Financial Accountability Regime: Information for accountable entities
Executive summary
In September 2023, Australia introduced the Financial Accountability Regime (FAR) to improve accountability standards in entities regulated by the Australian Prudential Regulation Authority (APRA), improve operating culture and reinforce the standards of conduct expected by the Australian community. The FAR also imposes consequences in the event of a material failure to meet those expectations. The regime is jointly administered by APRA and the Australian Securities and Investments Commission (ASIC) (collectively, the Regulators).
The FAR replaces and expands on the Banking Executive Accountability Regime (BEAR). The FAR applies to:
- authorised deposit-taking institutions (ADIs) and their authorised non-operating holding companies (NOHCs) from 15 March 2024; and
- insurers, their licensed NOHCs, and registrable superannuation entity (RSE) licensees from 15 March 2025.
The FAR introduces four core sets of obligations:
- accountability obligations for accountable entities and accountable persons;
- key personnel obligations;
- deferred remuneration obligations; and
- notification obligations.
This information paper helps accountable entities and their accountable persons understand and comply with their obligations under the FAR.
The FAR recognises that it is the actions of the directors and the most senior and influential executives within a business that shape the conduct of the business itself. Improving accountability within the business, therefore, requires strengthening and clarifying individual accountability.
The Regulators expect accountable entities will:
- embed elements of the FAR into their internal accountability framework; and
- continue to refine their accountability framework and practices to establish and maintain clear and strong accountability.
1. Overview
1.1 Purpose of this information paper
The purpose of this information paper is to:
- assist accountable entities and their accountable persons in understanding and complying with their obligations under the Financial Accountability Regime; and
- provide an overview on how the Regulators will jointly administer the FAR including how the Regulators will use their regulatory and enforcement powers.
This information paper should be read in conjunction with:
- the Financial Accountability Regime Act 2023 (FAR Act);
- the Financial Accountability Regime (Consequential Amendments) Act 2023 (FCA Act);
- the explanatory memorandum that accompanied the Financial Accountability Regime Bill 2023 and Financial Accountability Regime (Consequential Amendments) Bill 2023 (Explanatory Memorandum);
- the Joint Administration Agreement (JAA), which is an agreement between the Regulators that sets out the arrangements for joint administration of the FAR;
- the Financial Accountability Regime (Minister) Rules 2024 (Minister rules); and
- the Financial Accountability Regime Act (Information for register) Regulator Rules (Regulator rules), issued by the Regulators from time to time, which prescribe specific data items for inclusion in the FAR register.
Note: Regulator rules are legislative instruments and when made appear on the Federal Register of Legislation.
1.2 Overview of the FAR
In 2019, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry recommended that provisions modelled on the BEAR be extended to all APRA-regulated entities, including APRA-regulated insurers and RSE licensees. The Royal Commission also recommended the extended regime be jointly administered by the Regulators, with APRA overseeing prudential aspects and ASIC overseeing matters that concern consumer protection and market conduct. The FAR is the result of the implementation of these Royal Commission recommendations.
1.3 Joint administration of the FAR
The FAR aims to:
- improve the operating culture of entities in the banking, insurance and superannuation industries; and
- increase transparency and accountability across these industries—for both prudential and conduct-related matters.
The role each Regulator plays under the FAR is consistent with their broader purpose under the twin peaks model for financial regulation in Australia.
In administering the FAR, ASIC focuses on market integrity and consumer protection in the financial system and payments system; APRA focuses on the prudential soundness of regulated entities as well as the financial stability of the overall system. The Regulators are collaborating so that the FAR is administered in an efficient and consistent way.
APRA and ASIC each have responsibility for the general administration of FAR. However, ASIC can perform certain functions and exercise certain powers only in relation to:
- accountable entities that hold an Australian financial services licence or Australian credit licence;
- the significant related entities (SREs) of such accountable entities; and
- accountable persons of such accountable entities and their SREs.
Such accountable entities are referred to as dual-regulated accountable entities in this information paper.
The Regulators’ JAA outlines the approach to joint administration.
1.3.1 Single point of contact
The Regulators have established a single point of contact (FAR@apra.gov.au) for entities to raise queries or requests.
All queries or requests submitted through this email address will be triaged and allocated within APRA or ASIC as appropriate. Additionally, entities can apply for relief under relevant provisions of the FAR Act by writing to this email address.
Note: The Regulators only have limited powers to adjust the operations of certain provisions of the FAR Act.
1.3.2 Single portal for data collection
APRA Connect will be used for the FAR data collection—for example, registrations, notifications and lodgements of accountability maps and statements. Entities do not need to submit the same information to each regulator separately. Information submitted through APRA Connect will be made available to both APRA and ASIC for review.
2. Accountable entities
2.1 Determining whether an entity is core or enhanced
The FAR only requires accountable entities that meet the enhanced notification threshold (enhanced entities) to submit accountability maps and statements and to notify the Regulator of material changes to these documents. Whether an entity is classified as enhanced or core in the Minister rules is based on their total asset value: see Table 1.
Table 1: Enhanced notification thresholds for different accountable entities
Accountable entity | Total asset value |
ADIs | $20 billion |
General insurers and life companies | $10 billion |
Private health insurers | $3 billion |
RSE licensees | $30 billion |
Note: There are no enhanced notification thresholds prescribed in the Minister rules for foreign accountable entities.
Core entities must meet the core notification obligations (see section 4.1), and enhanced entities must meet the core and the enhanced notification obligations (see section 4.2).
Additionally, the Minister rules provide that if one accountable entity within a corporate group is an enhanced entity, all accountable entities within that group will also be enhanced entities (regardless of their own total asset size).
2.2 Accountability obligations of accountable entities
An accountable entity must take reasonable steps to:
- conduct its business with honesty and integrity, and with due skill, care and diligence;
- deal with the Regulators in an open, constructive and cooperative way;
- in conducting its business, prevent matters from arising that would adversely affect the accountable entity’s prudential standing or prudential reputation;
- ensure that each of its accountable persons meets their accountability obligations; and
- ensure that each of its SREs complies with the above.
2.3 Key personnel obligations of accountable entities
An accountable entity must:
- ensure that the responsibilities of accountable persons collectively cover all areas of the business operations of the accountable entity and its relevant group;
- ensure that none of their accountable persons are prohibited from being an accountable person (see section 3.3);
- comply with any directions issued by the Regulators; and
- take reasonable steps to ensure that each of its SREs complies with the second and third obligations above.
