Financial Accountability Regime: Information for accountable entities
Print

APRA and ASIC letterhead showing the APRA and ASIC logos
Published 14 March 2024

Executive summary
 

In September 2023, Australia introduced the Financial Accountability Regime (FAR) to improve accountability standards in entities regulated by the Australian Prudential Regulation Authority (APRA), improve operating culture and reinforce the standards of conduct expected by the Australian community. The FAR also imposes consequences in the event of a material failure to meet those expectations. The regime is jointly administered by APRA and the Australian Securities and Investments Commission (ASIC) (collectively, the Regulators).

The FAR replaces and expands on the Banking Executive Accountability Regime (BEAR). The FAR applies to: 

  • authorised deposit-taking institutions (ADIs) and their authorised non-operating holding companies (NOHCs) from 15 March 2024; and 
  • insurers, their licensed NOHCs, and registrable superannuation entity (RSE) licensees from 15 March 2025.

The FAR introduces four core sets of obligations:

  • accountability obligations for accountable entities and accountable persons;
  • key personnel obligations;
  • deferred remuneration obligations; and 
  • notification obligations.

This information paper helps accountable entities and their accountable persons understand and comply with their obligations under the FAR.

The FAR recognises that it is the actions of the directors and the most senior and influential executives within a business that shape the conduct of the business itself. Improving accountability within the business, therefore, requires strengthening and clarifying individual accountability.

The Regulators expect accountable entities will:

  • embed elements of the FAR into their internal accountability framework; and
  • continue to refine their accountability framework and practices to establish and maintain clear and strong accountability.

1. Overview

1.1    Purpose of this information paper

The purpose of this information paper is to:

  • assist accountable entities and their accountable persons in understanding and complying with their obligations under the Financial Accountability Regime; and
  • provide an overview on how the Regulators will jointly administer the FAR including how the Regulators will use their regulatory and enforcement powers.

This information paper should be read in conjunction with:

  • the Financial Accountability Regime Act 2023 (FAR Act);
  • the Financial Accountability Regime (Consequential Amendments) Act 2023 (FCA Act);
  • the explanatory memorandum that accompanied the Financial Accountability Regime Bill 2023 and Financial Accountability Regime (Consequential Amendments) Bill 2023 (Explanatory Memorandum); 
  • the Joint Administration Agreement (JAA), which is an agreement between the Regulators that sets out the arrangements for joint administration of the FAR;
  • the Financial Accountability Regime (Minister) Rules 2024 (Minister rules); and
  • the Financial Accountability Regime Act (Information for register) Regulator Rules (Regulator rules), issued by the Regulators from time to time, which prescribe specific data items for inclusion in the FAR register.

Note: Regulator rules are legislative instruments and when made appear on the Federal Register of Legislation.

1.2    Overview of the FAR

In 2019, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry recommended that provisions modelled on the BEAR be extended to all APRA-regulated entities, including APRA-regulated insurers and RSE licensees. The Royal Commission also recommended the extended regime be jointly administered by the Regulators, with APRA overseeing prudential aspects and ASIC overseeing matters that concern consumer protection and market conduct. The FAR is the result of the implementation of these Royal Commission recommendations.

1.3    Joint administration of the FAR

The FAR aims to: 

  • improve the operating culture of entities in the banking, insurance and superannuation industries; and 
  • increase transparency and accountability across these industries—for both prudential and conduct-related matters.

The role each Regulator plays under the FAR is consistent with their broader purpose under the twin peaks model for financial regulation in Australia.

In administering the FAR, ASIC focuses on market integrity and consumer protection in the financial system and payments system; APRA focuses on the prudential soundness of regulated entities as well as the financial stability of the overall system. The Regulators are collaborating so that the FAR is administered in an efficient and consistent way. 

APRA and ASIC each have responsibility for the general administration of FAR. However, ASIC can perform certain functions and exercise certain powers only in relation to:

  • accountable entities that hold an Australian financial services licence or Australian credit licence; 
  • the significant related entities (SREs) of such accountable entities; and 
  • accountable persons of such accountable entities and their SREs.

Such accountable entities are referred to as dual-regulated accountable entities in this information paper.

The Regulators’ JAA outlines the approach to joint administration.

1.3.1    Single point of contact

The Regulators have established a single point of contact (FAR@apra.gov.au) for entities to raise queries or requests.

All queries or requests submitted through this email address will be triaged and allocated within APRA or ASIC as appropriate. Additionally, entities can apply for relief under relevant provisions of the FAR Act by writing to this email address.

Note: The Regulators only have limited powers to adjust the operations of certain provisions of the FAR Act.

 1.3.2    Single portal for data collection

APRA Connect will be used for the FAR data collection—for example, registrations, notifications and lodgements of accountability maps and statements. Entities do not need to submit the same information to each regulator separately. Information submitted through APRA Connect will be made available to both APRA and ASIC for review.

2. Accountable entities

2.1    Determining whether an entity is core or enhanced

The FAR only requires accountable entities that meet the enhanced notification threshold (enhanced entities) to submit accountability maps and statements and to notify the Regulator of material changes to these documents. Whether an entity is classified as enhanced or core in the Minister rules is based on their total asset value: see Table 1.

Table 1: Enhanced notification thresholds for different accountable entities

Accountable entity

Total asset value

ADIs$20 billion
General insurers and life companies$10 billion
Private health insurers$3 billion
RSE licensees$30 billion

Note: There are no enhanced notification thresholds prescribed in the Minister rules for foreign accountable entities.

Core entities must meet the core notification obligations (see section 4.1), and enhanced entities must meet the core and the enhanced notification obligations (see section 4.2).

Additionally, the Minister rules provide that if one accountable entity within a corporate group is an enhanced entity, all accountable entities within that group will also be enhanced entities (regardless of their own total asset size).

