Federal Register of Legislation - Australian Government

Primary content

LPS 220 Standards/Prudential (Banking & Insurance) as made
This instrument determines Prudential Standard LPS 220 Risk Management.
Administered by: Treasury
General Comments: This Determination revokes Prudential Standards (Friendly Societies) 6.1 - Risk Management; 6.3C - Audit; 6.4A - Subsidiaries; 6.4C - Guarantees; 6.4E - Overseas Trading; and 6.7 - Non-Benefit Fund based Management and Associated Market Activities as in force under section 28 of the AFIC Code immediately before the 'transfer date' - see Financial Sector Reform (Amendments and Transitional Provisions) Act (No. 1) 1999.
Registered 29 Mar 2007
Tabling HistoryDate
Tabled HR08-May-2007
Tabled Senate09-May-2007
Date of repeal 01 Jan 2013
Repealed by Life Insurance (prudential standard) determination No. 9 of 2012 - Prudential Standard LPS 220 - Risk Management

 

Life insurance (prudential standards) determination No.2 of 2007

Prudential standard LPS 220 Risk Management

Life Insurance Act 1995

I, John Roy Trowbridge, Member of APRA, delegate of APRA:

 

(1)               under subsection 230A(5) of the Life Insurance Act 1995 (the Act), REVOKE the following prudential standards, namely:

 

·        PS 6.1 Prudential Standard (Friendly Societies) Risk Management;

·        PS 6.3C Prudential Standard (Friendly Societies) Audit;

·        PS 6.4A Prudential Standard (Friendly Societies) Subsidiaries;

·        PS 6.4C Prudential Standard (Friendly Societies) Guarantees;

·        PS 6.4E Prudential Standard (Friendly Societies) Overseas Trading; and

·        PS 6.7 Prudential Standard (Friendly Societies) Non-Benefit Fund Based Funds Management and Associated Market Activities; and

 

(2)               under paragraph 230A(1)(a) of the Act, DETERMINE prudential standard LPS 220 Risk Management in the form shown in the Schedule of this determination.

 

Under subparagraph 230A(4)(a)(ii) of the Act, this determination takes effect on the later of 1 January 2008 and the date of registration on the Federal Register of Legislative Instruments.

 

Dated 23 March 2007

 

Signed

John Trowbridge

Member

Interpretation

In this determination:

 

APRA means the Australian Prudential Regulation Authority.

Federal Register of Legislative Instruments means the register established under section 20 of the Legislative Instruments Act 2003.

 

Note 1 The prudential standards revoked by this determination have effect, for the purposes of the Act, by application of regulation 33 of the Financial Sector Reform (Amendments and Transitional Provisions) Regulations 1999.                      

 

 

Schedule

 

Prudential Standard LPS 220 Risk Management comprises the eight pages attached.

 

 


 

Prudential Standard LPS 220

Risk Management

Objective and key requirements of this Prudential Standard

This Prudential Standard aims to ensure that a life company maintains a risk management framework and strategy that is appropriate to the nature and scale of its operations. Risk management is an essential component of a life company’s ability to deal with its internal and external sources of risks and, therefore, its capacity to reduce and manage any adverse effects on its policy owners, operations and reputation.  

The prime responsibility for the risk management framework and strategy rests with the Board of directors of the life company or, in the case of an eligible foreign life insurance company, with the Compliance Committee.

A life company’s systems, processes, structures, policies and people involved in identifying, assessing, mitigating and monitoring risks are referred to in this Prudential Standard as the risk management framework. 

To meet this Prudential Standard’s requirements, a life company must:

·               maintain a risk management framework which includes:

(a)           a documented Risk Management Strategy;

(b)          sound risk management policies and procedures;

(c)           clearly defined managerial responsibilities and controls; and

(d)          a documented Business Plan; and

·               submit a Risk Management Declaration to APRA on an annual basis.


Authority

1.             This Prudential Standard is made under paragraph 230A(1)(a) of the Life Insurance Act 1995 (the Act).

Application

2.             This Prudential Standard applies to all life companies including friendly societies (together referred to as life companies) registered under the Act.[1]

3.             Subject to the transition arrangements set out in this Prudential Standard, a life company must comply with this Prudential Standard from 1 January 2008 (referred to in this Prudential Standard as the effective date).

4.             Nothing in this Prudential Standard prevents a life company from applying a risk management framework, Risk Management Strategy (RMS) or Business Plan that is also used in a related company, provided that the risk management framework, RMS or Business Plan has been approved by the life company for its purposes and meets the requirements of this Prudential Standard.

