1. RG 278 Guidance in context

The Regulators note that the guidance in RG 278 should be read in conjunction with the:

1. Financial Accountability Regime Act 2023 (FAR Act) and the Financial Accountability Regime (Consequential Amendments) Act 2023 (FCA Act);
2. the JAA;
3. Explanatory Memorandum for the FAR Act and FCA Act;
4. draft Financial Accountability Regime Minister Rules 2022 (Minister Rules);
5. draft Financial Accountability Regime Act (Information for register) Regulator Rules 2023 (Regulator Rules)(see our article here for a quick recap); and
6. draft Financial Accountability Regime (Consequential Amendments) Transitional Rules 2023 (see our article here for a quick recap).

The Minister Rules, which include the enhanced notification obligation thresholds and prescribed responsibilities, are yet to be finalised. The Minister Rules were first published as an exposure draft on 12 September 2022 and remain in draft to date.

2. Joint administration and regulation of Financial Accountability Regime

Unlike BEAR, FAR will be administrated and regulated by both APRA and ASIC.

The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry advocated this dual-regulatory approach by recommending provisions modelled on BEAR be extended to all APRA-regulated insurers and registerable superannuation entity (RSE) licensees.

Under FAR, ASIC will also be empowered to perform certain functions and exercise certain powers in relation to:

1. ADIs who hold an Australian financial services licence or Australia credit licence (dual-regulated ADIs);
2. the Significant Related Entities (SREs) of dual-regulated ADIs; and
3. accountable persons of dual-regulated ADIs and their SREs.

Single point of contact for the Regulators 

FAR will introduce a single point of contact for ADIs to raise queries or requests through a mailbox (FAR@apra.gov.au). It is intended that all queries or requests submitted to the mailbox will be triaged and allocated to APRA or ASIC, as appropriate. Applications for relief under relevant provisions of the FAR Act may also be submitted to this mailbox.

Single Portal for submission of FAR related information 

APRA Connect will be used for FAR data collection such as registrations, notifications and lodgements of accountability statements and maps. ADIs will not be required to submit the same information to each regulator separately. Information submitted by dual-regulated ADIs through APRA Connect will be made available to both ASIC and APRA.

3. Pre-commencement activities of FAR  

From October 2023, ADIs will follow a two-step process in preparing for FAR. ADIs will submit draft submissions which the Regulators will review and give feedback on. ADIs will then make a formal submission based on the feedback provided.

The Regulators will also host ADI and industry briefings from October 2023 to help ADIs prepare for the administrative and operational requirements of implementing FAR.

4. Registering accountable persons under FAR

Existing accountable persons under BEAR and any new accountable persons

The FAR transitional arrangements ensure that an ADI is not required to re-register accountable persons already registered under BEAR (see item 4 of Sch 2 to the FCA Act).

However, as BEAR and FAR obligations are not identical, ADIs will need to check information previously submitted to APRA under BEAR and update that information accordingly. ADIs will also need to consider whether new accountable persons need to be registered given the expanded scope of FAR. Differences include:

• Prescribed responsibilities – both new and existing to reflect that FAR covers both prudential matters and conduct matters;
• Entities in an ADI group that are subject to FAR obligations – for example Non-Operating Holding Companies (NOHCs) of an ADI or SREs;
• Additional information that ADIs must include in the FAR register, which was not required to be provided under BEAR.

Timeline for registration

ADIs can apply for registration of new accountable persons under FAR from one month before the commencement of FAR.

Filling temporary and unforeseen vacancies

Under BEAR, individuals who are filling temporary or unforeseen vacancies of an accountable person are required to register the individual with APRA within 28 days. This has been extended to 90 days under FAR.  Those filling temporary or unforeseen vacancies under BEAR may continue to do so for a further 90 days following the commencement of FAR without having to be registered as an accountable person.

5. Key functions

Key functions have a different meaning under FAR

The concept of a ‘key function’ was introduced during the implementation of BEAR and illustrated in Attachment A to APRA’s Information Paper. Under FAR, the concept of a ‘key function’ will have a different meaning to that under BEAR.  Under FAR:

1. key functions are prescribed in the Regulator Rules;
2. each key function that is applicable to the ADI must be assigned to at least one accountable person and recorded in the FAR register; and
3. changes to the allocation of key functions are considered by the regulators as material changes. ADIs will therefore need to notify the regulators of these changes. 

Key functions may be allocated to more than one person

A key function may be allocated to more than one accountable person with each person having differing responsibilities in relation to the key function.  

