Practical pitfalls for FAR implementations – Seven deadly sins (Part 3/3)

The Financial Accountability Regime is arguably the most significant change to Australia’s financial services regulatory landscape in a generation. It requires banks, insurers and superannuation funds to identify directors and senior executives, detail their specific responsibilities in ‘accountability statements’ and conduct their activities in accordance with broader obligations e.g., ‘integrity’, ‘skill’ and ‘co-operation’ with ASIC and APRA. If they don’t, they can be personally liable, as can the organisation.

Further to Part 1 and Part 2 of our series on Practical pitfalls for FAR implementations – Seven deadly sins, Part 3 and the final part covers “‘Set and forget’ mentality” and “The Chief Risk Officer and Chief People Officer are disconnected”.

The seven deadly sins (continued)

6. ‘Set and forget’ mentality

FAR requires at least some dedicated FTE headcount. If not, and the implementation is done and gathers dust, future directors / executives are at risk. For example, organisations need to manage the shifting of roles and responsibilities across the executive population and manage executive resignation and recruitment.  

There is significant additional work which FAR generates that an organisation must address: D&O coverage; employment contract amendments; meshing the ‘reasonable steps reviews’ outputs with obligations registers; connecting with FAR remuneration deferrals with CPS 511; cross-linking breach reporting regimes under AFSL / prudential obligations with FAR obligations – there is ongoing work even for smaller prudential entities. 

FAR is emblematic of a shifting regulatory framework in Australia post the Hayne Royal Commission (characterised by a focus on principles-based regulation, personal liability, and cross-stitching of regimes). If the Design & Distribution Regime, AFSL breach reporting regime or CPS 511 - Remuneration frameworks are not operating properly, the potential exists for contagion risk to executives under personal FAR accountabilities. Approaching FAR implementation in a siloed fashion can create problems. 

7. The Chief Risk Officer and Chief People Officer are disconnected

The risk and people divisions of an organisation will be the key drivers in FAR, in both implementation and operation. If they are not working closely together in understanding the joint demands of director / executive concerns on the one hand, and Regulators’ concerns on the other, it is a recipe for disaster. It is key to run FAR simulations in this regard, much like Australian entities have been running cyber-attack simulations recently. 

Take a director charged with domestic abuse, or tax evasion outside the workplace. The Chief People Officer’s division may initiate a Human Resources investigation on the grounds that this could be a breach of the FAR obligation of ‘integrity’ or ‘honesty’. Without the involvement of the Chief Risk Officer’s (and General Counsel’s) division in the set-up and operation of FAR investigations, such an investigation could generate considerable risk from both the regulatory and executive side i.e., if they sue. For example, does the organisation’s definition of ‘integrity’ extend to conduct outside work? (There is no guidance in Australia yet, though there is affirmative guidance in the UK.)^[1]  Is the investigation being undertaken confidentiality, and under legal privilege by the General Counsel’s division?^[2] If there is a finding, is it being communicated by the Chief Risk Officer / General Counsel to APRA and ASIC as required? Is there an overlap with other breach reporting requirements within the purview of the Chief Risk Officer e.g., AFSL breaches?

Without the Chief People Officer, Chief Risk Officer and General Counsel being strongly aligned and working together on FAR, and the stress testing of various common scenarios (e.g., executive investigations), the potential exists for appreciable risk in practice. FAR is a fundamental change to the Chief People Officer’s division – how can it not be, when they and other executives are personally liable – and this needs to be recognised and tackled head-on early.

Staying on the straight and narrow

FAR is very simple in theory, and devilishly hard to implement in practice. However, it is always effort well expended. Implemented with the right combination of technical skill, experience and emotional intelligence, it serves to protect executives, and assists the proper functioning of the organisation. Anecdotally, those organisations in the UK who are finally used to the UK SMCR, since its introduction in 2016, report that it has had a positive impact overall on their organisations.

The FAR legislation has passed the House of Representatives and will pass the Senate shortly. For those organisations on their FAR journey, being mindful of the above pitfalls will assist their implementation. For those organisations yet to start, we suggest an initial briefing with key executives who will likely be responsible for implementation, and then considering a project plan. Please reach out to any of the Clyde & Co contacts, who would be more than happy to assist you in this regard.

[1] Please contact any of the Clyde & Co authors if you would benefit from a summary of the UK interpretations of the words which comprise FAR, and may be relevant to your implementation projects. 

[2] This is also relevant from a CPS 511 perspective.

To read Part 1 in the series - please click here

To read Part 2 in the series - please click here