2.4 Identifying significant related entities
Accountable entities will need to identify all of their SREs. The FAR imposes obligations on accountable entities to take reasonable steps to ensure that each of their SREs complies with the relevant accountability, key personnel, deferred remuneration and notification obligations as if they were an accountable entity.
The FAR recognises that poor behaviour by an SRE can damage the reputation of the accountable entity itself, as consumers often associate the services and products provided by an SRE with the accountable entity’s brand.
An entity is an SRE of an accountable entity if:
- it is a subsidiary of the accountable entity or, if the accountable entity is an RSE licensee, a connected entity;
- it is a constitutionally covered body;
- it is not an accountable entity itself; and
- its business or activities have or are likely to have a material and substantial effect on the entity.
An accountable entity should consider both financial and non-financial risk factors when assessing whether an entity is an SRE. These risk factors include:
- the nature and scale of the entity’s business or activities;
- the nature and extent of any interdependency between the entity and the accountable entity; and
- any organisational, financial or administrative arrangements, including any material business activity, between the entity and the accountable entity.
Note: Paragraph 1.36 of the Explanatory Memorandum describes the relationship between an accountable entity and its SRE in a similar way to how APRA defines ‘material business activity’ in Prudential Standard CPS 231 Outsourcing (CPS 231), Prudential Standard HPS 231 Outsourcing (HPS 231) and Prudential Standard SPS 231 Outsourcing (SPS 231).
Additionally, accountable entities should consider whether the business activities of the related entity could have a substantial impact on their customers, operations, brand, reputation, legal and regulatory compliance, and people, regardless of the size of the related entity.
The Regulators expect an accountable entity to put in place robust methodologies and procedures to assess which of their subsidiaries or connected entities are SREs. Such methodologies and procedures should align and integrate with the accountable entity’s broader risk management framework.
2.5 Foreign accountable entities
The following entities are foreign accountable entities under the FAR:
- a foreign ADI (as defined in the Banking Act 1959);
- a foreign general insurer (within the meaning of the Insurance Act 1973); or
- an eligible foreign life insurance company (within the meaning of the Life Insurance Act 1995) registered under s21 of the Life Insurance Act 1995.
Foreign accountable entities must identify whether they have any SREs. In doing so, the Regulators expect foreign accountable entities to consider whether any of their locally incorporated subsidiaries have or are likely to have a material and substantial effect on their Australian branch or its operations rather than on the foreign accountable entities as a whole.
The FAR requires a foreign accountable entity to ensure that the responsibilities of the accountable entity’s accountable persons cover all parts or aspects of the operations of the branch of the accountable entity operating in Australia, the prescribed responsibilities and the responsibilities associated with the prescribed positions.
3. Accountable persons
3.1 Accountability obligations of accountable persons
An accountable person must conduct their responsibilities by:
- acting with honesty and integrity, and with due skill, care and diligence;
- dealing with the Regulators in an open, constructive and cooperative way;
- taking reasonable steps to prevent matters from arising that would adversely affect the accountable entity’s prudential standing or prudential reputation; and
- taking reasonable steps to prevent matters from arising that would result in a material contravention by the accountable entity of any of the laws specified under s21(d) of the FAR Act.
3.2 Identification of accountable persons
Accountable entities must identify their accountable persons and the accountable persons of their SREs. They should ensure that there are clear lines of accountability and must ensure that the responsibilities of accountable persons collectively cover:
- all areas of the operations of the accountable entity and its SREs (or in the case of foreign accountable entities, of their Australian branch); and
- the prescribed responsibilities and the responsibilities associated with the prescribed positions.
3.2.1 Accountable persons of accountable entities
There are two ways of identifying accountable persons of accountable entities. An accountable person will:
- meet the criteria and hold a responsibility under s10(1) of the FAR Act (general responsibilities); and/or
- hold one or more of the responsibilities in relation to or positions in the accountable entity under the Minister rules.
However, a person is only an accountable person of a foreign accountable entity if they have a relevant responsibility or hold a relevant position in relation to a branch of the entity that is operating in Australia.
An accountable person may hold multiple responsibilities and/or positions, or hold a mixture of general responsibilities and prescribed responsibilities or positions.
The allocation of responsibilities is expected to appropriately reflect the size and nature of an accountable entity’s business, and to accurately reflect the way those responsibilities are held.
The Regulators will not prescribe or recommend the appropriate number of accountable persons of an accountable entity. Accountable entities are encouraged to carefully consider how their business operates and where accountability rests in practice. Registering a very large number of (less senior) individuals may dilute accountability inappropriately. Conversely, a very small number of key executives who do not in practice span actual or effective accountability for all aspects of operations may concentrate accountability inappropriately. The number of accountable persons will likely vary with the size and complexity of the business—for example, it may be appropriate that small accountable entities only have a few individuals (other than directors) who are accountable persons, given the scale of their businesses.
3.2.2 Accountable persons of significant related entities
Accountable entities must also identify accountable persons of their SREs—that is, where the person meets the criteria and holds a general responsibility under s10(6) of the FAR Act. The prescribed responsibilities and positions in the Minister rules are not used to identify accountable persons of SREs. However, it should be noted that an accountable person does not necessarily need to be an accountable person of the SRE or to sit within the SRE itself to hold responsibilities relating to that SRE.
Similar to accountable persons of accountable entities, accountable persons of SREs should be kept to the most senior executive level.
3.3 Registration of accountable persons
A person is prohibited from being an accountable person of an accountable entity or SRE if the person is:
- not registered in respect of the accountable entity or SRE; or
- disqualified from being an accountable person of the accountable entity or SRE.
Accountable entities may apply to the Regulators via APRA Connect to register an individual as an accountable person. The registration application must consist of:
- a completed registration form;
- a declaration that the accountable entity is satisfied that the individual is suitable (for more information, see the box below); and
- for enhanced entities, the accountability statement for the individual.
Declaration to register an accountable person
- It is the accountable entity’s responsibility to assess whether the individual is suitable to be an accountable person.
- The Regulators expect that this declaration will be made by the chair of the relevant board committee, or a person delegated to sign on the board’s behalf.
