Australia


Do senior bank staff, including non-executive directors, have to be registered with your national regulatory authority?

Summary

In Australia, senior bank staff currently do not have to be registered as such but they are subject to a range of “fit and proper” and other regulatory requirements. Personal information regarding senior bank staff will also need to be provided and if they are directors or officers of a banking corporation, they will be subject to filing and other requirements under the Corporations Act 2001 (Cth) (Corporations Act). Further detail on these matters are set out below.

However, this current arrangement may soon change with the Australian Federal Government proposing under the Banking Executive Accountability Regime (BEAR) that ‘Authorized Deposit-taking Institutions’ (ADIs) will need to register with the Australian Prudential Regulation Authority (APRA) all their senior executives and directors. 

These proposed changes are discussed further in section 6.

Background

A body corporate that carries on banking and/or financial services business in Australia is subject to authorization and licensing requirements. Those requirements include provisions that relate to the competence and other qualities of staff, including senior staff.

Banking license

A body corporate may only carry on a banking business in Australia if it has been granted authority to do so by APRA. That authorization is granted under the Banking Act 1959 (Cth) (Banking Act) to a corporation and not to a partnership or other entity. Upon authorization the corporation is referred to as an ADI. Existing ADIs include banks, credit unions, building societies and other financial institutions that carry on a banking business in Australia.

A foreign corporation that wishes to carry on a banking business in Australia can either apply for:

  • an authorization to establish a locally incorporated subsidiary (Local Sub) to carry on a banking business in Australia as an ADI;
  • an authorization as a foreign ADI (Foreign ADI) to carry on a banking business as a branch in Australia; or
  • simultaneously for both of the above authorizations.

A Local Sub may be authorized to conduct a banking business in the same way as a locally incorporated Australian bank. However, a Foreign ADI is subject to a special regulatory regime where they are not permitted to engage in retail banking (ie. they must not accept funds less than A$250,000 from individuals and non-corporate institutions).

APRA supervises compliance by locally incorporated ADIs and Foreign ADIs with relevant legislation and regulations including the prudential standards (Prudential Standards) enforced under the Banking Act.1

In addition, locally incorporated ADIs and Foreign ADIs who carry on business in Australia are required to be incorporated and registered with the Australian Securities and Investments Commission (ASIC) under the Corporations Act.

Access the Banking Act.

Australian Financial Services Licence (AFSL)

A financial institution (including a bank) which carries on financial services business in Australia (for example, by issuing deposit products, non-cash payment facilities, foreign exchange contracts, derivatives, custody services, managed investments, insurance and superannuation products etc. to Australian clients) also needs to hold an AFSL unless exempt under the Corporations Act. The Australian financial services regime also differentiates between retail and wholesale clients. There are more disclosure and conduct requirements where financial services are provided to retail clients. Generally, Foreign ADIs are authorized by APRA to conduct business with wholesale clients. Certain Foreign ADIs are exempt, under the ASIC Corporations (Foreign Licensees and ADIs) Instrument 2016/186, from the requirement to hold an AFSL with regard to certain wholesale activities which are regulated by APRA.  As most ADIs engage in a full range of financial services activities with both wholesale and retail customers, AFSLs are obtained by ADIs.

Australian Credit License (ACL)

A financial institution which engages in a credit activity within the meaning of the National Consumer Credit Protection Act 2009 (Cth) (NCCP Act) in relation to consumer credit regulated by the National Credit Code (for example, by providing home loans including for investment in residential property, consumer lease facility, credit card facility, personal loan for individual Australian clients) must be authorized by ASIC and hold an ACL before it can engage in the credit activity.