2.2    Accountability obligations of accountable entities

An accountable entity must take reasonable steps to:

  • conduct its business with honesty and integrity, and with due skill, care and diligence; 
  • deal with the Regulators in an open, constructive and cooperative way; 
  • in conducting its business, prevent matters from arising that would adversely affect the accountable entity’s prudential standing or prudential reputation; 
  • ensure that each of its accountable persons meets their accountability obligations; and 
  • ensure that each of its SREs complies with the above.

2.3    Key personnel obligations of accountable entities

An accountable entity must:

  • ensure that the responsibilities of accountable persons collectively cover all areas of the business operations of the accountable entity and its relevant group;
  • ensure that none of their accountable persons are prohibited from being an accountable person (see section 3.3);
  • comply with any directions issued by the Regulators; and
  • take reasonable steps to ensure that each of its SREs complies with the second and third obligations above.

2.4    Identifying significant related entities

Accountable entities will need to identify all of their SREs. The FAR imposes obligations on accountable entities to take reasonable steps to ensure that each of their SREs complies with the relevant accountability, key personnel, deferred remuneration and notification obligations as if they were an accountable entity.

The FAR recognises that poor behaviour by an SRE can damage the reputation of the accountable entity itself, as consumers often associate the services and products provided by an SRE with the accountable entity’s brand.

An entity is an SRE of an accountable entity if:

  • it is a subsidiary of the accountable entity or, if the accountable entity is an RSE licensee, a connected entity;
  • it is a constitutionally covered body;
  • it is not an accountable entity itself; and
  • its business or activities have or are likely to have a material and substantial effect on the entity.

An accountable entity should consider both financial and non-financial risk factors when assessing whether an entity is an SRE. These risk factors include:

  • the nature and scale of the entity’s business or activities;
  • the nature and extent of any interdependency between the entity and the accountable entity; and
  • any organisational, financial or administrative arrangements, including any material business activity, between the entity and the accountable entity.

    Note: Paragraph 1.36 of the Explanatory Memorandum describes the relationship between an accountable entity and its SRE in a similar way to how APRA defines ‘material business activity’ in Prudential Standard CPS 231 Outsourcing (CPS 231), Prudential Standard HPS 231 Outsourcing (HPS 231) and Prudential Standard SPS 231 Outsourcing (SPS 231).

Additionally, accountable entities should consider whether the business activities of the related entity could have a substantial impact on their customers, operations, brand, reputation, legal and regulatory compliance, and people, regardless of the size of the related entity.

The Regulators expect an accountable entity to put in place robust methodologies and procedures to assess which of their subsidiaries or connected entities are SREs. Such methodologies and procedures should align and integrate with the accountable entity’s broader risk management framework. 

2.5    Foreign accountable entities

The following entities are foreign accountable entities under the FAR:

  • a foreign ADI (as defined in the Banking Act 1959);
  • a foreign general insurer (within the meaning of the Insurance Act 1973); or 
  • an eligible foreign life insurance company (within the meaning of the Life Insurance Act 1995) registered under s21 of the Life Insurance Act 1995.

Foreign accountable entities must identify whether they have any SREs. In doing so, the Regulators expect foreign accountable entities to consider whether any of their locally incorporated subsidiaries have or are likely to have a material and substantial effect on their Australian branch or its operations rather than on the foreign accountable entities as a whole.

The FAR requires a foreign accountable entity to ensure that the responsibilities of the accountable entity’s accountable persons cover all parts or aspects of the operations of the branch of the accountable entity operating in Australia, the prescribed responsibilities and the responsibilities associated with the prescribed positions.

3. Accountable persons

3.1    Accountability obligations of accountable persons

An accountable person must conduct their responsibilities by:

  • acting with honesty and integrity, and with due skill, care and diligence; 
  • dealing with the Regulators in an open, constructive and cooperative way; 
  • taking reasonable steps to prevent matters from arising that would adversely affect the accountable entity’s prudential standing or prudential reputation; and
  • taking reasonable steps to prevent matters from arising that would result in a material contravention by the accountable entity of any of the laws specified under s21(d) of the FAR Act.

3.2    Identification of accountable persons

Accountable entities must identify their accountable persons and the accountable persons of their SREs. They should ensure that there are clear lines of accountability and must ensure that the responsibilities of accountable persons collectively cover:

  • all areas of the operations of the accountable entity and its SREs (or in the case of foreign accountable entities, of their Australian branch); and
  • the prescribed responsibilities and the responsibilities associated with the prescribed positions.

3.2.1    Accountable persons of accountable entities

There are two ways of identifying accountable persons of accountable entities. An accountable person will:

  • meet the criteria and hold a responsibility under s10(1) of the FAR Act (general responsibilities); and/or
  • hold one or more of the responsibilities in relation to or positions in the accountable entity under the Minister rules.

However, a person is only an accountable person of a foreign accountable entity if they have a relevant responsibility or hold a relevant position in relation to a branch of the entity that is operating in Australia.

An accountable person may hold multiple responsibilities and/or positions, or hold a mixture of general responsibilities and prescribed responsibilities or positions.

The allocation of responsibilities is expected to appropriately reflect the size and nature of an accountable entity’s business, and to accurately reflect the way those responsibilities are held.

The Regulators will not prescribe or recommend the appropriate number of accountable persons of an accountable entity. Accountable entities are encouraged to carefully consider how their business operates and where accountability rests in practice. Registering a very large number of (less senior) individuals may dilute accountability inappropriately. Conversely, a very small number of key executives who do not in practice span actual or effective accountability for all aspects of operations may concentrate accountability inappropriately. The number of accountable persons will likely vary with the size and complexity of the business—for example, it may be appropriate that small accountable entities only have a few individuals (other than directors) who are accountable persons, given the scale of their businesses.

Accountable entities must also identify accountable persons of their SREs—that is, where the person meets the criteria and holds a general responsibility under s10(6) of the FAR Act. The prescribed responsibilities and positions in the Minister rules are not used to identify accountable persons of SREs. However, it should be noted that an accountable person does not necessarily need to be an accountable person of the SRE or to sit within the SRE itself to hold responsibilities relating to that SRE.