Discretion regarding application of key functions

ADIs must assess which of the key functions are applicable to them and then allocate them to the relevant accountable persons. ADIs have discretion about which key functions are assigned to which accountable persons, so long as it reflects actual practices. For example, one accountable person may have no key functions while another may have multiple key functions.

The concept of a key function does not apply to SREs. The regulators acknowledge in RG 278 that some of the ADI key functions outlined in the Regulatory Rules may not be applicable to authorised NOHCs of an ADI or foreign ADIs.

6. Enhanced ADIs: Accountability statements and maps

Enhanced ADIs are those entities which, at the start of the financial year, have a total asset size of $10 billion or greater. They will be required to prepare the following:

1. Accountability statements for each accountable person: individuals that are accountable persons for multiple entities within a group, or are accountable for multiple responsibilities, only need to submit one accountability statement; and
2. Accountability map: which shows all accountable persons in the relevant group, their responsibilities and the lines of reporting and responsibility between them.

ADIs which are not ‘enhanced’ ADIs are referred to as ‘core ADIs’ under FAR.

In RG 278 the regulators state they are taking a principles-based approach to the content of accountability statements and maps. They will periodically assess whether additional content should be prescribed in the Regulator Rules. 

1. the application of FAR to its SREs and any authorised NOHC of the ADI;
2. new prescribed responsibilities as outlined in the draft Minister Rules;
3. the FAR requirement for accountability statements to include a declaration by the accountable person that the statement is accurate and they understand their accountability obligations; and
4. new accountability obligations of accountable persons to cover dealing with the Regulators and taking reasonable steps to prevent matters from arising that would require the ADI materially contravening financial services laws (see s 21 of the FAR Act).

7. Notification obligations

All ADIs are required to meet the core notification obligations while only enhanced ADIs are subject to the enhanced notification obligations. Authorised NOHCs of ADIs will be subject to the same notification obligations as other accountable entities within their corporate group.

Lower bar for reporting breaches to regulators under FAR

Another change from BEAR is that FAR introduces two new events (both of which are core notification obligations) that must be notified to the regulators. These are when:

1. the accountable entity has reasonable grounds to believe that it has breached its key personnel obligations (previously, an accountable entity was obliged under BEAR to notify APRA if it became aware of a breach of certain provisions under the regime by the accountable entity or an accountable person); and
2. a material change occurs to information about an accountable person on the FAR register (correcting immaterial typographical errors is not material). 

Low threshold for notifying regulators of ‘material’ changes to accountability statements and maps

Enhanced ADIs must notify the regulators through APRA Connect of material changes to their accountability statements and map. It is the responsibility of an ADI to determine whether a change is ‘material’ in nature. In RG 278, the regulators state that a change is likely to be material if a reasonable person, taking into account all knowledge of all relevant facts and circumstances, would conclude the change is material.

Examples of changes that are likely to be considered material include changes to:	the substance of an accountability or operations, such that an ADI is doing something additional, or not doing something it previously did; prescribed responsibilities or positions of an accountable person; general responsibilities or underlying accountabilities of an accountable person, such as where accountability is altered from ‘ensure’ to ‘oversight’; or who the accountable person reports to.
Adjustments to accountability frameworks that may result in material changes to existing accountability statements and maps include:	incorporating authorised NOHCs and SREs; adding mandatory declarations within statements for existing accountable persons in accordance with the requirement for accountability statements under FAR; assigning key functions to accountable persons; or reflecting a new prescribed responsibility and/or position, particularly the new conduct responsibilities, which causes a person to be an accountable person under FAR.
Changes to an accountability statement or map that are unlikely to be considered material include changes to:	the title of a person who reports to an accountable person; the name of business unit within the ADI where the underlying accountabilities or operations of and responsibility for the unit remain the same; and references to relevant legislation or Regulator Rules that do not alter the accountabilities or responsibilities of an accountable person.

RG 278 sets a low bar for notifying the Regulators of changes to accountability statements.

8. Corporate Groups: Identifying SREs

All ADIs, including foreign ADIs, and their authorised NOHCs will need to identify all of their SREs. SREs must be a subsidiary of the ADI and its business or activities must have or be likely to have a material and substantial effect on the ADI.

For a foreign ADI, this process would involve identifying whether a subsidiary could have a material and substantial effect on its Australian branch operations rather than the foreign ADI as a whole.

Factors that the ADI can consider when assessing whether a subsidiary is an SRE include:

• the nature and scale of the subsidiary’s business or activities;
• the nature and extent of any interdependency between the subsidiary and the ADI; and
• any organisation, financial or administrative arrangements between the subsidiary and the ADI.

