Remediation – Who is accountable and what are the implications of

Following the passage of the Financial Accountability Regime (FAR) legislation through both chambers of Parliament on 5 September 2023, FAR is on track to commence on 15 March 2024 for ADIs and NOHCs and 15 March 2025 for all other APRA regulated entities(1). With this in mind, now is the time for senior executives to reflect on the adequacy of related oversight and reporting on customer or member remediation programs for which they are responsible, and ultimately, accountable. Upon reflection, what are some of the key questions you should be asking?

As the FAR Accountable Person (AP) for remediation, what am I accountable for?

Under FAR, a person is an AP of an accountable entity if they are the senior executive responsible for management of the accountable entity’s client or member remediation programs. The individual(s) intended to be captured is the senior executive responsible for the remediation framework, rather than execution of the remediation programs. The AP who is responsible for remediation must ensure the development, maintenance and review of the framework targeted at managing the accountable entity’s customer and member remediation programs. The framework must be designed to encompass hardship considerations, where relevant.

In order to identify the relevant AP, organisations should be asking themselves the following questions:

• Do we have an existing remediation framework that governs our remediation programs? If not, do we need one?
• Is there one owner of the remediation framework, or are there multiple owners? If there are multiple owners, they may be jointly accountable and jointly liable.

When drafting the accountability statements to reflect responsibilities it will be important to distinguish the responsibility for the framework from the responsibility for execution of remediation programs in accordance with the framework, which may be the responsibility of other APs.

For example, practically we would expect the following responsibilities to be outlined in the accountability statements:

• Developing and maintaining the remediation framework, policy and processes;
• Managing remediation programs in accordance with the remediation framework, policy and processes;
• Monitoring the implementation of the remediation framework, policy and processes by the business and reviewing the effectiveness of the remediation framework, policy and processes; and
• Reporting on the progress and outcome of remediation programs.

Practically speaking, what does a remediation framework include?

As an AP for the organisation’s remediation framework, it will be important that the AP sets appropriate guardrails for the organisation in executing on remediation programs. What should the guardrails consider?

• Defining what may lead to remediation: A need to remediate customers can result from many causes, from misconduct, to compliance failings or more simply, poorly designed processes and controls.
• Defining the scope of the framework: The remediation framework, policy and procedure should at a minimum outline:

1. The approach to planning the remediation program including identifying timeframes, key workstreams and milestones;
2. The approach for the consistent and fair treatment of customers and members to ensure they are appropriately scoped in or out of remediation program(s);
3.  The methodology and criteria for assessing the impact of the relevant issue, misconduct, compliance failing or error;
4. Considerations for identifying and calculating the compensation required; and
5. How customers will be contacted and paid in an effective and timely manner.

Finally, the framework needs to allow for the equitable treatment of customers experiencing vulnerability or hardship, and this should be aligned to regulatory guidance and industry practice.

For organisations that do not currently have a formal remediation framework, this presents an opportunity to create one to assist AP(s) in meeting their FAR obligations. In our experience, where organisations view remediation as part of a broader strategy that is focussed on customer outcomes, they often display greater maturity, accountability and efficiency in the execution of remediation programs.

How do I, as the owner of the remediation framework have oversight that the remediation program(s) are being managed in accordance with the framework?

As the AP for the remediation framework your responsibilities may not stop at setting the guardrails for the organisation. It is expected that mechanisms are put in place to oversee that remediation programs are executed in line with the framework, and to assess the overall effectiveness of the framework. To support compliance with your FAR obligations you should be considering:

• Is there strong and effective leadership and governance over the remediation program(s)?
• What risk management activities are in place to support the remediation program(s) so that fair and consistent outcomes are achieved?
• How are key decisions recorded and where the organisation risk accepts certain outcomes, is there an understanding of the potential downstream impacts?
• How are issues identified and escalated?
• How is reporting from each remediation program, consolidated to provide holistic oversight?
• Is the organisation identifying the lessons learned and feeding these back into the business?

If I am not accountable for the remediation framework, but responsible for executing remediation programs as an AP, what should I be considering?

Remediation programs may sit within many different business areas in an organisation, and as such we would expect several APs to have responsibilities in relation to the execution of these programs. To support compliance with your FAR obligations you should be considering:

• Is the remediation program organised into the right structure and supported by people with the right skills and capability?
• Are the processes and controls effective to enable compliance with the remediation policy? Is the remediation environment supported effectively by technology tools, systems and data storage and security?
• How are key decisions recorded and escalated?
• How are issues escalated and addressed in a timely manner?
• Is reporting effective and insightful and does it support effective challenge and decision making?
• How is overall program performance measured?

How can Deloitte assist?

As the market leader in designing, assessing, implementing, and operating remediation programs, we understand remediation. Alongside this, through conducting implementation, assessment and post-implementation review activities for BEAR and FAR programs, we understand accountability and the importance of this in financial services organisations.

Our unique and strong blend of experience and expertise can assist you in designing remediation frameworks or implementing remediation programs that not only restore customers to the right position, but also provide critical support for compliance with your FAR obligations.

'If you have any questions or comments, or require assistance, please contact us.

Notes:

1) All other APRA regulated entities including general insurers, authorised NOHCs of a general insurer, a life company, a registered NOHC of a life company, a private health insurer or an RSE licensee.