Written by Senior Associate Sarah Burgemeister
As part of its ongoing efforts to improve the domestic banking sector's accountability, the Federal Government recently announced a series of measures to join the ongoing global push seeking to improve measures for individual accountability for mis-conduct. The proposed Banking Executives Accountability Regime (BEAR) seeks to ensure that banks, and their senior management, are held accountable when they fail to meet expectations.
Mr David Coleman MP, the Chair of the House of Representatives Standing Committee on Economics, said at the Reuters Financial Regulation Summit on 6 June that, despite a series of serious incidents of misconduct, the Committee's inquiry into the banks had not revealed any instance in which a senior bank executive had lost their job as a result. The Chair said that that was 'untenable' and the Committee seeks to improve accountability by recommending a banking executive accountability regime. The Government announced in the Budget that it would introduce the Banking Executives Accountability Regime – which has a rather nice acronym (BEAR). Unlike many of the other Budget measures, it did not announce a start date.
The Government has indicated that BEAR will be modelled on the United Kingdom's Senior Managers and Certifications Regimes (SMCR) that came into force in March last year. The SMCR initially applied to banks (including UK branches of foreign banks), building societies, credit unions and PRA designated investment firms (Firms). It has now been rolled out to insurers and the intention is for it to apply to all authorised firms in 2018.
The purpose of the SMCR is to enhance individual accountability; clarify the specific responsibilities of senior managers; expand the range of people who are subject to standards of conduct; and improve individual behaviour and culture within Firms as a whole. This regime forms part of a broader regulatory reform agenda in the UK that includes updated remuneration rules, reforms of whistleblowing arrangements, proposals emanating from the Fair and Effective Markets Review and wider thematic review and supervisory activity (eg conduct risk, culture).
The SMCR is comprised of three layers of rules which are applicable to different roles and levels of responsibilities within the Firm.
Every activity undertaken by a Firm must be allocated to a specific 'Senior Manager Function Holder' (SMF) who has prescribed responsibilities. SMFs must be pre-approved by the regulator and are subject to annual assessments of their fitness and proprietary.
A Firm must prepare and maintain (1) a Statement of Responsibilities that records the activities and responsibilities allocated to each SMF; and (2) a Responsibilities Map documenting the management and governance arrangements in place at the Firm. These two documents are filed with the regulators.
If the Firm breaches a regulatory obligation, the SMF with responsibility for the relevant area could be personally liable for failing to take reasonable steps to prevent the breach occurring or continuing. There is also potential criminal liability if a reckless decision causes a Firm to fail.
In addition to employees who are SMFs, a Firm will also have 'Certified Persons', being any employees who pose a risk of 'significant harm' to the Firm and/or its customers. These individuals are not subject to regulatory approval, but the Firm will need to certify that they are fit and proper for their roles.
The SMCR Conduct Rules, which came into force in March this year, apply to a wide range of individuals at a Firm – essentially all employees except those performing ancillary functions such as security guards. The Conduct Rules require individual employees to act in a manner consistent with the regulator's view of good behaviour. It also imposes a duty on Firms to notify staff of these rules, take all reasonable steps to ensure proper understanding and provide suitable training.
In Australia, we understand BEAR is intended to work in a very similar way to the SMCR with the same intention to make senior management at Authorised Deposit Taking Institutions (ADIs) more accountable for the bank's misconduct. However, the brief details currently available suggest that the BEAR will not be as far reaching. In particular, at this stage there is no indication BEAR is to include personal criminal liability for senior management.
Let's turn to the three proposed core components of BEAR.
An ADI will be required to give APRA prior notice of the appointment of Senior Managers but does not require approval. It is unclear what level of management will be classified as Senior Managers, but we anticipate that, like the SMCR, it will include CEO, direct reports of the CEO and those with responsibility for significant business areas (being the same as the bank's Responsible Persons for APRA purposes). These individuals would then be registered with APRA – resulting in personal responsibility for complying with their specified obligations. A map of the role and responsibilities of these Senior Management persons will need to be provided to APRA.
If seeking to follow the SMCR, the mapping of role and responsibilities of an ADI's Senior Management will likely need to describe the ADI's management and governance arrangements to prove all aspects of responsibility are addressed. This exercise will require the ADI to consider its broad frameworks of operation, legal entity structure and management matrix. While the mapping focus is on Senior Management, in practice this exercise will need to extend to a number of levels below Senior Management.
The map will be a live document that will need to be revisited periodically to ensure compliance and appropriate allocation of responsibilities. There will need to be appropriate consideration as to handover of responsibilities when Senior Managers leave the organisation to ensure no gaps. We anticipate there to be conflict between current working practices seeking to move away from traditional management frameworks and the likely detailed and prescriptive rules of BEAR.
The regime will give APRA a new power to impose a civil penalty on ADIs that fail to meet the additional, yet to be specified, expectations on conduct of business. This penalty will be a maximum of $200 million for larger ADIs and $50 million for smaller ADIs for a breach of misconduct rules.
In addition, APRA will have enhanced powers to remove Senior Management from their register if they have failed to meet their obligations. This will impact on the individual's remuneration and prevent the individual from holding a senior role in the banking sector (and possibly elsewhere). APRA will be able to impose penalties on ADIs if they fail to appropriately monitor the suitability of their Senior Management.
The regime will change APRA's role from monitoring the stability of the financial sector to an enforcer in the event of misconduct. This is the first time an Australia regulator will have the power to directly fine a bank for misconduct.
APRA Chairman Wayne Byres before the Senate Economics Legislation Committee in late May said that these powers wouldn't fundamentally change APRA's philosophy but that their mere presence would encourage more prudent behaviour by banks. He was also keen to say that APRA's primary goal remains prevention as opposed to rectification.
The exposure for ADIs, however, is not limited to financial penalties imposed by APRA. A class action risk is created by any finding that a ADI failed to meet the expectations on the conduct of business.
At least 40 per cent, and up to 60 per cent for certain Senior Managers, of variable remuneration will be required to be deferred for a minimum of four years. APRA will also be given the power to require ADIs to adjust their remuneration policies in circumstances where APRA identifies inappropriate outcomes.
The purpose of requiring at least part of an executive's bonus to be deferred is to encourage Senior Management to focus on the long-term effect of their decisions. APRA has been undertaking a stocktake of industry remuneration practices to understand how the existing requirements are implemented and how this interacts with risk cultures. We expect the combination of BEAR, the Sedgwick report and APRA's ongoing review of the implementation of CPS/SPS 510 to significantly affect the remuneration packages.
No indication has been given as to the expected timetable for consultation and implementation of BEAR. We expect the Federal Government to be cognisant of the significant legal and organisational challenges faced by ADIs when determining the timetable for implementation.
It was notable in the United Kingdom that the FCA and PRA were seeking to have unprecedented engagement with the banking industry on the SMCR, with Firms provided regular opportunities during the consultation process to meet the regulators and communicate their views on the regime. We would hope this is certainly the case here too. Additionally, we expect the Federal Government to have regard to the issues identified during the implementation of the SMCR and ensure they are properly addressed here.
To date, in the United Kingdom, no individual has been held accountable under the SMCR. This, however, does not mean that the SMCR has not had a serious impact on financial institutions. The implementation of this regime was a complex and protracted exercise which involved consideration of the management and governance frameworks and structures in place in a Firm. It has resulted in a renewed focus on culture and practices – a good example is the inquiries that were undertaken with respect to Jes Stanley at Barclays and his attempts to identify a whistleblower, about which we will say more in the next edition.