The regulators expect an ADI to have in place robust processes to assess which subsidiaries are SREs and these processes should algin with the ADI’s broader risk management framework. The regulators note that they may query or request information regarding this assessment process and outcomes.

Conversely, when an insurer or RSE licensee ceases to be an SRE of an ADI (i.e. because it becomes an accountable entity), the ADI will need to consider the consequences of the change under FAR. For example, the ADI will likely need to make material changes to its accountability statements and map. The ADI may also need to notify the Regulators of the cessation of an accountable person of an SRE of the ADI, as that person will instead become an accountable person of the RSE licensee or insurer in its capacity as an accountable entity.

Relevant groups - preparing one accountability statement for each accountable person and one accountability map

An individual may be an accountable person of multiple accountable entities and/or SREs within the same corporate group. If the enhanced notification obligations under FAR apply, those entities may choose to prepare and submit one single accountability statement covering all relevant matters for that individual.

Similarly, where there are multiple accountable entities within the same corporate group, it is open to those entities to prepare and submit a single accountability map covering all relevant accountable persons. However, the details of the reporting lines and lines of responsibility of all accountable persons of each accountable entity and SRE must be able to be clearly identified.

9. FAR deferred remuneration obligations and other transitional matters

The FAR deferred remuneration obligations will apply to remuneration decisions that occur in the first financial year that begins six months after FAR commences.

Given that FAR commences for ADIs on 15 March 2024, for ADIs which have a financial year beginning on 1 July, the FAR deferred remuneration obligations will apply to remuneration decisions that occur on or after 1 July 2025.

Prior to this time, the BEAR deferred remuneration obligations will still apply. Deferred remuneration will continue to be subject to the BEAR obligations until the period of deferral finishes.

Under FAR, the deferred remuneration obligations do not apply to persons filling temporary or unforeseen vacancies of an accountable person.

CPS 511 and FAR: ADIs will also need to ensure that they meet the deferral requirements in CPS 511. These requirements came into effect on 1 January 2023 for ADIs that are significant financial institution (SFIs) and will come into effect on 1 January 2024 for ADIs that are not SFIs.

For SFIs, the CPS 511 deferral requirements are typically more stringent than the deferred remuneration obligations under FAR. Therefore, the Regulators consider that the CPS 511 deferral requirements would, in most cases, result in compliance with the FAR deferred remuneration requirements.

CPS 511 does not impose deferral requirements on non-SFIs. When a non-SFI becomes subject to FAR, it will be required to defer 40% of variable remuneration. Where relevant, a non-SFI ADI will need to update its remuneration plans and framework to reflect this shift.

Alignment between CPS 511 and FAR deferred remuneration obligations:

• The FAR variable remuneration deferral obligations set minimum standards and apply to ADIs regardless of size. The CPS 511 deferral requirements are more stringent than FAR for SFIs and large foreign ADIs only. For non-SFI ADIs, only the FAR deferral obligations apply;
• The definitions of ‘variable remuneration’ in FAR and CPS 511 are consistent. However, CPS 511 provides clarity on the term ‘objectives’.
• The deferral period for variable remuneration under FAR and CPS 511 are aligned. The deferral period starts at the beginning of the performance period (typically the beginning of a financial year).
• Under FAR, an accountable entity is required to defer 40% of variable remuneration for a minimum period of 4 years with no pro rata vesting permitted.
• The value of the deferred amount under FAR and CPS 511 are aligned, although there are minor drafting variations. Under FAR, the deferred amount is based on the value of the variable remuneration as if it had been paid at the start of the performance period. Under CPS 511, the deferred amount is based on the value of variable remuneration awarded in the financial year.

10. Other transitional matters

Certain obligations under BEAR will continue to apply after the commencement of FAR including following directions, enforceable undertakings and injunctions.

APRA will continue to be able to exercise its powers under BEAR after FAR commences. Any decisions made under BEAR can continue to be reviewed following the existing review procedures.

FAR can be used to take action in relation to breaches of BEAR, including issuing a non-compliance direction and disqualifying an accountable person.

An ADI could have its authority revoked as a result of breaches of the BEAR, regardless of whether the breach was before or after FAR commenced. Breaches of BEAR can be prosecuted under FAR despite the breach occurring under BEAR.

The JAA is built on the existing Memorandum of Understanding between APRA and ASIC. The JAA is structured as follows.

