The long-awaited Financial Accountability Regime Bill 2023 was finally passed by Parliament on 5 September 2023 (FAR). The bill was first introduced into the House of Representatives on 28 October 2021.
FAR will apply to the banking industry 6 months after it receives Royal Assent and 18 months later to the insurance and superannuation sectors:
FAR: The headline points:
- All banks, insurers and superannuation entities: FAR will replace and extend the Banking Executive Accountability Regime (BEAR), which currently applies only to authorised deposit-taking institutions (ADIs). FAR will apply also to general insurers, life insurers, private health insurers, registrable superannuation entities (RSE) licensees as well as indirectly to their ‘significant related entities’ (accountable entities).
- All directors and senior executives: All directors and most senior executives will be identified as accountable persons under the regime and be subject to broad obligations to, among other things, act with honesty and integrity and with due skill, care and diligence. They will be obliged to take reasonable steps to prevent material contraventions of specified financial services laws. This brings into sharper focus the adequacy of compliance arrangements.
- Double the regulator: FAR will be jointly administered by ASIC, as well as APRA (the regulators). ASIC has a strong enforcement record. We can expect to see significantly more enforcement investigations of potential breaches of FAR than we have seen of BEAR.
- Coverage of everything: The obligations under FAR apply to everything that an accountable entity does, including for example its arrangements relating to cyber security, data risk management, anti-money laundering, product governance, scams and hardship. The regime imposes broad obligations on accountable entities and on individual accountable persons relating to the adequacy of these arrangements.
- Remuneration impacts: FAR will require at least 40% of the variable remuneration of accountable persons to be deferred for a minimum of 4 years (with cliff-vesting after 4 years). Variable remuneration must be reduced by an amount that is proportionate to any failure to comply with the accountability obligations under the regime. Additional remuneration requirements apply under APRA Prudential Standard CPS 511 Remuneration (CPS 511).
- Increased transparency: The regulators will maintain a register of accountable persons, which will include details of their responsibilities and any disqualifications (see our article 'ASIC and APRA consult on FAR | Intensifying the spotlight on bank directors and senior executives'). The regulators are empowered to publish the register on the internet.
- Greater the penalty: Under FAR, the maximum civil penalty that may be imposed on an accountable entity for failing to comply with the regime is the greater of 50,000 penalty units ($15.65 million), three times the benefit derived or detriment avoided from the contravention and 10% of the entity’s annual turnover up to 2.5 million penalty units for each contravention ($782.5 million).
- Liability as an accessory: Any individual, including an accountable person, may be held liable to pay a financial penalty in the amount of up to 5000 penalty units ($1.565 million) if, for example, they are in any way, directly or indirectly, knowingly concerned in, or party to a contravention of FAR by the accountable entity.
- Disqualification of accountable persons: Individuals may be disqualified from holding an Accountable Person role under FAR and, if they are convicted of an offence under FAR, may be disqualified from being a director or senior manager, or holding certain other senior roles in an APRA-regulated institution.
- Broad regulatory powers: The regulators will have broad powers under FAR to, for example, seek court orders for compliance or injunctions, require enforceable undertakings, make directions to address actual or likely non-compliance, or to reallocate responsibilities of accountable persons under FAR.
What you need to consider: Navigating FAR for effective governance
FAR is designed to promote good governance and effective leadership. It complements and reinforces a range of existing prudential and conduct-related requirements, including those that are imposed on directors and officers under the Corporations Act 2001 (Cth).
An effective implementation of FAR will assist institutions to get their houses in order by prompting improvements in governance, risk, compliance and culture, among other areas. These improvements will mitigate potential exposures under FAR, as well as a range of other financial services laws.
How to get your house in order:
- Scope of FAR: As a preliminary step, accountable persons should be identified and an analysis conducted in relation to whether there are any ‘significant related entities’ of the accountable entity. FAR will apply indirectly to significant related entities, which may include offshore subsidiaries.
- Accountability statements and map: Accountability statements should be prepared containing a comprehensive statement of the responsibilities of each accountable person. This will require a robust understanding of the prudential and conduct landscape, as well as better practices in governance, risk and compliance. Careful drafting should reflect accurately the handoffs between accountable persons. Guidance from the regulators on the key functions which are required to be covered in accountability statements will also need to be considered.
- Reasonable steps framework: Developing a reasonable steps framework is critical to building an evidence base of how accountable persons are discharging their accountability obligations in practice. This will avoid the need to do so contemporaneously during a FAR investigation by the regulators. There are various pitfalls associated with reasonable steps frameworks. A proportionate approach is key.
- Training and guidance: Institutions and their senior individuals will need to be supported in delivering good governance and effective leadership under FAR. The quality of the learning journey for directors and executives, as well as the broader organisation is critical to avoiding regulatory action under the regime.
- Scenario testing: War-gaming with directors and executives by conducting a FAR diagnostic on a past or fictitious event will bring FAR to life by highlighting the steps that should be taken early to mitigate potential exposures under the regime.
- FAR breach reporting: The threshold for reporting breaches to the regulators under FAR will be lower than that under BEAR. Under FAR, accountable entities must notify regulators within 30 days of having reasonable grounds to believe that the accountable entity or an accountable person has breached their obligations under FAR. Internal guidance will be required on when the relevant threshold has been reached. Certain proof of a failure to comply is unlikely to be required.
- Remuneration and consequence management: Accountable entities should consider what changes are required to their remuneration arrangements in order to accommodate the remuneration related requirements in FAR, CPS 511 and APRA Prudential Standard CPS 510 Governance. This will require review of remuneration policies, short term and long-term incentive plans and consequence management arrangements. There are a number of ambiguities in FAR relating to remuneration that will need to be navigated.
- Insurance, indemnity and access: Unlike BEAR, FAR permits accountable entities to indemnify or pay a premium to insure an accountable person against the consequences of breaching FAR. D&O insurance policies should be reviewed. Deeds of access should also be considered. They permit accountable persons to have access to the information and documents they require to defend themselves in a regulatory investigation even after they leave an accountable entity.
- FAR BAU: A number of policies, procedures and guidance documents should be prepared to capture how the obligations under FAR are administered by the accountable entity on an ongoing basis. Consideration should be given to the accountability principles that will underpin an accountable entity’s accountability framework, the organisational structure and governance arrangements required to support the framework, monitoring and reporting on accountability practices, change management, people and culture and assurance.
Is implementing FAR well, worth it?
Implementing FAR in a proportionate manner, using the right skills and experience, will have a positive overall impact on an accountable entity. A well thought out implementation will protect directors and executives and assist in the proper functioning of accountable entities. Those who have been subject to BEAR and others who have pre-emptively implemented FAR well are overwhelmingly positive about the benefits that have been realised from doing so.
How we can help?
We have implemented BEAR and FAR for in excess of 30 institutions in the banking, insurance and superannuation industries. Our experience extends to post implementation reviews of the regime, providing strategic advice to boards and executives on potential exposures under BEAR, internal investigations into potential breaches and breach reporting, as well as the review and uplift of remuneration frameworks for BEAR and CPS 511 compliance.
If you need assistance with any aspect of the regime, don't hesitate to contact us.
Authors: Silvana Wood, Janina Del Rosario, Chris Whittaker and Lilian Wan