The Federal Government recently released an ‘exposure draft’ of the proposed Financial Accountability Regime (FAR) which aims to strengthen executive accountability laws and extend their reach to all APRA-regulated entities (including insurers and RSE licensees).
The release comes after consultation on the Government’s proposal paper in early 2020 and, if legislated, FAR will supersede the standards of conduct established by the Banking Executive Accountability Regime (BEAR).
While the nature of the changes are well-documented, the exposure draft reveals some departures from the proposal paper, important adjustments to existing obligations under the BEAR and some hints on the way in which the Government wants ASIC to join with APRA in policing compliance.
Executives not subject to personal liability
The most significant change from the 2020 proposal paper is the removal of plans to make individual executives personally liable for non-compliance, with prospective maximum penalties exceeding $1 million per breach. This represents a significant step change by the Government and will come as welcome relief to directors and senior executives.
The Government’s back-down is surprising given the flavour of the Financial Services Royal Commission recommendations and contrasts starkly with the approach taken in the UK (pursuant to the Senior Managers and Certification Regime) which emboldens the Financial Conduct Authority to impose fines on individuals for misconduct.
The Chair of the Securities Exchange Commission in the US has publicly stated that holding individuals liable for corporate wrongdoing is a core pillar of any strong enforcement regime, with it being absolutely critical that responsible individuals be charged to achieve a strong deterrent effect on market participants. Similarly, the UK Financial Conduct Authority regularly imposes substantial fines on individuals, including those deemed to have failed to act with due care, skill and diligence in their role.
We expect this change to be the greatest focus for stakeholders providing submissions on the draft laws, especially those from consumer groups. As it stands, however, executives appear to have escaped the spectre of harsh new personal liability measures, confining regulators seeking penalties under the FAR to pursuing the corporations that the executives lead.
ASIC joins the party
As Commissioner Hayne recommended, ASIC looks set to gain enforcement powers to investigate potential breaches of the FAR, alongside APRA (the sole regulator under the BEAR). Details of the proposed division of responsibility are scant so far but it is clear the Government’s intent is for each regulator to collaborate and coordinate their efforts. The exposure draft also limits ASIC’s powers and functions under the FAR to policing accountable entities that hold an AFSL or ACL or entities or accountable persons related to ASFL or ACL holders.
While it is unlikely that ASIC and APRA would undertake separate enforcement action under the FAR, non-compliance with a FAR obligation could trigger breaches under other laws administered by ASIC or APRA, which creates the potential for overlapping enforcement processes.
Additionally, the obligation under the BEAR for accountable persons to engage with APRA in an “open, constructive and co-operative way” will now extend to dealings with ASIC. While the meaning of this phrase is yet to be tested, senior management will need to keep this in mind during their dealings with the regulators, including when authorising responses to statutory notices, appearing at compulsory examinations and engaging in formal correspondence generally.
The list of roles and responsibilities to be subject to the FAR are absent from the exposure draft and look set to be prescribed in associated regulations. Consultation on those regulations will come later this year (scheduled for September/October 2021).
Guidance can be drawn, however, from the opening provisions of the exposure draft. If legislated, the FAR will impose accountability on persons with actual, or effective, senior executive responsibility for management or control of an entity or a significant or substantial part of the entity’s operations (‘accountable persons’).
Clearly this will capture Board members, direct reports to the Board and C-suite executives. A Treasury Policy Paper released in tandem with the exposure draft legislation suggests that heads of IT, audit, compliance and those responsible for overseeing customer remediation programs and breach reporting will also fall within scope. However, this is yet to be confirmed.
The paper also highlights the expansion of the FAR to capture roles with responsibility for managing non-financial risks, consistent with the application of the FAR to all APRA-regulated entities. There is no mention of measures akin to the ‘Individual Conduct Rules’ implemented in the UK through the SMCR which impose minimum behavioural standards for almost all employees within an organisation.
The conduct obligations on accountable persons under the proposed new laws largely mirror the existing obligations under the BEAR.
There are, however, some important proposed additions, including that executives conduct the responsibilities of their position by taking reasonable steps to ensure that the entity complies with not only the FAR legislation but also certain other legislation enforced by ASIC and APRA (for example, the Banking Act, credit legislation and laws which apply to the insurance and superannuation industries).
These are particularly wide-reaching requirements and will impose onerous obligations on accountable persons in their day-to-day roles.
Enforcement powers and remedies for non-compliance
Further, despite the fact personal liability looks off the table for now, the FAR will include a broad range of enforcement mechanisms, including:
- disqualification of accountable persons (‘career-killer’);
- appointment of an investigator;
- compulsory examinations;
- compulsory directions (including to reconstruct, amalgamate or otherwise alter all or part of an accountable entity’s business, structure or organisation, and to re-allocate responsibilities);
- civil penalties for accountable entities;
- enforceable undertakings; and
The consultation period on the exposure draft runs until 13 August 2021. The Government plans to introduce the Bill during the 2021 spring sitting of Parliament.
We recommend entities engage early with the FAR to ensure appropriate governance and accountability structures are in place. This is particularly important for entities not subject to the BEAR, namely those in the insurance (general, life, private health) and superannuation sectors.
However, these sectors will have some breathing space because they will not be subject to the FAR until the later of 1 July 2023 or 18 months after commencement of the legislation. For all other accountable entities, the reforms will apply from the later of 1 July 2022 or six months after the commencement.
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.