The role of the Board

5.             The Board of directors (the Board) is ultimately responsible for the risk management framework of the life company.[2]  The Board must ensure that a life company has, at all times, a risk management framework to prudently manage the risks arising in the life company and the risks to the policy owners of the statutory funds.

6.             The Board is responsible for the risk management framework whether or not risk management and business operations are outsourced or are part of a corporate group.[3]

7.             The Board must approve a written RMS  for the life company and must be satisfied that the RMS complies with this Prudential Standard.

8.             The Board must be notified of any material deviation from the life company’s RMS.

Risk management framework

9.             For the purposes of this Prudential Standard, the risk management framework is the totality of systems, structures, policies, processes and people within the life company that identify, assess, mitigate and monitor all internal and external sources of risk that could have a material impact on the life company’s operations.

10.         A life company’s risk management framework must, at a minimum, include:

(a)           an RMS;

(b)          risk management policies, controls and procedures which identify, assess, monitor, report on and mitigate all material risks, financial and non-financial, likely to be faced by the life company having regard to such factors as the size, business mix and complexity of the life company’s operations;

(c)           a written business plan (Business Plan), that is approved by the Board prior to its adoption and at any time that it is materially revised. The Business Plan must be reviewed by the life company at least annually;

(d)          clearly defined managerial responsibilities and controls for the risk management framework; and

(e)           a review process to ensure that the risk management framework remains effective.

11.         The material risks referred to in subparagraph 10(b) must, at a minimum, include:[4]

(a)           asset and liability management risk;

(b)          operational risk;[5]

(c)           life insurance risk, including risks arising out of reinsurance arrangements; and

(d)          strategic and tactical risks that arise out of the life company’s Business Plan.

12.         The risk management framework must consider all risks that are relevant to a life company’s individual statutory funds.  The assessment of whether a risk is material must be considered at the level of the individual statutory funds as well as for the life company as a whole.  A life company may also conduct business other than life insurance business external to the life company's statutory funds. The risk management framework must reflect the range of business conducted by the life company and the effects that business conducted by the life company outside of the statutory funds may have on the life insurance business.

Risk Management Strategy

13.         The RMS is a high level document which documents:

(a)           the life company’s strategy for managing risk;

(b)          the extent and circumstances under which the life company is prepared to accept risk; and

(c)           the key elements of the risk management framework which give effect to the strategy for managing risk.

14.         A life company’s RMS must, at a minimum:

(a)           detail the life company’s approach to the matters listed in paragraph 13;

(b)          identify the policies and procedures dealing with the following risk management matters, including the date when each policy or procedure was last revised, the date that it is next due for revision and the position responsible for its maintenance:

(i)                 the processes for identifying and assessing material risks;

(ii)                the process for establishing and implementing mitigation and control mechanisms for material risks;

(iii)              the process for monitoring and reporting of risk issues (including communication and escalation mechanisms);

(iv)              the mechanisms in place for monitoring and ensuring continual compliance with all prudential requirements;[6]

(v)               the life company’s approach to management of capital; and

(vi)              the life company’s approach to Business Continuity Management (refer Prudential Standard LPS 222 Business Continuity Management).

(c)           describe the relationships within the risk management framework between the Board, Board committees and senior management;

(d)          identify those positions with managerial responsibility for the risk management framework, and set out their roles and responsibilities;

(e)           describe the approach to ensuring relevant staff have an awareness of the risk management framework and instilling an appropriate risk culture across the life company; and

(f)            describe the process by which the risk management framework (including the RMS) is reviewed and the intended coverage and timing for these reviews.

15.         The RMS must describe the life company’s entire approach to risk management. To this end, if the life company is a subsidiary within a corporate group, or an eligible foreign life insurance company (EFLIC), where any element of the life company’s risk management framework is controlled by, influenced by, or subject to approval by another entity in the group, or by its head office, the RMS must also summarise:

(a)           the group (or head office) policy objectives and strategies;

(b)          whether the life company’s RMS is derived wholly or partially from the group (or head office) risk management arrangements;

(c)           the linkages and significant differences between the life company RMS and group (or head office) risk management arrangements including relevant life company business and other conditions; and

(d)          the process for monitoring by, or reporting to, the group or head office.  A summary of the key procedures, the frequency of reporting and the approach to reviews must be provided.   

