Banking Royal Commission: More IT executives to be subject to accountability regime

CIOs in superannuation, insurance sectors to be covered by expanded BEAR

IT executives in the insurance and superannuation sectors will be covered by an expanded executive accountability regime.

Among the recommendations of the final report from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry were that the so-called ‘BEAR’ — the Banking Executive Accountability Regime — be expanded.

BEAR “should be expanded to all [Australian Prudential Regulation Authority]-regulated financial services institutions,” states the report by Commissioner Kenneth Hayne.

Hayne called for a phased rollout of the expanded regime: “After medium and small ADIs [authorised deposit-taking institutions] have complied with the BEAR in accordance with the current timetable, the largest RSE [registrable superannuation entity] licensees should also be required to comply with like provisions. Thereafter, the provisions should be applied to the balance of RSE licensees. After that, they should apply to the largest insurers and, thereafter, the balance of insurers.”

The government last year unveiled the legislation creating the BEAR, which covers individuals in banks that have senior executive roles, including individuals such as chief information officers or chief technology officers that have responsibility for IT systems.

Treasurer Josh Frydenberg today said the government will take “action” on all 76 of the Royal Commission’s recommendations.

The BEAR legislation — the Treasury Laws Amendment (Banking Executive Accountability and Related Measures) Act 2018 — received Royal Assent in February 2018.

It imposes a range of obligations on senior executives, including that they act “with honesty and integrity, and with due skill, care and diligence”, deal with APRA “in an open, constructive and cooperative way” and take reasonable steps in conducting their responsibilities “to prevent matters from arising that would adversely affect the prudential standing or prudential reputation of the ADI.”

The legislation obliges a minimal amount of the variable remuneration owed to an “accountable person” to be delayed. For a large ADI, that can be up to 40 per cent of the accountable person’s variable remuneration for the relevant financial year.

BEAR also allows APRA to apply for court orders disqualifying a CIO, CTO or other senior executive from acting in a particular position.

Hayne also called for a shift in the administration of the BEAR, with both APRA and the Australian Securities and Investments Commission (ASIC) to have responsibility.

IN a statement APRA noted that Hayne concluded it “needs to adopt a stronger stance in relation to its enforcement activities”.

The regulator is currently reviewing its enforcement strategy with the assistance of an independent expert panel. “This review has a wide scope that includes consideration of when to hold individuals to account (including under the BEAR), when it would be appropriate to take enforcement action to achieve general and specific deterrence in appropriate cases, and APRA’s governance and other related arrangements in relation to enforcement decisions,” the statement said.

APRA said it expected its report to be completed by the end of March.