Today, the Australian Securities & Investments Commission (ASIC) and Australian Prudential Regulation Authority (APRA) (the Regulators) have released an information package to all insurance and superannuation entities on the Financial Accountability Regime (FAR).

The information package includes:

• finalised Financial Accountability Regime Regulator Rules Amendment Instrument No. 1 of 2024 and Financial Accountability Regime Act (Information for register) Regulator Rules 2024 – which prescribes insurance and superannuation key functions information for inclusion in the FAR register; 
• a joint letter from the Regulators summarising key issues raised during consultation and their responses;
• updated Regulatory Guide 279 Financial Accountability Regime: Information for accountable entities (RG 279);
• updated accountability statement guidance and template – which includes information relating to Primary Areas of Focus (PAFs); and
• updated information for APRA Connect reporting forms.

Key changes in key functions

Insurance

No new key functions have been introduced, but some have been removed from the insurance key functions list. These and other changes include:

• the ‘collections and enforcement (default, debt collections and recovery)’ key function has been removed;
• the descriptions of the ‘product origination’ and ‘training and monitoring of relevant representatives and staff’ have been clarified so that they are appropriate for insurers;
• the description of the ‘insurance risk management’ key function has been refined to remove any overlap with other key functions (i.e. a new note has been included to assist with the interpretation of the key function); and
• the description of the ‘scam management’ key function has been amended to include references to ‘fraud’.

The Regulators have also clarified that some insurance key functions may not apply to private health insurers (see section 3.4.2 of the finalised RG 279).

Superannuation

No new key functions have been introduced in the superannuation key functions list. However, minor changes to the list include:

• the ‘member outcomes’ key function has been amended to ‘member outcomes and member engagement’, and the descriptions for this key function and ‘product origination’ have also been amended to remove potential overlap;
• the description of the ‘scam management’ key function has been amended to include references to ‘fraud’;
• the description of the ‘marketing and advertising’ key function has been amended to reflect the obligation of superannuation entities to act in the best financial interests of members; and
• the description of the ‘investment management’ key function has been amended in response to consultation feedback.

Joint letter from the Regulators

The Regulators have acknowledged the industry’s concerns on the scope, application and relevance of key functions and PAFs, and have responded to these concerns by referring to what is stated in RG 279 as the regulatory position. That is, the Regulators do not consider that key functions expand the definition or scope of the responsibilities of accountable persons under FAR.The assignment of these key functions will assist the Regulators to have visibility over, and clarity about, accountability for those functions. 

In the letter, the Regulators clarify that key functions should apply at the accountable entity level (which includes authorised and registered Non-Operating Holding Company but not significant related entities (SREs).

The Regulators also point to what is stated in the accountability statement guidance and template to clarify the differences between key functions and PAFs and do not expand on this further.

What this means for insurers and superannuation entities

With just over 9 months to go until the commencement of FAR, insurers, and superannuation entities will be busy preparing FAR materials such as SRE methodology and identification documents, accountability statements, accountability maps, reasonable steps frameworks, and FAR policies and procedures.

As part of their FAR implementation, we encourage entities to consider:

• Deeper governance, risk management and compliance reviews: reflecting on the sufficiency of existing arrangements in key areas to mitigate potential exposure under FAR.
• FAR incident investigation and breach notification procedures: developing robust FAR breach investigation and notification arrangements, including by considering effective conflict management.
• Scenario testing: delivering accountability scenario tests with boards and executives to test accountabilities under FAR, facilitate a deeper understanding of the implications of the accountability obligations under FAR, and reflect on the sufficiency of protective measures.
• Quality assurance: preparing for a quality assurance review of FAR arrangements and testing the embedment.

If we can assist in any way with your FAR implementation, whether it’s sharing our perspective on better practices in FAR implementation or conducting a quality assurance review, please feel free to contact us at any time.