Site search
Seven key themes set to shape regulatory enforcement risk

Governance and senior management accountability

Key regulatory and enforcement developments – 2022

There was a continued focus on governance and accountability for regulated entities in 2022, replicating a trend in recent years. This was driven by increased regulatory supervision and enforcement activity, in addition to entities pro-actively evaluating how decisions are made within their organisations. This self-reflective approach to governance is consistent with recent public statements from financial services regulators which have made clear that a focus for all organisations should be on establishing information flows and getting 'people and practices right'.1

This focus on governance and accountability is unsurprising. We have observed an expansion of formal accountability regimes across the globe in recent years,2 and in Australia there has been an increase in expectations for embedding and enforcing senior-level accountability, which was formalised in the banking sector by the commencement of the APRA's Banking Executive Accountability Regime (the BEAR) for Authorised Deposit-taking Institutions (ADIs) in 2018.3

Key developments in 2022 included:

  • The Financial Accountability Regime (FAR) bill featured front and centre of the regulatory agenda. In particular, the last minute inclusion late in the year to introduce civil penalties for senior managers who fail to comply with their obligations was the subject of significant consternation across the industry. While the bill has not yet passed, insurers and superannuation entities have commenced work to consider the arrangements to be implemented to comply with the FAR, while ADI's evaluated the adequacy of their existing structures under the BEAR.
  • ASIC continued to pursue individuals for egregious breaches of directors' and officers' duties under the Corporations Act, including in relation to failures in the management of non-financial risk.
  • AUSTRAC continued to position itself as a leading enforcement regulator. It accepted an enforceable undertaking from two banking entities in relation to AML/CTF compliance, which included an undertaking to improve their AML/CTF governance and assurance controls.4 Alleged failures in board and senior management oversight, and governance and assurance more generally, feature heavily in each of the civil penalty proceedings commenced by AUSTRAC against the casinos. AUSTRAC increasingly asks reporting entities about what consequence management has been imposed on boards and senior management where failures arise.
  • APRA undertook risk culture surveys across 61 regulated entities in all regulated sectors for the purposes of obtaining data and insights on perceived risk behaviours and the effectiveness of the risk management architecture they work within.5 A common theme across all sectors was that senior executives were generally more optimistic about the adequacy of a firm's risk governance and compliance arrangements, as opposed to their colleagues in Legal, Risk and Compliance. APRA characterised this as a reminder for firms to ensure the 'voice of risk' is heard and acted upon.6
  • The ACCC continued to pursue individuals for contraventions of the Competition and Consumer Act, including in relation to cartel conduct and consumer law. In 2022, criminal cartel action was commenced against the chief executive of a waste company,7 while civil cartel proceedings were launched against the executive chairman of a mining equipment and technology services company,8 and the former managing director of an architecture firm.9 Several individuals pleaded guilty for their role in cartel offences. This includes four individuals involved in an exchange rate price fixing scheme, who were the first to be sentenced under criminal cartel laws.10
  • Increasing market, consumer and shareholder expectation for board level engagement with culture and conduct issues, despite those issues largely falling outside the formal accountability regime set by the regulators. It is increasingly common for senior executives to be pressured to resign when cultural failings occur within the organisations they govern.

 

Likely regulatory and enforcement developments – 2023

We expect that regulators will continue to refine and mature their understanding of, and expectations for regulated entities around individual accountability, and remuneration and consequence management practices. This might also include exploring options available to monitor, track and improve diversity and inclusion in firms. This would be consistent with activity in the UK11 and could include setting targets for board composition, expressly incorporating diversity and inclusion into certain requirements under the BEAR / FAR, or introducing mandatory disclosures.

Regulated entities will be closely monitoring the passage of the draft FAR bill through parliament in early 2023 and, once passed, will have greater clarity on the timeline for implementation. Entities should expect and be prepared for APRA and ASIC (as joint regulators) to closely examine how senior executives and boards go about delivering on their obligations under the regime. This will coincide with CPS 511 coming into force for some entities from January 2023, which introduces new standards for incentive structures for APRA-regulated entities.

Finally, it is likely that ASIC's focus on directors' and officers' duties, and governance in the enforcement context will continue. ASIC has stated that it will be focused on cyber resilience and security governance, product governance and governance over Environmental, Social and Governance (ESG) disclosures. While we have not yet seen any public enforcement activity under the BEAR, it is also possible that ASIC will be looking to take full advantage of its new role as joint regulator of the FAR once it comes into force.

Key regulators and enforcement agencies in this area

ASIC, APRA, AUSTRAC, ACCC.

 

Key sectors of focus

The financial services sector, including banks, insurers, superannuation funds and other funds, continue to be the key focus of regulatory activity in relation to governance and senior management accountability.

Footnotes

  1. ASIC Chair Joe Longo in March 2022. The same sentiment was expressed by APRA Deputy Chair Margaret Cole in November 2022. Ms Cole reminded firms that two key questions all company directors should be thinking about are whether: reasonably foreseeable risks and compliance issues are being identified and raised by the business; and the Board and directors are dealing with the matters that they should be.

  2. Starting with the UK senior managers regime , through to the commencement of similar regimes in Hong Kong and Singapore.

  3. ASIC has also played its role through the corporate governance taskforce and the Financial Services Royal Commission. The financial services regulator has also relied on the BEAR in the exercise of its enforcement function, often requiring BEAR accountable persons to personally commit to achieving regulatory outcomes, and relies on the accountability statements required to be prepared under the BEAR, to trace lines of responsibility and accountability within ADIs.

  4. AUSTRAC accepts enforceable undertaking from ING | AUSTRAC

  5. APRA General Manager of Governance, Culture, Remuneration and Accountability, Stuart Bingham – Speech to the Financial Services Assurance Forum | APRA

  6. No room for complacency on bank risk culture | APRA

  7. Aussie Skips and its chief executive charged with alleged waste services cartel offences | ACCC

  8. Oil and gas services company Qteq in court for alleged cartel conduct | ACCC

  9. ARM Architecture in court over alleged cartel conduct for university project | ACCC

  10. First individuals are sentenced for criminal cartel conduct | ACCC

  11. For example, in July 2021 the UK financial services regulators (FCA, PRA and BoE) jointly published a discussion paper on this topic. DP21/2: Diversity and inclusion in the financial sector - working together to drive change (fca.org.uk). The FCA published the results of its review in December 2022, and is expected to publish a consultation on D&I in financials services in 2023. Understanding approaches to D&I in financial services | FCA