Similar to accountable persons of accountable entities, accountable persons of SREs should be kept to the most senior executive level.

3.3    Registration of accountable persons

A person is prohibited from being an accountable person of an accountable entity or SRE if the person is:

  • not registered in respect of the accountable entity or SRE; or
  • disqualified from being an accountable person of the accountable entity or SRE.

Accountable entities may apply to the Regulators via APRA Connect to register an individual as an accountable person. The registration application must consist of:

  • a completed registration form;
  • a declaration that the accountable entity is satisfied that the individual is suitable (for more information, see the box below); and
  • for enhanced entities, the accountability statement for the individual.

Declaration to register an accountable person

  • It is the accountable entity’s responsibility to assess whether the individual is suitable to be an accountable person.
  • The Regulators expect that this declaration will be made by the chair of the relevant board committee, or a person delegated to sign on the board’s behalf.
  • The declaration is set out on the registration form and can be provided by electronic signature.

Instructions for completing the reporting forms, including the registration form, are available on the APRA website.

The Regulators do not approve applications to register an accountable person, but may request that the accountable entity provide more information in relation to an application. If the application meets all the requirements, the individual will be deemed registered 21 days after either the date of application or, where applicable, the date the accountable entity provides further requested information to the Regulators.
 
An individual must be registered before being an accountable person with the following exceptions. There is a grace period of:

  • 90 days if the individual becomes an accountable person by filling a temporary or unforeseen vacancy;  or
  • 30 days if the individual:
    • is appointed as a director of the accountable entity at a general meeting; or
    • becomes an accountable person of a newly licensed accountable entity.

Period for registration

 It is the responsibility of accountable entities to ensure that they meet the registration requirements. Therefore, accountable entities must submit the applications to register an accountable person at least 21 days before the individual becomes an accountable person or any applicable grace period outlined above expires.

 Applications with incorrect or missing information may result in the accountable persons not being registered in time, which will put the accountable entity in breach of its key personnel obligations.

 

3.4    Assigning key functions to accountable persons

The Regulator rules prescribe certain key functions for inclusion in the FAR register for the purposes of s40(4)(g) of the FAR Act. Key functions are functions or functional areas that are deemed to be of particular importance from a prudential and conduct perspective.

Accountable entities are expected to know where senior executive responsibility for any applicable key functions lies as part of the processes that support compliance with their key personnel obligations. The information in relation to the assignment of these key functions will assist the Regulators to have visibility over, and clarity in relation to, accountability for those functions.

3.4.1    The concept of key functions

The concept of key functions does not expand the definition or scope of responsibilities of accountable persons under the FAR Act. An accountable entity should only allocate an applicable key function to a person the entity has determined to be an accountable person in accordance with the FAR Act. Accountable entities are not required to undertake each key function or to assign each key function to an accountable person.

Table 2 sets out the key differences between responsibilities and positions that cause a person to be an accountable person under the FAR Act (set out in the Minister rules) and the concept of key functions (set out in the Regulator rules).

Table 2: Key differences between responsibilities and positions that cause a person to be an accountable person and key functions
Feature
Responsibilities and positions that cause a person to be an accountable person
Key functions
Authority
Defined under s10 of the FAR Act.Prescribed information for inclusion in the FAR register under the Regulator rules.
Purpose
To identify accountable persons (e.g. an individual who holds one or more prescribed responsibilities and/or positions is an accountable person).To assist the Regulators in assessing whether accountable entities are adequately assigning accountability across all operational areas to their accountable persons (a key function can only be assigned to a person who is determined to be an accountable person in accordance with the FAR Act and who has relevant senior executive responsibility for the key function).
Scope
End-to-end accountability (i.e. an individual that holds a responsibility under s10 of the FAR Act has end-to-end accountability in relation to that responsibility).The assignment of a key function to an accountable person does not necessarily mean that the accountable person has end-to-end accountability in relation to that key function (i.e. there may be different responsibilities around that key function).
Joint accountability
Joint accountability applies where two or more accountable persons are holding the same responsibilities: see s21(2) of the FAR Act.Joint accountability does not necessarily apply where multiple accountable persons have been assigned the same key function, given those accountable persons do not necessarily have end-to-end accountability in relation to that key function.

3.4.2    Application of key functions

As part of their key personnel obligations under s23(1) or s23(3) of the FAR Act, accountable entities are required to ensure that the responsibilities of accountable persons collectively cover all parts or aspects of their operations and that of their relevant group (or, in the case of foreign accountable entities, of their Australian branch). Therefore, key functions do not create any new responsibilities for accountable persons and they can only be allocated to an existing accountable person. The need to allocate applicable key functions will not result in accountable entities having to register lower-level executives as accountable persons.

The Regulators emphasise that the list of key functions outlined in the Regulator rules is non-exhaustive. Accordingly, the allocation of all applicable key functions is unlikely to result in compliance with the above requirements.

Accountable entities must assess which (if any) of the key functions are applicable to them and determine whether any accountable persons have relevant responsibility for those key functions. The Regulators acknowledge that some of the key functions outlined in the Regulator rules may not be applicable to foreign accountable entities or licensed NOHCs.

Note: The key functions concept does not apply to SREs. Accountable entities are not required to consider if any of the key functions are applicable to their SREs.

Accountable entities have discretion about which key functions are assigned to which accountable persons, as long as it reflects actual practices. One accountable person may have no key functions assigned to them, while another accountable person may have multiple key functions. Accountable entities can assign a key function to more than one accountable person if this reflects different responsibilities in relation to that function.

The ADI Key Functions descriptions are included in Appendix 1 to help accountable entities that are ADIs or authorised NOHCs of ADIs assign key functions to their accountable persons (where applicable).

