GCRA continues to be a key focus for APRA

6 minute read  10.08.2022 Kate Hilder, Siobhan Doherty

The Australian Prudential Regulation Authority (APRA) has released its 2022/23 corporate plan.  Our key takeaways are below.

Key takeouts

  • APRA's priorities remain consistent with those outlined in the previous corporate plan.  APRA's chief priority remains safeguarding the financial resilience of the financial system.    
  • Governance, risk culture, remuneration and accountability (GCRA) continue to be key focus areas for the regulator as does strengthening cyber resilience and management/disclosure of climate change related risk
  • Modernising the regulatory architecture, including streamlining existing requirements will also continue to be a focus area

On 8 August 2022, the Australian Prudential Regulation Authority (APRA)) released its latest corporate plan covering the four-year period from 2022-23 to 2025-26.

In his foreword, APRA Chair Wayne Byres comments that APRA's existing strategic priorities essentially remain unchanged from those flagged in the previous plan, as do the underpinning themes.  APRA's key focus remains safeguarding the resilience of the financial sector - 'protecting the Australian community today' - and ensuring the financial system is 'prepared for tomorrow' by planning and preparing now for key challenges including climate-related financial risk.  Our key takeaways are below.

'Protected today': 2022-23 priorities

The plan identifies three broad priorities under this 'theme': 1) 'preserving the financial and operational resilience of Australia’s banks, insurers, and superannuation funds' which is identified as the main area of focus for the regulator; 2) continuing to modernise the prudential architecture; and 3) focusing on enabling data driven decision making. 

The key areas of focus under each of these broader priorities are outlined below.  

1.  Preserving the operational resilience of APRA-regulated entities 

As flagged, consistent with the previous plan, APRA makes clear that it intends to 'continue to direct the majority of its time and resources to its core role of preserving the financial and operational resilience' of APRA-regulated entities.  

Cross-industry priorities

The plan identifies two key cross-prudential priorities: improving cyber-resilience across APRA-regulated entities and 2) embedding 'good' governance, culture, remuneration and accountability (GCRA) across industry.  

Strengthening cyber resilience

APRA plans to maintain its focus on delivering on its cybersecurity strategy.  Particular areas of focus for the regulator include: 

  • assessing compliance with Prudential Standard CPS 234 Information Security 
  • stepping up 'data-driven supervision scrutiny and intensity by sharing aggregated data insights with industry for benchmarking and self-assessment'
  • 'continuing to work closely with the Council of Financial Regulators (CFR) and New Zealand authorities to improve coordination and response mechanisms, and collaborate with the Department of Home Affairs, Australian Cyber Security Centre, other Government agencies and industry bodies to improve cyber resilience across the Australian financial system.'

Lifting standards of GCRA

Lifting GCRA standards across all sectors will also remain a focus for the regulator.  In particular, APRA plans to focus its supervisory and regulatory attention on the following areas.  

Supporting implementation of the (not yet established) Financial Accountability Regime (FAR)

The Bills that would have established the FAR (which will replace and extend on the existing BEAR) lapsed with the dissolution of the last parliament.  The Bills have not been reintroduced.  However, APRA continues to plan for the implementation of the regime.  Planned actions include:

  • updating Prudential Standards CPS 220 Risk Management; CPS 510 Governance; and CPS 520 Fit and Proper (and related guidance), 'to ensure they are, amongst other things, reflective of current practices and aligned with the proposed new Financial Accountability Regime (FAR)'.
  • 'Work with Treasury and the Australian Securities and Investments Commission (ASIC) to implement the FAR across the insurance and superannuation sectors once enabling legislation is passed'

Other GCRA actions

  • Governance: APRA plans to work with relevant financial institutions to close issues resulting in existing capital overlays or Court Enforceable Undertakings 
  • Culture: APRA plans to extend the use of APRA’s risk culture survey 'across financial institutions' to identify 'blind spots and areas for improvement'.
  • Remuneration: Compliance with Prudential Standard CPS 511 Remuneration (and related guidance) is also flagged as an area of focus.  APRA plans to conduct 'reviews on the role of boards and the use of non-financial measures in incentive plan design, consequence management and remuneration adjustments'.

