APRA's policy and supervisory priorities for the next 12-18 months

The Australian Prudential Regulation Authority (APRA) has released two documents setting out its policy and supervision priorities for the next 12 to 18 months. Consistent with the approach taken last year, APRA says that its priorities are underpinned by the four long-term strategic goals in the regulator's most recent Corporate Plan namely: 1) maintaining financial system resilience; 2) improving outcomes for superannuation members; 3) improving cyber-resilience in the financial sector; and 4) transforming governance, culture, remuneration and accountability (GCRA) across all APRA-regulated institutions. A high level summary of some of APRA's key policy and supervisory priorities is below. [Note: Attachment B of the policies document is a table summarising the proposed actions/timelines for delivering APRA's policy objectives. Attachment A of the supervisory document is a table summarising APRA's supervisory activities and timelines.]

COVID-19

APRA comments that much of the planned policy and supervision work planned for 2020 was delayed as a result of the COVID-19 pandemic. That work was able to resume at the end of 2020.

Going forward, APRA Chair Wayne Byres commented that though the pandemic demonstrated industry's resilience, continuing work to strengthen the financial system to ensure it is prepared for future crises remains a priority for the regulator.

'The robust response to date is not a cause for complacency, but underlines the value of an ongoing regulatory program that seeks to identify risks and put in place appropriate mitigation strategies to protect the interests of depositors, policy holders and fund members. As a forward-looking safety regulator, APRA’s priority is to maintain a financial system that is resilient and able to fulfil its important role in the Australian economy, whatever the circumstances. Given the continued uncertainly generated by COVID-19, APRA’s proposed policy and supervision agenda for the coming period will remain responsive to the external environment to ensure it continues to prioritise the areas of greatest need'.

Cross industry policy and supervisory priorities

Maintaining financial system resilience

Across all industries, APRA will continue to progress the development of policy initiatives aimed at strengthening the resilience of the financial system with a strong focus on: recovery and resolution planning; operational resilience; stress testing; and climate-related financial risks.

Recovery and resolution planning/capability: APRA will develop a new prudential standard for recovery and resolution planning, implementing reforms from the Financial Sector Legislation Amendment (Crisis Resolution Powers and Other Measures) Act 2018. APRA expects to consult on a new standard in H2 2021 with a view to finalising the standard in 2022. The standard is expected to be effective from 2023.

From a supervisory perspective, APRA will focus on:

• 'strengthening the credibility of recovery plans across all APRA-regulated industries to ensure that supervised entities have and maintain a credible recovery capability, with APRA’s assessment of an entity’s recoverability as a key input into the SRI Model assessment'
• 'ensuring that simple, credible resolution strategies are in place for more vulnerable entities across each industry'
• 'driving improvements in small ADIs’ compliance with Prudential Standard APS 910 Financial Claims Scheme to ensure that entities are adequately prepared should the Financial Claims Scheme safety net be required'
• expanding recovery and resolution planning in the superannuation industry.

Operational resilience: APRA is conducting a comprehensive review of prudential requirements for operational resilience, including consulting on new and revised standards in 2021.

• APRA plans to introduce a new standard focused on operational risk management
• APRA plans to consult on revisions to existing Prudential Standards CPS 231 Outsourcing and CPS 232 Business Continuity Management, and guidance for entities in H2 2021 with a view to finalising both standards in 2022. The changes are expected to be effective from 2023.

From a supervisory perspective, APRA says that it is 'incorporating the lessons learned from COVID-19 into its supervisory practices to further strengthen the operational resilience of the Australian financial system'. APRA’s supervision activities over the next 12-18 months will focus on:

• what impact operational changes, made by entities in response to the pandemic, have had and the effectiveness of existing contingency arrangements to protect against any risks that may have arisen
• 'The extent to which regulated entities’ risk profiles reflect changes to business practices and strategy as a result of COVID-19, and any operational risk losses'
• 'Assessment of the range and concentration of service providers used by APRA-regulated entities'

Cyber-resilience: Cyber resilience remains an area of 'major strategic focus' for the regulator. As part of its Cyber Security Strategy over the next 12-18 months, APRA will:

• conduct a pilot 'Cyber Operational Resilience Intelligence-led Exercise', in concert with the Council of Financial Regulators (CFR), to test cyber resilience of Australia's financial services industry
• ask a 'small group of select APRA-regulated entities' to engage independent auditors to assess their compliance with Prudential Standard CPS 234 Information security to identify and address weaknesses in cyber practices
• continue to collect 'cyber resilience data which will be used to generate cross-industry insights on better practice examples'. These insights will be shared with regulated entities to strengthen cyber practices
• 'launch a pilot for a cyber information sharing community across APRA regulated entities to improve industry situational awareness and the sharing of technical information'

Stress testing: Building on lessons learned from recent and previous supervisory industry exercises, APRA intends to consult on new guidance for entities on stress testing in late 2021, with a view to finalising the guidance in 2022.

