Information paper

Financial Accountability Regime: ADI accountability statement guidance and template

  • Banking
  • Current
    3 October 2023
Under s31(2)(a) and 33 of the Financial Accountability Regime Act 2023 (FAR Act), authorised deposit-taking institutions (ADIs) subject to the FAR enhanced notification obligations (enhanced ADIs) are required to provide to APRA and ASIC (the Regulators) an accountability statement for each of its accountable persons describing the areas of responsibility attributed to that person. Enhanced ADIs must take reasonable steps to ensure their significant related entities (SREs) provide accountability statements of their accountable persons to the Regulators.
Note: A reference to ADIs in this document is generally a reference to ADIs and their authorised nonoperating holding companies (NOHCs) unless the context suggests otherwise.
The template on page 2 is a guide for enhanced ADIs on the format and minimum content required for accountability statements. Enhanced ADIs are expected to update or prepare the accountability statements of existing or new accountable persons to reflect the expanded scope of the FAR. Other ADIs (referred to as core ADIs under the FAR) may use this template to internally document their accountability obligations.
Individual statements must reflect accountability as it operates in practice within the ADI and its relevant group. Accountability statements should be specific to both the enhanced ADI or SRE, and the individual accountable person. This will mean some degree of variation in accountability statements for similar roles between enhanced ADIs and SREs, reflecting differences in duties. Such variation is both acceptable and required where reflecting actual practice.
Note: The relevant group of an accountable entity is the accountable entity and its SREs—see s8 of the FAR Act.
It is expected that, at a minimum, accountability statements will:
  • clearly articulate what an accountable person is accountable for with respect to the ADI or its relevant group and be sufficiently explicit and detailed in defining the accountable person’s responsibilities and establishing the outcome expected in relation to each responsibility;
  • be comprehensive, covering all areas of responsibility of an accountable person, with no gaps in responsibility. Where there is joint accountability, this should be explicitly identified and defined. Caveats or limitations to responsibilities are expected to be used to the minimum extent possible. Where there are caveats to responsibilities, there should be clarity about where the residual responsibility resides;
  • align with the actual practices and governance arrangements of the enhanced ADI. As such, the Regulators may query an ADI where its accountability statements do not appear to be consistent with its existing documentation including, but not limited to, internal and external governance documents; and
  • when considered collectively, articulate and delineate responsibilities across an ADI or a relevant group.
To assist enhanced ADIs and SREs in providing the required information, the template is accompanied by instructions and guidance on the minimum content required—see Attachment A.

Accountability statement template

This accountability statement is provided to APRA and ASIC in accordance with s31(2)(a) and s33 of the Financial Accountability Regime Act 2023 (FAR Act).
Last updated
 

Section 1: Accountable person details

Name
 
Institution
 
Employer
 
Role title
 
Role start date
 
Reports to
 
Responsibilities under s10(1) and 10(6) of the FAR Act
 
Responsibilities under s10(2) and 10(3) of the FAR Act as prescribed under the Minister rules
 

Section 2: Responsibilities of the accountable person

Part, or aspect of, the ADI’s or its SRE’s operations of which the accountable person has actual or effective responsibility for management or control (s33(a)(i) of the FAR Act):
 
[Tailor the number of rows in the next table as required.]
Area of responsibility
Description of responsibility
(s33(a)(ii) of the FAR Act)
Joint
(yes or no)
1
 
 
2
 
 
3
 
 
4
 
 
5
 
 
6
 
 

Section 3: Limitations upon and exclusions of responsibility

[INSERT]

Section 4: Declaration

I, [INSERT NAME OF THE ACCOUNTABLE PERSON], declare that:
  • the content of this accountability statement is accurate; and
  • I understand my accountability obligations under s21 of the FAR Act.
Signature ………………………………………….… Date………………………………………..

