The Treasury has released for consultation the draft bill for the Financial Accountability Regime (FAR or the Regime). The Regime will apply to the banking, superannuation and insurance sectors. Importantly, the Regime strengthens the Banking Executive Accountability Regime (BEAR), and extends the regime, in line with the recommendations from the Financial Services Royal Commission, to insurers and registrable superannuation entity licensees (all APRA-regulated entities). For insurance, the Regime will apply to general, life and private health insurers. The Regime will be administered jointly by APRA and ASIC.
When will the FAR commence?
The Regime is proposed to be introduced to Parliament in the Spring 2021 sittings.
Under the draft law, the Regime is proposed to take effect for the banking sector from the later of 1 July 2022 or six months after the commencement of the Regime. For insurers and superannuation entities, the proposed commencement date is 1 July 2023 or 18 months after commencement of the Regime. Once the Regime has taken effect it will replace BEAR. Accordingly, implementation is not far away.
What is proposed?
The Regime proposes to impose four core sets of obligations on accountable entities:
- accountability obligations – entities must take ‘reasonable steps’ to conduct their business with honesty and integrity, with due skill, care and diligence and in a manner that prevents adverse impact on its prudential standing;
- key personnel obligations – entities must ensure that all areas of their operations and those of their groups are attributed to accountable persons, being the directors and the most senior and influential executives (see below for more detail);
- deferred remuneration obligations – entities must defer at least 40% of the variable remuneration of their accountable persons for a minimum of four years, and for their variable remuneration to be reduced where accountability obligations are breached. This may apply to bonuses and incentive payments; and
- notification obligations – entities must meet core notification requirements to provide the Regulator (ASIC and APRA) with certain information, and for entities above a certain threshold (enhanced notification threshold) to prepare and submit accountability statements and accountability maps. It is proposed that for general and private health insurers the threshold will be total assets greater than $2 billion, and life insurers will cross the threshold if they have total assets greater than $4 billion. There are two extra notification events as compared to BEAR, they are when:
- the entity reasonably believes that it has breached its key personnel obligations; and
- a material change occurs to information on the register of accountable persons about an accountable person (defined below).
Significant related entities (SREs) may also be affected by the Regime. These are those entities which are subsidiaries of the accountable entity and where the effect of the subsidiary on the accountable entity is material and substantial. A range of factors are set out in the bill to assist an accountable entity or a court to determine whether an entity is an SRE. The obligations will be applied to the accountable entity in relation to SREs.
A key feature of the Regime is the concept of an ‘accountable person’. An ‘accountable person’ is someone who holds a position in the accountable entity or a significant related entity and has senior executive responsibility for management or control of the accountable entity or a significant or substantial part or aspect of the accountable entity’s / SREs’ operations. For foreign accountable entities in the insurance sector, the accountable persons’ responsibilities will relate to the Australian branch rather than the entity as a whole. The Regulator will keep a register of all accountable persons.
Accordingly, the Regime proposes to directly regulate the conduct of directors and the most senior and influential executives of an organisation. The Bill confers power on the Regulator (ASIC and APRA) to disqualify someone from being an accountable person of an accountable entity. The Regulator may also direct an entity to reallocate responsibilities of an accountable person to address prudential risks or systemic risks of non-compliance.
The Regime is designed to improve the risk and governance cultures and operating culture of entities in the banking, insurance and superannuation sectors by imposing a strengthened responsibility and accountability framework for those institutions, directors and most senior and influential executives of those institutions.
The Minister’s Rules
To tailor the application of the Regime, the Regime proposes that the Minister may set out Rules to determine whether a person is an accountable person. Treasury has released a Policy Proposal Paper for consultation. For all regulated entities except non-operating holding companies, it is proposed that these individuals may be captured (or persons holding similar positions):
• All members of the Board;
• Chief Executive Officer;
• Chief Financial Officer;
• Chief Risk Officer;
• Chief Operations Officer;
• Chief Information or Technology Officer;
• Head of Internal Audit;
• Senior executive responsible for compliance function;
• Head of Human Resources;
• Senior executive responsible for AML/CTF function;
• Person with end-to-end product responsibility such as Chief Executive Officer or Head of a business division;
• Senior executive responsible for development, maintenance and review of dispute resolution function;
• Senior executive responsible for development, maintenance and review of remediation programs; and
• Senior executive responsible for development, maintenance and review of breach reporting function.
Some specific responsibilities and positions are also set out in the Policy Proposal Paper for insurers.
For locally incorporated insurers, the Policy Proposal Paper proposes to include the following:
• Senior executive responsible for management of the actuarial function;
• Senior executive responsible for development, maintenance and review of claims handling function.
For Australian branches of foreign accountable entities, the Policy Proposal Paper proposes to include the following:
• The senior executive responsible for the conduct of all activities of an Australian branch, most likely the Head of Branch or Country or similar;
• The Senior Officer Outside Australia as defined under APRA Prudential Standard CPS 510;
• All members of the Compliance Committee of an Eligible Foreign Life Insurance Company (EFLIC) as defined under APRA Prudential Standard CPS 510; and
• Agent in Australia of a Category C insurer as defined under Prudential Standard CPS 510.
For non-operating holding companies, the Policy Proposal Paper proposes to include the following:
persons holding these positions or similar:
• All members of the Board;
• Chief Executive Officer;
• Chief Financial Officer;
• Chief Risk Officer; and
• Head of Internal Audit.
What should insurers do?
The implementation of BEAR in the banking sector required a substantial investment in resources and time across the business, the Board and senior executive teams. Insurers who engage early in the process will be best placed to ensure complete implementation in the required timeframe.
Insurers will need to consider the following actions to ensure they will be ready and compliant with the Regime:
- conduct a whole of business mapping exercise to develop a clear picture of responsibilities and delegations across all operations of the business. This must include an analysis of group and entity level functions, outsourced arrangements and governance. Insurers need to be alive to the likely requirements of the Regime, including accountability for end-to-end product lines, which may create horizontal accountabilities across business units that do not neatly align with the entity’s internal governance arrangements;
- identify ‘accountable persons’ within the business and engage with those persons to ensure that roles and responsibilities are clearly understood and so that, where relevant, accountability statements and maps can be prepared;
- implement a ‘reasonable steps’ framework to ensure that the entity and accountable persons are able to demonstrate at all times compliance with the Regime. Appropriate systems and documentation should be developed and robustly built into existing risk management and governance arrangements, including processes for reporting, review and ongoing oversight;
- review and implement changes to remuneration arrangements with ‘accountable persons’ as required. FAR offers an opportunity for the organisation to consider its remuneration structure holistically to not only ensure compliance with Prudential Standards and the FAR, but also to ensure incentivisation aligns with the organisation’s values and appropriate consumer outcomes. Changes will need to be adopted through revised remuneration policies, employment roles and performance review arrangements (including scorecarding);
- build a breach notification system for the FAR, which allows for internal reviews of matters that may be reportable to the Regulators, appropriate escalation and review arrangements that takes into account the seniority of stakeholders involved, and the potential serious organisational and personal consequences of breach reporting decisions; and
- implement a training schedule for staff on FAR requirements. Consideration will need to be given not only to training accountable persons, but also staff engaged in governance, risk and compliance arrangements around the FAR. All staff will need to be alive to reporting obligations.
Norton Rose Fulbright is a leading advisor to the insurance market across regulatory compliance, governance and risk, and is well placed to assist clients in the transition to FAR with our multi-disciplinary insurance and risk advisory teams.
Consultation on the Bill is open until 13 August 2021. For more information please follow this link.