A closer look why compliance is only the beginning of the journey. With Liana Brover and May Lee.

At the October 2025 ASFA Legislation Discussion Group, we hosted an insightful deep dive into the Financial Accountability Regime (FAR) and the evolving landscape of risk culture in superannuation. If you’re still catching your breath after implementing your Statement of Accountabilities or wrangling senior executives to sign off on yet another list of “must-dos”, you’re not alone. But as the dust settles, it’s becoming clear that mere compliance is far from enough.

Below, we break down and expand upon the lively discussion between governance advisor Liana Brover and business psychology consultant May Lee — ably corralled by host Sarah Penn — on how the intent behind FAR runs well beyond ticking regulatory boxes, and why the “C word” (culture… and, yes, compliance) must become part of your organisation’s DNA if you’re to avoid the pitfalls seen across the financial services industry in recent years.

What’s the Big Deal With Accountability Anyway?

Let’s turn back a few pages. FAR was introduced, not simply to add another regulatory regime, but as a direct response to a history of misconduct in the Australian financial sector. It is, to put it mildly, about time. Financial services had been plagued by a recurring cast of issues - boards prioritising profits over ethics, an unhealthy focus on short-term incentives, and governance frameworks that looked better in policy documents than in actual practice.

As Liana Brover reminded us, Hayne’s Royal Commission cut right to the heart of the matter. While financial penalties often rained down on the organisations, very rarely did directors or senior execs see meaningful consequences (other than perhaps moving on to another plush job or bonus package). This mismatch between individual behaviour and organisational impact led to an understandable public outcry: someone (preferably the right someone) must be held accountable.

What Hayne distilled, and what FAR seeks to target, can be boiled down to three pillars: governance, remuneration, and culture. These are not just regulatory buzzwords - they are practical levers shaping how decisions are made and risks are managed throughout the business.

FAR: More than Just a Compliance Exercise

Having put the structures in place, it’s tempting to pat yourself on the back and move on: “Policies drafted? Tick. Accountabilities mapped? Tick. Senior management briefed? Tick.” But this approach, warns Brover, misses the point.

The real litmus test (and here’s where organisations so often stumble) is whether the design has made its way off the paper and into day-to-day behaviour.

Think ANZ. Earlier this year, ANZ faced a very public reckoning when a culture review revealed what many already suspected: top-tier policy design, solid three-lines-of-defence paperwork, and elegant structures… but also confused roles, patchy leadership accountability, and inconsistent implementation on the ground. As Brover explained, boards were so swamped with data-heavy reports that board members struggled to see the wood for the trees, missing the thematic red flags that might have prompted real action.

The moral? In an era of FAR, having it “written down somewhere” is only half the job. If no one’s reading it, challenging it, or feels personally responsible for bringing the policy to life, then the regime’s promise of improved culture and accountability isn’t being delivered.

Risk Culture: Not Just for the Risk Team Anymore

May Lee took the mic to reinforce the central point: risk culture is a subset of organisational culture, and it cannot be isolated as “something for the risk function” to manage in splendid regulatory isolation.

In fact, Lee argued that collecting risk data is just the beginning. While there’s value in surveys and compliance audits (those surface-level numbers), qualitative insights—stories, narrative, deep dives—are what help you uncover the “why” behind the numbers. A glowing engagement score may flatter the enterprise, but if there are pockets of dysfunction, red flags, or unaddressed poor behaviour lurking beneath, you’re missing what really matters.

And therein lies the difficulty: real cultural change is not checklist-friendly. It requires multiple modes of assessment, integration of both quantitative and narrative data, and—perhaps most importantly—leadership at all levels role-modelling the right behaviours. Without the tone from the top, even the best-intentioned program descends quickly into “tick the box and move on” territory.

The Compliance Conundrum: Risk, Compliance, and Where the Two Meet

One audience member cut to the chase: isn’t the C word—compliance—key here too? In a regulatory landscape dominated by duties to members and ever-stringent standards, how do you balance the inevitable costs of uplifting compliance functions with a trustee’s fiduciary duty to spend prudently?

Brover’s take is pragmatic: while compliance is non-negotiable (and sits within the broader non-financial risk category), FAR challenges us to go further. Compliance processes alone won’t keep you out of court or the newspaper—especially if the culture they’re meant to foster never embeds at ground level. As recent cases have shown, organisations can have all the right checklists in place, yet still fall foul of the law, usually due to “people issues”—misunderstandings, poor communication, or missed red flags that not even the best-designed regime can catch if the culture isn’t right.

Meanwhile, Lee provided a practical note: a mature approach combines compliance, risk, and culture into a single, cross-functional framework. That means people and risk teams working in lockstep, breaking down silos, and ensuring that data collection (from engagement to psychosocial safety to compliance audits) feeds a holistic culture assessment.

Implementation Matters: Making FAR Stick

A recurring frustration is the “that’s not my job anymore, it’s not on my SOA” pushback. When implementation is poorly managed, FAR can actually worsen siloed thinking and lead to accountability hot potato.

Brover suggests this points to a regime not properly internalised. If FAR is real, accountabilities must cascade from senior executives through to teams, making personal responsibility and clear communication the norm, not the exception. Otherwise, the whole exercise risks becoming another bureaucratic reshuffle, rather than a springboard for real, positive change.

Key Questions and Takeaways

In closing, the speakers prompted attendees (and now, you, dear reader) to reflect:

• How has FAR actually advanced accountability in your business - beyond the compliance tick-box?

• Is FAR well-understood across all levels, or is it still seen as an “add-on” for the risk and governance teams?

• How robust is your measurement of risk culture? Are you leaning too heavily on numbers and missing the narrative?

• What can you do, in your own role, to make risk culture and accountability more than just buzzwords?

Final Thoughts: Raising the Bar, Not Just the Paperwork

In the wake of FAR’s implementation, the message is clear: accountability, risk, and compliance are deeply interwoven with the very culture of superannuation organisations. If the lessons of the Royal Commission and APRA’s recent interventions teach us anything, it’s that good risk culture demands more than elegant procedures and frequently-updated policies.

The real win? Embedding culture so firmly that “doing the right thing” is instinctive, not just an exercise in passing the next audit. Consider this your invitation to look beyond FAR - and, just maybe, to set a new benchmark for how accountability and culture are lived every day in super.

— Any comments in this article are our own and do not constitute legal or compliance advice. For copies of the slides or further discussion, feel free to reach out to the speakers.