On 14 March 2024, being the day before the Financial Accountability Regime (FAR) is set to commence for authorised deposit-taking institutions (ADIs), the Australian Securities Investment Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) (the Regulators) released the much-anticipated FAR information package for the insurance and superannuation industries.

The Regulators also published the FAR reporting forms and associated guides.

The release of the FAR information package for insurance and superannuation follows last week’s finalisation of:

FAR commenced for ADIs on 15 March 2024 and will come into force for the insurance and superannuation industry on 15 March 2025.

An updated FAR timeline released by the Regulators is below:

Key takeaways

  • In the second quarter of 2024, the Regulators intend to finalise the insurance and superannuation key functions and update the relevant reporting form instructions.

What you need to know

On 6 March 2024, the Minister Rules were finalised. The final Minister Rules contains several significant departures from the 2022 FAR Minister Rules Exposure Draft (Exposure Draft).

1. Limited changes to prescribed responsibilities

There are no ‘new’ prescribed responsibilities in the Minister Rules.

2. Accountable entities other than foreign accountable entities

For accountable entities other than foreign accountable entities, the Minister Rules differ from the Exposure Draft in that they consolidate the prescribed responsibility relating to ‘management or control of the business activities of the accountable entity ’ (which would be typically assigned to a CEO) with that relating to ‘management or control of the business activities of the entity’s significant related entities ’.

This means that for domestic accountable entities, CEOs must now be allocated responsibility for the business activities of an accountable entity’s Significant Related Entities (SREs). Prior to the release of the Minister rules, many entities were preparing to allocate that responsibility to heads of business divisions who are members of the entity’s executive leadership team.

The words ‘(if any)’ have also been inserted after the reference to SREs in the prescribed responsibility, acknowledging that an accountable entity may not always have SREs.

The prescribed responsibility for the accountable entity’s anti-money laundering function is caveated to the effect that it only applies if the accountable entity is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

The Minister Rules also includes an important qualification that a person does not have senior executive responsibility for the management of an activity or function merely because the person is carrying out the activity or function. This clarifies that the prescribed responsibilities capture senior executives responsible for the management of an activity or function as distinct from the (typically lower level) responsibility of carrying out or executing the activity or function. In practice, this will capture senior executives who are responsible for the development, maintenance and review (rather than execution) of a framework.

3. Foreign accountable entities and SREs

No substantive changes have been made to the prescribed responsibilities for foreign accountable entities.

The Explanatory Memorandum to the Minister Rules clarifies that the concept of an SRE applies to a foreign ADI only to the extent that the SRE is a locally incorporated subsidiary and meets the definition of an SRE under section 12 of the Financial Accountability Regime Act 2023 (Cth) (FAR Act).  FAR does not apply to the foreign ADI’s offshore operations.

This is further reiterated in Regulatory Guide 279 Financial Accountability Regime: Information for accountable entities (RG 279).

In conjunction with several industry bodies, Gilbert + Tobin made submissions to the Treasury requesting clarity on the scope of FAR for foreign accountable entities. It is a welcome development that the Minister Rules and associated Explanatory Memorandum have expressly clarified that foreign operations and foreign SREs are excluded from the scope of FAR for foreign accountable entities.

4. Alignment of enhanced notification thresholds with SFI thresholds

There are specific notification obligations under FAR for accountable entities that meet the enhanced notification thresholds prescribed in the Minister Rules. These are in addition to other notification obligations that all accountable entities must meet under FAR. Enhanced notification entities are required to submit accountability statements and accountability maps to the Regulators as well as notify the Regulators when there are any material changes to the information contained in these documents.

The enhanced notification thresholds have been amended in the Minister rules and are now consistent with the thresholds used for determining whether an APRA-regulated entity is a significant financial institution ( SFI ) for the purposes of APRA Prudential Standard CPS 511 Remuneration (CPS 511). CPS 511 requires an entity to, among other things, have a remuneration framework in place, including consequence management arrangements for holding individuals to account.

The revised thresholds are higher than those initially proposed in the Exposure Draft, which means that fewer accountable entities will be required to comply with the enhanced notification obligations.