Note: The key functions descriptions for insurance and superannuation entities will be added to this information paper when the Regulators finalise the Regulator rules in relation to the key functions for these entities.

The assignment of a key function to an accountable person does not automatically mean that the accountable person has end-to-end accountability for that key function: see Example 1.

Example 1: Assigning key functions to more than one accountable person

In Accountable Entity X, there are several accountable persons assigned to the accountable entity’s operational risk management key function:

  • the chief executive officer is accountable for ensuring that the accountable entity as a whole operates within the board-approved operational risk appetite;
  • the chief risk officer is accountable for the development and maintenance of the operational risk management framework; and
  • a senior executive is responsible for the identification and management of the operational risks inherent in certain products, activities, processes and systems.

For an enhanced entity, the Regulators expect the content of the accountability statement of an accountable person would align with the accountable person’s allocated key function(s). Chapter 4 has further detail on the content of accountability statements and maps.

4. Notification obligations

4.1    Core notification obligations

All accountable entities must notify the Regulators when certain events that impact their accountability framework or compliance with the FAR have occurred. Accountable entities must submit the relevant FAR notification form(s) in APRA Connect within 30 days after the occurrence of a notifiable event.

An accountable entity must notify the Regulators when an accountable person of the accountable entity or of an SRE of the accountable entity:

  • ceases to be an accountable person;
  • is dismissed or suspended because the person has failed to comply with their accountability obligations; or
  • has their variable remuneration reduced because the person has failed to comply with their accountability obligations.

An accountable entity must also notify the Regulators if:

  • it has reasonable grounds to believe that:
    • it has failed to comply with its accountability obligations or key personnel obligations (accountable entity breach); or
    • an accountable person of the accountable entity, or of an SRE of the accountable entity, has failed to comply with their accountability obligations (accountable person breach)—for more information, see section 4.1.1; or
       
  • a material change occurs to information that relates to an accountable person of the accountable entity, or of an SRE of the accountable entity, and is contained in the FAR register.  

To support accountable entities’ compliance with their notification obligations, the Regulators expect each entity to establish internal governance arrangements and processes that will enable timely identification of any breaches of accountability obligations or other notification events. Accountable entities must also take reasonable steps to ensure that each of their SREs complies with these requirements.

4.1.1    Reporting breaches and material changes to the Regulators on APRA Connect

Accountable entities must notify the Regulators if they have reasonable grounds to believe that a relevant breach has occurred by submitting the relevant breach reporting form via APRA Connect.

There are separate forms for notifying the Regulators of:

  • entity breaches; and 
  • accountable person breaches. 

If the accountable entity takes action to address the breach (e.g. by suspending, dismissing or reducing the variable remuneration of an accountable person) after the breach reporting form has been submitted, the entity must resubmit the breach reporting form on APRA Connect with additional information about the action taken.

Further information, such as the outcomes of its assessment of the root causes or impact of the breach, may come to light after the initial submission of the breach forms. As such, an accountable entity may need to resubmit the relevant forms to inform the Regulators of the additional information.

A material change to the FAR register would include a change in the assignment of a key function to an accountable person. However, changes that are trivial in nature (such as the correction of an immaterial typographical error) would not be considered a material change. 

4.2    Enhanced notification obligations

The FAR only requires enhanced entities to prepare and submit accountability maps and statements and to notify the Regulators of material changes to these documents:

  • the initial accountability statement of an accountable person needs to be provided as part of the application for registration of the accountable person (for more information on accountability statements, see section 4.2.1); and
  • the initial accountability map of an accountable entity needs to be provided within 30 days after the entity becomes an accountable entity and accompanied by submitting the relevant FAR notification form in APRA Connect (for more information on accountability maps, see section 4.2.2).

Where there are material changes to any accountability statement or the accountability map, the accountable entity must submit the revised accountability statement or map together with the relevant FAR notification form in APRA Connect within 30 days after those changes: for more information on material changes, see section 4.2.3.

Accountable entities are also required to take reasonable steps to ensure that each of their SREs complies with the above requirements in relation to accountability statements.

The enhanced notification obligations ensure that for larger, more complex accountable entities or corporate groups, the Regulators will have access to documents that would enable them to understand where accountability lies within the accountable entities. Core accountable entities are not required to submit accountability statements or maps. However, all accountable entities are encouraged to appropriately document their accountability arrangements, including how they comply with their key personnel obligations.

4.2.1    Enhanced entities—Accountability statements

Enhanced entities must give the Regulators an accountability statement for each of its accountable persons. The statement must detail the part(s) or aspect(s) of the accountable entity’s, or its relevant group’s, operations for which they are accountable and their responsibilities.

The Regulators have provided guidance on the format and minimum content of accountability statements, and a suggested template: see FAR accountability statement guidance and template. The Regulators are taking a principles-based approach to administering obligations about the content of statements and maps, and will periodically assess whether additional content needs to be prescribed in the Regulator rules.

Accountability statements must reflect actual accountability as it operates in practice within the accountable entity and its relevant group. Accountability statements should be specific to both the accountable entity and the individual accountable person. The Regulators expect the content of the accountability statement of an accountable person would align with the accountable person’s allocated key function(s). However, the Regulators do not expect that the allocation of any key function(s) to an accountable person would, in itself, materially shape the content or structure of the accountability statement of the accountable person.

The Regulators expect individuals nominated as accountable persons to be closely involved in the development of their own accountability statement. These individuals should have read, understood and accepted the areas of accountability as drafted, as well as the accountability obligations of an accountable person under the FAR Act. Individual accountable persons must sign their accountability statement declaring that the content is accurate and they understand their accountability obligations.

4.2.2    Enhanced entities—Accountability map

Enhanced entities must give the Regulators an accountability map showing lines of reporting and responsibility within the enhanced entities or their relevant group. The minimum requirements are set out in s34 of the FAR Act.