Sector specific priorities 


Ensuring the ongoing resilience of the banking sector in the wake of the 'flow through effects from COVID-19, geopolitical tensions, rising inflation and interest rates' will be a core focus.  Planned actions highlighted in the plan include: 

  • Embedding 'key prudential reforms including “unquestionably strong” capital ratios, Basel III requirements and Prudential Standard CPS 511 Remuneration'
  • Strengthening banks' business continuity and contingency practices, with a focus on recovery planning, operational resilience, and critical function resolvability
  • Embedding good GCRA practices across the banking industry
  • Sharing learnings from the climate vulnerability assessment (CVA)


Key actions identified in the plan include: 

  • Strengthening governance, risk management and business strategy practices, including addressing deficiencies identified in self-assessments undertaken by general insurers and embedding new capital requirements for private health insurers. 
  • Promoting the 'sustainability of insurance products for the long-term benefit of consumers, including heightened attention on specific business lines where needed'.
  • Aligning the prudential framework with Australian Accounting Standard AASB17 Insurance Contracts, including implementing renewed data collections.
  • Ensuring insurers have effective continuity, recovery and resolution plans in place to improve resilience and reduce the risk/impact of a disorderly exit of an insurer


The plan highlights the following actions:

  • Rectifying 'sub-standard practices through robust supervision, strengthening prudential standards and reinforcing minimum expectations in regard to: fund expenditure including trustees’ practices as they relate to their ‘best financial interests duty’ (BFID) obligations; investment governance, successor fund transfers and financial resilience; and strategic planning and business performance review practices, insights and actions'.
  • 'Eradicating unacceptable product performance' by (among other things) stepping up pressure on trustees to cease offering 'high-fee poor performing products' 
  • 'Accelerate beneficial industry consolidation to establish viable and durable business models across the superannuation sector'.

2.  Modernising the Prudential Architecture

Over the year ahead, APRA will continue to focus, with input from industry, on streamlining and improving the existing regulatory framework.  Planned actions include: 

  • developing 'a handbook for board directors to support them in better understanding their obligations'
  • establishing 'an advisory panel to provide external perspective on initiatives as they are shaped and progress, particularly in regard to digitalisation'
  • rolling out a survey to regulated firms and other stakeholders and holding workshops to 'better understand any limitations of the current framework and to identify opportunities for improvement'
  • improving the navigability of the existing framework by exploring how to digitalise APRA’s standards, guidance, information papers, industry letters and FAQs with the aim of 'creating a navigable digital rulebook'
  • progressing policy development on emerging issues such as crypto-assets and changes in group structures; 

3.  Enabling better data-driven decision making

  • The plan flags that APRA intends to continue to invest in uplifting its own data analytics capability to enable better decision making.  Planned actions to achieve this include: a) integrating APRA Connect into its existing data environment and 'significantly enhancing the data architecture'; b) enhancing internal staff training and establishing a “Centre of Excellence” within APRA; and c) 'evolving APRA’s data governance frameworks'. 
  • From a supervisory perspective, APRA will continue to focus on: a) 'driving the transformation and transparency of superannuation industry data; b) enhancing APRA’s Supervisory Risk and Intensity (SRI) model through increased data enablement; and c) continuing pilot activities to use and evolve APRA’s data science capabilities.

'Prepared for tomorrow': APRA's focus areas over the 2022–2026 plan horizon

Looking further ahead, APRA plans to focus on: a) 'responding to the impact of new financial activities and participants'; b) 'helping to find solutions to important challenges' including challenges in the superannuation and insurance space as well more broadly to the financial risks associated with climate change; and c) adopting the latest regulatory tools, techniques and practices.  

Responding to new financial activities and participants 

APRA is currently reviewing the regulatory framework for several payment-related matters including stored-value facilities, stablecoins and crypto assets (in co-ordination with Government and the CFR).  APRA intends to continue its work on these and other emerging areas 'over the plan horizon'.

Helping to find solutions to important challenges 

Key 'challenges' identified as focus areas for the regulator include: superannuation retirement income products; the availability and affordability of insurance; and the financial risks associated with climate change.  

On this last point, planned actions highlighted in the plan include: continuing work on the climate vulnerability assessment and self-assessment survey; identifying and sharing insights on climate risk management practices; continuing to work closely with CFR agencies, industry bodies, research organisations and global regulatory peers; and embedding climate risk considerations into APRA’s supervisory activities.

Adopting the latest regulatory tools and practices  

The plan flags that APRA is also prioritising the adoption of new regulatory tools and techniques to enhance its approach.  APRA is currently testing natural language processing tools, and exploring the application of more automated approaches to assessing financial and non-financial risk.  

Internally, APRA will also look to lift its capability, prioritise ensuring a 'modern and flexible working environment' and engage in process evaluation and improvement.  

[Sources: APRA media release 08/08/2022; APRA Corporate Plan 2022-23]

Interested in this (and similar) topics?

Subscribe to our weekly wrap up of key governance, risk, regulatory and ESG developments.