Amendments to the Banking Act 1959 (Cth) — the Act — to implement the Banking Executive Accountability Regime (BEAR) became law early in 2018. The regime will commence on 1 July for the four major Australian trading banks and on 1 July 2019 for all other authorised deposit-taking institutions (ADIs) registered under the Act.
The BEAR applies only to ADIs and their directors and senior executives.
The BEAR applies only to ADIs and their directors and senior executives. It does not apply to other financial services organisations such as insurers, finance companies and superannuation funds (except to the extent that they form part of the ADI group). However, it is possible that the broader financial services sector may become subject to a “Finance Executive Accountability Regime” (FEAR) in the future.
Australian Prudential Regulation Authority and Australian Securities and Investments Commission
The main point of introducing the BEAR is to improve the conduct of banks, ensuring their directors and senior executives are accountable for that conduct. Clause 1.7 of the Explanatory Memorandum for the BEAR Bill made this very clear: “A key objective of the BEAR is to improve the operating culture of ADIs and increase transparency and accountability across the banking sector. By setting out accountability obligations in the Banking Act 1959 (Cth) and providing guidance about them, the Bill makes clear and enhances the obligations of ADIs and reinforces the standards of conduct expected of them by the community.”
Persons proposed for registration as ‘Accountable Persons’ must be ‘suitable’. There is no definition or guidance as to what this actually means.
And yet, regulatory responsibility has been given to APRA, a prudential regulator. APRA is not a conduct regulator and has no experience or resources to regulate conduct. APRA views the BEAR as part of a prudential regime and proposes to regulate it accordingly.
This is a curious arrangement for the enforcement of conduct obligations — such as acting with honesty and integrity, and due skill, care and diligence — but regulating those obligations with a focus on prudential standing and reputation may be an appropriate outcome for bank boards. However, as similar obligations will arise for most Accountable Persons under sections 180 and 181 of the Corporations Act 2001 (Cth) — the statutory duties of care and diligence, and good faith — it wouldn’t be a surprise if the Australian Securities and Investments Commission (ASIC) became de facto regulator of conduct under the BEAR, taking enforcement action under the Corporations Act 2001 (Cth).
The existence of similar obligations under the Corporations Act 2001 (Cth) has created an unresolved issue of double jeopardy: a bank director or executive is not liable for civil penalties for a breach of the BEAR, but they will be liable for civil penalties for a breach of similar obligations under the Corporations Act 2001 (Cth).
Bank directors and officers are also exposed to “stepping stone” actions by ASIC, which has developed a practice of alleging breaches of the duty of care and diligence under section 180(1) by directors and officers for “failing to prevent” legislative breaches by their companies. There is nothing to prevent ASIC using this technique for breaches of the BEAR by the bank. These are complex issues to contend with.
This prospect also raises the question of whether APRA (or ASIC) will seek to make Accountable Persons responsible for breaching their duties of care and diligence by “failing to prevent” unlawful conduct by lower-level bank employees, of the type that has recently been disclosed to the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.
The BEAR legislation has given APRA enhanced examination and investigation powers. It is a criminal offence to fail to attend or participate in an examination, or to fail to produce documents when requested. APRA may share information and documents obtained in an investigation with other regulators.
The ability of an ADI or Accountable Person to claim privilege in response to inquiries by APRA is also unsatisfactory. Amendments have been made to the Australian Prudential Regulation Authority Act 1998 (Cth) to permit lawyers — but not ADIs or Accountable Persons — to claim legal professional privilege in response to requests to produce documents. There are, however, some limits on the ability to use information, including privileged information, in criminal or penalty proceedings. The obligation to be “open, constructive and cooperative” with APRA also undermines the privilege against self-incrimination, which is not a basis to refuse to comply with that obligation. Hopefully, these longstanding legal protections will be afforded to Accountable Persons in practice.
APRA is able to allege in court that the breach has occurred under the Banking Executive Accountability Regime (BEAR) legislation, but it is the Federal Court that determines the appropriate penalty.
The court will need to consider the seriousness of the breach and the size of the ADI when determining the quantum of the penalty. If a person is disqualified by APRA
for breaching the BEAR, that person will have a right of appeal to the Federal Court.
The AICD will host a Director’s Regulatory Update webinar on Wednesday 27 June at midday (AEST). The update will cover:
BEAR; enhancements to protections for whistleblowers; the introduction of “deferred prosecution agreements”; a new “failure to prevent foreign bribery” offence.
The AICD policy team will discuss the implications of these changes and what they mean for directors and boards.