From a supervisory perspective, APRA’s 2021 stress testing program will include 'regulator-led common scenario stress tests across nominated industries for select scenarios, as well as engaging with entities on the stress test activities they undertake as part of their Internal Capital Adequacy Assessment Process'.

• Banking sector: APRA states that 'significant focus' will continue given to stress testing of the ADI industry. In early 2021, APRA will conclude its analysis from the final cycle of the 2020 ADI ‘streamlined’ stress tests, and provide feedback to relevant entities. A more comprehensive stress test of the largest ADIs is planned for 2021.
• Insurance sector: For the insurance industry, targeted stress test activities will continue, subject to the economic and macro environment and emerging risks.
• Superannuation sector: 'APRA plans to sharpen its supervision by advancing the role of stress testing in providing assurance and insight at both industry and entity level'.

Climate-related financial risk: APRA plans to consult on guidance to assist entities in developing frameworks for the assessment and monitoring of climate-related financial risks in H1 2021 with a view to finalising the guidance before the end of the year.

The guidance is planned to include: governance, strategy, risk management, scenario analysis and disclosure.

From a supervisory perspective, APRA will 'increase its scrutiny of the manner in which ADIs, insurers and superannuation trustees are managing the impact of risks arising from climate change'.

Planned actions include:

• Completing the supervisory review of the regulated entities that participated in APRA’s 2018 climate risk survey. The outcomes of these reviews are being used to inform the development of APRA’s climate risk guidance and ongoing supervision activities.
• Developing, together with the CFR, a climate vulnerability assessment (CVA). APRA states that the CVA will: a) explore the potential financial exposure and macroeconomic risks to large ADIs, the financial system and economy from both physical and transition climate risks; and b) assist APRA in understanding how the large ADIs might adjust their business models in response to different climate change scenarios.

APRA comments that a number of large ADIs have made 'significant investments' to improve their climate risk assessment and response capabilities, and in light of this, 'where possible the CVA will leverage this capability'.

APRA is currently designing the CVA and expects to engage with the ADIs participating in the assessment in 2021.

Governance, culture, remuneration and accountability

As part of a multi-year program of policy development to strengthen standards and guidance, APRA plans to continue strengthening the prudential framework to support strong governance, culture, remuneration and accountability (GCRA) standards across industries.

The planned reforms are intended to help address issues identified by the Hayne Commission, the CBA Prudential Inquiry and other reviews, which highlighted weaknesses in board governance and oversight, a lack of clear accountability, and incentive structures that encouraged poor conduct.

Remuneration: APRA is currently conducting a second round of consultation on a new remuneration standard CPS 511. The standard is expected to be finalised in H1 2021, ahead of a planned phased implementation in 2023. APRA plans to consult in 'mid-to late 2021' on a new prudential practice guide (PPG), and reporting and disclosure requirements to support the implementation of the new standard.

From a supervisory perspective, APRA plans to conduct an implementation review of CPS 511 Remuneration (once finalised) across a sample of regulated entities and share insights with regulated entities.

Governance and risk management: APRA’s review of the governance and risk management prudential standards will continue in 2021. APRA plans to consult on revised versions of Prudential Standard CPS 510 Governance and Prudential Standard CPS 220 Risk Management in 2022. The changes (once finalised) are expected to take effect from 2023. The relevant superannuation standards, Prudential Standard SPS 510 Governance and Prudential Standard SPS 220 Risk Management, will also be reviewed.

Accountability: APRA, together with the Australian Securities and Investments Commission (ASIC), continues to support Treasury in the development of the planned Financial Accountability Regime (FAR). APRA states that though delayed due to COVID-19, consultation on FAR legislation 'is likely to be in 2021'.

Subject to the finalisation of the FAR, APRA plans to revise Prudential Standard CPS 520 Fit and Proper (CPS 520) to ensure alignment with FAR requirements.

From a supervisory perspective, APRA plans to focus on evaluating entities' actions in response to governance self-assessments and prudential engagements and working to 'close' known issues that are 'currently resulting in capital overlays or enforceable undertakings'.

APRA will also be implementing a tool to benchmark and assess trends in risk culture across regulated entities, after undertaking a risk culture survey for a pilot group of regulated entities.

Sector specific focus areas

APRA has also outlined specific policy and supervisory focus areas for the banking, insurance and superannuation sectors.