The BEAR essentials: implementing organisational and individual accountability
Jun 6, 2018
Large ADIs need to comply with BEAR from 1 July 2018, with small and medium ADIs having an extra year. It is expected that the accountability requirements for executives will extend to insurers, superannuation funds and other regulated institutions.
by:
Karen Den-Toll
Rosalyn Teskey
Georgia Everitt
Deloitte Touche Tohmatsu
BEAR (Banking Executive Accountability Regime) will commence operation for large ADIs on 1 July 2018, with small and medium sized ADIs having an additional year to implement the regime. It is anticipated that the four major banks are the only entities that will be in the “large” category, but small and medium ADIs should not wait.BEAR can trigger a number of cultural, governance and compliance changes that need time to implement.
APRA has indicated that BEAR is the start of a program of improvement that it expects banks to undertake over time. APRA wants to see a credible plan and resourcing to effect better organisational outcomes, so that organisations do not miss the opportunity that BEAR brings to create more robust governance.
In supporting a number of ADIs in their BEAR implementation programs, we have observed the following key challenges.
1. Resourcing BEAR programs
The Royal Commission into misconduct in the banking, superannuation and financial services industries is creating a resource strain with many organisations having to split the focus of key people across a number of programs, including BEAR. The required skills for programs of this nature can be difficult to source, and the outputs of the early period of Royal Commission hearings seem likely to drive more activity across the same time period of BEAR implementation. Inadequately resourced BEAR programs may create delays, and could risk being able to meet the compliance deadline.
2. Identifying Accountable Persons
ADIs are adopting a structured approach to identifying who in their organisation is an accountable person (AP), and what their accountabilities are. They are focusing on less, rather than more APs (often “rolling up” accountabilities to more senior people).
It is not uncommon to find individuals with blurry or shared accountabilities. This can often be the case in more collaborative cultures, where decision-making is done on a consensus basis.
While collaboration is a positive for culture, BEAR requires some precision in nutting out who is accountable for what. Grey areas can emerge when making product/distribution decisions, or in IT development. Scenario testing can be used to help clarify this, and often to sharpen the thinking of the executives involved about how accountabilities will work. As APRA’s chairman has recently noted, clarity of accountability is essential:
“In many ADIs, there is often collective responsibility for various aspects of its business: for any given process or product, there are often hand-offs of responsibility (including, at times, to external partners and suppliers). But this creates the risk of collective responsibility leading to no individual accountability. Clarity of accountability – the foundation of the BEAR – goes to the heart of a strong risk culture.”
In order to meet their obligations, APs will need to be comfortable with the span of their accountabilities, ensuring they can exercise appropriate oversight and decision-making, and whether they receive appropriate management information on a timely basis.
APRA has not produced a standardised template for Accountability Statements but, has allowed ADIs to come up with their own early drafts, which APRA is providing feedback on.
APRA expects statements to be effective documents, on which each individual Accountable Person has reviewed and is aware of, and that can withstand scenario testing to identify who in an organisation is accountable.
APRA seems to be largely agnostic as to length or style of the statements, provided they meet their purpose.
3. Breach reporting and consequence management
Defining what may constitute a BEAR breach is proving challenging. APRA has stressed that its focus is on prudential issues, and the most serious matters should only be reported to it. However, the regime contains no materiality threshold for breach reporting, essentially requiring everything to be reported. It also mandates that both ADIs and APs need to be open and co-operative with APRA.
In addition, while APRA is focused on prudential issues arising under BEAR, the regime covers conduct-related requirements such as honesty, integrity, due skill, care and diligence.
In the UK under the Senior Managers Regime (SMR), only breaches that result in disciplinary action, where there is a compensation impact, or that the firm believed the regulators would want to know about, need urgent reporting. A similar test could be considered for BEAR.
ADIs need to consider how their process for identifying and assessing whether APs have breached their BEAR obligations, including the consequence management process, will work. The focus should be on achieving the right cultural and regulatory outcomes from the process, including learning from mistakes, and ensuring that the process avoids becoming adversarial in nature.
4. Conflicts with foreign regulation
ADIs with foreign subsidiaries have a two-fold challenge. Firstly, how do they take reasonable steps to ensure those subsidiaries comply with BEAR, particularly where local laws operate differently and potentially create barriers for shareholders to influence local decision-making? Secondly, where an executive is accountable for foreign subsidiaries, how do they effectively discharge their obligations?
The interaction between foreign regulations and BEAR may not be straightforward to implement.
Through operating in overseas jurisdictions, firms may encounter conflicting rules around accountability, governance, and standards of Management Information reporting to the group, possibly making it difficult for the ADI or Accountable Person to demonstrate that they met their accountability obligations.
Organisations may need legal advice about whether there are direct conflicts, or merely inconsistencies, between BEAR and other regimes. Although APRA may exempt an ADI or AP from a BEAR obligation, if it would contravene a foreign law, APRA’s current position is that it will look to discuss the circumstances of each entity, and be apprised of the specific examples of conflict, to test whether there is a direct contravention of overseas laws by meeting BEAR obligations.
5. Uncertainty in the legislation
Some wording in the legislation is ambiguous, and appears to conflict with the Explanatory Memorandum, no doubt in part due to the Government’s short consultation and somewhat rapid passage of the law. In addition, late amendments seem to create some uncertainty as to the start date of certain remuneration deferral requirements for small and medium ADIs.
There continues to be uncertainty about the meaning of terms such as “prudential standing” and “prudential reputation”, for which some guidance from APRA may be useful.
APRA has, at this stage, taken the view that, unless it sees a clear requirement to, it will not introduce any additional specified responsibilities, or exercise any of its other class order or similar powers.
In the near term, APRA is not planning to release any additional guidance or update Prudential Standards for BEAR, but plans to review these for consistency with BEAR after 1 July 2018.
6. Remuneration arrangements
Firms have been considering current remuneration arrangements, assessing whether they meet BEAR obligations, and if they don’t, making relevant changes. APRA’s chairman has recently stated that Directors should consider the period over which a significant issue could play out, and consider whether a four-year deferral of variable remuneration is enough. If Boards determine a longer period is needed, APRA’s expectation seems to be that Boards will adopt that.
7. Governance structures
Compliance with BEAR will be underpinned by clear, logical and effective governance structures. Both the ADI and APs need to meet accountability obligations, and good governance helps to deliver this, as well as to support it with evidence of effective decision-making.
Reviewing delegations and policies will also be important, to ensure that delegates understand what has been delegated to them, and that the AP can appropriately oversee their performance of those delegated functions.
Ultimately, BEAR should not be viewed as simply a compliance or a human resource exercise. The regime may initially require a change to some systems, controls, and administrative tasks, but BEAR is intended to drive better governance, decision-making, and clearer accountabilities.
Firms should use this as an opportunity to take a fresh look at how they operate their business, and potentially streamline and resolve longstanding governance shortcomings, and use BEAR to drive cultural change in the organisation.