IndustryPrevious thresholdNew threshold
Authorised deposit-taking institutions (ADIs)$10 billion$20 billion
General insurers$2 billion$10 billion
Life companies$4 billion$10 billion
Private health insurers$2 billion$3 billion
RSE licensees$10 billion$30 billion

Industry

Previous threshold

New threshold

Authorised deposit-taking institutions (ADIs)

$10 billion

$20 billion

General insurers

$2 billion

$10 billion

Life companies

$4 billion

$10 billion

Private health insurers

$2 billion

$3 billion

RSE licensees

$10 billion

$30 billion

Lastly, another significant departure from the Exposure Draft is that the Minister Rules now expressly exclude foreign accountable entities from the determination of whether an accountable entity will meet the enhanced notification threshold. This is reiterated in RG 279 in which the Regulators state ‘that there are no enhanced notification thresholds prescribed in the Minister rules for foreign accountable entities.’

The Regulator Rules prescribe information that must be included in a register of accountable persons.

Section 40(5) of the FAR Act permits the Regulators to make any of the information contained in the register available for public inspection on the internet. At this stage, the Regulators only intend to make information collected for the register publicly available in circumstances where they disqualify an accountable person under the FAR Act.

The register will include the allocation of ADI key functions to accountable persons.

The Regulator Rules have clarified that an ADI key function will only be included on the register where:

  • an accountable entity which is an ADI or an authorised NOHC of an ADI undertakes the ADI key function; and

  • an accountable person has actual or effective senior executive responsibility for management or control of the whole of, or a significant or substantial part or aspect of, the ADI key function.

The Explanatory Memorandum to the Regulator Rules states that the inclusion of ADI key functions in the register is intended to assist Regulators in assessing whether an accountable entity complies with section 23(1)(a) of the FAR Act. That section requires an accountable entity to ensure that the responsibilities of the accountable persons of the accountable entity and its SREs cover all parts or aspects of the operations of the accountable entity’s relevant group.

An accountable entity is not required to allocate every ADI key function listed in the Regulator Rules. Rather, the allocation of ADI key functions should reflect actual governance and management practices. These will vary between ADIs.

The Regulator Rules have also made the following amendments to the list of the ADI key functions:

  • removed financial services regulatory engagement;

  • removed monitoring representatives and staff - financial or credit products/services;

  • removed risk culture; and

  • amended ‘training of relevant staff and representatives - financial products/services/credit activities’ to ‘training and monitoring of relevant representatives and staff’.

The Transitional Rules list the information to be provided for accountable persons transitioning from BEAR to FAR. This information must be provided to the Regulators via APRA Connect as promptly as possible and by no later than 30 June 2024. This information includes:

  • the allocated ADI key functions; and

  • the date that the accountable person assumed responsibility for the ADI key function.

The following information is now not required to be provided to the Regulators in relation to the accountable person:

  • former given name(s) (if applicable);

  • former middle name(s) (if applicable);

  • former family name(s) (if applicable);

  • place of birth (town/city);

  • country of birth; and

  • state of birth.

This information should be provided via APRA Connect using the notification of change to an Accountable Person reporting form .

The Regulators are consulting on the draft Financial Accountability Regime Regulator Rules Amendment Instrument No. 1 of 2024 which includes a list of key functions for insurance and superannuation entities.

A table outlining the finalised ADI key functions and the proposed key functions for insurance and superannuation entities is provided below.

ADIInsuranceSuperannuation
Capital managementCapital management 
Collections and enforcement (default, debt collections and recovery);Collections and enforcement (default, debt collections and recovery); 
Conduct risk managementConduct risk managementConduct risk management
Credit risk management  
Data managementData managementData management
Financial and regulatory reportingFinancial and regulatory reportingFinancial and regulatory reporting
Hardship processesHardship processesHardship processes
  Member outcomes
Liquidity and funding management Liquidity management
Market risk management  
  Marketing and advertising
Operational risk managementOperational risk managementOperational risk management
Product design and distribution obligationsProduct design and distribution obligationsProduct design and distribution obligations
Product originationProduct originationProduct origination
Recovery and exit planning and resolution planningRecovery and exit planning and resolution planningRecovery and exit planning and resolution planning
 Reinsurance management 
Scam managementScam managementScam management
Technology managementTechnology managementTechnology management
Training and monitoring of relevant representatives and staffTraining and monitoring of relevant representatives and staffTraining and monitoring of relevant representatives and staff
 Underwriting 
Whistleblower policy and processWhistleblower policy and processWhistleblower policy and process