The Regulators have not provided a suggested template for an accountability map. Accountable entities are encouraged to consider constructing their map in a way that will best help them clarify their organisational structure and chart where ultimate accountability for their various businesses and functions lies across the accountable entity or its relevant group.

In particular, the Regulators expect an accountability map would include reporting lines to and from each accountable person. To promote consistency and readability, the Regulators also expect the language used in an accountability map to align with that in accountability statements.

4.2.3    Enhanced entities—Material changes to accountability statements and maps

Enhanced entities must notify the Regulators through APRA Connect of material changes to their accountability statements and map.

It is the responsibility of an enhanced entity to determine whether a change is material in nature. The enhanced entity must consider all of the relevant circumstances and, in turn, determine whether one or more of the notification requirements has been triggered.

A change to an accountability statement or map is likely to be a material change if the accountability statement or map no longer accurately reflects the operations of the enhanced entity and its SREs, or the responsibilities and reporting lines of each accountable person.

Examples of changes to an accountability statement or map that are likely or unlikely to be considered material are provided in Table 3.

Table 3: Examples of material and non-material changes
Likely to be considered material changes
Unlikely to be considered material changes
  • Material changes to an enhanced entity’s operations or scope of accountability (e.g. the entity is doing something additional or not doing something it did previously).
     
  • Prescribed responsibilities or positions of an accountable person.
     
  • General responsibilities or underlying accountabilities of an accountable person (e.g. where accountability is altered from ‘ensure’ to ‘oversight’).
     
  • Who the accountable person reports to.
  • The title of a person who reports to an accountable person changes, but there is no substantive change to the reporting line or the line of responsibility of that accountable person.
     
  • The name of a business unit within the enhanced entity changes and the underlying accountabilities or operations of and responsibility for the unit remain the same.
     
  • References to relevant legislation or Regulator rules that do not alter the accountabilities or responsibilities of an accountable person.

The above examples of changes that are unlikely to be considered material, should nonetheless still be incorporated into revised accountability statements and map and submitted with any subsequent notifications regarding a material change.

4.2.4    Corporate groups—Accountability statements and map

An individual may be an accountable person of multiple accountable entities and/or SREs within the same corporate group. If the enhanced notification obligations under the FAR apply, those entities may choose to prepare and submit one single accountability statement covering all relevant matters for that individual. However, the individual’s allocated areas of accountability and responsibility for each accountable entity and SRE must be clearly identifiable.

Similarly, where there are multiple accountable entities within the same corporate group and the enhanced notification obligations under the FAR apply, it is open to those entities to prepare and submit one single accountability map covering all relevant accountable persons. However, the details of the reporting lines and lines of responsibility of all accountable persons of each accountable entity and SRE must be clearly identifiable.

5. Deferred remuneration obligations

5.1    Overview of the deferred remuneration obligations

An accountable entity must:

  • defer payment of at least 40% of an accountable person’s variable remuneration for a minimum of four years; 
  • have in place a remuneration policy that requires a reduction in an accountable person’s variable remuneration if they fail to comply with their accountability obligations;
  • ensure that any required reduction of variable remuneration is not paid or transferred to the accountable person; and
  • take reasonable steps to ensure that each of its SREs complies with the deferred remuneration obligations.

When the FAR deferred remuneration obligations will start to apply depends on the industry: see Table 4.

Table 4: Deferred remuneration start dates for different accountable entities

 

Accountable entity 
Start date
ADIs and their authorised NOHCs
The deferred remuneration obligations apply to remuneration decisions that occur in the first financial year that begins after 15 September 2024 (i.e. six months after the FAR commences for these entities): see item 11(2) of Sch 2 to the FCA Act.
All other accountable entities
The deferred remuneration obligations apply to remuneration decisions that occur from 15 March 2025 (i.e. when the FAR commences for these entities): see item 23(2) of Sch 2 to the FCA Act.

Note: Please see s28(2)(a) of the FAR Act for further details on remuneration decisions.

The requirement to defer variable remuneration ensures that accountable persons have clear incentives to promote effective risk management when making decisions that have longer term impacts. It also ensures that accountable persons are properly held to account for decisions that have negative future consequences.

An effective implementation of the accountability regime requires a broad assessment of an accountable entity’s incentive structures and remuneration policies, including their application and resulting outcomes, as a key component of the process.

5.2    Exemptions from the deferred remuneration obligations

The deferred remuneration obligations under s25(1)(a) of the FAR Act do not apply to an accountable person if:

  • the deferred amount for the accountable person for a particular financial year is less than $50,000; or
  • the person becomes an accountable person by filling in a temporary or unforeseen vacancy and the person is not registered or required to be registered as an accountable person.

5.3    Interaction between the FAR and CPS 511

Apart from the deferred remuneration obligations under the FAR, accountable entities that are significant financial institutions (SFIs) under APRA’s prudential framework will also need to ensure that they meet the relevant deferral requirements under Prudential Standard CPS 511 Remuneration (CPS 511). CPS 511 took effect:

  • for ADIs and their authorised NOHCs that are SFIs from 1 January 2023; 
  • for insurance and superannuation entities that are SFIs from 1 July 2023; and
  • for all other APRA-regulated entities from 1 January 2024.

CPS 511 only mandates deferred remuneration requirements for SFIs. As a result, accountable entities that are SFIs will in most cases satisfy the FAR deferred remuneration obligations when complying with the CPS 511 deferral requirements. That is because the CPS 511 deferral requirements are generally more prescriptive than the deferred remuneration obligations under the FAR.

Appendix 2 summarises the areas of alignment between the FAR and CPS 511 in relation to deferred remuneration. While the two regimes broadly align, Appendix 2 outlines certain nuances that accountable entities should be aware of during implementation.

6. Enforcement

6.1    The Regulators’ approach

The FAR will be enforced by both APRA and ASIC. As outlined in the JAA, the Regulators will work together on investigations and enforcement of the FAR, and focus on:

  • proactive engagement and cooperation;
  • early and regular consultation with one another;
  • open and timely sharing of information and expertise; and
  • coordinated and timely use of powers.

