Not FAR off – the Financial Accountability Regime proposed implementation starting July 2022

By Ross McInnes, Katie Wood, Gabrielle Scott-Jones and Victoria Hu
05 Aug 2021
Entities already captured by BEAR will have some important changes to incorporate into their compliance frameworks. For entities not previously captured by BEAR, FAR will require careful consideration and some adjustment to existing compliance and governance frameworks to ensure compliance.

Deep dive: what you need to know

Who will FAR apply to?

  • The FAR will apply to:
    • ADIs
    • General insurers
    • Life insurers
    • Private health insurers
    • Registrable Superannuation Entities licensees
    • Licensed non-operating holding companies (NOHCs) of ADIs and general and life insurers
  • Foreign entities that "operate a branch in Australia" will also be subject to FAR but only in relation to the operations of its Australian branch. Although not a new concept under banking law, the proposed legislation leaves open the interpretation of "operates a branch in Australia".
  • Accountable entities will be required to ensure their significant related entities comply with certain obligations under FAR. The concept of significant related entities will replace "subsidiaries of ADIs" under BEAR. A subsidiary will be a significant related entity if it has a "material and substantial" effect on the accountable entity. Material and substantial effect is not defined in the proposed legislation however factors that may be taken into account include the nature, scale, interdependency and arrangements between the entities.
  • Entities will be classified as either "core" or "enhanced" compliance entities, replacing the current small, medium and large ADI classifications under BEAR. This classification will dictate the scope of their compliance requirements. The enhanced compliance requirement will be based on a total assets test. Only enhanced compliance entities will be required to submit accountability statements and accountability maps and notify of material changes relating to them.

When will FAR commence?

It is proposed that FAR will replace BEAR and apply to:

  • ADIs and their licensed NOHCs – from 1 July 2022
  • Insurers, their licensed non-operating holdings companies and superannuation licensees – from 1 July 2023

What will be the accountability obligations of an entity?

Similar to BEAR, FAR will require accountable entities to take reasonable steps to:

  • conduct its business with honesty and integrity, and with due skill, care and diligence;
  • deal with the Regulator in an open, constructive and cooperative way;
  • in conducting its business, prevent matters from arising that would (or would be likely to) adversely affect the accountable entity’s prudential standing or prudential reputation;
  • ensure that each of its accountable persons meets their accountability obligations; and
  • ensure that each of its significant related entities comply with the above obligations as if it were an accountable entity.

The key personnel obligations of an accountable entity under FAR will be to:

  • ensure that the responsibilities of accountable persons cover all aspects of the operations of the corporate group and responsibilities prescribed by FAR;
  • ensure its accountable persons are registered and not acting as an accountable person if they have been disqualified by the Regulator;
  • comply with any directions issued by the Regulator; and
  • take reasonable steps to ensure that each of its significant related entities comply with the key personnel obligations as if the significant related entity were an accountable entity.

Who will be an accountable person?

  • FAR is intended to capture the directors and senior executives who have responsibility relating to a prescribed responsibility or position in the entity or in a significant related entity. The prescribed responsibilities and positions for all types of entities would now be set out in the Minister rules which will be consulted on separately.
  • Based on the Exposure Draft, prescribed responsibilities and positions for insurers will also include senior executives with responsibility for management of the entity's:
    • actuarial function; and
    • claims handling function.
  • For superannuation licensees, prescribed responsibilities and positions will also include senior executives with responsibility for the management of the entity's:
    • member administration operations;
    • investment function;
    • financial advice service (if any); and
    • insurance offerings.
  • For Australian branches of foreign accountable entities, prescribed responsibilities and positions will also include:
    • senior executives with responsibility for the conduct of all activities of the Australian Branch of the foreign ADI, Category C insurer or Eligible Foreign Life Insurance Company (EFLIC) (this is most likely the Head of Branch or Country);
    • Senior Officer Outside Australia (as defined under CPS 510) for an Australia branch of the foreign ADI or Category C Insurer;
    • persons responsible for oversight of an EFLIC as a member of the Compliance Committee (as defined under CPS 510); or
    • Agent in Australia of a Category C insurer (as defined in CPS 510).

What will be the accountable person's obligations?

