Significant implications for all APRA-regulated entities 6 min read
On 13 August 2021, consultation closed on the various documents issued by Treasury in relation to the much anticipated Financial Accountability Regime (FAR).
This included the draft Bill, explanatory materials, an information paper on joint administration of the regime by ASIC and APRA, a policy paper on prescribed responsibilities and positions, and a Q&A document. Treasury's stated intention is for the FAR legislation to pass in the Spring 2021 sittings of Parliament, though it remains to be seen whether the Government will meet this deadline, particularly in light of COVID-19 related disruptions.
In our previous Insight we summarised what the proposed regime will mean for APRA-regulated entities. While we do not know what amendments, if any, may be made to the draft Bill following the recent consultation process, this article identifies some examples of aspects of the FAR which would benefit from clarification before the Bill is passed.
These are intended to be examples only. There will be concerns specific to the superannuation, insurance and banking industries which we have not addressed below. Please reach out to the people below if you would like to discuss what the FAR will mean for your organisation's people, and governance and risk management frameworks.
Scope of new breach reporting, remediation and dispute resolution responsibilities
Attachment A to the Policy Paper lists the proposed prescribed responsibilities and positions for accountable entities under the FAR. This list includes several 'new' roles for which an Accountable Person (AP) must be appointed that were not previously specified in the Banking Executive Accountability Regime (BEAR) legislation. These include breach reporting, remediation and dispute resolution. The scope of these new responsibilities are in some respects unclear. For example:
- There is a disconnect in the Policy Paper between the way in which these responsibilities are described in a general way in the 'Prescribed Responsibilities and positions' column, versus the more detailed and qualified descriptions in the column titled 'Individual(s) intended to be captured'. For example, the breach reporting responsibility is described in the first column generally as 'Management of the accountable entity's breach reporting', but the second column states that this will not include 'execution' of that function. The reason for this drafting approach is unclear, and creates confusion for accountable entities and their APs as to the scope of their responsibilities.
- In addition to the above, it is also unclear whether the breach reporting responsibility is intended to capture all regulatory breach reporting regimes applicable to an accountable entity, or only those administered by APRA and ASIC. Clarification will be required for those entities subject to multiple breach regime regimes, and where design and oversight of those frameworks will frequently sit within different lines of responsibility (eg data or environmental breaches).
New end-to-end product responsibility
APRA first consulted on this new responsibility within the BEAR in 2019. The outcome of that consultation process has now been subsumed by the FAR. While the Policy Paper provides some detail on the intended nature and scope of this new responsibility, it remains to be seen how it will operate in practice. For example:
- The scope of the responsibility is broad, and there will be inevitable overlap between the proposed all-encompassing responsibility covering each product and service offered by an accountable entity, and the other prescribed responsibilities and positions outlined in the Policy Paper (eg risk, compliance, information management). One option Treasury could consider to address this issue would be to insert a carve out for responsibilities which are independently identified.
- The draft materials do not define 'product' or service', or provide guidance on how these terms should be interpreted. For example, adopting the definition of financial product in the Corporations Act could lead to some unusual results given it excludes 'credit facilities', while adopting the ASIC Act definition could capture a range of financial products which should not be caught by the FAR, such as shares and other capital raising instruments.
- There is an inconsistency between the Policy Paper and the draft Bill as to the way in which joint accountability will operate in the context of this responsibility, which creates confusion for APs. On the one hand, the Policy Paper states that 'where multiple accountable persons are registered to hold the end-to-end responsibility, they will not be held jointly accountable to the extent that they are not holding that responsibility for the same product or service'. On the other hand, the effect of the draft Bill and broad way in which the responsibility is listed in Attachment A to the Policy Paper, is that all APs attributed with this responsibility will have joint accountability irrespective of whether their responsibility is in fact limited to a specific product or service.
Rationale for joint accountability tool
The draft Bill provides that where multiple persons have the same responsibility, they are jointly and severally liable for any breaches in relation to that responsibility. While an equivalent provision exists under the BEAR, the utility and necessity for joint accountability remains open to debate. The explanation provided by Treasury for this tool is that it will avoid a situation where two accountable persons seek to shift responsibility to the other. That policy objective is, however, arguably already addressed by the key personnel and deferred remuneration obligations under the FAR. Namely:
- accountable entities are already exposed to significant penalties if the responsibilities of their APs do not cover all parts or aspects of operations; and
- under the remuneration policy, an AP's remuneration consequence will look at their individual (not joint) fault, and similarly, any disqualification of an AP will have regard to the seriousness of their non-compliance.
Potential civil penalty for APs under ancillary liability provisions
Much to the relief of accountable entities and their APs, Treasury appears to have abandoned its proposal to subject APs to civil penalties for breaches of their FAR obligations. That said, the draft Bill does leave open a potential 'back door' for APs to be subject to a civil penalty for a FAR breach by the accountable entity, via the ancillary liability provisions in s92 of the Regulatory Powers Act 2014. While a similar provision was included in the BEAR legislation, the draft Bill appears to have omitted the qualifier that any such civil penalty imposed will be 1/5 of the relevant amount specified for the provision. We expect that this will be a point Treasury will address in any amendments to the final Bill.
Treasury has stated its intention for the FAR legislation to pass in the Spring 2021 sittings of Parliament. If this deadline is met, irrespective of the output of the recent consultation process, the commencement of the regime will have significant implications for all APRA-regulated entities, in particular, non-ADI entities that are not currently caught by the BEAR.
We are conducting a Webinar on 31 August 2021 on the key obligations under the proposed regime, and will continue to keep you informed of developments on the draft Bill in the coming months. In the meantime, please reach out to the people below if you would like to discuss what the FAR will mean for your organisation.