Regulation of senior bank staff

APRA

APRA has issued a Prudential Standard “CPS 520 – Fit and Proper” (CPS 520) that applies to all ADIs and Foreign ADIs (Regulated Institutions). CPS 520 sets out APRA’s requirements in relation to assessing the fitness and propriety of “responsible persons” of the Regulated Institutions who are in “responsible person positions”. It requires Regulated Institutions to have a Fit and Proper Policy that assists a Regulated Institution in managing the risk that responsible persons are not fit and proper. The Fit and Proper Policy must meet the requirements of CPS 520 and it forms part of the Regulated Institutions’ broader risk management system. For example, the Fit and Proper Policy must include:

  • processes to be undertaken in making assessments of fitness and propriety; and
  • adequate whistle blowing provisions to protect any person who notifies APRA of his or her belief in the event that a responsible person is not fit and proper or in the event that the Regulated Institution has not complied with CPS 520.

Access CPS 520.

The responsible persons of a Regulated Institution are those persons whose conduct is most likely to have a significant impact on its sound and prudent management. For a locally incorporated ADI, these persons generally comprise directors, senior managers, auditors and persons who perform certain functions in relation to subsidiaries. For a Foreign ADI, the responsible persons generally comprise of senior managers for Australian operations who are ordinarily residents in Australia (except for the nominated senior officer outside Australia if the senior officer also performs the functions of a senior manager), auditors and persons who are ordinarily residents in Australia who perform certain functions in relation to subsidiaries.

CPS 520 defines a ‘senior manager’ as a person (other than the director of that Regulated Institution) who has the following senior management responsibilities:2

  • makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the Regulated Institution;
  • has the capacity to affect significantly the Regulated Institution’s financial standing;
  • may materially affect the whole, or a substantial part, of the business of the Regulated Institution or its financial standing through their responsibility for:
    • enforcing policies and implementing strategies approved by the Board of the Regulated Institution;
    • the development and implementation of systems used to identify, assess, manage or monitor risks in relation to the business of the Regulated Institution; or
    • monitoring the appropriateness, adequacy and effectiveness of risk management systems; or
  • for a Foreign ADI, is nominated as the senior officer outside Australia to the extent that the person meets this definition above.

The Banking Act and CPS 520 does not impose any obligation for a responsible person to be “registered” with APRA but CPS 520 requires that a Regulated Institution must notify APRA of the following information for each responsible person:

  • the person’s full name;
  • the person’s date of birth (for identification purposes only);
  • the person’s position and main responsibilities; and
  • a statement of whether the person has been assessed under the Fit and Proper Policy.

A Regulated Institution must ensure that the information provided remains correct for all of its responsible persons. Subject to the Banking Act, it must provide revised information to APRA within 28 days of any change or new appointment. A Regulated Institution must notify APRA within 10 business days if it assesses that a responsible person is not fit and proper. If the person remains in the responsible person position, the notification must state the reason for this and the action that is being taken.

The board of directors (or equivalent) is responsible for ensuring that the responsible persons are “fit and proper”.

That said, as part of the Government’s proposed BEAR reforms, in the future, ADIs will be required to register their directors and certain senior executives with APRA. This is further discussed in sections 2 and 6.

ASIC

If a bank also holds an AFSL or ACL issued by ASIC, there are further obligations under the Corporations Act and NCCP Act respectively for the bank to ensure that properly qualified “responsible managers” are identified and notified to ASIC3.

If your national regulatory authority requires registration of senior bank staff what are the requirements?

CPS 520 sets out the criteria for a Regulated Institution to determine if a responsible person is fit and proper, being4 whether:

  • it would be prudent for a Regulated Institution to conclude that the person possesses the competence, character, diligence, honesty, integrity and judgement to perform properly the duties of the responsible person position;
  • the person is not a “disqualified person” under the Banking Act that is prohibited from holding the position5 (*see our further comments below);
  • the person either:
    • has no conflict of interest in performing the duties of the responsible person position; or
    • if the person has a conflict of interest, it would be prudent for a Regulated Institution to conclude that the conflict will not create a material risk that the person will fail to perform properly the duties of the position.

There are additional criteria for auditors of a Regulated Institution6.