The obligations of accountable persons will be to conduct the responsibilities of their position as an accountable person:

  • by acting with honesty and integrity, and with due skill, care and diligence;
  • by dealing with the Regulator in an open, constructive and cooperative way; and
  • by taking reasonable steps in conducting those responsibilities to prevent matters from arising that would (or would be likely to) adversely affect the prudential standing or prudential reputation of the accountable entity; and
  • by taking reasonable steps in conducting those responsibilities to ensure that the accountable entity complies with any of the following that applies in relation to the accountable entity:
    • the FAR Act;
    • the Banking Act 1959;
    • the credit legislation (within the meaning of the National Consumer Credit Protection Act 2009);
    • the Financial Sector (Collection of Data) Act 2001;
    • the financial services law (within the meaning of section 761A of the Corporations Act 2001);
    • the Insurance Act 1973;
    • the Life Insurance Act 1995;
    • the Private Health Insurance (Prudential Supervision) Act 2015;
    • the Superannuation Industry (Supervision) Act 1993; and
    • any regulations or other instruments, directions or orders, made under a law mentioned above.

What will be the breach notification obligations of an accountable entity?

  • Both core and enhanced compliance entities will need to notify the Regulator when it reasonably believes that:
    • the accountable entity has breached its accountability obligations or key personnel obligations; or
    • an accountable person has breached its accountability obligations.
  • The timing for notification is proposed to be extended from 14 days to 30 days. The obligation is only on the accountable entity.

Who has to prepare accountability statements and maps?

  • Only enhanced compliance entities will be required to submit accountability statements and maps to the Regulator. Only material changes need to be notified (compared with all changes under BEAR).
  • The Explanatory Materials to the proposed legislation indicates that corporate groups will be able to submit one accountability statement covering all the group executive's areas of responsibilities and one accountability map that covers all accountable entities within the group.

What are the deferred remuneration obligations?

  • The deferred remuneration obligations will remain largely the same as under BEAR.
  • Accountable entities and their significant related entities will be required to defer at least 40% variable remuneration (for example, bonuses and incentive payments) for each of their accountable persons for a minimum of four years, if the variable remuneration is above $50,000.

What powers of enforcement will the Regulator(s) have?

The Regulator(s) will have powers to:

  • issue directions of a wide nature including requiring entities and/or their significant related entities to do or refrain from doing certain things or to make changes to the entity or its significant related entity's systems, business practices or operations;
  • issue a direction to reallocate responsibilities – previously this only applied if APRA was of the view that the current allocation of responsibilities gave rise to a prudential risk, this has been extended to include risks of significant and systemic non-compliance with certain laws;
  • investigate the entity or a significant related entity, if it believes an entity or an accountable person has contravened a provision of FAR. The Regulator can also require the production of books and information;
  • examine persons in relation to an investigation;
  • disqualify individuals from being accountable persons;
  • accept enforceable undertakings; and
  • seek an injunction including by consent.

What penalties will apply for a failure to comply?

  • In alignment with the Strengthening Corporate and Financial Sector Penalties regime which increased maximum penalties within the financial sector from March 2019, the maximum penalties for an entity under the FAR have been increased compared with BEAR to the greater of:
    • 50,000 penalty units (currently $11.1m)
    • 3x the benefit derived and detriment avoided because of the contravention, as determined by the Court
    • 10% of annual turnover of the body corporate, to a maximum of 2.5m penalty units (currently $555m)

No individual civil penalties, however certain provision of the Regulatory Powers (Standard Provisions) Act 2014 apply such that individuals may have accessorial liability.

Will FAR have extra-territorial application?

Yes, FAR will apply to conduct both in and out of Australia. Conduct outside of Australia that will be captured includes for example, the conduct of:

  • accountable persons (including accountable persons of foreign accountable entities) who ordinarily reside overseas or temporarily travel outside of Australia for work; and
  • the Senior Officer Outside Australia for an Australian branch of the foreign ADI or Category C insurer.

On 16 July 2021, Treasury released the Exposure Draft legislation for the Financial Accountability Regime (FAR) for consultation. The key changes in FAR seek to implement certain recommendations of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. In particular, FAR will extend the Banking Executive Accountability Regime (BEAR), which currently applies to authorised deposit holding institutions (ADIs), to all general, life and private health insurers and superannuation licensees. ASIC will join APRA (described in FAR jointly as the "Regulator") to administer FAR and new measures will be introduced to reflect a sharpened conduct focus. Further, FAR seeks to address the Royal Commission findings concerning the lack of clear end-to-end accountability for product management.