Other issues to be resolved
The provisions concerning deferral of remuneration contain a number of uncertainties. When does the deferral requirement commence for those with existing employment contracts, but who receive incentives under a separate plan? Is the percentage to be deferred based on the target amount of variable rem or the actual award? When does the four-year deferral period commence — at the time of the award or later? How are “sign-on” awards to be treated? How is a person who is promoted and becomes subject to the deferral regime to be treated? How is the deferred component to be valued? APRA is expected to provide guidance on these and other related issues.
The breach notification obligations are not subject to any materiality threshold or requirement (unlike other statutory compliance regimes). As a consequence, ADIs will be technically obliged to report all instances of a failure to comply with the BEAR obligations — no matter how trivial. Hopefully, this issue will be resolved by a regulatory instrument or guidance from APRA to avoid compliance costs for ADIs and monitoring costs for the authority.
Persons proposed for registration as Accountable Persons must be “suitable”. There is no definition or guidance as to what this actually means, and whether those who meet the existing “fit and proper person” tests must meet any additional requirements.
The accountability obligations require ADIs and Accountable Persons to take “reasonable steps” — but unlike in the United Kingdom and other jurisdictions with similar regimes, there is no guidance as to what constitutes “reasonable steps” for this purpose.
In particular, there is no guidance concerning delegation by Accountable Persons — which is an essential aspect of management structures in all ADIs, especially large ones.
The BEAR will also require a wholesale review by ADIs of their board charters and policies, the employment contracts of Accountable Persons, incentive plans, directors and officers liability insurance (D&O) and indemnity arrangements, to ensure consistency with the requirements of the BEAR.
- All members of the ADI board
- Executives responsible for prescribed management roles or responsible for a significant part or function of the ADI group — which is likely to “capture” between eight and 15 senior executives in an ADI
- All “Accountable Persons” must be “suitable” and be registered by APRA. APRA may refuse to register a person as an Accountable Person.
The accountability obligations of the ADI include taking “reasonable steps” to:
- Conduct its business with honesty and integrity, and with due skill, care and diligence.
- Deal with APRA in an open, constructive, cooperative way
- Prevent matters that would adversely affect prudential standing and prudential reputation
- Ensure that the Accountable Persons meet their accountability obligations.
The accountability obligations of Accountable Persons are to conduct the responsibilities of their position by:
- Acting with honesty and integrity, and with due skill, care and diligence
- Dealing with APRA in an open, constructive and cooperative way
- Taking reasonable steps to prevent matters that would adversely affect the ADI’s prudential standing and prudential reputation.
Note: there are no “reasonable steps” qualifications for individual obligations, to act with honesty and integrity, and with due skill, care and diligence; or to deal with APRA in an open, constructive and cooperative way. Further, these obligations do not have the same protections for directors and executives that apply to similar obligations under the Corporations Act 2001 (Cth).
- Where two executives share a management responsibility, the liability of each is joint and several
- The ADI must produce an “accountability map” that shows how responsibility for all of the operations of the ADI and its subsidiaries is allocated among the Accountable Persons
- There must be an “accountability statement” for each Accountable Person, setting out their responsibilities.
- A minimum specified percentage of the variable remuneration (rem) of each Accountable Person must be deferred for at least four years
- For CEOs of large ADIs, the percentage is 60 per cent; for all others, it is 40 per cent
- The ADI must have a policy under which variable remuneration of Accountable Persons may be reduced for failure to comply with accountability obligations.
- An ADI or related entity must not indemnify or pay to insure an Accountable Person against the consequences of a breach of the BEAR (excepting legal costs).
- ADIs must give APRA their accountability maps and statements, and notify changes to those documents
- ADIs must also notify APRA when an Accountable Person ceases to be an Accountable Person, is dismissed or suspended, or has their variable rem reduced
- ADIs must notify APRA when the ADI becomes aware of any breach of the accountability obligations of the ADI or an Accountable Person.
- The ADI is liable for a pecuniary penalty of up to $210 million for a breach of the BEAR
- APRA may disqualify an Accountable Person for a breach of the BEAR, but individuals are not liable for pecuniary penalties under the Banking Act 1959 (Cth) for a breach. An Accountable Person disqualified by APRA is entitled to seek a merits review in the Administrative Appeals Tribunal.
- If APRA concludes that an ADI has breached the BEAR obligations, APRA may commence proceedings in the Federal Court
- If the court finds that the ADI has breached the BEAR legislation, it can impose a civil penalty as follows: up to $210 million for large ADIs; up to $52.5m for medium ADIs; and up to $10.5m for small ADIs.
Views expressed are those of the author and do not represent the views of King & Wood Mallesons or its clients.