Welcome to the 6th and final instalment of our weekly updates following the Hayne Royal Commission into the financial services industry. This week we focus on Recommendation 4.12, in which Hayne recommends that the Banking Executive Accountability Regime (BEAR) be extended to other financial service providers, including insurers. Now that the full contents of the report have been laid bare, we can investigate what extending the BEAR beyond its native banking habitat (that’s the last one, we promise) means for the insurance industry and its executives.

BEAR – the essentials  

In short, BEAR is a compliance framework set out in Part IIAA of the Banking Act 1959 (Cth), requiring authorised deposit-taking institutions (ADIs) and key individuals within ADIs to meet certain “accountability obligations”. It was introduced in mid-2018 and is currently administered by APRA.

At its core, BEAR imposes a suite of duties and responsibilities on ADIs and designated individuals called ‘accountable persons’. Under the regime, ADIs are required to take reasonable steps to:

  • conduct business with honesty and integrity;
  • act with due skill, care and diligence;
  • deal with APRA in an open, constructive and co-operative way;
  • take reasonable steps to prevent matters from arising that would adversely affect the ADI’s prudential standing;
  • ensure its subsidiaries comply with these obligations; and
  • ensure that each of its accountable persons meets his or her accountability obligations.

It is this final requirement that is perhaps the most unique aspect of BEAR. An ADI’s (and soon, an insurer’s) ‘accountable persons’ comprise all directors of the board, individuals with actual or effective senior executive control of a significant or substantial aspect of the operations of the ADI, or an individual tasked with upholding one or more of the particular responsibilities specified in the legislation. Under the regime, these individuals are accountable for not only ensuring that their organisation meets the obligations outlined above in a general sense, but also in taking personal responsibility for a particular part or aspect of the organisation’s obligations.

How the overarching responsibilities are individually apportioned and delegated is the organisation’s prerogative. The choices will be reflected in two core documents APRA requires ADIs to produce:

  • an ‘accountability statement’ for each ‘accountable person’, detailing the parts or aspects of the organisation’s operations for which they are accountable; and
  • an ‘accountability map’, showing how collectively the responsibilities of ‘accountable persons’ coalesce to cover all aspects of the operations of the organisation.

BEAR also contains provisions surrounding remuneration, notification obligations and disqualification, and civil penalties for accountable persons.

Recommendation 4.12 – the BEAR migrates

Recommendation 4.12 was for many one of the less-surprising elements of Hayne’s final report, with Treasury having foreshadowed the expansion of BEAR beyond the banking sector in its submission to the Royal Commission dated 13 July 2018.

Insurers had even less reason to be surprised when this Recommendation is considered within the context of the ongoing regulatory framework within which they now operate. BEAR is, in many ways, a continuation of three emerging trends that have been embraced by regulators in recent years:

  • movement away from minimum compliance with rules towards principles-based regimes;
  • introducing tangible, measurable benchmarks to judge entities’ performance; and
  • expanding the remit of regulators to visit harsher sanctions on non-compliant entities and individuals.

In this sense, insurers can take comfort knowing BEAR represents an evolution rather than a revolution in the regulation and compliance space. While the introduction will require a concerted effort to ensure the requisite changes are adopted, insurers that have been mindful of Commissioner Hayne’s ‘6 Norms of Conduct’ (see Part 1 of our ‘Insurance After Hayne’ series) and given due consideration to their continued practice will find BEAR a corollary to these precepts, rather than a wholesale change.

BEAR mark 2 – a new breed

However, insurers and other financial services providers must be cognisant of some of the more technical aspects of BEAR in its revised form. Beyond the extension of BEAR across the financial services industry more generally (Recommendation 4.12), Hayne makes three other specific recommendations that see BEAR adapted for post-Commission application.

Joint administration of the BEAR – Recommendation 6.6

In what is perhaps the most consequential change, the revised regime would see ASIC join APRA in jointly administering BEAR. Commissioner Hayne noted that BEAR “has both a conduct and a prudential outlook”, and thus both regulators should now be involved. ASIC will have remit to bring proceedings in respect of conduct breaches, while APRA will be charged with the prudential aspects. Hayne has encouraged both regulators to adopt a ‘why not litigate’ approach to enforcement, as well as cooperation between ASIC and APRA in sharing information which may assist the other in the course of an investigation. In short, financial institutions will need to come to terms with a more active and comprehensive approach to investigations taken by the twin peaks operating in tandem.

Statutory amendments (to cooperate with APRA and ASIC) – Recommendation 6.7

While Recommendation 6.7 proposes amendments to sections 37K and 37G(1) of the Banking Act to facilitate the joint administration of ASIC/APRA outlined above, Recommendation 6.7 also proposes amendments to sections 37C and 37CA, giving legislative force to APRA’s current expectation that BEAR-governed entities and the accountable persons within them deal with APRA in a transparent manner. Recommendation 6.7 would see the Banking Act amended to contain requirements to deal with both APRA and ASIC in an ‘open, constructive and co-operative way’, seeing legislation enliven a tacit expectation of the regulators, opening the door to harsher sanctions for non-compliant directors and officers.

BEAR product responsibility – Recommendation 1.17

APRA currently states that accountable person(s) will be responsible for a given product’s design and distribution, as well as compliance with any applicable laws and regulations. The implementation of Recommendation 1.17 would see organisations appoint a single accountable person to be responsible for all steps in the design, delivery and maintenance of a particular financial product, as well as any necessary remediation of customers in respect of the product.

This recommendation was given as part of the suite of recommendations pertaining to banking institutions and not repeated in the insurance or governance sections, so it is currently unclear whether this component of the BEAR reforms will be extended to all financial services providers. However, given Hayne’s recommendation is that BEAR will be adapted to each new industry it reaches (i.e. superannuation and insurance), inclusion of a similar provision would not be unexpected.

Introduction and timeframes

Commissioner Hayne made it clear in his report that BEAR will be expanded iteratively, starting first with its rollout across the entirety of the banking sector before moving to superannuation and then insurance (with larger insurers first in line). In this respect, insurers will be given the luxury of time to prepare and learn from the banking and superannuation industries before it will have any further burden to bear. However, given governance and compliance has become a key focus not only for insurers but the entire financial services industry in the aftermath of the Hayne Commission, getting sound advice and taking proactive steps before BEAR is implemented would be prudent.

With extensive experience advising banks on the regime since its inception, Norton Rose Fulbright is well placed to assist insurers navigate BEAR and avoid the risks of non-compliance before the regime comes into full effect. Our experience guiding UK insurers and banks through the changes introduced in the Senior Manager & Certification Regime (a similar regime introduced in the UK to address culture, governance and accountability within financial services firms) has also proven invaluable for our local clients.

We hope you have enjoyed our 6-part series on the implications of the Hayne Royal Commission on insurers. Be sure to subscribe to Insurance Law Tomorrow for further insights across the industry more broadly.