1. Objectives of the Joint Administration Agreement

The regulators aim to collaborate to reinforce the intention to improve the operating culture, transparency and accountability of the banking, insurance and superannuation industries. Their principles are as follows:

• support and harness each Regulator’s mandate and strengths for effective joint administration of the FAR;
• leverage supervision and surveillance frameworks already established by the regulators;
• focus on risks that impede strong and clear accountability; and
• be accountable and transparent in the joint administration of the FAR.;

2. Role of the Regulators

ASIC’s role is to focus on impacts to market integrity and consumer protection in the financial system and payments systems. Conversely, APRA’s role is to focus on the impacts to the prudential soundness of regulated entities as well as the financial stability of the overall system.

3. Oversight of arrangements and co-administration

APRA and ASIC will maintain structures to oversee co-administration of the FAR, including establishing clear accountability across the regulators, timely coordination and escalation of matters and review of the JAA.

4. Monitoring and supervising under FAR

The regulators have agreed to take a risk-based and outcomes-focused approach to monitoring and supervision of accountable entities and accountable persons under FAR. Where there is a joint interest on a FAR-related risk area, the regulators will collaborate and coordinate on the regulatory activities required. It may be appropriate for one Regulator to lead for certain activities, or for the regulators to take an independent but coordinated approach.

5. FAR Reporting

A single reporting portal will be used through APRA Connect. APRA Connect will also house the register of all accountable persons, and a single point of contact (the FAR@apra.gov.au) will be used for FAR-related matters.

6. Exercising Powers

The regulators are required to agree with each other prior to exercising certain powers under FAR. Where appropriate, one regulator may choose to delegate its power to commence proceedings under FAR to the other regulator.

7. Investigations and Enforcement

The regulators agree to work together on investigations and enforcement under FAR, including to identify the objectives of the investigation and establish the role of each regulator such as the appropriate lead on the matter.

8 .Industry Communication

The regulators will issue guidance to regulated entities to assist them with understanding and fulfilling obligations under FAR. Industry communication may be released jointly or separately by the regulators.

9. Information Sharing and Management

Information and documents that must be shared between the regulators include accountability statements and maps, information accompanying a registration application, notices under FAR and information prescribed the Minister Rsules. The regulators will establish sharing mechanisms, including a dedicated and single portal to support timely exchange of this information. FAR also permits the regulators to voluntarily share information as obtained through the administration of the regime. If done so, the regulators will be subject to certain secrecy and confidentiality provisions. Note that the regulators are not required to notify the person prior to sharing information or documents with each other under FAR.

APRA and ASIC have also released an accountability statement template with accompanying guidance for enhanced ADIs on the format and minimum content required.

Enhanced ADIs are expected to prepare or update the accountability statements of new or existing accountable persons to reflect the expanded scope of the FAR. Other ADIs may use this template to internally document their accountability obligations.

At a minimum, it is expected that (among other things) accountability statements will:

• clearly articulate what an accountable person is accountable for with respect to the ADI or its relevant group and be sufficiently explicit and detailed in defining the accountable person’s responsibilities and establishing the outcome expected in relation to each responsibility;
• be comprehensive, covering all areas of responsibility of an accountable person, with no gaps in responsibility. Where there is joint accountability, this should be explicitly identified and defined. Caveats or limitations to responsibilities are expected to be used to the minimum extent possible. Where there are caveats to responsibilities, there should be clarity about where the residual responsibility resides;
• align with the actual practices and governance arrangements of the enhanced ADI. As such, the regulators may query an ADI where its accountability statements do not appear to be consistent with its existing documentation including, but not limited to, internal and external governance documents; and
• when considered collectively, articulate and delineate responsibilities across an ADI or a relevant group.

The Regulators have developed a list of primary areas of focus (PAFs) for enhanced ADIs to consider when developing accountability statements. This is a non-exhaustive list serving as a prompt for consideration when developing accountability statements (set out in Figure 1 of the template) (similarly to APRA’s list of key functions published in 2018). The PAFs are more comprehensive that the prior key functions published by APRA and include new sections on breach reporting and client/member remediation programs. The PAFs should not be used as a checklist.

A number of PAFs can, and in many cases should, appear on multiple statements in relation to a different action or expected outcome for which an individual is accountable as a result of the individual’s role.

An ADI is encouraged to carefully consider the wording of the role’s key accountabilities in relation to any PAFs, avoiding non-specific language when expanding on generic terms such as ‘manage’ or ‘oversee’ in sufficient detail to properly describe the accountabilities. An expected outcome may be usefully described by specific, action-oriented terms including, but not limited to the following terms: delivering, monitoring, approving, reviewing, recommending, challenging or escalating.

The level of detail expected to explain the responsibility in relation to any particular PAF will depend on the complexity of the organisation, in terms of size, risk profile, business lines or organisational structure.