In brief 6 min read
APRA has announced a consultation on a proposal to create a new 'end-to-end product' responsibility within the Banking Executive Accountability Regime (BEAR). The intention is that for every product offered by a bank and its subsidiaries, there will an accountable person nominated who is accountable for all aspects of the product, from design and delivery to maintenance, and any necessary remediation of customers who have acquired the product. This is meant to achieve heighted and clarified end-to-end accountability among senior executives. The requirements will also apply to insurers and superannuation trustees, once BEAR is extended to them.
The approach proposed by APRA gives rise to some real questions about whether it will achieve the intended effect and whether it is the right tool for the job.
The Financial Services Royal Commission received a large amount of evidence concerning 'administration errors', frequently involving errors programmed into technical systems, which had resulted in inadvertent overcharging of fees. It called out two key causes of these errors:
- the number and complexity of products; and
- a lack of end-to-end accountability leading to a situation where 'the left hand does not know what the right is doing'.
The Final Report recommended that, after consultation, APRA make a determination, for the purposes of section 37BA(2)(b) of the Banking Act 1959 (Cth), prescribing a BEAR responsibility, within each ADI, for all steps in the design, delivery and maintenance of all products offered to customers by the ADI and any necessary remediation of customers regarding the products.
APRA has announced a consultation on a proposal to implement this recommendation. While the proposal will initially only operate for banks, it has encouraged insurance and superannuation licensees to contribute, given the imminent roll out of BEAR across those sectors. Key points of the proposal include:
- APRA proposes a broad scope for the end-to-end accountability, well beyond processing and administration errors, and extending to linkages to IT systems, data quality, outsourcing, incentive arrangements and 'customer experience';
- it is not limited to retail products and will include products offered to business and institutional customers; and
- where more than one person is accountable for aspects of a product, they are to be jointly accountable.
APRA proposes to use an existing provision in the Banking Act that allows it to define a responsibility that, if held by a person, makes them an accountable person under the BEAR regime, which brings in the suite of BEAR obligations. The particular language proposed by APRA to define the end-to-end product responsibility is:
For the purposes of paragraph 37BA(2)(b)(ii) of the Banking Act 1959, a particular responsibility includes senior executive responsibility for end-to-end product management of a product or product group offered by the ADI or the relevant group of bodies corporate that is constituted by the ADI and its subsidiaries, including but not limited to all steps in the design, delivery, maintenance and any necessary remediation of customers in respect of any such product or product group.
There are some questions about whether the proposal will achieve the intended effect of having a person accountable for each product offered. On our reading:
- s37BA(2)(b) only requires a person to be an accountable person if that person 'has' a responsibility of the kind described in the proposal. That is, s37BA(2) will only make a person an accountable person if they already have end-to-end responsibility for a product. If there is no person currently with end-to-end product responsibility, this section does not require the organisation to put someone in that position; and
- the key personnel obligations in s37D are satisfied if the organisation has appointed one person as an accountable person with end-to-end responsibility for a product. They don't have the effect of requiring an accountable person to be appointed for every product.
Together, that would suggest that a bank could meet its obligations by having one person with end-to-end accountability for one product. This is obviously not the intention, but raises the question of whether the existing mechanism is designed to do the job of imposing end-to-end product responsibility for every product offered by a bank.
The main issue we see with the proposal is how workable it will be. While the Commissioner was impatient with organisations that blamed administrative and processing errors on organisational complexity, the reality is that large financial institutions and the processes required to provide financial products, deal with complaints and, on occasion, remediation are complex and involve many different parts of an organisation with different areas of technical expertise. A person with end-to-end responsibility will ultimately have accountability for aspects of the product lifecycle that are outside of their fields of experience and expertise, even where there are senior managers with better adapted skill sets and experience to manage those aspects.
There are also some questions about whether the proposal will in fact heighten clarity of responsibilities:
- The proposal does not 'carve-out' the responsibilities prescribed under s37BA(3): eg risk, compliance, information management, human resources, anti-money laundering. Rather, it suggests that functions that might ordinarily be performed within those roles (eg data quality and incentive arrangements) must be managed at a product level. This introduces tension, and potentially confusion, about how responsibilities for compliance, information management, human resources etc are to be allocated in relation to products.
- Key terms in the proposal are not defined in the Banking Act and it is unclear how they interact with related terms defined elsewhere. For example:
- How does product relate to a financial product as defined in the Corporations Act 2001 (Cth)? Are they intended to have the same meaning?
- How does offering a product relate to issuing a product or distributing a product as these terms are also currently defined in the Corporations Act?
- There is a reference in the proposal to responsibility extending to services, but services are not referred to in the responsibility put forward by APRA. It is unclear whether, in addition to products, APRA expects there to be an accountable person with end-to-end responsibility for delivery of services (such as financial advice and broking).
- APRA says the responsibility would extend to ‘customer experience and outcomes’, which is quite a vague concept for a responsibility that can have significant personal impacts upon accountable persons.
- The proposed responsibility would apply to products offered by the ‘ADI and its subsidiaries’. This suggests that end-to-end product responsibility will apply to products issued by non-ADI subsidiaries, such as insurers and super trustees, where they are owned by ADIs, even before BEAR is extended to insurers and super trustees more generally. If this is the intention, it creates an inconsistent regulatory regime as between ADI-owned and other insurers and super-trustees.
Some of these questions and issues will become all the more significant if and when ASIC becomes a co-regulator of BEAR, as recommended by the Royal Commission.
The BEAR has an existing mechanism for making sure that there are not 'gaps' between the responsibilities of accountable persons. The key personnel obligations in s37D require that there be an accountable person for all parts or aspects of a bank (and each of the prescribed responsibilities). Banks currently comply with that obligation by ensuring that there is appropriate coverage by their accountable persons, and it is for the bank to work out how best to allocate responsibility, given the role and expertise of each accountable person. The intention of the proposed end-to-end product responsibility is to prescribe a particular way of going about fulfilling that objective. It does seem odd to be implementing that intention through a section of the Banking Act (37BA) that has quite a different purpose.
Also, mandating a particular way of going about fulfilling key personnel obligations in relation to the products issued to retail clients that were the concern of the Royal Commission is one thing. Expanding it to include complex institutional-only products, which can have entirely different design and development pathways, also gives us some concern. Are these really products that need such a blunt and uncompromising intervention into how organisations go about their business?