- The declaration is set out on the registration form and can be provided by electronic signature.
Instructions for completing the reporting forms, including the registration form, are available on the APRA website.
The Regulators do not approve applications to register an accountable person, but may request that the accountable entity provide more information in relation to an application. If the application meets all the requirements, the individual will be deemed registered 21 days after either the date of application or, where applicable, the date the accountable entity provides further requested information to the Regulators.
An individual must be registered before being an accountable person with the following exceptions. There is a grace period of:
- 90 days if the individual becomes an accountable person by filling a temporary or unforeseen vacancy; or
- 30 days if the individual:
- is appointed as a director of the accountable entity at a general meeting; or
- becomes an accountable person of a newly licensed accountable entity.
Period for registration
It is the responsibility of accountable entities to ensure that they meet the registration requirements. Therefore, accountable entities must submit the applications to register an accountable person at least 21 days before the individual becomes an accountable person or any applicable grace period outlined above expires.
Applications with incorrect or missing information may result in the accountable persons not being registered in time, which will put the accountable entity in breach of its key personnel obligations.
3.4 Assigning key functions to accountable persons
The Regulator rules prescribe certain key functions for inclusion in the FAR register for the purposes of s40(4)(g) of the FAR Act. Key functions are functions or functional areas that are deemed to be of particular importance from a prudential and conduct perspective.
Accountable entities are expected to know where senior executive responsibility for any applicable key functions lies as part of the processes that support compliance with their key personnel obligations. The information in relation to the assignment of these key functions will assist the Regulators to have visibility over, and clarity in relation to, accountability for those functions.
3.4.1 The concept of key functions
The concept of key functions does not expand the definition or scope of responsibilities of accountable persons under the FAR Act. An accountable entity should only allocate an applicable key function to a person the entity has determined to be an accountable person in accordance with the FAR Act. Accountable entities are not required to undertake each key function or to assign each key function to an accountable person.
Table 2 sets out the key differences between responsibilities and positions that cause a person to be an accountable person under the FAR Act (set out in the Minister rules) and the concept of key functions (set out in the Regulator rules).
Table 2: Key differences between responsibilities and positions that cause a person to be an accountable person and key functions
Feature | Responsibilities and positions that cause a person to be an accountable person | Key functions |
Authority | Defined under s10 of the FAR Act. | Prescribed information for inclusion in the FAR register under the Regulator rules. |
Purpose | To identify accountable persons (e.g. an individual who holds one or more prescribed responsibilities and/or positions is an accountable person). | To assist the Regulators in assessing whether accountable entities are adequately assigning accountability across all operational areas to their accountable persons (a key function can only be assigned to a person who is determined to be an accountable person in accordance with the FAR Act and who has relevant senior executive responsibility for the key function). |
Scope | End-to-end accountability (i.e. an individual that holds a responsibility under s10 of the FAR Act has end-to-end accountability in relation to that responsibility). | The assignment of a key function to an accountable person does not necessarily mean that the accountable person has end-to-end accountability in relation to that key function (i.e. there may be different responsibilities around that key function). |
Joint accountability | Joint accountability applies where two or more accountable persons are holding the same responsibilities: see s21(2) of the FAR Act. | Joint accountability does not necessarily apply where multiple accountable persons have been assigned the same key function, given those accountable persons do not necessarily have end-to-end accountability in relation to that key function. |
3.4.2 Application of key functions
As part of their key personnel obligations under s23(1) or s23(3) of the FAR Act, accountable entities are required to ensure that the responsibilities of accountable persons collectively cover all parts or aspects of their operations and that of their relevant group (or, in the case of foreign accountable entities, of their Australian branch). Therefore, key functions do not create any new responsibilities for accountable persons and they can only be allocated to an existing accountable person. The need to allocate applicable key functions will not result in accountable entities having to register lower-level executives as accountable persons.
The Regulators emphasise that the list of key functions outlined in the Regulator rules is non-exhaustive. Accordingly, the allocation of all applicable key functions is unlikely to result in compliance with the above requirements.
Accountable entities must assess which (if any) of the key functions are applicable to them and determine whether any accountable persons have relevant responsibility for those key functions. The Regulators acknowledge that some of the key functions outlined in the Regulator rules may not be applicable to foreign accountable entities or licensed NOHCs. Additionally, some of the Insurance Key Functions may not be applicable to private health insurers.
Note: The key functions concept does not apply to SREs. Accountable entities are not required to consider if any of the key functions are applicable to their SREs.
Accountable entities have discretion about which key functions are assigned to which accountable persons, as long as it reflects actual practices. One accountable person may have no key functions assigned to them, while another accountable person may have multiple key functions. Accountable entities can assign a key function to more than one accountable person if this reflects different responsibilities in relation to that function.
The descriptions of each ADI Key Function, Insurance Key Function and RSE licensee Key Function are included in Appendix A to help accountable entities assign the relevant key functions to their accountable persons (where applicable).
The assignment of a key function to an accountable person does not automatically mean that the accountable person has end-to-end accountability for that key function: see Example 1.
Example 1: Assigning key functions to more than one accountable person
In Accountable Entity X, there are several accountable persons assigned to the accountable entity’s operational risk management key function:
- the chief executive officer is accountable for ensuring that the accountable entity as a whole operates within the board-approved operational risk appetite;
- the chief risk officer is accountable for the development and maintenance of the operational risk management framework; and
- a senior executive is responsible for the identification and management of the operational risks inherent in certain products, activities, processes and systems.
For an enhanced entity, the Regulators expect the content of the accountability statement of an accountable person would align with the accountable person’s allocated key function(s). Chapter 4 has further detail on the content of accountability statements and maps.
4. Notification obligations
4.1 Core notification obligations
All accountable entities must notify the Regulators when certain events that impact their accountability framework or compliance with the FAR have occurred. Accountable entities must submit the relevant FAR notification form(s) in APRA Connect within 30 days after the occurrence of a notifiable event.
An accountable entity must notify the Regulators when an accountable person of the accountable entity or of an SRE of the accountable entity:
- ceases to be an accountable person;
- is dismissed or suspended because the person has failed to comply with their accountability obligations; or
- has their variable remuneration reduced because the person has failed to comply with their accountability obligations.
