Overview
Our key takeaways from Australian Prudential Regulation Authority (APRA) Deputy Chair Helen Rowell's 17 May 2023 address to the Governance Institute of Australia's 2023 Governance Forum are below.
GCRA failures a common thread running through crises over the last 20 years
As flagged, Ms Rowell identified Governance, Culture, Remuneration and Accountability (GCRA) failures as a common theme present in various 'crises' over the past 20 years and said that this has been a key driver behind APRA, and industry's increased focus on these issues over time. Ms Rowell observed:
'Each of these episodes was different but look closely and you will find things in common. Indeed, all can be traced in one way or another to failures in governance, risk culture, remuneration or accountability, which (because you know we love an acronym at APRA) we term GCRA. To quote, ECB (European Central Bank) Supervisory Board Member Elizabeth McCaul: "Supervision comes down to the idea that all roads lead to governance. Indeed, throughout my career, I have seen that strong governance is the true north that guides a sound bank."'
In light of this, and in light of what she described as 'gathering clouds that threaten the resilience of the financial sector' (eg energy transition, rising geopolitical risk and digital disruption to business models), Ms Rowell emphasised that both APRA and boards need to be focused on ensuring GCRA risks are being effectively managed going forward.
No room for complacency – GCRA should be a continuing focus area for boards
Ms Rowell observed that over time, the level of attention on so-called non-financial risk has grown within APRA, and within industry, in recognition of the seriousness of the consequences/flow on effects of poor leadership, weak risk culture, 'inappropriate financial incentives' and 'lack of accountability when things go wrong'.
Importantly, Ms Rowell made clear that though there has been improvement in risk and governance practices over time, including within APRA, there is no room for complacency. In illustration, Ms Rowell observed that:
'The general insurance industry in 2023 is further advanced in its governance and risk management practices than it was at the time of HIH’s collapse. However, as we saw during the pandemic in relation to business interruption insurance, and the insurance risk management reviews that APRA subsequently required, there is no room for complacency when it comes to sound governance and risk management'.
Speaking more broadly, Ms Rowell underlined that GCRA should be (and is expected to be) a continuing focus for all boards.
'A key lesson for all boards – whether in the insurance industry or not – is the importance of embracing a culture of independent review and challenge, seeking different perspectives, and continuing to evolve and strengthen practices when it comes to managing core business risks. It is not a one-off, set and forget exercise but rather requires ongoing attention and enhancement.
Boards need to ask for, and be provided with, the information needed to support them in meeting their governance and risk management responsibilities, and to be able to show evidence of how they are satisfied that management is proactively overseeing the effective management of the risks to which their business is exposed'.
Leadership culture is key
Ms Rowell identified leadership culture – 'boards and senior management leading by example in how they learn and grow from setbacks' - as vital to successfully embedding and operationalising the lessons learnt from past crises (including for example, the Hayne Commission).
Ms Rowell observed that:
'Better boards embrace feedback and lean into dealing with issues, see them as an opportunity for reflection, and to take steps to remedy the root causes and make genuine and enduring changes throughout their organisation. Others are more begrudging or half-hearted in their response, and do not nurture a culture that facilitates embedding of better governance and risk management practices throughout their organisation. And that approach almost inevitably leads to lessons not genuinely being learned and mistakes of the past being repeated'.
Board diversity
Ms Rowell observed that while there are a range of reasons why some boards 'do better than others in leading their companies', APRA considers that board composition is 'paramount' in this context, especially in light of the increased demands being made of directors.
Ms Rowell said:
'These increased demands have elevated the importance of boards that are equipped to analyse and make strategic decisions relating to a far broader range of issues than was once the case. Further, we know that better outcomes – including financial ones – result from bringing in a broader range of perspectives. As a result, we now see a much greater focus on building boards with the right mix of skills and experience for the challenges their organisation faces, now and into the future.
In addition, the intrinsic importance of boards comprising a diversity of backgrounds and perspectives is recognised, as well as the need for an orderly renewal process to refresh directors over time to maintain independent perspectives and constructive challenge'.
In light of this, Ms Rowell raised concerns that 'genuine diversity [is] still lacking around too many board tables', often as a result of long-standing directors' electing not to step down. In illustration, Ms Rowell pointed to the fact that there are 38 directors on the boards of APRA-regulated credit unions and mutual ADIs (authorised deposit taking institutions) that have been in their roles since (at least 2002).
Given the known benefits of diversity, including from a governance perspective, Ms Rowell described the need to enhance DEI across industry, as 'the next frontier in ensuring sound governance and risk culture practices'.
APRA is considering how it can strengthen consideration of inclusion and diversity as part of this year’s review CPS 510 and CPS 220
Ms Rowell said that to date APRA has been 'content to raise awareness of DEI and start a conversation'. For example, through the release of a report earlier in the year from the International Association of Insurance Supervisors (IAIS) (read Apra gives firms a heads up on DEI) presenting insights from a recent 'stocktake' of the DEI initiatives being undertaken globally by insurance supervisors, relevant international organisations and the insurance industry. Announcing the release of this report, APRA flagged at the time that it considers (in line with the IAIS' position):
'strong diversity and inclusion practices' within the financial services sector, and diverse representation on boards, to be important in enhancing governance and risk management'.
In her address, Mr Rowell reiterated that this remains APRA's view. APRA, Ms Rowell said, considers
'strong diversity and inclusion practices' within the financial services sector, and diverse representation on boards, to be important in enhancing governance and risk management'.
Ms Rowell also reiterated that APRA is considering:
'how we can strengthen this aspect [the DEI aspect] of governance and risk management as part of upcoming reviews of Prudential Standards CPS 510 Governance and CPS 220 Risk Management'.
For context, APRA has previously identified the review of CPS 510 and CPS 220 as policy priorities for 2023. In terms of timing, APRA plans to initiate consultation on CPS 510 (and broader governance requirements) 'in the latter half of 2023', with a view to the changes being finalised in 2024. The review of CPS 220 is planned to follow the completion of the review of CPS 510.
[Source: APRA Deputy Chair Helen Rowell - Speech to the Governance and Risk Management Forum 2023 17/05/2023]
Interested in this (and similar) topics?
Subscribe to alerts and our weekly wrap up of key financial services, risk, regulatory and ESG developments.