CPS 520 requires that the Fit and Proper Policy must include the processes to be undertaken in assessing whether a person is fit and proper for a responsible person position. The Fit and Proper Policy must:

  • provide that a copy of the policy is to be given to:
    • any candidate for election as a director as soon as possible after the candidate is nominated; and
    • any other person before an assessment of their fitness and propriety is conducted.
  • require a fit and proper assessment to be completed before a person becomes the holder of a responsible person position:
    • because of a resolution of members of the Regulated Institution; or
    • because APRA has determined that the person is a responsible person.

In such cases, the Fit and Proper Policy must require an assessment to be completed within 28 days of the person becoming the holder of the responsible person position.

The Fit and Proper Policy must require annual fit and proper assessments (or as close to annual as is practicable) for each responsible person position.

When an assessment is conducted, a Regulated Institution must make all reasonable inquiries to obtain information, including collecting sensitive information as defined in the Privacy Act 1988 (Cth), that it believes may be relevant to an assessment of whether the person is fit and proper to hold a responsible person position.

Where a Regulated Institution has assessed that a person is not fit and proper, or a reasonable person in the Regulated Institution’s position would make that assessment, the Regulated Institution must take all steps it reasonably can to ensure that the person:

  • is not appointed to; or
  • for an existing responsible person, does not continue to hold the responsible person position.

*The Banking Act prohibits a “disqualified person” (as defined in section 20 of the Banking Act) to act as a director, a senior manager or auditor of a Regulated Institution7 or a Regulated Institution to allow a disqualified person to act in these positions8.

In addition to this, the Australian Federal Government has proposed, as part of the BEAR reforms, that prior to appointing a person to senior executive or directorship roles, ADIs need to notify APRA and provide information regarding the candidate’s suitability.

The BEAR introduces the concept of “Accountable Persons” which assesses an executive based on their role and influences. APRA will consult its register of Accountable Persons and advise the ADI if the candidate has previously been removed or disqualified by APRA, or if APRA is aware of any other issues that could affect the candidate’s suitability.  The ADI will still be responsible for assessing and ensuring the person’s suitability.

Is there legislation specific to the banking sector that provides for penalties to be levied against senior staff for mis-managing a bank?

Disqualified persons must not act for Regulated Institutions and APRA’s powers

The Banking Act9 provides that:

  • a person commits a criminal offence if the person acts as a director, a senior manager or auditor of a Regulated Institution when the person is a “disqualified person” (as defined in section 20 of the Banking Act). A person who contravenes this provision is subject to a fault-based offence that carries a penalty of imprisonment for 2 years (or a strict liability offence of 60 penalty units $10,200).
  • a body corporate commits a criminal offence if the body corporate allows a “disqualified person” to act as a director, a senior manager or auditor of a Regulated Institution. The penalty is 250 penalty units $212,500 (or 60 penalty units $51,000 for a strict liability offence). Strict liability offences do not require proof of a mental element. The use of offences of strict liability is designed to enhance the effectiveness of the enforcement regime in deterring contraventions of key prudential requirements10.

The Banking Act11 provides that on application by APRA, the Federal Court of Australia (the Court) may, by order, disqualify a person from being or acting as a director, senior manager or auditor of a Regulated Institution if the Court is satisfied that the person is not fit and proper person to be or act as such a person and the disqualification is justified. The Court may take into account:

  • any criteria for fitness and propriety set out in the Prudential Standards such as CPS520; and
  • (in relation to a director or senior manager) the person’s conduct in relation to the management, business or property of any corporation.

APRA also has powers under the Banking Act to:

  • direct a locally incorporated ADI to remove a director or senior manager; and
  • direct a Foreign ADI to remove a senior manager of its Australian operations12.

APRA may give such directions if it is satisfied that the person does not meet one or more of the criteria for fitness and propriety set out in CPS520 or if the person is either:

  • disqualified under section 21 of the Banking Act from being or acting as a director or senior manager; or
  • is otherwise a disqualified person13.

