Banks and other financial institutions have more work to do under the Banking Executive Accountability Regime (BEAR), but it’s also an opportunity to build a stronger culture of transparency.
The Royal Commission into Financial Services and APRA’s Prudential Inquiry into CBA has highlighted the increasing focus on accountability in Australia, and follows the significant changes which have already occurred in the United Kingdom and Hong Kong.
The implementation of the Banking Executive Accountability Regime (BEAR) in July 2018 for large Authorised Deposit taking Institutions (ADIs) requires ADIs to consider who they identify as Accountable Persons (APs), and to analyse their roles and allocated responsibilities.
As a result, BEAR is changing how ADIs organise themselves and operate, given the specific focus on individual accountability.
This increasing focus on individual accountability has been driven by two main factors:
BEAR is explicitly focused on prudential matters. However, the level of attention on conduct in the current environment, along with the potential impact of conduct issues on financial institutions’ financial standing, calls into question the boundary between conduct and prudential management.
Whilst individual accountability is a relatively easy concept to understand, in practice pinpointing the accountable owner in any situation is becoming harder. Organisations are growing in size, becoming more siloed due to a need for specialisation, increasing their geographical distribution, offshoring parts of their processes, and using more third-party providers. Layering in the increased expectations of Board oversight, a strong regulatory requirement to have three lines of defence, and the expanding use of technology such as artificial intelligence – it may seem like an impossible task. Or is it?
ADIs have had to ask themselves, ‘What do we do and what risks are we facing?’ They have then assessed ‘how’ they do what they do, and ‘who’ is doing what. This involves a significant amount of time by very senior people discussing, debating and ultimately agreeing who does what.
The exercise isn’t sufficient to just ‘tick the boxes’ by identifying a list of APs, producing a set of individual responsibilities, and an overall mapping of governance arrangements. The large ADIs have made significant investment in getting it right, and engaged with the spirit of the regime.
This isn’t a one off compliance exercise, as the ADI has the ongoing challenge of notifying APRA when there are any changes to their APs and what they are doing. APs are also obliged to exercise reasonable steps in the execution of their responsibilities (and to be able to demonstrate this in relation to matters that may have taken place in the past1). This requires a significant amount of internal control and awareness of their obligations. Through the recent hearings at the Royal Commission, it is clear that this is easier said than done – particularly giving notification to the regulators in a timely manner.
The large ADIs have taken different approaches to implement BEAR, but the challenges they have faced are similar, namely:
BEAR is limited at this stage to the most senior management in the ADI. One of the key challenges for ADIs is how they leverage their accountability principles and cascade this throughout the organisation to ensure there is a consistent understanding of roles and responsibilities which can support effective and agile decision-making.
The introduction of BEAR has put significant pressure on ADIs. In the absence of prescriptive guidelines, ADIs have also had to take their own view on how an AP can demonstrate that reasonable steps have been implemented. Where this isn’t consistent issues tend to emerge.
The implementation of BEAR is only the start. The bigger challenge for organisations is how to maintain the focus on accountability and build a strong accountability culture. In considering this challenge, ADIs should give consideration to how they articulate reasonable steps and guide AP record keeping.