An accountable entity must also notify the Regulators if:
- it has reasonable grounds to believe that:
- it has failed to comply with its accountability obligations or key personnel obligations (accountable entity breach); or
- an accountable person of the accountable entity, or of an SRE of the accountable entity, has failed to comply with their accountability obligations (accountable person breach)—for more information, see section 4.1.1; or
- a material change occurs to information that relates to an accountable person of the accountable entity, or of an SRE of the accountable entity, and is contained in the FAR register.
To support accountable entities’ compliance with their notification obligations, the Regulators expect each entity to establish internal governance arrangements and processes that will enable timely identification of any breaches of accountability obligations or other notification events. Accountable entities must also take reasonable steps to ensure that each of their SREs complies with these requirements.
4.1.1 Reporting breaches and material changes to the Regulators on APRA Connect
Accountable entities must notify the Regulators if they have reasonable grounds to believe that a relevant breach has occurred by submitting the relevant breach reporting form via APRA Connect.
There are separate forms for notifying the Regulators of:
- entity breaches; and
- accountable person breaches.
If the accountable entity takes action to address the breach (e.g. by suspending, dismissing or reducing the variable remuneration of an accountable person) after the breach reporting form has been submitted, the entity must resubmit the breach reporting form on APRA Connect with additional information about the action taken.
Further information, such as the outcomes of its assessment of the root causes or impact of the breach, may come to light after the initial submission of the breach forms. As such, an accountable entity may need to resubmit the relevant forms to inform the Regulators of the additional information.
A material change to the FAR register would include a change in the assignment of a key function to an accountable person. However, changes that are trivial in nature (such as the correction of an immaterial typographical error) would not be considered a material change.
4.2 Enhanced notification obligations
The FAR only requires enhanced entities to prepare and submit accountability maps and statements and to notify the Regulators of material changes to these documents:
- the initial accountability statement of an accountable person needs to be provided as part of the application for registration of the accountable person (for more information on accountability statements, see section 4.2.1); and
- the initial accountability map of an accountable entity needs to be provided within 30 days after the entity becomes an accountable entity and accompanied by submitting the relevant FAR notification form in APRA Connect (for more information on accountability maps, see section 4.2.2).
Where there are material changes to any accountability statement or the accountability map, the accountable entity must submit the revised accountability statement or map together with the relevant FAR notification form in APRA Connect within 30 days after those changes: for more information on material changes, see section 4.2.3.
Accountable entities are also required to take reasonable steps to ensure that each of their SREs complies with the above requirements in relation to accountability statements.
The enhanced notification obligations ensure that for larger, more complex accountable entities or corporate groups, the Regulators will have access to documents that would enable them to understand where accountability lies within the accountable entities. Core accountable entities are not required to submit accountability statements or maps. However, all accountable entities are encouraged to appropriately document their accountability arrangements, including how they comply with their key personnel obligations.
4.2.1 Enhanced entities—Accountability statements
Enhanced entities must give the Regulators an accountability statement for each of its accountable persons. The statement must detail the part(s) or aspect(s) of the accountable entity’s, or its relevant group’s, operations for which they are accountable and their responsibilities.
The Regulators have provided guidance on the format and minimum content of accountability statements, and a suggested template: see FAR accountability statement guidance and template. The Regulators are taking a principles-based approach to administering obligations about the content of statements and maps, and will periodically assess whether additional content needs to be prescribed in the Regulator rules.
Accountability statements must reflect actual accountability as it operates in practice within the accountable entity and its relevant group. Accountability statements should be specific to both the accountable entity and the individual accountable person. The Regulators expect the content of the accountability statement of an accountable person would align with the accountable person’s allocated key function(s). However, the Regulators do not expect that the allocation of any key function(s) to an accountable person would, in itself, materially shape the content or structure of the accountability statement of the accountable person.
The Regulators expect individuals nominated as accountable persons to be closely involved in the development of their own accountability statement. These individuals should have read, understood and accepted the areas of accountability as drafted, as well as the accountability obligations of an accountable person under the FAR Act. Individual accountable persons must sign their accountability statement declaring that the content is accurate and they understand their accountability obligations.
4.2.2 Enhanced entities—Accountability map
Enhanced entities must give the Regulators an accountability map showing lines of reporting and responsibility within the enhanced entities or their relevant group. The minimum requirements are set out in s34 of the FAR Act.
The Regulators have not provided a suggested template for an accountability map. Accountable entities are encouraged to consider constructing their map in a way that will best help them clarify their organisational structure and chart where ultimate accountability for their various businesses and functions lies across the accountable entity or its relevant group.
In particular, the Regulators expect an accountability map would include reporting lines to and from each accountable person. To promote consistency and readability, the Regulators also expect the language used in an accountability map to align with that in accountability statements.
4.2.3 Enhanced entities—Material changes to accountability statements and maps
Enhanced entities must notify the Regulators through APRA Connect of material changes to their accountability statements and map.
It is the responsibility of an enhanced entity to determine whether a change is material in nature. The enhanced entity must consider all of the relevant circumstances and, in turn, determine whether one or more of the notification requirements has been triggered.
A change to an accountability statement or map is likely to be a material change if the accountability statement or map no longer accurately reflects the operations of the enhanced entity and its SREs, or the responsibilities and reporting lines of each accountable person.
Examples of changes to an accountability statement or map that are likely or unlikely to be considered material are provided in Table 3.
Table 3: Examples of material and non-material changes
Likely to be considered material changes | Unlikely to be considered material changes |
|
|
The above examples of changes that are unlikely to be considered material, should nonetheless still be incorporated into revised accountability statements and map and submitted with any subsequent notifications regarding a material change.
4.2.4 Corporate groups—Accountability statements and map
An individual may be an accountable person of multiple accountable entities and/or SREs within the same corporate group. If the enhanced notification obligations under the FAR apply, those entities may choose to prepare and submit one single accountability statement covering all relevant matters for that individual. However, the individual’s allocated areas of accountability and responsibility for each accountable entity and SRE must be clearly identifiable.
Similarly, where there are multiple accountable entities within the same corporate group and the enhanced notification obligations under the FAR apply, it is open to those entities to prepare and submit one single accountability map covering all relevant accountable persons. However, the details of the reporting lines and lines of responsibility of all accountable persons of each accountable entity and SRE must be clearly identifiable.