Attachment A: Financial Accountability Regime—Guidance on completing the ADI accountability statement template

The accountability statements of an enhanced ADI must outline the parts or aspects of the enhanced ADI or its SRE’s operations over which an accountable person has actual or effective management or control, and the responsibilities of the accountable person: see s33(a)(i) and (ii) of the FAR Act.
In outlining relevant areas of responsibility, the Regulators expect accountability statements to describe the actions, decisions and outcomes for which the individual is accountable, with respect to those parts or aspects of the enhanced ADI’s or its relevant group’s operations. An individual’s accountability statement should be updated over time if needed to reflect any material changes. Material changes must also be notified to the Regulators, as per s31(2)(b) of the FAR Act.
Note: For guidance on what constitutes a material change, see section 5.2.1 of the Regulators’ October 2023 information paper ADIs: Transitioning to the Financial Accountability Regime.
The accountability statement template includes a field to provide the date on which the statement was last updated. Where appropriate, the effective date for each version of an accountability statement should be consistent with other relevant documentation, such as any accompanying registration or notifiable events forms, and accountability maps.
Enhanced ADIs and their SREs should establish internal processes to keep accountability statements current and to ensure that the Regulators are notified within 30 days of any material changes to the same, as required under s31(6)(a) of the FAR Act.

Section 1 guidance: Accountable person details

In section 1 of the accountability statement, provide key details about the relevant accountable person. Indicate whether the individual is an accountable person under s10(1), 10(2), 10(3) and/or 10(6) of the FAR Act and, in the case of s10(2) and/or 10(3), the responsibilities held as prescribed by the Minister rules.

Section 2 guidance: Responsibilities of the accountable person

In section 2 of the accountability statement, describe the part or aspect of the ADI’s or its SRE’s operations for which the accountable person has actual or effective responsibility for management or control (s10(1) or 10(6) of the FAR Act) or the prescribed responsibility or position held by the accountable person (s10(2) or 10(3) of the FAR Act).
For each area of responsibility of an accountable person, clearly articulate the accountable person’s responsibilities, including the outcome expected in relation to each responsibility. Where any responsibility is held jointly by multiple individuals, this should be clearly set out as a joint responsibility on the accountability statement of each relevant individual: see s21(2) of the FAR Act.
In compiling an accountability statement, the Regulators expect particular attention to be given to the allocation of key functions and primary areas of focus (PAFs) of prudential and conduct significance, including responsibility for the management of prudential and conduct risks with respect to those responsibilities.

Key functions

The Regulators expect the content of the accountability statement of an accountable person would align with the accountable person’s allocated key function(s), if any. However, key functions and the allocations thereof are not expected to materially reshape the content or structure of an accountability statement. It is the Regulators’ expectation that statements of areas of responsibility will describe and reflect the key functions allocated to the accountable person. Any changes to the accountable person’s allocated key functions or nature of responsibilities should be reflected in the accountability statement for alignment.
More than one accountable person may hold the same key function if this reflects the allocation of responsibilities in relation to that function. These functions are deemed by the Regulators to be of particular importance and the Regulators consider that the inclusion of this information in statements of areas of responsibility (where applicable) will assist to provide the Regulators with visibility over, and clarity in relation to, accountability for the functions listed.
Note: The Regulators have recently consulted on the proposed Regulator Rules, Transitional Rules and ADI key functions descriptions and have received submissions in response to that consultation. The Regulators are currently considering the matters raised in those submissions and intend that relevant guidance will align with the final versions of the Regulator Rules, Transitional Rules and ADI key functions descriptions.