The Regulators can exercise their enforcement powers independently, except in instances of disqualification of an individual or in the issuing of directions to accountable entities. In these circumstances, the Regulators are required to agree before exercising these powers (see s38 of the FAR Act).

Note: Where an accountable entity is not a dual-regulated accountable entity, only APRA can exercise the FAR enforcement powers in relation to such accountable entity, its SREs and accountable persons of such accountable entity and its SREs.

The Regulators have a range of powers to respond to contraventions of the FAR, including the ability to bring civil proceedings and take administrative action against an accountable entity or person. Criminal offences also apply in certain circumstances.

The Regulators will pursue the most appropriate regulatory response to contraventions of the FAR, which may include exercising one or more enforcement powers under the FAR or other laws. In some circumstances, the Regulators may respond to contraventions of the FAR as part of their day-to-day supervisory activities rather than through the exercise of enforcement powers under the FAR.

The Regulators will take enforcement action to disrupt, deter and respond to contraventions of the FAR obligations with the objective of improving the risk and governance cultures in accountable entities.

The Regulators will also use the FAR in their supervisory activities, including to help identify the most appropriate point-of-contact at an accountable entity for particular issues.

6.2    Civil penalty and other proceedings

The Regulators may pursue civil penalties and other court orders for contraventions of the FAR. If a court makes a declaration that a civil penalty provision has been contravened, it may order the wrongdoer to pay a civil penalty up to the maximum amount.

Maximum penalties for a body corporate and for an accountable person are set out in the FAR Act: see s83(2) and s83(3).

The Regulators may make an application to the court for injunctive relief to prevent a person from engaging in specified conduct where there has been a relevant contravention of the FAR, or may seek interim court orders during an investigation: see s85 of the FAR Act.

6.3    Administrative action

The Regulators have the power to take administrative actions under the FAR, such as issuing directions to an accountable entity, disqualifying an accountable person or accepting an enforceable undertaking from an accountable entity or accountable person.

The Regulators do not need to go to court for these actions. However, the Regulators may pursue these remedies in conjunction with court action. For example, if an accountable person fails to meet their accountability obligations, the Regulators may disqualify them as well as commence civil penalty proceedings against the accountable entity.

6.3.1    Directions power

The Regulators can direct an accountable entity to take certain action to address non-compliance with the FAR or to reallocate the responsibilities of an accountable person. Decisions by the Regulators in relation to a direction may be reconsidered by the Regulators and reviewed by the Administrative Appeals Tribunal (or any body that replaces the Administrative Appeals Tribunal). Non-compliance with a direction may attract a civil penalty and may also be an offence: see s66 of the FAR Act.

6.3.2    Disqualification

The Regulators may disqualify an individual from acting as an accountable person if the person has breached their accountability obligations: see s42 of the FAR Act.

6.3.3    Court enforceable undertakings

The Regulators can accept court enforceable undertakings to address contraventions of the FAR by an accountable person or accountable entity in relation to any matter over which the Regulators have a power or function under the FAR: see s84 of the FAR Act. If the relevant party does not comply with their undertakings, the Regulators may seek to enforce the undertaking through the courts and/or take other action.

6.4    Transitional enforcement matters for ADIs

6.4.1    Regulatory actions under the BEAR after FAR commencement

APRA can continue to exercise its powers under the BEAR after the FAR has commenced. That is, if a breach of the BEAR occurs before the BEAR is repealed, APRA can still exercise its powers under the BEAR to deal with any such breaches: see item 18 of Sch 2 to the FCA Act.

Alternatively, APRA may use the FAR to take action in relation to a breach of the BEAR. Actions that can be taken under the FAR in relation to breaches of the BEAR include issuing a non-compliance direction and disqualifying an accountable person. If an accountable person is disqualified under the BEAR, they will continue to be disqualified under the FAR. An ADI can also have its authority revoked as a result of breaches of the BEAR, regardless of whether the breach was committed before or after the FAR has commenced. Such breaches can be prosecuted under the FAR despite the breach occurring under the BEAR: see paragraph 1.320 of the Explanatory Memorandum.

Any decisions made under the BEAR can continue to be reviewed following the existing review procedures. Any action by APRA in progress under the BEAR may still proceed after the BEAR is repealed, including if the action relates to breaches that come to light after the FAR has commenced but that relate to a period before the FAR has commenced.

Information collected under the BEAR can be used to investigate breaches under the FAR. This is regardless of whether the breach occurred before or after the FAR has commenced: see paragraph 1.321 of the Explanatory Memorandum.

6.4.2    Other obligations that continue under the BEAR after FAR commencement

Certain other obligations under the BEAR will continue to apply to ADIs after the commencement of the FAR to enable the effective transition from the BEAR: see paragraphs 1.318 and 1.319 of the Explanatory Memorandum. These include:

  • following directions, either to reallocate responsibilities or for non-compliance; and 
  • complying with court enforceable undertakings and injunctions.

Glossary
 

accountability map
A document that complies with s34 of the FAR Act
accountability statement
A statement that complies with s33 of the FAR Act
accountable entity
Accountable entity has the same meaning as set out in s9 of the FAR Act
accountable person
Accountable person has the same meaning as set out in s10 and 11 of the FAR Act
Note: See also Part 2 of the Minister rules.
ADI
Authorised deposit-taking institution
APRA
Australian Prudential Regulation Authority
ASIC
Australian Securities and Investments Commission
BEAR
The Banking Executive Accountability Regime, which is set out in Pt IIAA of the Banking Act 1959 (as in force up to and immediately before the commencement of Pt 2 of Sch 1 of the FCA Act)
connected entity
Connected entity has the meaning as set out in s10 of the Superannuation Industry (Supervision) Act 1993
CPS 511
Prudential Standard CPS 511 Remuneration (CPS 511)
enhanced entity
An entity that is subject to both core and enhanced notification obligations under s31(1) and 31(2) of the FAR Act
enhanced notification thresholds 

The thresholds that determine whether accountable entities will need to meet the enhanced notification obligations in s31(2) of the FAR Act. The obligations apply if the entity:

  • meets the relevant enhanced notification threshold as prescribed in the Minister rules; or

  • is taken to have met the relevant enhanced notification threshold because it belongs to a corporate group with one or more accountable entities that meet their relevant enhanced notification threshold

    Note 1: There is no specific enhanced notification threshold set for NOHCs. Therefore, if a NOHC is part of a group that has an enhanced entity, that NOHC will be taken to have met the enhanced notification threshold itself and be subject to the enhanced notification obligations.