5. Deferred remuneration obligations
5.1 Overview of the deferred remuneration obligations
An accountable entity must:
- defer payment of at least 40% of an accountable person’s variable remuneration for a minimum of four years;
- have in place a remuneration policy that requires a reduction in an accountable person’s variable remuneration if they fail to comply with their accountability obligations;
- ensure that any required reduction of variable remuneration is not paid or transferred to the accountable person; and
- take reasonable steps to ensure that each of its SREs complies with the deferred remuneration obligations.
When the FAR deferred remuneration obligations will start to apply depends on the industry: see Table 4.
Table 4: Deferred remuneration start dates for different accountable entities
Accountable entity | Start date |
ADIs and their authorised NOHCs | The deferred remuneration obligations apply to remuneration decisions that occur in the first financial year that begins after 15 September 2024 (i.e. six months after the FAR commences for these entities): see item 11(2) of Sch 2 to the FCA Act. |
All other accountable entities | The deferred remuneration obligations apply to remuneration decisions that occur from 15 March 2025 (i.e. when the FAR commences for these entities): see item 23(2) of Sch 2 to the FCA Act. |
Note: Please see s28(2)(a) of the FAR Act for further details on remuneration decisions.
The requirement to defer variable remuneration ensures that accountable persons have clear incentives to promote effective risk management when making decisions that have longer term impacts. It also ensures that accountable persons are properly held to account for decisions that have negative future consequences.
An effective implementation of the accountability regime requires a broad assessment of an accountable entity’s incentive structures and remuneration policies, including their application and resulting outcomes, as a key component of the process.
5.2 Exemptions from the deferred remuneration obligations
The deferred remuneration obligations under s25(1)(a) of the FAR Act do not apply to an accountable person if:
- the deferred amount for the accountable person for a particular financial year is less than $50,000; or
- the person becomes an accountable person by filling in a temporary or unforeseen vacancy and the person is not registered or required to be registered as an accountable person.
5.3 Interaction between the FAR and CPS 511
Apart from the deferred remuneration obligations under the FAR, accountable entities that are significant financial institutions (SFIs) under APRA’s prudential framework will also need to ensure that they meet the relevant deferral requirements under Prudential Standard CPS 511 Remuneration (CPS 511). CPS 511 took effect:
- for ADIs and their authorised NOHCs that are SFIs from 1 January 2023;
- for insurance and superannuation entities that are SFIs from 1 July 2023; and
- for all other APRA-regulated entities from 1 January 2024.
CPS 511 only mandates deferred remuneration requirements for SFIs. As a result, accountable entities that are SFIs will in most cases satisfy the FAR deferred remuneration obligations when complying with the CPS 511 deferral requirements. That is because the CPS 511 deferral requirements are generally more prescriptive than the deferred remuneration obligations under the FAR.
Appendix B summarises the areas of alignment between the FAR and CPS 511 in relation to deferred remuneration. While the two regimes broadly align, Appendix B outlines certain nuances that accountable entities should be aware of during implementation.
6. Enforcement
6.1 The Regulators’ approach
The FAR will be enforced by both APRA and ASIC. As outlined in the JAA, the Regulators will work together on investigations and enforcement of the FAR, and focus on:
- proactive engagement and cooperation;
- early and regular consultation with one another;
- open and timely sharing of information and expertise; and
- coordinated and timely use of powers.
The Regulators can exercise their enforcement powers independently, except in instances of disqualification of an individual or in the issuing of directions to accountable entities. In these circumstances, the Regulators are required to agree before exercising these powers (see s38 of the FAR Act).
Note: Where an accountable entity is not a dual-regulated accountable entity, only APRA can exercise the FAR enforcement powers in relation to such accountable entity, its SREs and accountable persons of such accountable entity and its SREs.
The Regulators have a range of powers to respond to contraventions of the FAR, including the ability to bring civil proceedings and take administrative action against an accountable entity or person. Criminal offences also apply in certain circumstances.
The Regulators will pursue the most appropriate regulatory response to contraventions of the FAR, which may include exercising one or more enforcement powers under the FAR or other laws. In some circumstances, the Regulators may respond to contraventions of the FAR as part of their day-to-day supervisory activities rather than through the exercise of enforcement powers under the FAR.
The Regulators will take enforcement action to disrupt, deter and respond to contraventions of the FAR obligations with the objective of improving the risk and governance cultures in accountable entities.
The Regulators will also use the FAR in their supervisory activities, including to help identify the most appropriate point-of-contact at an accountable entity for particular issues.
6.2 Civil penalty and other proceedings
The Regulators may pursue civil penalties and other court orders for contraventions of the FAR. If a court makes a declaration that a civil penalty provision has been contravened, it may order the wrongdoer to pay a civil penalty up to the maximum amount.
Maximum penalties for a body corporate and for an accountable person are set out in the FAR Act: see s83(2) and s83(3).
The Regulators may make an application to the court for injunctive relief to prevent a person from engaging in specified conduct where there has been a relevant contravention of the FAR, or may seek interim court orders during an investigation: see s85 of the FAR Act.
6.3 Administrative action
The Regulators have the power to take administrative actions under the FAR, such as issuing directions to an accountable entity, disqualifying an accountable person or accepting an enforceable undertaking from an accountable entity or accountable person.
The Regulators do not need to go to court for these actions. However, the Regulators may pursue these remedies in conjunction with court action. For example, if an accountable person fails to meet their accountability obligations, the Regulators may disqualify them as well as commence civil penalty proceedings against the accountable entity.
6.3.1 Directions power
The Regulators can direct an accountable entity to take certain action to address non-compliance with the FAR or to reallocate the responsibilities of an accountable person. Decisions by the Regulators in relation to a direction may be reconsidered by the Regulators and reviewed by the Administrative Appeals Tribunal (or any body that replaces the Administrative Appeals Tribunal). Non-compliance with a direction may attract a civil penalty and may also be an offence: see s66 of the FAR Act.
6.3.2 Disqualification
The Regulators may disqualify an individual from acting as an accountable person if the person has breached their accountability obligations: see s42 of the FAR Act.
6.3.3 Court enforceable undertakings
The Regulators can accept court enforceable undertakings to address contraventions of the FAR by an accountable person or accountable entity in relation to any matter over which the Regulators have a power or function under the FAR: see s84 of the FAR Act. If the relevant party does not comply with their undertakings, the Regulators may seek to enforce the undertaking through the courts and/or take other action.
