Is Hayne Australia’s Sarbanes-Oxley?

Back in 2002, and largely in response to scandals such as Enron and WorldCom, the US passed the Sarbanes-Oxley Act, which implemented direct responsibility for financial reporting to the organisation’s senior management.

This meant that if a company was found to have inadequate processes or controls for financial reporting, named senior managers could be found accountable.

The response was dramatic, and involved not just US companies, but their subsidiaries all over the world (including Australia). Huge resources were allocated to putting processes in place and tidying up procedures.
What drove a lot of the attention was the fact that, for the first time, senior executives were being forced to take direct responsibility – with failure leading to potential prosecution.

The recommendations of the Hayne Royal Commission report “Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry” seem to recommend bringing the same level of personal responsibility to senior executives in the banking, super and insurance industries, but for financial product design and delivery, rather than financial reporting accuracy.

In the end, of course, the way that financial controls are implemented and the way that product design/delivery is implemented are the same: procedures, training materials, and audits.

So in the case of the Hayne recommendations regarding BEAR (a term that refers to banking, but at Hayne’s suggestion extended to super and insurance) although the intent is different (in SOX, accurate financials, in Hayne, fairness to consumers) the result is likely to be the same – a massive investment by banks, insurance companies and super funds in lifting their game when it comes to staff training, controls, and product definition.

Call us now on 1300 235 157, or fill out the form below to ask what we’re doing for our banking, insurance and super clients currently to help with these requirements.

Specific recommendations from the Hayne report:

Recommendation 1.17 – BEAR product responsibility
After appropriate consultation, APRA should determine for the purposes of section 37BA(2)(b) of the Banking Act, a responsibility, within each ADI subject to the BEAR, for all steps in the design, delivery and maintenance of all products offered to customers by the ADI and any necessary remediation of customers in respect of any of those products

Recommendation 3.9 – Accountability regime
Over time, provisions modelled on the BEAR should be extended to all RSE licensees, as referred to in Recommendation 6.8.

Recommendation 4.12 – Accountability regime
Over time, provisions modelled on the BEAR should be extended to all APRA-regulated insurers, as referred to in Recommendation 6.8.

Section 404 of the Sarbanes-Oxley Act:

SEC. 404. MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS. (a) RULES REQUIRED.—The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall— (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. (b) INTERNAL CONTROL EVALUATION AND REPORTING.—With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.