ADI

Insurance

Superannuation

Capital management

 

Collections and enforcement (default, debt collections and recovery);

Conduct risk management

Credit risk management

Data management

Financial and regulatory reporting

Hardship processes

Investment management

Liquidity and funding management

Liquidity management

Market risk management

Marketing and advertising

Member outcomes

Operational risk management

Product design and distribution obligations

Product origination

Recovery and exit planning and resolution planning

Reinsurance management

Scam management

Technology management

Training and monitoring of relevant representatives and staff

Underwriting

Whistleblower policy and process

On 14 March 2024, the Regulators published RG 279 which provides information for all accountable entities and their accountable persons to understand and comply with their obligations under FAR.

RG 279 supplements Regulatory Guide 278 Financial Accountability Regime: Transitioning to the Financial Accountability Regime (RG 278) which was published by the Regulators on 3 October 2023 to assist ADIs and their authorised Non-Operating Holding Companies (NOHCs) with their transition from BEAR to FAR.

RG 279 provides additional information to that provided in RG 278, including, among other things:

  • entity classification information: following the release of the Minister rules, an accountable entity is required to notify the Regulators if it is a core or enhanced entity. An accountable entity will be either core or enhanced if it meets the notification thresholds relating to total asset value. The notification thresholds are stated in the Minister Rules.

  • identifying SREs: further guidance has been provided on what accountable entities should consider when assessing whether they have any SREs. For example, accountable entities should consider whether the business activities of the related entity could have a substantial impact on their customers, operations, brand, reputation, legal and regulatory compliance, and people, regardless of the size of the related entity.

  • declaration to register an accountable person: when registering accountable persons, the Regulators expect that the chair of the relevant board committee or a person delegated to sign on the board’s behalf declares that the individual is suitable to be an accountable person. The declaration will be set out in the registration form and can be electronically signed in APRA Connect.

  • reporting breaches: accountable entities must notify the Regulators if they have reasonable grounds to believe that a relevant breach has occurred by submitting the relevant breach reporting form via APRA Connect. There are separate forms for notifying the Regulators of accountable entity breaches and accountable person breaches.

  • enforcement: the Regulators have stated that they will pursue the most appropriate regulatory response to contraventions of FAR, which may include exercising one or more enforcement powers under FAR or other laws.

“In some circumstances, the Regulators may respond to contraventions of the FAR as part of their day-to-day supervisory activities rather than through the exercise of enforcement powers under the FAR.”

What this means for you - ADIs

Now that the Minister, Regulator and Transitional Rules have been released, ADIs are equipped with the information needed to finalise FAR submissions to the Regulators.

While the Regulators have previously communicated that given the delay in releasing these Rules, ADIs have until no later than 30 June 2024 to submit FAR information, it would be prudent for ADIs to now do so as soon as possible.

 

 Core notification entityEnhanced notification entity
Accountability mapN/AUpdated accountability map to reflect allocation of prescribed responsibilities   (i.e. new prescribed responsibilities that were previously not a feature of BEAR such as breach reporting, internal dispute resolution and remediation)
Accountability statementsN/AUpdated accountability statements for accountable persons who have a new prescribed responsibility   (i.e. new prescribed responsibilities that were previously not a feature of BEAR such as breach reporting, internal dispute resolution and remediation)
Entity profile informationEntity profile information including classification status (i.e. core or enhanced based on threshold calculations, noting that these thresholds have now changed as per the Minister rules), whether the entity is sole or dual regulated and whether there are any SREs of the accountable entity;Entity profile information including classification status (i.e. core or enhanced based on threshold calculations, noting that these thresholds have now changed as per the Minister rules), whether the entity is sole or dual regulated and whether there are any SREs of the accountable entity;
FAR information registerUnder the Transitional Rules and Regulator Rules, accountable entities will need to provide information about its accountable persons for inclusion in the FAR register.   Accountable entities must notify the Regulators using the approved form.   The Regulators have released notification reporting forms in the latest FAR Information Package (released on 14 March 2024).  Under the Transitional Rules and Regulator Rules, accountable entities will need to provide information about its accountable persons for inclusion in the FAR register.   Accountable entities must notify the Regulators using the approved form.   The Regulators have released notification reporting forms in the latest FAR Information Package (released on 14 March 2024).  