From BEAR to FAR: What's new?

While structurally similar to BEAR, FAR proposes to introduce a number of new measures that will extend the compliance requirements of entities already captured by BEAR and more comprehensively cover all other APRA-regulated entities. The key changes are set out below.

  • Accountable Persons – FAR, like BEAR, will designate a person an "accountable person" if he or she is a director or senior and influential executive responsible for management or control of the regulated entity or a significant or substantial part or aspect of the operations of the regulated entity and / or otherwise occupies certain prescribed positions or has particular responsibilities within the entity. However, FAR proposes to expand the prescribed responsibilities and positions for accountable persons to include persons with responsibility for:
    • end-to-end product;
    • dispute resolution (internal and external);
    • client or member remediation programs; and
    • breach reporting.
  • Accountability obligations – FAR imposes similar obligations to BEAR on regulated entities and accountable persons with the following particular changes of note:
    • An additional obligation is proposed to apply to accountable persons to take "reasonable steps" to ensure the organisation complies with a prescribed list of laws relating to the financial sector;
    • "Taking reasonable steps" (which is a term entities grappled with under BEAR) includes taking appropriate action to ensure compliance; and in response to non-compliance or suspected non-compliance; and
    • A regulated entity will be required to deal with APRA and ASIC in an open, constructive and cooperative way (whereas under BEAR, no requirement existed in respect of ASIC).
  • Notification of breach – Notification to the Regulator will be required when the accountable entity "reasonably believes" it has breached its obligations – as opposed to BEAR which requires notification when the entity "becomes aware" of a breach. The Explanatory Materials accompanying the Exposure Draft leave open the question of whether this change in wording is intended to make a material difference.
  • Penalties – Civil penalties are proposed to apply to breaches by a regulated entity of its obligations. Maximum civil penalties applicable to regulated entities will increase to align with increases to other financial services laws pursuant to the Strengthening Corporate and Financial Sector Penalties regime. FAR does not propose civil penalties for individuals who breach their obligations (as was proposed in the January 2020 consultation), however individuals may still have accessorial liability.
  • Enforcement powers – Notably, FAR proposes a range of enforcement powers available to the Regulator – including, being able to give a wide-range of directions to change the entity or its significant related entity's systems, business practices or operations. Directions could also be given to reallocate responsibilities if there is a risk of significant and systemic non-compliance by the entity of certain laws – currently this only applies if there is prudential risk. While APRA has always had a general power to issue directions, the proposal represents a widened enforcement power for ASIC.

Implementation of FAR – lessons from BEAR

For all organisations, the implementation of FAR is an opportunity to strengthen existing accountability and governance processes: ADIs already captured by BEAR will need to consider how they can integrate FAR into their existing BEAR systems and to use this process as an opportunity for uplift; and for entities not already captured by BEAR, FAR will require careful consideration about how FAR should be implemented in order to ensure compliance.

In December 2020, APRA conducted a review of the implementation of BEAR by large ADIs. Following the review, APRA identified a range of best practices. Key takeaways from this report and our experience assisting ADIs to implement BEAR include:

  • Support for implementation and operation: Investing in centralised resources played a critical role in implementing BEAR and later providing support to accountable persons to deliver their obligations. As a key first step organisations should look to set up a FAR task force comprised of individuals with a range of skills and sufficient seniority from across the organisation.
  • Defining accountabilities: A necessary step will be to identify accountable persons. Robust processes to ensure full coverage of accountabilities across the organisation when accountability statements and maps are being created will ensure best practice. Suggested processes include holding interviews, workshops, and scenario testing to assess the allocation of accountabilities.
  • Delivering reasonable steps: Once accountabilities have been defined, organisations should establish frameworks which support implementation and compliance with FAR. APRA found that establishing "reasonable steps" frameworks together with regular monitoring provided enhanced support for accountable persons on delivering their accountabilities.
  • Breach identification, reporting and consequence management: Organisations will need to have robust issue spotting / breach identification, reporting and consequence management frameworks. These may already exist in some form or other within entities (for example, depending on the maturity of the entity's risk management framework) and consideration should be given to whether those systems can be leverage as part of the FAR compliance framework. Remuneration frameworks will need to comply with the deferred remuneration obligations under FAR.
Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.