6.4 Transitional enforcement matters for ADIs
6.4.1 Regulatory actions under the BEAR after FAR commencement
APRA can continue to exercise its powers under the BEAR after the FAR has commenced. That is, if a breach of the BEAR occurs before the BEAR is repealed, APRA can still exercise its powers under the BEAR to deal with any such breaches: see item 18 of Sch 2 to the FCA Act.
Alternatively, APRA may use the FAR to take action in relation to a breach of the BEAR. Actions that can be taken under the FAR in relation to breaches of the BEAR include issuing a non-compliance direction and disqualifying an accountable person. If an accountable person is disqualified under the BEAR, they will continue to be disqualified under the FAR. An ADI can also have its authority revoked as a result of breaches of the BEAR, regardless of whether the breach was committed before or after the FAR has commenced. Such breaches can be prosecuted under the FAR despite the breach occurring under the BEAR: see paragraph 1.320 of the Explanatory Memorandum.
Any decisions made under the BEAR can continue to be reviewed following the existing review procedures. Any action by APRA in progress under the BEAR may still proceed after the BEAR is repealed, including if the action relates to breaches that come to light after the FAR has commenced but that relate to a period before the FAR has commenced.
Information collected under the BEAR can be used to investigate breaches under the FAR. This is regardless of whether the breach occurred before or after the FAR has commenced: see paragraph 1.321 of the Explanatory Memorandum.
6.4.2 Other obligations that continue under the BEAR after FAR commencement
Certain other obligations under the BEAR will continue to apply to ADIs after the commencement of the FAR to enable the effective transition from the BEAR: see paragraphs 1.318 and 1.319 of the Explanatory Memorandum. These include:
- following directions, either to reallocate responsibilities or for non-compliance; and
- complying with court enforceable undertakings and injunctions.
Glossary
accountability map | A document that complies with s34 of the FAR Act |
---|---|
accountability statement | A statement that complies with s33 of the FAR Act |
accountable entity | Accountable entity has the same meaning as set out in s9 of the FAR Act |
accountable person | Accountable person has the same meaning as set out in s10 and 11 of the FAR Act Note: See also Part 2 of the Minister rules. |
ADI | Authorised deposit-taking institution |
ADI Key Function | ADI Key Function has the same meaning as set out in s4 of the Regulator rules |
APRA | Australian Prudential Regulation Authority |
ASIC | Australian Securities and Investments Commission |
BEAR | The Banking Executive Accountability Regime, which is set out in Pt IIAA of the Banking Act 1959 (as in force up to and immediately before the commencement of Pt 2 of Sch 1 of the FCA Act) |
connected entity | Connected entity has the meaning as set out in s10 of the Superannuation Industry (Supervision) Act 1993 |
CPS 511 | Prudential Standard CPS 511 Remuneration (CPS 511) |
enhanced entity | An entity that is subject to both core and enhanced notification obligations under s31(1) and 31(2) of the FAR Act |
enhanced notification thresholds | The thresholds that determine whether accountable entities will need to meet the enhanced notification obligations in s31(2) of the FAR Act. The obligations apply if the entity:
|
Explanatory Memorandum | The explanatory memorandum that accompanied the Financial Accountability Regime Bill 2023and Financial Accountability Regime (Consequential Amendments) Bill 2023 |
FAR | The Financial Accountability Regime established by the FAR Act and Schs 1 and 2 of the FCA Act (as the context requires) |
FAR Act | Financial Accountability Regime Act 2023 (as may be amended or replaced from time to time) |
FCA Act | Financial Accountability Regime (Consequential Amendments) Act 2023 (as may be amended or replaced from time to time) |
FAR register | Register of accountable persons, established under and kept in accordance with s40 of the FAR Act |
Insurance Key Function | Insurance Key Function has the same meaning as set out in s4 of the Regulator rules |
JAA | Joint Administration Agreement—An agreement between APRA and ASIC that sets out the arrangements for joint administration of the FAR (as may be amended or replaced from time to time) |
key functions | Specified areas of responsibility that accountable entities must allocate to accountable persons, where applicable. Key functions provide a focus point for the Regulators to understand where accountability for matters of regulatory focus may sit within the accountable entity. |
Minister rules | The Financial Accountability Regime (Minister) Rules 2024 |
NOHC | Non-operating holding company |
prescribed responsibilities and positions | Responsibilities and positions prescribed under the Minister rules that, if a person holds one or more, makes that person an accountable person Note: See s10(2)–(4) of the FAR Act for the full definition. |
Relevant group | The relevant group of an accountable entity means the accountable entity and its SREs: see s8 of the FAR Act |
Regulator rules | The Financial Accountability Regime Act (Information for register) Regulator Rules 2024 (as amended or replaced from time to time) |
Regulators | APRA and ASIC or either one of them, as the context requires |
RSE licensee | Registrable superannuation entity licensee |
RSE licensee Key Function | RSE licensee Key Function has the same meaning as set out in s4 of the Regulator rules |
SFI | Significant financial institution—An APRA-regulated entity that is either:
|
SRE | Significant related entity—Has the meaning given in s12 of the FAR Act |
Appendix A: Key Functions descriptions
This appendix provides descriptions of each ADI Key Function, Insurance Key Function and RSE licensee Key Function (Key Function) referred to in the Regulator rules.
As set out in the Regulator rules, information regarding each Key Function is only required to be provided and will only be included in the register of accountable persons where:
- an accountable entity undertakes that particular Key Function; and
- a person who is determined to be an accountable person in accordance with the FAR Act has actual or effective senior executive responsibility for management or control of the whole of, or a significant or substantial part or aspect of, that particular Key Function.
The Regulator rules do not require a relevant accountable entity to undertake each Key Function or to assign each Key Function to an accountable person.
The following three tables outline the:
- ADI Key Functions descriptions (Table 5);
- Insurance Key Functions descriptions (Table 6); and
- RSE licensee Key Functions descriptions (Table 7).
