The Financial Accountability Regime is finally here

On 5 September 2023, the Financial Accountability Regime Bill 2023 (FAR) was finally passed by the Commonwealth Parliament. Despite extended debate over the introduction of individual civil liability provisions for accountable persons, the FAR Bill was ultimately passed without any further amendments since its re-introduction into Parliament in March 2023.

What is FAR?

The FAR replaces the old Banking Executive Accountability Regime (BEAR), which currently applies only to authorised deposit holding institutions (ADIs). FAR will extend the provisions of the BEAR from ADIS to all general, life and private health insurers and registered superannuation licensees (Accountable Entities). FAR will be jointly administered by ASIC and APRA.

FAR imposes four core sets of obligations on Accountable Entities:

• Accountability Obligations
• Notification Obligations
• Key Personnel Obligations
• Deferred Remuneration Obligations

FAR also imposes Accountability Obligations on Accountable Persons. A person is an Accountable Person if he or she is a director or senior executive responsible for management or control of the Accountable Entity or a significant or substantial part of its operations, and/or holds a position prescribed by the Minister’s Rules.

For the details of these obligations, see below.

FAR Bill 2021 to FAR Bill 2023 – What's new?

The FAR Bill was initially introduced into the House of Parliament in October 2021. The reasons for its delay are unclear. The FAR Bill 2023 contains only one substantive change compared to FAR Bill 2021 which aims to clarify the scope of the Minister's exemption powers for Accountable Entities. Debate was had over the inclusion of increased individual civil penalties, but FAR was ultimately passed without additional civil liability mechanisms for Accountable Persons.

Entities who have already been busily preparing for FAR can therefore continue their preparations with confidence.

When do entities need to be FAR compliant?

The FAR Act is anticipated to commence in September 2023, with a staggered roll-out to the banking, insurance and superannuation industries. Assuming Assent is given this month, the FAR will be rolled out as follows:

• For entities in the banking industry, FAR will apply on the date that is six months after the date of Royal Assent, being late March 2024. For new entrants after that date, FAR will apply from the time they become an ADI or authorised non-operating holding company of an ADI.
• For entities in the insurance and superannuation industries, FAR will apply on the date that is 18 months after the date of Royal Assent, being late March 2025. For new entrants after that date, FAR will apply from the date they become licensed.

Transitional Arrangements for ADIs – from BEAR to FAR

The Financial Accountability Regime (Consequential Amendments) Bill 2023 provides a host of transitional mechanisms for ADIs who were previously subject to BEAR. These mechanisms include the following:

• Persons who were previously registered as Accountable Persons of ADIs under BEAR will have their registration automatically transferred and be registered as Accountable Persons under FAR.
• Persons who were previously disqualified from being Accountable Persons of ADIs under BEAR will remain disqualified under FAR.
• Applications made to register Accountable Persons under BEAR which are still pending at the time of FAR's commencement will be taken to have been made under FAR.
• Accountability Statements provided by ADIs under BEAR in respect of their Accountable Persons will automatically be taken to have been provided under FAR.
• Deferred remuneration obligations for ADIs under FAR will apply in the first financial year of the deferring entity that begins 6 months after the FAR begins to apply to the banking industry.

Key learnings from BEAR to FAR

In its December 2020 Information Paper on the Implementation of the Banking Executive Accountability Regime, APRA acknowledged that the BEAR was a "major legislative reform" that drove ADIs to "transform governance, risk culture, remuneration and accountability outcomes" across the banking industry. FAR promises to drive similar change for those ADIs transitioning from BEAR and those financial services entities assuming new obligations under FAR.

APRA provided the following feedback regarding the implementation of BEAR by ADIs, which may assist entities in complying with their obligations under FAR:

• Support for Accountable Persons: Entities must provide support to accountable persons to ensure that each accountable person meets their obligations, including by developing capabilities to conduct routine monitoring and prepare periodic reporting to the board about actions taken to ensure compliance.
• Systems to update accountabilities: Entities must have robust practices in place to maintain accountabilities over time, including the reflect business changes or changes to individual accountable persons.
• Effective consequence management: Entities must have an integrated consequence management and remuneration framework in place to reinforce accountability obligations, including through variable remuneration decisions.
• Expectations upon Executive and non-Executive Accountable Persons: Executive accountable persons should consider how to deliberately align their actions and associated records with the entity's expectations about what actions to take. Entities must have appropriate governance arrangements in place to enable non-executive accountable persons to meet their accountability obligations.