    Note 2: See s13–29 and 31 of the Minister rules for the full definition. 

Explanatory Memorandum
The explanatory memorandum that accompanied the Financial Accountability Regime Bill 2023and Financial Accountability Regime (Consequential Amendments) Bill 2023
FAR
The Financial Accountability Regime established by the FAR Act and Schs 1 and 2 of the FCA Act (as the context requires)
FAR Act
Financial Accountability Regime Act 2023 (as may be amended or replaced from time to time)
FCA Act
Financial Accountability Regime (Consequential Amendments) Act 2023 (as may be amended or replaced from time to time)
FAR register
Register of accountable persons, established under and kept in accordance with s40 of the FAR Act
JAA
Joint Administration Agreement—An agreement between APRA and ASIC that sets out the arrangements for joint administration of the FAR (as may be amended or replaced from time to time)
key functions
Specified areas of responsibility that accountable entities must allocate to accountable persons, where applicable. Key functions provide a focus point for the Regulators to understand where accountability for matters of regulatory focus may sit within the accountable entity.
Minister rules
The Financial Accountability Regime (Minister) Rules 2024
NOHC
Non-operating holding company
prescribed responsibilities and positions

Responsibilities and positions prescribed under the Minister rules that, if a person holds one or more, makes that person an accountable person

Note: See s10(2)–(4) of the FAR Act for the full definition.

Relevant group
The relevant group of an accountable entity means the accountable entity and its SREs: see s8 of the FAR Act
Regulator rules
The Financial Accountability Regime Act (Information for register) Regulator Rules 2024 (as amended or replaced from time to time)
Regulators
APRA and ASIC or either one of them, as the context requires
RSE licensee
Registrable superannuation entity licensee
SFI

Significant financial institution—An APRA-regulated entity that is either:

  • not a foreign ADI, a Category C insurer or an eligible foreign life insurance company, and has total assets in excess of:
    • AU$20 billion in the case of an ADI;
    • AU$10 billion in the case of a general insurer or life company;
    • AU$3 billion in the case of a private health insurer; or 
    • AU$30 billion in the case of a single RSE operated by an RSE licensee or, if the RSE licensee operates more than one RSE, where the combined total assets of all RSEs exceeds this amount; or 

  • determined as such by APRA, having regard to matters such as the complexity in its operations or its membership of a group.

    Note: See APRA’s letter of 20 July 2022 for further details.

SRE
Significant related entity—Has the meaning given in s12 of the FAR Act

Appendix A: ADI Key Functions descriptions
 

This appendix provides descriptions of each ADI Key Function referred to in the Regulator rules and the Financial Accountability Regime (Consequential Amendments) Transitional Rules 2024 (the Transitional rules).

As set out in the Regulator rules and Transitional rules, information regarding each ADI Key Function is only required to be provided and will only be included in the register of accountable persons where:

  • an ADI or an authorised NOHC of an ADI undertakes that particular ADI Key Function; and 
  • a person who is determined to be an accountable person in accordance with the FAR Act has actual or effective senior executive responsibility for management or control of the whole of, or a significant or substantial part or aspect of, that particular ADI Key Function.

The Regulator rules and Transitional rules do not require a relevant accountable entity to undertake each ADI Key Function or to assign each ADI Key Function to an accountable person.

Column 1

ADI Key Function

Column 2 

An accountable person has responsibility for the ADI Key Function in Column 1 if they have actual or effective senior executive responsibility for management or control of the whole of, or a significant or substantial part or aspect of, the applicable key function as described in this Column 2

1. Capital managementCapital management function, including the Internal Capital Adequacy Assessment Process, stress testing, capital buffers and capital instruments.
2. Collections and enforcement (default, debt collections and recovery)Collections and enforcement policies, procedures and practices for the monitoring, collection and enforcement of debt relating to a financial product or service, credit contract or consumer lease.
3. Conduct risk management Conduct risk management, including the identification and monitoring of the risk of inappropriate, unethical or unlawful behaviour on the part of the accountable entity’s management or employees.
4. Credit risk management

Credit risk management function, including:

  • evaluation of credit risk profile against board risk appetite and credit risk management strategy;
  • coverage of a broad range of aspects, such as:
    • credit risk policies and processes;
    • credit origination, assessment and approval;
    • credit administration, measurement and monitoring; and
    • counterparty credit risk; and
  • coverage of all business lines, including retail banking and business banking.
5. Data managementData management, including data strategy, data architecture, data management framework and governance, data quality and issue management, and data risk management, including the state of data controls and data privacy.
6. Financial and regulatory reportingFinancial and regulatory reporting function, including the preparation of statutory financial reporting, financial market disclosures (where relevant), and regulatory data collections, to relevant regulators including APRA and ASIC.
7. Hardship processesHardship policies, procedures and practices for responding to and managing consumers experiencing financial difficulty (not limited to any specific remediation activity). 
8. Liquidity and funding managementLiquidity and funding operations, including evaluation of liquidity and funding risk profile against board risk appetite, liquidity management strategy, funding strategy, liquidity reporting, funding plan and contingency funding plan.
9. Market risk management

Market risk management function, including evaluation of market risk profile against board risk appetite and market risk management strategy for the areas of:

  • traded and non-traded market risk; and
  • ensuring prudent valuations are reflected in pricing and capital.
10. Operational risk management

Operational risk management function, including:

  • maintaining the operational risk management framework and operational risk management strategy;
  • identifying, assessing and managing operational risk and compliance;
  • state of operational risk controls;
  • evaluation of operational risk profile against board risk appetite;
  • business continuity; and
  • service provider risk management.
11. Product design and distribution obligations

The various activities involved in complying with the product design and distribution obligations. 

