As a result of the Royal Commission, more non-banks must now implement BEAR. This post covers how your organisation should view this as an opportunity to improve your overall risk management framework, not as a regulatory obligation.
The recent Financial Services Royal Commission report contained 76 recommendations, which the government has indicated it will adopt en masse. One of these recommendations was that the Banking Executive Accountability Regime (BEAR) should be expanded from its current scope just covering banks, to include all the financial services sector. Given the numerous regulatory obligations that exist and complexity of risk frameworks, it is tempting for these newly captured entities to wait for APRA to issue detailed requirements before they start to think about BEAR.
At Protecht, we think this would be missing an opportunity. We recommend that you get on the front foot and not wait until the deadline is looming. Even if you are not a Financial Services (FS) entity, we believe you should consider adopting the underlying principles of BEAR as it will help take your risk framework to the next level of maturity, but more on this below.
BEAR involves various elements, but as the name suggests, it is mainly focussed on driving accountability at senior levels. Many of the critical operational risk incidents over the last 20 years have featured a lack of clear ownership of risks at a senior level as a contributing factor. Improvement in risk culture is clearly linked to risk accountability at senior levels, which is a pre-requisite to effectively cascading responsibility throughout an organisation.
This focus on driving accountability aligns with much of the recent journey on 3 Lines of Defence, which started out as an organisational structure concept but has now migrated to focus on clearer risk ownership and accountability.
Protecht strongly recommends that you consider risk accountability within BEAR not as a compliance obligation, but as better risk management and the foundation of your risk culture. With this in mind, adopting the clear executive accountability principles of BEAR as soon as possible makes good risk management sense.
Many of the critical operational risk incidents over the last 20 years have featured a lack of clear ownership of risks at a senior level as a contributing factor.
Benefits of early adoption are not just limited to strengthening the risk framework. There are potential financial and other benefits as well. Many organisations are going through a significant period of change in their risk frameworks with several regulatory and other projects running in parallel. To manage all this interconnected change, some of Protecht’s clients have taken the further step of pulling all the projects together into an overall program of work often called Risk Transformation.
By considering BEAR as early as possible, you will give yourself the opportunity to integrate BEAR with the other risk initiatives you are currently undertaking so you can plan, avoid conflicts and be as efficient as possible in your resourcing. It also means that the impact to Line 1 can be managed as effectively as possible to minimise the disruption to business, always a positive result in getting continued buy-in.
By considering BEAR as early as possible, you will give yourself the opportunity to integrate BEAR with the other Risk initiatives you are currently undertaking so you can plan, avoid conflicts and be as efficient as possible in your resourcing.
The benefits of focussing on clearer accountability for risks are not just limited to FS entities. Although the Royal Commission related to FS, we believe that clients across all industries should look to adopt the principles of BEAR to strengthen accountabilities for risks at a senior level and enhance their risk culture. While you may not have a looming regulatory obligation to do this, it still makes good sense.
As Risk Managers we know we can’t predict the future but maybe this can help you to avoid your own industry Royal Commission somewhere down the track.
In summary, don’t stick your head in the sand and be an ostrich, BEAR is coming to you (the authors of this article accept bears don’t often eat ostriches, but you get the picture). Please talk to your Protecht Advisor about how Protecht.ERM can help you manage your requirements. We have already built the functionality.
Don’t take our word for it, as Wayne Byres (APRA Chairman) said in a recent speech:
“It is important that the BEAR is not seen as a compliance exercise, but rather a trigger to genuinely improve systems of governance, responsibility and accountability.”
Based on the subsection 37BA(1) of the BEAR Act, Protecht has created a central library of key functions and responsibilities to attach to relevant executives as captured below.
Also seen here is the central storage of key executive accountabilities, referencing the central libraries of responsibilities and functions.
Want to know more about how integrated reporting can strengthen your risk management framework? Watch our webinar to see how you can bring all your risk information into one dashboard:
Nick is a Risk Management specialist with over 25 years’ experience in Financial Services. Nick currently leads the Risk Advisory and Analytics teams at the Protecht Group. He has a broad range of experience gained both as a consultant and in senior roles within the industry. Arshvir has broad experience managing projects around information technology. Arshvir’ ability to communicate in both layman and technical terms, and her passion to solve complex problems with innovative yet simple solutions make her a great fit to the advisory team at Protecht, which she joined in January 2019.