Table 5: ADI Key Functions descriptions
Column 1 ADI Key Function | Column 2 An accountable person has responsibility for the ADI Key Function in Column 1 if they have actual or effective senior executive responsibility for management or control of the whole of, or a significant or substantial part or aspect of, the applicable key function as described in this Column 2 |
---|---|
1. Capital management | Capital management function, including the Internal Capital Adequacy Assessment Process, stress testing, capital buffers and capital instruments. |
2. Collections and enforcement (default, debt collections and recovery) | Collections and enforcement policies, procedures and practices for the monitoring, collection and enforcement of debt relating to a financial product or service, credit contract or consumer lease. |
3. Conduct risk management | Conduct risk management, including the identification and monitoring of the risk of inappropriate, unethical or unlawful behaviour on the part of the accountable entity’s management or employees. |
4. Credit risk management | Credit risk management function, including:
|
5. Data management | Data management, including data strategy, data architecture, data management framework and governance, data quality and issue management, and data risk management, including the state of data controls and data privacy. |
6. Financial and regulatory reporting | Financial and regulatory reporting function, including the preparation of statutory financial reporting, financial market disclosures (where relevant), and regulatory data collections, to relevant regulators including APRA and ASIC. |
7. Hardship processes | Hardship policies, procedures and practices for responding to and managing consumers experiencing financial difficulty (not limited to any specific remediation activity). |
8. Liquidity and funding management | Liquidity and funding operations, including evaluation of liquidity and funding risk profile against board risk appetite, liquidity management strategy, funding strategy, liquidity reporting, funding plan and contingency funding plan. |
9. Market risk management | Market risk management function, including evaluation of market risk profile against board risk appetite and market risk management strategy for the areas of:
|
10. Operational risk management | Operational risk management function, including:
|
11. Product design and distribution obligations | The various activities involved in complying with the product design and distribution obligations. Note: The product design and distribution obligations and the product origination key functions are related but may be distinguished as follows—The product design and distribution obligations involve ongoing monitoring of products and product governance arrangements, throughout the lifecycle of the product; the product origination obligations are concerned with specific obligations at the time the consumer acquires the product. |
12. Product origination | Product origination obligations that relate to financial products or credit contracts/consumer leases—including obligations relating to disclosure, contract formation, representations and responsible lending. |
13. Recovery and exit planning and resolution planning | Recovery and exit planning function, including governance arrangements, trigger frameworks, recovery and exit options, scenario analysis, assessment of recovery capacity, and communication strategy. Resolution planning function, including assisting APRA in identifying any critical functions, assessing the feasibility of resolution options, and removing barriers to the execution of a resolution plan. |
14. Scam management | The entity’s policies, procedures and practices designed to prevent and mitigate consumer loss from scams, and to respond to scams and consumers who have been the subject of scams. |
15. Technology management | Technology management, including technology strategy, lifecycle management of technology used, state of technology controls, information security, disaster recovery, technology operations and infrastructure (including management and maintenance of business and technology applications). |
16. Training and monitoring of relevant representatives and staff | Training and monitoring of staff and representatives providing financial products or financial services or engaging in credit activities on behalf of a licensee. This includes training on mandatory continuous education on a product, service or activity. |
17. Whistleblower policy and process | Implementation and monitoring of the entity’s whistleblower policy and processes. |
Table 6: Insurance Key Functions descriptions
Column 1 Insurance Key Function | Column 2 An accountable person has responsibility for the Insurance Key Function in Column 1 if they have actual or effective senior executive responsibility for management or control of the whole of, or a significant or substantial part or aspect of, the applicable key function as described in this Column 2 |
---|---|
1. Capital management | Capital management function, including the Internal Capital Adequacy Assessment Process, stress testing, capital buffers and capital instruments. |
2. Conduct risk management | Conduct risk management, including the identification and monitoring of the risk of inappropriate, unethical or unlawful behaviour on the part of the accountable entity’s management or employees. |
3. Data management | Data management, including data strategy, data architecture, data management framework and governance, data quality and issue management, and data risk management, including the state of data controls and data privacy. |
4. Financial and regulatory reporting | Financial and regulatory reporting function, including the preparation of statutory financial reporting, financial market disclosures (where relevant), and regulatory data collections, to relevant regulators including APRA and ASIC. |
5. Hardship processes | Hardship policies, procedures and practices for responding to and managing consumers experiencing financial difficulty (not limited to any specific remediation activity). |
6. Insurance risk management | Product design, development and distribution, reserving and pricing functions including: framework, strategy, policies, procedures, assessment, pricing targets and tolerances, and any other related aspects. Note: This key function is different from the ‘Product design and distribution obligations’ key function in that this relates to managing insurance risk of the entity (i.e. issues/matters that may impact the financial soundness of the insurer and reporting and governance thereof). |
7. Operational risk management | Operational risk management function, including:
|
8. Product design and distribution obligations | The various activities involved in complying with the product design and distribution obligations. Note: The product design and distribution obligations and the product origination key functions are related but may be distinguished as follows—The product design and distribution obligations involve ongoing monitoring of products and product governance arrangements, throughout the lifecycle of the product; the product origination obligations are concerned with specific obligations at the time the consumer acquires the product. |
9. Product origination | Product origination obligations that relate to financial products—including obligations relating to disclosure, contract formation and insurer representations. |
10. Recovery and exit planning and resolution planning | Recovery and exit planning function, including governance arrangements, trigger frameworks, recovery and exit options, scenario analysis, assessment of recovery capacity, and communication strategy. Resolution planning function, including assisting APRA in identifying any critical functions, assessing the feasibility of resolution options, and removing barriers to the execution of a resolution plan. |
11. Reinsurance management | Reinsurance functions including reinsurance strategy, management and administration. |
12. Scam management | The entity’s policies, procedures and practices designed to prevent and mitigate consumer loss from scams and fraud, and to respond to incidents of scams and fraud and consumers who have been affected by such incidents. |
13. Technology management | Technology management, including technology strategy, lifecycle management of technology used, state of technology controls, information security, disaster recovery, technology operations and infrastructure (including management and maintenance of business and technology applications). |
14. Training and monitoring of relevant representatives and staff | Training and monitoring of staff and representatives providing financial products or financial services or engaging in activities on behalf of a licensee. This includes training on mandatory continuous education on a product, service or activity. |