Deep Dive: detailed overview of FAR

Who does FAR apply to?

FAR applies to Accountable Entities being:

• ADIs;
• authorised non-operating holding companies of ADIs;
• general insurers;
• authorised non-operating holding companies of general insurers;
• life insurers;
• registered non-operating holding companies of life insurers;
• private health insurers; and
• registrable superannuation entity licensees (RSE licensees).

Does FAR apply to foreign entities?

Foreign Accountable Entities, being foreign entities in the banking, general insurance or life insurance sector, are also subject to the FAR, but only to the extent that they "operate a branch in Australia".

Exemptions from FAR

The Minister has the power to exempt a particular Accountable Entity or class of entities under FAR. The Minister may only exempt an accountable entity or class of accountable entities from compliance with FAR where it would be "unreasonable" for the accountable entity or class of accountable entities to be required to comply with FAR.

Who is a Significant Related Entity of an Accountable Entity?

The obligations of Accountable Entities extend to their Significant Related Entities (SREs).

Banks and insurers

The SREs of banks, insurers, and their NOHCs, must be:

• a subsidiary of the Accountable Entity (where subsidiary has the meaning provided in the Corporations Act 2001); and
• it, or its business or activities, has (or is likely to have) an effect on the Accountable Entity, or the business or activities of the Accountable Entity, that is material and substantial; and
• it is a constitutionally covered body; and
• it is not an Accountable Entity itself.

The FAR Act and Explanatory Memorandum provide further detail regarding the classification of entities within a group where there are multiple Accountable Entities. An entity will only be an SRE of one of the Accountable Entities within the group.

RSE Licensees

The SREs of RSE Licensees must be:

• a connected entity of the Accountable Entity (where connected entity has the meaning provided in the Superannuation Industry (Supervision) Act 1993; and
• it, or its business or activities, has (or is likely to have) an effect on the Accountable Entity, or the business or activities of the Accountable Entity, that is material and substantial; and
• it is a constitutionally covered body; and
• it is not an Accountable Entity itself.

When is a relationship “material and substantial”?

The following factors assist in determining whether an Accountable Entity’s relationship with another entity is sufficiently material and substantial:

• the nature and scale of the entity’s business or activities;
• any interdependency between the entity and the Accountable Entity;
• the financial, organisational or administrative arrangements in place between the entity and the accountable entity; and
• any other relevant factor.

The relationship between an Accountable Entity and another entity will be sufficiently material and substantial if the other entity’s business activity has the potential if disrupted, to have a significant impact on the Accountable Entity or its relevant group’s business operations or its ability to manage risks effectively.

Poor behaviour by a SRE can have a negative effect on the Accountable Entity’s brand and public standing and has the potential to adversely affect the prudential reputation of the Accountable Entity itself.

Questions the Accountable Entity may consider in identifying its SREs therefore include:

• as a threshold requirement, do the entity’s business or activities relate to the Accountable Entity’s business or activities (ie. the entity’s business or activities involves banking, insurance or superannuation);
• if the entity’s business or activities were disrupted, would it have a significant impact on the Accountable Entity’s:
  • business operations?
  • ability to manage risks effectively?
• would poor behaviour by the entity have a significant negative effect on the Accountable Entity’s brand and public standing?
• would poor behaviour by the entity have the potential to adversely affect the prudential reputation of the Accountable Entity?

Who is an Accountable Person?

Accountable Persons are those persons within an Accountable Entity who, because of their position within the entity, have actual or effective senior executive responsibility for the management or control of the Accountable Entity or a significant or substantial part or aspect of the operations of the Accountable Entity.

Under the proposed Minister Rules, which were published for consultation in Exposure Draft form on 12 September 2022,^[1] persons with "senior executive responsibility" for prescribed aspects of the business function are Accountable Persons, including individuals with responsibility for managing:

• business activities, financial resources or operations;
• overall risk controls or risk management;
• information management;
• internal audit, compliance, human resources, anti-money laundering or dispute resolution functions;
• client or member remediation programs;
• breach reporting; and
• the activities of a significant related entity of the Accountable Entity.

What are the Accountability Obligations of an Accountable Entity?

