Senior management across the financial services sector are to be held to account in an enhanced supervisory regime to be overseen by both APRA and ASIC.
The Banking Executive Accountability Regime (BEAR) legislation in its current form covers all Authorised Deposit-taking Institutions (ADIs) and their subsidiaries, and will hold even more weight as a result of the findings from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, of which the Final Report has been released.
BEAR considers an ‘Accountable Person’ (AP) as a director, executive or other person considered to exercise significant influence over conduct of and behaviour within an ADI. Requirements include the development of an ‘Accountability Statement’ for each AP, an ‘Accountability Map’ for the organisation, and remuneration requirements. It includes a requirement for senior management to undertake ‘reasonable steps’ towards exercising accountabilities, including, but not limited to, compliance with all legal and regulatory obligations – but does not define what they are.
The Final Report recommended that over time, provisions modelled on the BEAR should be extended to all APRA-regulated financial services institutions. First to Registrable Superannuation Entities (RSEs) then to insurers and others in the sector. APRA and ASIC should jointly administer those new provisions.
The extension of the BEAR beyond APRA regulated ADIs follows the expanded scope of the Senior Managers & Certification Regime (SMCR) in the UK.
It reinforces the principle that those who are in senior management positions within Australia’s financial institutions are to ultimately be held accountable for the performance of their responsibilities.
It remains to be seen within what timeframe the implementation of the extended regime will occur.
Individuals and organisations with individual accountability obligations should leverage lessons learned both locally and overseas.
The experience in the UK demonstrates that the regime itself, and the outcomes of subsequent enforcement action, may take several years to crystallise.
Given the specific recommendations in the Final Report extending the BEAR to all RSE licensees and APRA-regulated insurers, any resistance to the individual accountability obligations may expose an institution to increased risk. A culture of resistance could set the tone internally and externally that doesn’t support the changes now required.
The time frames for the extension of individual accountability to superannuation, insurance, and other areas of the financial service sector are yet to be locked down. However, experiences with BEAR would suggest that early mobilisation is prudent.
There are ‘no regrets’ activities that can be started to consider the recommendations in the Final Report as they relate to the BEAR.
Logical first steps are to take stock of how accountabilities and responsibilities are currently structured, and whether they are consistently documented in key artefacts (such as terms of reference, frameworks, role descriptions, and KPIs).
Part of this is identifying gaps, overlaps and inconsistencies in the institution’s approach to accountability.
Many institutions will have undertaken a self-assessment of governance, accountability and culture following APRA’s Prudential Inquiry into the Commonwealth Bank of Australia. Typically, the self-assessments have identified the need for enhancement in the design and implementation of the three lines of defence, risk management framework, improvement of non-financial and conduct risk management (including addressing the “should we” question), and the nexus between remuneration and sound risk management. These enhancements will also support institutions taking an accountability led approach.
Specific recommendations in the Final Report expanding the application of the accountability obligations to product and customer outcomes, such as identifying an individual responsible for the design, delivery and maintenance of all products, will sharpen an organisation’s customer focus, and create potential to mitigate conduct risk through increased accountability.
As part of the BEAR, senior management must demonstrate reasonable steps in exercising accountabilities. Improving the alignment between responsibility (what an individual is accountable for), and authority (the outcomes an individual is able to control) will improve transparency and remove friction in many organisations.
Clear accountability across senior management sends a strong message that they, and their institution, is focused on governance. Where accountability is clear and cascaded through the organisation to middle management and their direct reports, significant improvement in the culture, transparency and performance will be achieved.
A lack of clear accountability can foster an environment of a lack of ownership for outcomes and inhibit curiosity, which may result in complacency and constructive challenge. This is not the accountable, customer outcomes focused and risk-conscious mindset that will enable organisations to navigate increased scrutiny and thrive. Senior management who embrace the challenges and opportunities of individual accountability will set the tone for change.
All APRA-regulated financial services institutions will require clearly document individual accountabilities.
APRA’s engagement with ADIs during the BEAR implementation would suggest that there will be a minimum set of specific responsibilities that they will want to see, allocated amongst senior managers.
However, clear articulation of individual accountabilities forms only part of the picture. Having signed-up to specific individual accountabilities, senior managers will need to ensure that the governance and operational mechanisms of the institution clearly document reasonable steps aligned to their accountabilities.
If they do not, the senior manager faces the risk that, in the event of an issue, they will not be able to provide evidence to a regulator that they effectively discharged their accountabilities, and they may therefore be exposed to financial penalties. They may be barred from holding senior positions in the financial services industry.
Ultimately, the extension of BEAR will provide institutions with clarity on who is accountable for what, and set clear expectations on behaviours and performance objectives.
Taking action now will mitigate the potential long tail of further customer detriment, remediation and associated financial and reputational risks.
The multiple benefits of role and organisational clarity, increased understanding of conduct risk, and the implementation of remuneration arrangements linked to defined accountabilities, create the opportunity for senior management and the organisation to be ready for the post Royal Commission landscape.
©2021 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.
Liability limited by a scheme approved under Professional Standards Legislation.
For more detail about the structure of the KPMG global organisation please visit https://home.kpmg/governance.