Response to submissions - Consultation on the Regulator Rules and Transitional Rules under the Financial Accountability Regime

To: All APRA-regulated entities

On 20 July 2023, APRA and ASIC (the Regulators) released a joint consultation on the draft Regulator rules, the Transitional rules and the ADI Key Functions descriptions to support the timely implementation of the Financial Accountability Regime (FAR).

This letter summarises the substantive matters raised in the submissions and sets out the Regulators’ response. 

Submissions received 

The Regulators received 17 submissions in response to the consultation, of which three were confidential. Webinars were held during the consultation period to engage with industry and respond to questions.

Key feedback was provided on:

• the collection of personal information and other data items for the register of accountable persons (FAR register); and 
   
• the concept and application of the ADI Key Functions, including the regulatory burden of reporting this information. 

Submissions also sought clarification and further guidance on various aspects of the FAR.

1. Data items 

Comments received 

The submissions raised several matters in relation to the data items prescribed in the Regulator rules and Transitional rules. They are broadly summarised below:

• Collection of personal information – Some concerns were raised about data privacy and security with regard to the personal identification details prescribed in the Transitional rules.
   
• Public disclosure of information – Submissions requested confirmation of the information the Regulators intend to make publicly available from the FAR register.
   
• Clarification requests – Specific queries were raised regarding the collection of reporting line information, the start dates of certain data items, and the inconsistencies between the Regulator rules and Transitional rules.

The Regulators’ response

In relation to the issues raised in the submissions:

• Collection of personal information – The Regulators acknowledge the privacy concerns of accountable persons and, in response, agree to remove from the Transitional rules the requirement to provide the following personal identification details: place of birth (town/city), country of birth, state of birth, former given names, former middle names, and former family names. 
   
• Public disclosure of information – At this stage, the Regulators only intend to make information collected for the FAR register publicly available in circumstances where they disqualify an accountable person under the Financial Accountability Regime Act 2023 (FAR Act). The current intention is that the FAR disqualification register, which will be published on the Regulators’ websites, will only contain the name of the disqualified accountable persons and the scope of their disqualification, including any variation or revocation of a disqualification. 
   
• Clarification requests – The reporting form instructions that are released as part of today’s information package clarify the information being collected for each data field. Accountable entities are not required to provide historical start dates for certain data fields; rather they will generally align with the commencement date of the accountable person. As the Regulator rules and Transitional rules serve different purposes, the data items are not fully aligned between the rules. However, the Regulators note that the same set of data items will be collected across all relevant industries in the relevant reporting forms.

Further, the Regulators are committed to ensuring that data collected for the FAR is subject to appropriate security and access controls. The Regulators are governed by the Australian Government’s Protective Security Policy Framework and will handle personal information for the purposes of administering the FAR in line with the FAR Privacy Collection Notice available on APRA’s website at: Financial Accountability Regime.

2. ADI Key Functions

Comments received 

A number of submissions raised concerns with the concept and application of ADI Key Functions under the FAR, and provided specific feedback on the list of ADI Key Functions and their descriptions. The broad themes of the issues raised included:

• Concept of ADI Key Functions – Some concerns were raised about the possible duplication of, overlap with and expansion of the responsibilities and positions of an accountable person, and the regulatory burden of reporting information on ADI Key Functions for inclusion in the FAR register and in accountability statements.
   
• Scope of application – The ADI Key Function descriptions were considered overly broad, raising concerns that this could expand the identification of accountable persons to lower level managerial staff and, in some instances, capture a large number of accountable persons for each ADI Key Function. Submissions also sought clarification on the application of ADI Key Functions to foreign ADIs and non-operating holding companies.

The Regulators’ response

Relevant accountable entities are expected to know where senior executive responsibility for any ADI Key Functions undertaken by those entities lies as part of the processes and procedures that support compliance with their key personnel obligations under section 23 of the FAR Act. The non-exhaustive list of ADI Key Functions reflects core prudential and conduct-related functions that are:

• integral to APRA’s prudential framework; or
   
• key conduct obligations of Australian financial services (AFS) licensees or Australian credit licensees.

The Regulator rules and Transitional rules do not require a relevant accountable entity to undertake each ADI Key Function specified in the list of ADI Key Functions or to ensure that an accountable person is assigned to each ADI Key Function. That is, if the accountable entity does not undertake an ADI Key Function, or an accountable person as determined under the FAR Act does not have the requisite level of responsibility for an ADI Key Function, it does not need to be allocated.

As such, the notification of this information should not create significant additional burden. The Regulators consider this ADI Key Function information to be critical to effectively administer the FAR as it provides visibility to the Regulators of which accountable persons (if any) have relevant responsibility for any applicable ADI Key Functions. The Regulators therefore consider it appropriate to retain the concept of ADI Key Functions.

However, the Regulators have considered the concerns raised by industry and have made the following refinements:

• Clarified the concept and tightened the scope of application – In the Regulator rules and Transitional rules, the Regulators have clarified that information regarding an ADI Key Function needs only be provided and will only be included in the FAR register if the ADI Key Function is undertaken by a relevant accountable entity and an accountable person (as defined in sections 10 and 11 of the FAR Act) has the relevant senior executive responsibility for that ADI Key Function.

  These changes clarify and tighten the scope and reduce the number of accountable persons for whom any given ADI Key Function may be applicable. The Regulators do not consider that the initial mapping and ongoing revisions of ADI Key Functions information will create excessive regulatory burden.

• Shortened the list of ADI Key Functions and sharpened their descriptions – Additionally, the Regulators have reduced the list of ADI Key Functions from 20 to 17 and sharpened the ADI Key Functions descriptions to be consistent with the tightened scope of application referred to above. The ADI Key Functions ‘financial services regulatory engagement’ and ‘risk culture’ have been removed, given submissions noted that these ADI Key Functions, if retained, would need to be allocated to most, if not all, accountable persons. The ADI Key Functions on ‘monitoring representatives and staff’ and ‘training of relevant staff and representatives’ have been merged into one.
   
• Strengthened guidance – Further guidance on the concept and application of ADI Key Functions is outlined in the information paper, RG 278 ADIs: Transitioning to the Financial Accountability Regime and the ADI accountability statement guidance and template document released on 3 October 2023. This includes clarification of the expected alignment between the content of the accountability statement of an accountable person and the accountable person’s allocated ADI Key Function(s), if any. Specifically, it is anticipated that ADI Key Functions would form part of the description of an accountable person’s areas of responsibility, and not result in any material redrafts of an accountability statement.

3. Other matters

Feedback on other aspects of the FAR was also raised as part of the submissions. These matters were considered to be outside the scope of this consultation and the Regulators intend to address them in future industry engagements.

The Regulators acknowledge that proportionality is explicitly built in to the FAR. The Regulators intend to work together to administer the regime to avoid any unnecessary regulatory burden. 

Final Regulator rules and Transitional rules

In finalising the Regulator rules and Transitional rules, the Regulators have considered the FAR Act, the Financial Accountability Regime (Consequential Amendments) Act 2023 and the Financial Accountability Regime (Minister) Rules 2024 that were enacted and made (as applicable) after the consultation. It is the current intention of the Regulators to next consult on the proposed key functions for insurance and superannuation entities.

The final Regulator rules, Transitional rules and the ADI Key Functions descriptions are available at: Financial Accountability Regime - Final Regulator rules and Transitional rules.

Yours sincerely,