Such direction takes effect on the day specified in it, which must be not earlier than 7 days after it is signed14. The Regulated Institution must comply with the direction.

A person is also automatically a “disqualified person” in certain circumstances set out in section 20 of the Banking Act.

Further, as part of the Australia Federal Government’s proposed reforms, APRA could be given enhanced powers to remove and disqualify persons from their managerial position in an ADI without having to apply to the Court if it is satisfied that the person does not meet the “fit and proper” test or the new expectations under the BEAR as discussed in section 6. APRA-regulated institutions refers to, collectively, ADIs and authorized non-operating holding companies under the Banking Act.

What is the maximum amount the regulator can fine an individual?

The maximum amounts that APRA can currently fine an individual for offences are set out in our comments in section 3 above.

The proposed BEAR reforms do not suggest any changes to how much an individual can be fined; however, the Australian Federal Government has proposed that ADIs who breach their regulatory obligations could be fined by APRA to the maximum of $200 million for “larger ADIs” or $50 million for “smaller ADIs”.

Is there legislation in place that requires banks to have in place remuneration policies and practices that are consistent with effective risk management?

APRA’s Prudential Standard “CPS 510 - Governance” (CPS 510) provides that a Regulated Institution must:

  • establish and maintain a documented “Remuneration Policy” that outlines the remuneration objectives and structure, including the performance-based remuneration components of the Regulated Institution; and
  • if the Regulated Institution is a locally incorporated ADI, establish a Remuneration Committee that complies with the requirements of CPS 510.

CPS 510 requires that performance-based components of remuneration be designed to encourage behavior that supports the long-term financial soundness and risk management framework of the Regulated Institution.

Access CPS 510.

The Board Remuneration Committee must have at least three members. All members of the Committee must be non-executive directors of the Regulated Institution. A majority of the members of the Committee must be independent. The chairperson of the Committee must be an independent director of the Regulated Institution. The responsibilities of the Committee include:

  • conducting regular reviews of and making recommendations to the Board on the Remuneration Policy;
  • making annual recommendations to the Board on the remuneration of the CEO, director reports of the CEO, other persons whose activities may, in the Board Remuneration Committee’s opinion, affect the financial soundness of the Regulated Institution and any other person specified by APRA; and
  • making annual recommendations to the Board on the remuneration of the other categories of persons covered by the Remuneration Policy.

Members of the Board Remuneration Committee must be available to meet with APRA.

For Foreign ADIs, the senior officer outside Australia will undertake these functions with respect to the branch’s operations.

The Remuneration Policy must provide for the Board of an ADI, the senior officer outside Australia of a Foreign ADI, as relevant, to adjust performance- based components of remuneration downwards, to zero if appropriate, in relation to relevant persons or classes of persons, if such adjustments are necessary to:

  • protect the financial soundness of the Regulated Institution; or
  • respond to significant unexpected or unintended consequences that were not foreseen by the Board Remuneration Committee or the senior officer outside Australia.

The Remuneration Policy must cover, as a minimum:

  • each responsible person, as that term is defined in CPS 520, excluding:
    • non-executive directors;
    • auditors; and
    • for Foreign ADIs, the senior officer outside Australia;
  • persons whose primary role is risk management, compliance, internal audit, financial control or actuarial control; and
  • all other persons for whom a significant portion of total remuneration is based on performance and whose activities, individually or collectively, may affect the financial soundness of the Regulated Institution.

That said, changes to executive remuneration are planned as part of the Government’s proposed Treasury Laws Amendment (Banking Executive Accountability and Related Measures) Bill 2017 (BEAR Bill). Under the draft BEAR Bill, at least 40% of the remuneration of ADI executives will be deferred for a minimum of 4 years (60% for certain executives such as CEOs). Additionally, APRA shall have stronger powers to require ADIs to review and adjust remuneration policies where it believes that existing policies are inappropriate.  These proposed changes are discussed in section 6.

Is there any legislation planned in your jurisdiction that will strengthen the accountability of senior bank staff?