Primary areas of focus

In addition to key functions, the Regulators have developed a list of PAFs for enhanced ADIs to consider when developing accountability statements, as set out in Figure 1. This is a nonexhaustive list serving as a prompt for consideration when developing accountability statements, but it should not be considered as a checklist.
While PAFs are listed by prescribed responsibility, accountability statements should reflect actual practice and understanding of where responsibility rests within the accountable entity. Therefore, a PAF may be more appropriate under a different accountable person or prescribed responsibility than as listed in Figure 1. For example, for a particular ADI, the senior executive with the responsibility for overall risk controls and risk management of the ADI may be responsible for stress testing, rather than the senior executive who has the responsibility for the management of financial resources of the ADI, as suggested in Figure 1.
Authorised NOHCs of ADIs and foreign ADIs should also consider the list of PAFs beyond those listed under their specific prescribed responsibilities to the extent that they are relevant for their business.
A number of PAFs can, and in many cases should, appear on multiple statements in relation to a different action or expected outcome for which an individual is accountable as a result of the individual’s role. For example, in relation to risk appetite:
  • the board of an ADI approves the risk appetite statement;
  • the chief executive officer may be accountable for ensuring that the ADI as a whole operates within the board-approved risk appetite;
  • the chief risk officer may be accountable for monitoring and reporting on actual risk profiles against the board-approved risk appetite; and
  • the head of internal audit may be accountable for conducting an independent review on the controls put in place by business to ensure alignment with the board-approved risk appetite.
An ADI is encouraged to carefully consider the wording of the role’s key accountabilities in relation to any PAFs, avoiding non-specific language when expanding on generic terms such as ‘manage’ or ‘oversee’ in sufficient detail to properly describe the accountabilities. An expected outcome may be usefully described by specific, action-oriented terms including, but not limited to:
  • delivering;
  • monitoring;
  • approving;
  • reviewing;
  • recommending;
  • challenging; or
  • escalating.
The level of detail expected to explain the responsibility in relation to any particular PAF will depend on the complexity of the organisation, in terms of size, risk profile, business lines or organisational structure. Additional detail may be required to provide clarity on any points of handover between accountable persons. For less complex institutions with simpler structures, this may mean fewer handover points requiring detailed explanation as a single accountable person may be accountable for a PAF on an end-to-end basis.
Figure 1 Primary areas of focus
Member of the board of the ADI or ADI NOHC, where relevant
  • Role as chair or member of specific board committees (where relevant)
  • Contribution to:
  • board’s role in providing oversight and approvals
  • board oversight of financial and non-financial risk and approval of risk appetite and risk management framework
  • board approval of the Internal Capital Adequacy Assessment Process (ICAAP) and dividend payments
  • board approval and application of the remuneration policy
  • board oversight of audit (including safeguarding its independence)
  • board oversight of compliance
  • board view and actions on organisational and risk culture
  • board oversight of financial reporting, corporate governance and continuous disclosure
Business activities of the relevant group of the ADI, relevant group of the ADI NOHC or the foreign ADI, where relevant
  • Overall strategy and business plan (including the strategy in relation to fintech businesses and cryptocurrency, where relevant)
  • Risk appetite
  • Major transactions (e.g. acquisitions and originations)
  • Escalate to and brief the board on material risk issues (financial and non-financial)
  • Organisational structure and internal governance
  • Allocation of the responsibilities of accountable persons to cover all aspects of the operations of the entity and its significant related entities
Financial resources of the ADI or ADI NOHC, where relevant
  • Capital management, including the ICAAP and capital instruments
  • Liquidity and funding operations
  • Liquidity and funding risk appetite, frameworks, policies and reporting
  • Funding plan and contingency funding plan
  • Financial reporting and accounting
  • Regulatory reporting
  • Market risk management, including interest rate risk and foreign exchange risk
  • Financial planning, forecasting and budgeting
  • Market disclosure obligations
  • Investments spending and capital deployment
  • Stress testing
  • Recovery and exit planning, and resolution planning
Overall risk controls and risk management of the ADI or ADI NOHC, where relevant
  • Risk appetite and risk management framework including in relation to but not limited to credit risk management and operational risk management
  • Risk advice to the board
  • Risk culture
  • Identifying, assessing, measuring, evaluating, treating and monitoring risk
  • Review, challenge and provide risk advice to business lines
  • Escalating material risk issues to the board (including non-financial risk)
  • Reporting material breaches to the board and regulators
  • Risk modelling
  • Climate risk strategy and policy
  • Assessing the effectiveness of business line risk management and assurance
  • Sufficient resourcing for risk function (capabilities, training and tools)
Operations of the ADI