The accountability obligations of an Accountable Entity are:

• to take reasonable steps to conduct its business with honesty and integrity, and with due skill, care and diligence; and
• to take reasonable steps to deal with the Regulator in an open, constructive and cooperative way; and
• in conducting its business, to take reasonable steps to prevent matters from arising that would (or would be likely to) adversely affect the Accountable Entity’s prudential standing or prudential reputation; and
• to take reasonable steps to ensure that each of its Accountable Persons meets their Accountability Obligations; and
• to take reasonable steps to ensure that each of its Significant Related Entities meet their Accountability Obligations as if the Significant Related Entity were an accountable entity.

What are “reasonable steps”?

Taking reasonable steps includes (but is not limited to):

• having appropriate governance, control and risk management systems in relation to the matter; and
• having safeguards against inappropriate delegations of responsibility in relation to that matter; and
• having appropriate procedures for identifying and remediating problems that arise or may arise in relation to that matter; and
• taking appropriate action in response to non-compliance, or suspected non-compliance, in relation to that matter.

What are the Key Personnel Obligations of an Accountable Entity?

The Key Personnel Obligations of an Accountable Entity are:

• to ensure that the responsibilities of Accountable Persons cover all aspects of the operations of the Accountable Entity’s corporate group; and
• to ensure that no Accountable Person is prohibited under the FAR from being an Accountable Person; and
• to comply with each direction the Regulator gives to the Accountable Entity under FAR; and
• to take reasonable steps to ensure that each of the Accountable Entity’s Significant Related Entities complies with the Key Personnel Obligations as if the entity were an Accountable Entity.

What are Accountable Persons’ obligations?

Accountable persons are required to "conduct the responsibilities of their position":

• by acting with honesty and integrity, and with due skill, care and diligence; and
• by dealing with the Regulator in an open, constructive and cooperative way; and
• by taking reasonable steps in conducting those responsibilities to prevent matters from arising that would (or would be likely to) adversely affect the prudential standing or prudential reputation of the Accountable Entity; and
• by taking reasonable steps in conducting those responsibilities to prevent matters from arising that would (or would be likely to) result in a material contravention by the Accountable Entity of any of the following:
  • the FAR;
  • the Banking Act 1959;
  • the credit legislation;
  • the Financial Sector (Collection of Data) Act 2001
  • the financial services law
  • the Insurance Act 1973;
  • the Life Insurance Act 1975;
  • the Private Health Insurance (Prudential Supervision) Act 2015;
  • the Superannuation Industry (Supervision) Act 1993;
  • regulations, instruments, directions or orders made under any of the above laws.

What are “reasonable steps”?

Taking reasonable steps includes (but is not limited to):

• having appropriate governance, control and risk management systems in relation to the matter; and
• having safeguards against inappropriate delegations of responsibility in relation to that matter; and
• having appropriate procedures for identifying and remediating problems that arise or may arise in relation to that matter; and
• taking appropriate action in response to non-compliance, or suspected non-compliance, in relation to that matter.

What are the Accountable Entity’s Deferred Remuneration Obligations?

Accountable Entities and their Significant Related Entities are required to defer at least 40% variable remuneration (for example, bonuses and incentive payments) for each of their Accountable Persons for a minimum of four years, if the variable remuneration is above $50,000.

What are the Notification Obligations for Accountable Entities?

Core Notification Obligations

The core notification obligations apply to all Accountable Entities.

Accountable Entities are required to notify the Regulator of the following events:

• a person ceases to be an Accountable Person of the entity or of a Significant Related Entity;
• an Accountable Person of the Accountable Entity, or of a Significant Related Entity, is dismissed or suspended because the person has failed to comply with one or more of the person’s Accountability Obligations under FAR;
• the variable remuneration of an Accountable Person of the Accountable Entity, or of a Significant Related Entity, is reduced because the person has failed to comply with one or more of the person’s Accountability Obligations under FAR;
• the Accountable Entity has reasonable grounds to believe that:
  • the Accountable Entity has failed to comply with one or more of its Accountability Obligations, or one or more of its Key Personnel Obligations; or
  • an Accountable Person of the Accountable Entity, or of a Significant Related Entity, has failed to comply with one or more of the person’s Accountability Obligations; and
• a material change occurs to information about an Accountable Person on the register of Accountable Persons.

Accountable Entities must also take reasonable steps to ensure that each of their Significant Related Entities comply with the Core Notification Obligations.