The Australian Treasury has released draft legislation with respect to the Government’s proposed BEAR reforms, designed to make banks in Australia more accountable and competitive. The draft BEAR Bill, if tabled in and passed by the Australian Parliament, will amend the Banking Act. 

The proposed BEAR reforms are intended to apply to all ADI’s and their controlled entities onshore and offshore. It does not apply to other prudentially-regulated entities (such as insurers) unless they are controlled by an ADI.

The Australian Treasury has consulted on the draft BEAR Bill (the consultation closed on September 29, 2017). At this stage, it is unknown if or when the BEAR Bill will be tabled in the Australian Parliament.

Some of key proposals under the BEAR are:

Accountable Persons

The BEAR Bill introduces the concept of “Accountable Persons” which cover:

  • the ADI's directors (including non-executive directors);
  • persons who holding a position with the ADI or a subsidiary and who because of that position has 'actual or effective responsibility' for the 'management and control' of the ADI or subsidiary or a 'significant or substantial part or aspect' of the ADI's or subsidiary's operations; and
  • persons with prescribed management responsibilities, including the chief executive officer, the chief financial officer, the head of information technology, head of human resources and the head of the ADI's anti-money laundering functions among others.

The general accountability obligations of an Accountable Person are to:

  • conduct their responsibilities with honesty and integrity, and with due skill, care and diligence;
  • deal with APRA in an open, constructive and co-operative way; and
  • take reasonable steps in conducting their responsibilities to prevent matters from arising that would adversely affect the prudential standing or reputation of the ADI.

Notification and registration

  •  ADIs will be required to notify APRA of the potential appointment of senior executives and directors prior to appointing them to these senior roles. ADIs need to provide APRA with information regarding the candidate’s suitability. Once appointed, senior executives and directors of ADIs will need to be registered with APRA.
  • ADIs will be required to prepare accountability maps identifying the roles and responsibilities of their senior executives at the time of registration, as well as provide individual accountability statements to APRA.

Greater powers to APRA

  •  APRA will be given enhanced powers to remove and disqualify senior executives and directors. APRA may potentially be permitted to remove or disqualify a person without having to apply to the Court where it is satisfied that the person is not fit and proper.
  • ADIs who fail to meet their obligations will be subject to new civil penalties – with a maximum penalty of $200 million for larger ADIs and $50 million for smaller ADIs. The terms “larger” and “smaller” ADIs have not yet been defined.
  • APRA will be able to impose penalties if ADIs do not appropriately monitor the suitability of their executives to hold senor positions.

Remuneration

  •  As mentioned in section 5, there will be a requirement for a minimum of 40% of an executive’s variable remuneration (60% for certain executives such as the CEO) to be deferred for a minimum period of 4 years to ensure that remuneration does not incentivize short-term focus or excessive risk-taking.
  • APRA will have stronger powers to require ADIs to review and adjust remuneration policies when APRA believes these policies are producing inappropriate outcomes.

Access the draft BEAR Bill.


Footnotes

1 Section 11AF(7B) of the Banking Act.

2 See definition of ‘senior manager” in section 5(1) of the Banking Act and paragraphs 19 and 20 of CPS520.

3 See ASIC Regulatory Guides RG 105 “Licensing: Organizational competence” (for AFSL) and RG 206 “Credit licensing: Competence and training” (for ACL).

4 Paragraph 24 of CPS520.

5 Sections 19 to 22 of the Banking Act.

6 Paragraph 26 of CPS520.

7 Section 19(1) and (2) of the Banking Act.

8 Section 19(3) and (4) of the Banking Act.

9 Section 19 of the Banking Act.

10 Paragraph 11 of Part 1 of the Explanatory Memorandum to the Financial Sector Legislation Amendment (Review of Prudential Decisions) Bill 2008.

11 Section 20 of the Banking Act.

12 Section 23(2) of the Banking Act.

13 Section 23(2) of the Banking Act.

14 Section 23(6) of the Banking Act.