  • General project/program management
  • Outsourcing management
  • Business continuity plans and delivery
  • Operations controls, frameworks, policies and reporting
Information management of the ADI, including information technology (IT) systems
  • IT strategy, information management and IT frameworks
  • Data quality, management, monitoring and controls
  • Information security, cyber security and data protection/privacy
  • Business continuity and disaster recovery
  • Payments systems
  • Supporting regulatory reporting
  • Sufficient resourcing of the IT function
Internal audit function of the ADI or ADI NOHC, where relevant
  • Review and report on risk management framework
  • Recommendations to improve risk management, controls and monitoring
  • Internal audit plan
  • Monitoring and reporting progress on, and the effective resolution of, internal audit issues and findings to board and management
  • Resourcing of the internal audit function
  • Testing internal controls
Compliance function of the ADI
  • Compliance framework and monitoring compliance with framework and policies
  • Compliance Obligations Register
  • Assessing effectiveness of the business line compliance functions
  • Resourcing of the compliance function
  • Compliance with an entity’s Australian credit licence and/or Australian financial services licence obligations including general obligations and any licence conditions
Human resources function of the ADI
  • Human resources management and performance management frameworks
  • Performance and consequence management
  • Remuneration and reward policy
  • Inclusion and diversity strategy and policy
Anti-money laundering (AML) function of the ADI
  • AML framework (including counter terrorism financing, anti-bribery, corruption and sanctions responsibilities)
  • Assessing the effectiveness of AML framework and compliance functions
Dispute resolution function of the ADI
  • Resourcing of the dispute resolution function
  • Management, implementation and operational oversight of dispute resolution function as provided for in Regulatory Guide 271  Internal dispute resolution (RG 271)
  • Oversight of outsourced internal dispute resolution functions (if applicable)
  • Oversight of outsourced external dispute resolution functions (if applicable)
  • Management of Australian Financial Complaints Authority membership (if applicable)
  • Management and implementation of internal dispute resolution data reporting framework
Client or member remediation programs of the ADI
  • Resourcing of the remediation function
  • Management, implementation and operational oversight of remediation function as provided for in Regulatory Guide 277  Consumer remediation (RG 277)
  • Reporting to the Board on remediation programs (including metrics and analysis)
  • Oversight of outsourced remediation functions (if applicable)
  • Public reporting (if applicable)
  • Engaging with regulators and AFCA (if applicable)
Breach reporting of the ADI
  • Resourcing of the reportable situation reporting function
  • Management and implementation of reportable situation (including incident and breach) reporting as provided for in Regulatory Guide 78  Breach reporting by AFS licensees and credit licensees (RG 78). This includes:
  • staff training
  • systems and processes for identifying and recording incidents (suspected or possible reportable situations)
  • incident escalation and criteria
  • systems and processes for analysing root causes and systemic issues
  • consequence management for reportable situations
  • oversight of quality and timeliness of reporting to regulators
  • reporting to the board on reportable situation reporting
Senior office outside Australia for foreign ADIs
  • Control and oversight
  • Operational structure and effectiveness
  • Approval of risk appetite and risk management strategy/framework
  • Remuneration policy and adjustment to remuneration
  • Audit requirements and arrangements
  • Compliance
  • Risk culture
  • Corporate governance—approving framework, policies and procedures, and monitoring compliance in relation to:
  • liquidity
  • fit and proper person
  • business continuity plan
  • outsourcing
General responsibilities (Paragraphs 10(1)(b) and 10(6)(b))
  • Management (strategy, culture, people, risk, systems, performance and resourcing)
  • Business division’s strategy and risk appetite
  • Reporting on performance
  • Compliance with group policies, laws and regulations
  • Escalating or reporting breaches (to the chief executive officer, board, or regulators)
  • Products and services—design, distribution, compliance
  • Prudent lending standards, including responsible lending obligations
  • Consumer complaint handling

Section 3 guidance: Limitations and exclusions of responsibility

In section 3 of the accountability statement, detail any limitations on and exclusions of accountabilities. As noted above, caveats or limitations to responsibility should be used to the minimum extent possible. If there are limitations or exclusions to accountabilities, identify the owner of any residual responsibility.
When considered collectively, accountability statements should articulate and delineate responsibility across an ADI or its relevant group, with no gaps in responsibility.

Section 4 guidance: Declaration

In section 4, the Regulators expect individuals nominated as accountable persons to be closely involved in the development of their own accountability statement and to have read, understood and accepted the areas of responsibility as drafted, as well as the accountability obligations of an accountable person under the FAR Act. Individual accountable persons must sign their accountability statement with a declaration that this has occurred. The Regulators’ suggested wording of this declaration has been provided in the template.