Review of risk management framework

16.         The life company must ensure that its risk management framework is subject to effective and comprehensive review by operationally independent, appropriately trained and competent persons. The frequency and the scope of the review should be appropriate to the life company, having regard to such factors as the size, business mix, complexity of the life company’s operations and the extent of any change to its business profile or its risk appetite. 

17.         The review of the risk management framework must include:

(a)           a review of the RMS, to ensure that:

(i)      the strategy for the management of risk remains appropriate to the company’s business, its policyholder profile and its financial circumstances; and

(ii)     the RMS accurately documents the life company’s risk management framework;  

(b)          a review of the policies and processes described in subparagraph 10(b); and

(c)           a review of the people and functions involved in risk management.

18.         The Appointed Actuary must include an assessment of the suitability and adequacy of the risk management framework as part of the Financial Condition Report. 

19.         Life companies must implement satisfactory internal audit procedures and/or external audit arrangements to ensure compliance with, and the effectiveness of, the risk management framework.

20.         Where there are institutional, operational or other developments that materially affect the life company’s risk profile, the life company must assess whether any amendments to, or a review of, its risk management framework (including the RMS) are necessary to take account of the change.

21.         In the event that a life company:

(a)           is aware of a material breach of, or material deviation from, the risk management framework; or

(b)          discovers that the risk management framework did not adequately address a material risk

the life company should notify APRA as soon as practicable. 

Risk Management Declaration

22.         The Board must provide APRA with a declaration on risk management (Risk Management Declaration), relating to each financial year of the life company, signed by two directors or, in the case of an EFLIC, two members of the compliance committee.  This declaration must satisfy the requirements set out in Attachment A to this Prudential Standard.

23.         The Risk Management Declaration must be submitted to APRA on, or before, the day that the life company’s annual regulatory financial statements are required to be submitted to APRA.  

24.         If the Board qualifies the Risk Management Declaration, the qualified Risk Management Declaration must include a description of any material deviation from the life company’s risk management obligations, and the steps taken, or proposed to be taken, to remedy those breaches.

Transition arrangements

25.         Upon application by a life company, APRA may grant transitional relief, for no greater than one year,  by exempting a life company from the operation of any of the provisions of this Prudential Standard or by varying their operation in relation to a life company. APRA will only do so if it is satisfied that there is no material detriment to policy owners, that the life company will not be able to comply with the provisions of this Prudential Standard by the effective date and that, in APRA’s view, the Board and senior management have made all reasonable attempts to comply with this Prudential Standard.

26.         APRA may also decline a request for transitional relief if the request is submitted after 31 October 2007.


 

Attachment A

Risk Management Declaration

The Board must (by the time provided for in paragraph 23 of this Prudential Standard) provide APRA with a Risk Management Declaration stating that, to the best of its knowledge and belief, having made appropriate enquiries:

(a)               the life company has systems in place for the purpose of ensuring compliance with the Act, the Regulations, prudential standards, actuarial standards, the Prudential Rules, reporting standards, the Financial Sector (Collection of Data) Act 2001, authorisation conditions, directions and any other requirements imposed by APRA;

(b)               the Board is satisfied with the efficacy of the processes and systems surrounding the production of financial information at the life company;

(c)               the life company has in place an RMS, developed in accordance with the requirements of this Prudential Standard, setting out its approach to risk management; and

(d)               the systems that are in place for managing and monitoring risks, and the risk management framework, are appropriate to the life company, having regard to such factors as the size, business mix and complexity of the life company’s operations.

 

 

 

 



[1]            Refer to Subsection 3(3) of the Act.

[2]            For the purposes of this Prudential Standard, a reference to the Board, in the case of an eligible foreign life insurance company (EFLIC), is a reference to the Compliance Committee. Section 16ZF of the Act requires an EFLIC to establish and operate a Compliance Committee.  Refer Attachment B of Prudential Standard LPS 510 Governance for further information.

[3]           A “corporate group” comprises more than one company, where the companies are related bodies corporate within the meaning of section 50 of the Corporations Act 2001.

[4]           Conflicts of interest may also create material risks for life companies. These are dealt with in Prudential Standard LPS 510 Governance.

[5]           Requirements for outsourcing and business continuity management are contained in Prudential Standard LPS 231 Outsourcing and Prudential Standard LPS 232 Business Continuity Management respectively.

[6]           Prudential requirements include all requirements under the Act, actuarial standards, prudential standards, the Financial Sector (Collection of Data) Act 2001, prudential rules, reporting standards, conditions on a life company authority and any other requirements imposed by APRA in writing.