15. Underwriting | Underwriting function including:
|
16. Whistleblower policy and process | Implementation and monitoring of the entity’s whistleblower policy and processes. |
Table 7: RSE licensee Key Functions descriptions
Column 1 RSE licensee Key Function | Column 2 An accountable person has responsibility for the RSE licensee Key Function in Column 1 if they have actual or effective senior executive responsibility for management or control of the whole of, or a significant or substantial part or aspect of, the applicable key function as described in this Column 2 |
---|---|
1. Conduct risk management | Conduct risk management, including the identification and monitoring of the risk of inappropriate, unethical or unlawful behaviour on the part of the accountable entity’s management or employees. |
2. Data management | Data management, including data strategy, data architecture, data management framework and governance, data quality and issue management, and data risk management, including the state of data controls and data privacy. |
3. Financial and regulatory reporting | Financial and regulatory reporting function, including the preparation of statutory financial reporting, financial market disclosures (where relevant), and regulatory data collections, to relevant regulators including APRA and ASIC. |
4. Hardship processes | Hardship policies, procedures and practices for responding to and managing consumers experiencing financial difficulty (not limited to any specific remediation activity). |
5. Investment management | Investment management function, including:
|
6. Liquidity management | Liquidity management function, including:
|
7. Marketing and advertising | Oversight, design and implementation of the entity’s marketing and advertising strategy and budget to ensure consistency with the best financial interests of members and sole purpose obligations of superannuation trustees. |
8. Member outcomes and member engagement | Responsibilities for delivering member outcomes and managing member engagement, including:
|
9. Operational risk management | Operational risk management function, including:
|
10. Product design and distribution obligations | The various activities involved in complying with the product design and distribution obligations. Note: The product design and distribution obligations and the product origination key functions are related but may be distinguished as follows—The product design and distribution obligations involve ongoing monitoring of products and product governance arrangements, throughout the lifecycle of the product; the product origination obligations are concerned with specific obligations at the time the consumer acquires the product. |
11. Product origination | Product origination obligations that relate to financial products, including obligations relating to disclosure, customer onboarding, product implementation and RSE licensee representations. |
12. Recovery and exit planning and resolution planning | Recovery and exit planning function, including governance arrangements, trigger frameworks, recovery and exit options, scenario analysis, assessment of recovery capacity, and communication strategy. Resolution planning function, including assisting APRA in identifying any critical functions, assessing the feasibility of resolution options, and removing barriers to the execution of a resolution plan. |
13. Scam management | The entity’s policies, procedures and practices designed to prevent and mitigate consumer loss from scams and fraud, and to respond to incidents of scams and fraud and consumers who have been affected by such incidents. |
14. Technology management | Technology management, including technology strategy, lifecycle management of technology used, state of technology controls, information security, disaster recovery, technology operations and infrastructure (including management and maintenance of business and technology applications). |
15. Training and monitoring of relevant representatives and staff | Training and monitoring of staff and representatives providing financial products or financial services. This includes training on mandatory continuous education on a product, service or activity. |
16. Whistleblower policy and process | Implementation and monitoring of the entity’s whistleblower policy and processes. |
Appendix B: Alignment between the FAR deferred remuneration obligations and CPS 511
Feature | FAR | CPS 511 | Comparison |
Scope | Entities: Applies to all accountable entities. Persons: Accountable persons (directors and senior executives) Threshold: Defer if more than $50,000 in deferred variable remuneration | Entities: Applies to all APRA-regulated entities. CPS 511 imposes deferral requirements on SFIs only; non-SFIs are expected to consider and apply deferral arrangements to align variable remuneration outcomes with risk time horizons under the standard. Foreign accountable entities that meet the SFI threshold must defer the variable remuneration of their highly paid material risk-takers in accordance with CPS 511. Persons: For SFIs, their chief executive officers, senior managers, executive directors and highly paid material risk-takers. Foreign accountable entities that meet the SFI threshold, their highly paid material risk-takers only. Threshold: Defer if $50,000 or more in deferred variable remuneration | The FAR variable remuneration deferral obligations apply to accountable entities regardless of size. Under CPS 511, deferral requirements do not apply to non-SFIs. |
Meaning of ‘variable remuneration’ | Variable remuneration is the amount of an accountable person’s total remuneration that is conditional on the achievement of objectives: see s26(1)(a)(i) of the FAR Act. Examples of objectives include performance metrics and service requirements: see paragraph 1.98 of the Explanatory Memorandum. | Variable remuneration is the amount of a person’s total remuneration that is conditional on objectives, which include performance criteria, service requirements or the passage of time: see paragraph 20(x) of CPS 511. | The definitions are consistent. |
Start of deferral period | The deferral period for variable remuneration typically starts at the beginning of the performance period (typically the beginning of a financial year). | The deferral period must include the period over which performance is assessed. APRA expects the deferral period to start from the beginning of the performance period for which the variable remuneration is being assessed. | Broadly aligned. |
Percentage of variable remuneration to defer | An accountable entity is required to defer 40% of the variable remuneration of all accountable persons for a minimum period of four years with no pro rata vesting permitted. | An SFI is required to defer for a:
CPS 511 does not mandate deferral for non-SFIs. Foreign accountable entities that meet the SFI threshold must defer the variable remuneration of their highly paid material risk-takers. | For SFIs, CPS 511 deferral requirements are proportionate to the role. For example, there is a more stringent deferral requirement for chief executive officers. |
Value of deferred amount | The amount that must be deferred is based on the value of the variable remuneration as if it had been paid at the start of the performance period. | The amount that must be deferred is based on the value of variable remuneration awarded in the financial year: see Prudential Practice Guide CPG 511 Remuneration (CPG 511). | Aligned. Both regimes result in the same amount to be deferred, despite minor drafting variations. |
Disclaimer
APRA disclaimer and copyright
While APRA endeavours to ensure the quality of this publication, it does not accept any responsibility for the accuracy, completeness or currency of the material included in this publication and will not be liable for any loss or damage arising out of any use of, or reliance on, this publication.
© Australian Prudential Regulation Authority (APRA)
This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that APRA endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/
ASIC disclaimer and copyright
This information paper does not constitute legal advice. We encourage you to seek your own professional advice to find out how the Corporations Act and other applicable laws apply to you, as it is your responsibility to determine your obligations.
Examples in this information paper are purely for illustration; they are not exhaustive and are not intended to impose or imply particular rules or requirements.
For ASIC purposes, this is Regulatory Guide 279 (RG 279), first issued March 2024.
© Australian Securities and Investments Commission