Core notification entity

Enhanced notification entity

Accountability map

N/A

Updated accountability map to reflect allocation of prescribed responsibilities

(i.e. new prescribed responsibilities that were previously not a feature of BEAR such as breach reporting, internal dispute resolution and remediation)

Accountability statements

N/A

Updated accountability statements for accountable persons who have a new prescribed responsibility

Entity profile information

Entity profile information including classification status (i.e. core or enhanced based on threshold calculations, noting that these thresholds have now changed as per the Minister rules), whether the entity is sole or dual regulated and whether there are any SREs of the accountable entity;

FAR information register

Under the Transitional Rules and Regulator Rules, accountable entities will need to provide information about its accountable persons for inclusion in the FAR register.

Accountable entities must notify the Regulators using the approved form.

The Regulators have released notification reporting forms in the latest FAR Information Package (released on 14 March 2024).

What this means for you - insurance and superannuation industries

The Regulators have stated that they will engage with and support the insurance and superannuation entities in the lead up to the commencement of FAR on 15 March 2025. The Regulators have indicated that webinars will be held and that targeted activities may be conducted to support the effective implementation of FAR.

Insurance and superannuation entities may wish to make written submissions as part of the consultation given the draft key functions in the Financial Accountability Regime Regulator Rules Amendment Instrument No. 1 of 2024 and key functions descriptions . Written submissions in this consultation must be submitted to far@apra.gov.au by 19 April 2024.

In any event, insurers and superannuation entities should, among other things:

  • prepare information relating to the entity profile (i.e. classification status, sole or dual regulated and any SREs) for submission to APRA Connect when required to do so;

  • identify its accountable persons having regard to the list of prescribed responsibilities in the Minister Rules and the general principle test;

  • identify any SREs of the insurer or superannuation entity;

  • prepare accountability statements and an accountability map as well as consider whether the statements provide coverage of the key functions listed in the proposed amended Regulator Rules (note that only enhanced entities are required to submit the accountability statements and an accountability map to the Regulators);

  • develop a reasonable steps framework to support the accountable persons to discharge their responsibilities under FAR in accordance with the accountability obligations under the regime and to demonstrate how they do so in practice. It would be prudent for entities to conduct a current state assessment of the sufficiency of their arrangements in each of the key functions. Uplift should occur where necessary to mitigate potential exposures under FAR ahead of the commencement of the regime. This would include legal reviews of Board and Executive Committee Charters and risk and compliance policies.

  • develop policies, procedures and processes (as relevant), outlining how the accountable entity will comply with its obligations under FAR, including how they will identify potential breaches of FAR and the circumstances in which they will need to notify the Regulators.

  • review and assess remuneration policies and arrangements to comply with the remuneration-related requirements under FAR, in addition to the requirements in CPS 511.

  • conduct post-implementation reviews and assurance in relation to the adequacy of its arrangements for complying with FAR.

How we can help

Should you require assistance with the preparation of a written submission on the proposed regulator rules, your implementation of FAR or the making of enhancements to your existing governance, risk management, compliance and other arrangements, please let us know.

We have implemented BEAR and FAR for a significant number of institutions in the banking, insurance and superannuation sectors and have led a number of internal BEAR investigations.

We routinely provide strategic advice to Boards and executives on the management of potential exposures under the regime.

Our capability extends to the implementation of the related APRA CPS 511 Remuneration.

For more information or assistance, contact our experts below.

In some circumstances, the Regulators may respond to contraventions of the FAR as part of their day-to-day supervisory activities rather than through the exercise of enforcement powers under the FAR.

KNOWLEDGE ARTICLES YOU MAY BE INTERESTED IN:

Long-awaited regulatory guidance for ADIs on the transition to FAR

'FAR' on the horizon: Evaluating enforcement measures