Financial Accountability Regime (FAR): Governance, “Reasonable Steps” and Board Assurance

Understanding FAR

The Financial Accountability Regime (FAR) raises the bar on governance and individual accountability across Australia’s APRA-regulated institutions. Jointly administered by APRA and ASIC, FAR requires firms to identify Accountable Persons, define clear accountability statements and maps, and evidence the reasonable steps taken to manage risks within their remit. The regime aims to improve conduct, strengthen prudential outcomes, and ensure customers are protected through better oversight and clearer lines of responsibility.

FAR is not a paperwork exercise. It is a structural shift in how boards and executives govern risk, product, operations, finance, technology, and customer outcomes. The standard expects traceability from strategy → accountability → controls → monitoring → remediation, with decision-useful management information (MI) and defensible audit trails.

Why FAR matters for regulated entities

FAR reshapes the relationship between boards, executive committees and the first line. Key implications include:

• Clear accountability: Role scoping, accountability statements, and maps that reflect how the business actually runs (not just org charts).

• Reasonable steps: Demonstrable evidence that Accountable Persons assessed risks, escalated issues, acted on breaches, and oversaw remediation.

• End-to-end control: Coordination across product, distribution, technology, outsourcing, cyber, and operations, especially where critical operations and third-party risk intersect with CPS 230 operational resilience and CPS 234 information security.

• MI that matters: Regular reporting that ties indicators (loss events, complaints, incidents, audit findings) to ownership and action, at the right level of granularity.

• Culture and remuneration: Alignment with CPS 511 Remuneration so conduct, risk and customer outcomes are reflected in variable pay and consequence management.

For banks, insurers and superannuation trustees, the practical challenge is building an accountability framework that holds up to regulatory scrutiny while enabling the business to move quickly.

What “reasonable steps” look like in practice

• Defined scope & risks: Each Accountable Person has a clear mandate, key risks and controls, material outsourcing arrangements, and tolerance indicators.

• Issue management & escalation: Consistent processes show how issues were identified, triaged, escalated, and resolved, linked to lessons learned.

• Evidence packs: Board and executive packs evidence challenge, actions and follow-through (meeting minutes, dashboards, remediation logs).

• Interlocks with prudential standards: Touchpoints with CPS 230 (critical operations, service providers, BCP testing), CPS 234 (cyber), CPS 220 (risk management), and product governance/consumer outcomes (ASIC expectations under DDO/IDR).

• Documentation discipline: Clear ownership for keeping accountability maps/statements current as structures, outsourcing or exec responsibilities change.

How OCG helps

Oceanic Consulting Group (OCG) partners with boards and executives to translate FAR into a working governance model that is practical, auditable and resilient:

• FAR diagnostics & roadmap: Gap assessment of accountability statements/maps, “reasonable steps” evidence, MI and issue-management across business units.

• Accountability design & documentation: Role scoping, overlap resolution, and end-to-end maps aligned to how critical operations and third-party services actually run.

• Reasonable-steps evidence packs: Curated artefacts, board templates, and governance cadences that withstand APRA/ASIC scrutiny.

• MI & dashboarding: Risk and conduct indicators mapped to Accountable Persons; integrated reporting across incidents, complaints (RG 271), audit findings, and operational resilience metrics (CPS 230).

• Operating-model interlocks: Governance between risk, operations, technology, product and customer to reduce ambiguity and re-work; linkage to CPS 511 consequence management.

• Assurance & rehearsal: Targeted tests, deep dives and “table-top” exercises to validate traceability from decisions to documented outcomes.

Learn more about our dedicated services:

• Advisory (governance, regulatory transformation)

• Strategy & operating model

• Resourcing (business continuity & crisis practice)

• Technology (controls, monitoring, data/MI)

• File Review (documentation quality & defensibility)

FAQs

What is the Financial Accountability Regime (FAR)?
A joint APRA/ASIC regime that sets accountability obligations for boards and senior executives, requiring clear accountability maps/statements and evidence of reasonable steps.

Who does FAR apply to?
APRA-regulated entities (e.g., banks, insurers, super trustees) and their Accountable Persons with prescribed or significant responsibilities.

What counts as “reasonable steps”?
Actions and evidence showing risks were identified, monitored and addressed through controls, MI, escalation, remediation and board oversight, consistent with the person’s scope.

How does FAR interact with CPS 230 and CPS 234?
FAR clarifies who owns resilience and cyber outcomes; CPS 230 and CPS 234 define what “good” looks like for operational risk, third-party oversight and information security. They must be aligned.

How can OCG support FAR readiness?
OCG designs accountability frameworks, evidence packs and MI; aligns interlocks with prudential and conduct standards; and provides assurance and rehearsal to validate readiness.

Strengthen Executive Accountability - Build a Defensible FAR Programme with OCG

Ensure your maps, statements, MI and evidence stand up to APRA/ASIC scrutiny, while enabling faster, more confident decision-making across the business.

Learn more from our thought leadership articles and updates