Enhanced Notification Obligations

The enhanced notification threshold is set by the Minister Rules, which were published for consultation in Exposure Draft form on 12 September 2022, and relate to the total asset size of an entity. ^[2]

At date of publication, the following total asset size thresholds are included in the Minister Rules for determining when an Accountable Entity must comply with the Enhanced Notification Obligations:

• ADIs: an ADI meets the threshold at a particular time during the financial year if, at the start of the financial year, the ADIs total asset size equals or exceeds $10 billion.
• General insurers: a general insurer meets the threshold at a particular time during the financial year if, at the start of the financial year, the general insurer’s total asset size equals or exceeds $2 billion.
• Life companies: a life company meets the threshold at a particular time during the financial year if, at the start of the financial year, the life company’s total asset size equals or exceeds $4 billion.
• Private health insurers: a private health insurer meets the threshold at a particular time during the financial year if, at the start of the financial year, the private health insurer’s total asset size equals or exceeds $2 billion.
• RSE licensees: an RSE licensee meets the threshold at a particular time during the financial year if, at the start of the financial year, the RSE licensee’s total asset size equals or exceeds $10 billion.

The Explanatory Materials to the FAR Act indicate that corporate groups are able to submit one Accountability Statement covering all the group executive's areas of responsibilities and one Accountability Map that covers all Accountable Entities within the group.

What powers of enforcement do the Regulators have?

ASIC and APRA, the Regulators, have powers to:

• issue directions of a wide nature including requiring Accountable Entities and/or their Significant Related Entities to do or refrain from doing certain things or to make changes to the entity or its Significant Related Entity's systems, business practices or operations;
• issue a direction to reallocate responsibilities of Accountable Persons;
• investigate the entity or a Significant Related Entity, if it believes an entity or an Accountable Person has contravened a provision of FAR. The Regulator can also require the production of books and information;
• examine persons in relation to an investigation;
• disqualify individuals from being Accountable Persons;
• accept enforceable undertakings; and
• seek an injunction including by consent.

How will the Regulators jointly administer FAR?

The FAR is jointly administered by APRA and ASIC.

APRA and ASIC are currently working on a Joint Administration Agreement, setting out the high-level principles of cooperation and arrangements between the Regulators in their administration of FAR. The regulators intend to publish the details of their arrangement within 6 months after the FAR receives Royal Assent (ie. before the FAR begins to apply to the banking industry).

As part of their administration of FAR, the Regulators have stated they intend to engage with Accountable Entities prior to its implementation, to assist these entities to understand their obligations under the FAR and better understand the expectations of the Regulators. ASIC and APRA also intend to publish joint regulatory guidance to aid the implementation process and ongoing compliance practices needed to comply with FAR.

The Regulators have indicated they will collaborate and coordinate their administration and enforcement of the FAR. They will not pursue separate enforcement actions against Accountable Entities and/or their Accountable Persons for the same breaches of any FAR obligations. However, where non-compliance with a FAR obligation also gives rise to non-compliance with legislation which is also within the regulatory mandate of APRA or ASIC, the Regulator may choose to pursue enforcement actions under that legislation as well.

On 20 July 2023, ASIC and APRA invited public submissions on their proposed Regulator Rules, Transitional Rules and ADI Key Functions Descriptions. The consultation period closed on 17 August 2023. The Regulators have foreshadowed that further industry engagement will occur following the passage of the FAR Bill through Parliament.

What are the consequences for non-compliance?

Civil penalties apply to breaches by a regulated entity of its obligations.

The maximum civil penalties for an entity for non-compliance are the greater of:

• 50,000 penalty units (currently $11.1m)
• 3x the benefit derived and detriment avoided because of the contravention, as determined by the Court;
• 10% of annual turnover of the body corporate, to a maximum of 2.5m penalty units (currently $555m).

  This is an increase in the maximum penalties compared to the BEAR.

  The FAR Act does not impose civil penalties on Accountable Persons who fail to observe their Accountability Obligations. Individual persons may still incur ancillary civil liability under section 81 where, for example, they aid or abet the contravention of a civil penalty provision of the FAR by their Accountable Entity. Consequences for non-compliance by Accountable Persons include:

• the deferred remuneration obligations, which require Accountable Entities to reduce variable remuneration payments for accountable persons who fail to comply with their Accountability Obligations; and
• disqualification orders, which empower the Regulator to ban an individual from being an Accountable Person where they breach their Accountability Obligations.

^[1] At date of writing, the Minister Rules have not been finalised. However, the Minister Rules commence on the day that is the later of the date of registration of the Minister Rules, or the day the FAR Act commences.

^[2] At date of writing, the Minister Rules have not been finalised. The Minister Rules commence on the day that is the later of the date of registration of the Minister Rules, or the day the FAR Act commences.