Note: The product design and distribution obligations and the product origination key functions are related but may be distinguished as follows—The product design and distribution obligations involve ongoing monitoring of products and product governance arrangements, throughout the lifecycle of the product; the product origination obligations are concerned with specific obligations at the time the consumer acquires the product.

12. Product origination Product origination obligations that relate to financial products or credit contracts/consumer leases—including obligations relating to disclosure, contract formation, representations and responsible lending.
13. Recovery and exit planning and resolution planning

Recovery and exit planning function, including governance arrangements, trigger frameworks, recovery and exit options, scenario analysis, assessment of recovery capacity, and communication strategy.

Resolution planning function, including assisting APRA in identifying any critical functions, assessing the feasibility of resolution options, and removing barriers to the execution of a resolution plan.

14. Scam managementThe entity’s policies, procedures and practices designed to prevent and mitigate consumer loss from scams, and to respond to scams and consumers who have been the subject of scams. 
15. Technology managementTechnology management, including technology strategy, lifecycle management of technology used, state of technology controls, information security, disaster recovery, technology operations and infrastructure (including management and maintenance of business and technology applications).
16. Training and monitoring of relevant representatives and staffTraining and monitoring of staff and representatives providing financial products or financial services or engaging in credit activities on behalf of a licensee. This includes training on mandatory continuous education on a product, service or activity. 
17. Whistleblower policy and process Implementation and monitoring of the entity’s whistleblower policy and processes. 

Appendix B: Alignment between the FAR deferred remuneration obligations and CPS 511

Feature
FAR
CPS 511
Comparison
Scope

Entities: Applies to all accountable entities.

Persons: Accountable persons (directors and senior executives)

Threshold: Defer if more than $50,000 in deferred variable remuneration

Entities: Applies to all APRA-regulated entities. CPS 511 imposes deferral requirements on SFIs only; non-SFIs are expected to consider and apply deferral arrangements to align variable remuneration outcomes with risk time horizons under the standard. Foreign accountable entities that meet the SFI threshold must defer the variable remuneration of their highly paid material risk-takers in accordance with CPS 511.

Persons: For SFIs, their chief executive officers, senior managers, executive directors and highly paid material risk-takers. Foreign accountable entities that meet the SFI threshold, their highly paid material risk-takers only.

Threshold: Defer if $50,000 or more in deferred variable remuneration

The FAR variable remuneration deferral obligations apply to accountable entities regardless of size. Under CPS 511, deferral requirements do not apply to non-SFIs.
Meaning of ‘variable remuneration’

Variable remuneration is the amount of an accountable person’s total remuneration that is conditional on the achievement of objectives: see s26(1)(a)(i) of the FAR Act.

Examples of objectives include performance metrics and service requirements: see paragraph 1.98 of the Explanatory Memorandum.

Variable remuneration is the amount of a person’s total remuneration that is conditional on objectives, which include performance criteria, service requirements or the passage of time: see paragraph 20(x) of CPS 511.The definitions are consistent.
Start of deferral period
The deferral period for variable remuneration typically starts at the beginning of the performance period (typically the beginning of a financial year).The deferral period must include the period over which performance is assessed. APRA expects the deferral period to start from the beginning of the performance period for which the variable remuneration is being assessed.Broadly aligned.
Percentage of variable remuneration to defer
An accountable entity is required to defer 40% of the variable remuneration of all accountable persons for a minimum period of four years with no pro rata vesting permitted.

An SFI is required to defer for a:

  • chief executive officer—60% of variable remuneration for a minimum period of six years, with pro rata vesting permitted after four years;
  • senior manager or executive director—40% of variable remuneration for a minimum period of five years, with pro rata vesting permitted after four years; and
  • highly paid material risk-taker—40% of variable remuneration for a minimum period of four years, with pro rata vesting permitted after two years.

CPS 511 does not mandate deferral for non-SFIs.

Foreign accountable entities that meet the SFI threshold must defer the variable remuneration of their highly paid material risk-takers.

For SFIs, CPS 511 deferral requirements are proportionate to the role. For example, there is a more stringent deferral requirement for chief executive officers.
Value of deferred amount
The amount that must be deferred is based on the value of the variable remuneration as if it had been paid at the start of the performance period.The amount that must be deferred is based on the value of variable remuneration awarded in the financial year: see Prudential Practice Guide CPG 511 Remuneration (CPG 511).

Aligned.

Both regimes result in the same amount to be deferred, despite minor drafting variations.

Disclaimer

APRA disclaimer and copyright     
 

While APRA endeavours to ensure the quality of this publication, it does not accept any responsibility for the accuracy, completeness or currency of the material included in this publication and will not be liable for any loss or damage arising out of any use of, or reliance on, this publication.

© Australian Prudential Regulation Authority (APRA)

This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that APRA endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/     
 

ASIC disclaimer and copyright     
 

This information paper does not constitute legal advice. We encourage you to seek your own professional advice to find out how the Corporations Act and other applicable laws apply to you, as it is your responsibility to determine your obligations. 

Examples in this information paper are purely for illustration; they are not exhaustive and are not intended to impose or imply particular rules or requirements.

For ASIC purposes, this is Regulatory Guide 279 (RG 279).

© Australian Securities and Investments Commission     
 

Subscribe for updates

To receive media releases, publications, speeches and other industry-related information by email
Subscribe