this topic? You can find regular coverage of Hayne Commission-related developments in our weekly newsletter Governance News.