Federal Register of Legislation - Australian Government

Skip to primary navigation Skip to primary content
Federal Register of Legislation Skip to Content
SearchOpen search

Primary content

Bookmark

this version | go to latest

Banking, Insurance and Life Insurance (prudential standard) determination No. 3 of 2016 - Prudential Standard 3PS 222 - Intra-Group Transactions and Exposures

Authoritative Version
3PS 222 Standards/Prudential (Banking & Insurance) as made
This instrument determines Prudential Standard 3PS 222 Intra-group Transactions and Exposures
Administered by: Treasury
Registered 14 Sep 2016
Tabling HistoryDate
Tabled HR10-Oct-2016
Tabled Senate10-Oct-2016

Banking, Insurance and Life Insurance (prudential standards) determination No. 1 to 9 of 2016

EXPLANATORY STATEMENT

Prepared by the Australian Prudential Regulation Authority (APRA)

Banking Act 1959, section 11AF

Insurance Act 1973, section 32

Life Insurance Act 1995, section 230A

APRA may, in writing, determine, vary or revoke a prudential standard that applies to an institution regulated by APRA under:

(1)          subsection 11AF(1) of the Banking Act 1959 (Banking Act),  in relation to authorised deposit-taking institutions (ADIs) and authorised non-operating holding companies (authorised banking NOHCs);

(2)          subsection 32(1) of the Insurance Act 1973 (Insurance Act), in relation to general insurers, authorised non-operating holding companies (authorised insurance NOHCs), and subsidiaries of general insurers and authorised insurance NOHCs; and

(3)          subsection 230A(1) of the Life Insurance Act 1995 (Life Insurance Act), in relation to life companies, friendly societies, registered non-operating holding companies (registered life NOHCs), and subsidiaries of life companies and registered life NOHCs.

On 8 September 2016, APRA made the following determinations (the instruments):

(1)          Banking, Insurance and Life Insurance (prudential standards) determination No. 1 of 2016, which determines Prudential Standard 3PS 001 Definitions (3PS 001);

(2)          Banking, Insurance and Life Insurance (prudential standards) determination No. 2 of 2016, which determines Prudential Standard 3PS 221 Aggregate Risk Exposures (3PS 221);

(3)          Banking, Insurance and Life Insurance (prudential standards) determination No. 3 of 2016, which determines Prudential Standard 3PS 222 Intra-group Transactions and Exposures (3PS 222);

(4)          Banking, Insurance and Life Insurance (prudential standards) determination No. 4 of 2016, which determines Prudential Standard 3PS 310 Audit and Related Matters (3PS 310);

(5)          Banking, Insurance and Life Insurance (prudential standard) determination No. 5 of 2016, which revokes Prudential Standard CPS 220 Risk Management (CPS 220) made under Banking, Insurance and Life Insurance (prudential standard) determination No. 3 of 2014, and determines a new Prudential Standard CPS 220 Risk Management (CPS 220);

(6)          Banking, Insurance and Life Insurance (prudential standard) determination No. 6 of 2016, which revokes Prudential Standard CPS 231 Outsourcing (CPS 231) made under Banking, Insurance and Life Insurance (prudential standard) determination No. 1 of 2014, and determines a new Prudential Standard CPS 231 Outsourcing (CPS 231);

(7)          Banking, Insurance and Life Insurance (prudential standard) determination No. 7 of 2016, which revokes Prudential Standard CPS 232 Business Continuity Management (CPS 232) made under Banking, Insurance and Life Insurance (prudential standard) determination No. 2 of 2014, and determines a new Prudential Standard CPS 232 Business Continuity Management (CPS 232);

(8)          Banking, Insurance and Life Insurance (prudential standard) determination No. 8 of 2016, which revokes Prudential Standard CPS 510 Governance (CPS 510) made under Banking, Insurance and Life Insurance (prudential standard) determination No. 4 of 2014, and determines a new Prudential Standard CPS 510 Governance (CPS 510); and

(9)          Banking, Insurance and Life Insurance (prudential standard) determination No. 9 of 2016, which revokes Prudential Standard CPS 520 Fit and Proper (CPS 520) made under Banking, Insurance and Life Insurance (prudential standard) determination No. 4 of 2012, and determines a new Prudential Standard CPS 520 Fit and Proper (CPS 520).

The instruments commence on 1 July 2017.  

1.      Background

In keeping with its mandate of financial stability, APRA is developing a conglomerate framework (Level 3 framework) that would seek to capture the contagion, reputation, moral hazard and other related risks that could have significant impacts on Australia’s financial stability.

Since 2010, APRA has released several consultation packages[1] outlining the Level 3 framework for the supervision of conglomerate groups (Level 3 groups), covering four components: group governance, risk exposures, risk management and capital adequacy. In August 2014,[2] APRA released the Level 3 framework, but deferred implementation of the new requirements until the conclusion of the Financial System Inquiry (FSI)[3].

In early 2016, APRA decided to implement the non-capital aspects of the Level 3 framework, and defer the implementation of capital components of the Level 3 framework until a number of other domestic and international policy initiatives had progressed. These policy initiatives include:

-          APRA’s implementation of the FSI recommendation on unquestionably strong capital ratios for ADIs (FSI recommendation 1);

-          consideration of proposals in relation to loss absorption and recapitalisation capacity (FSI recommendation 3); and

-          proposed legislative changes to strengthen APRA’s crisis management powers (FSI recommendation 5).

Taken together, these initiatives will influence APRA’s final views on the appropriate requirements with respect to the strength, resilience, recovery and resolution capacity of Level 3 groups.

Accordingly, APRA announced in March 2016[4] that consultation on the capital components of the Level 3 framework would take place no earlier than mid-2017, with implementation no earlier than 2019.

APRA has made consequential amendments to the non-capital aspects of the Level 3 framework, as well as several amendments to improve the drafting of the standards. Although these clarifications did not change the underlying policy positions, given the number of clarifications/amendments, in March 2016 APRA released for public consultation the non-capital components (nine prudential standards and two prudential practice guides) of the Level 3 framework.

Four submissions were received in the March 2016 consultation period. APRA has carefully considered the submissions and made minor amendments to the framework published in March 2016. The final form of the non-capital components of the Level 3 framework was released on 8 August 2016. These will be effective from 1 July 2017.

2.      Purpose and operation of the instruments

The purpose of these instruments is to promote sound practices regarding governance, risk management and management of risk exposures for Level 3 groups. While group membership may offer benefits to prudentially regulated institutions[5], it may also expose institutions to risks that emerge from other group members that may or may not be regulated by APRA. There are also risks that may emerge from the size, scope, and operations of the group itself, rather than any particular institution in the group.

To promote sound practices across the group, these instruments establish a prudential framework for group governance, risk management and management of risk exposures that APRA can apply to protect the interests of depositors, policyholders, and superannuation beneficiaries of prudentially regulated institutions that are members of these groups.

The instruments allow APRA to determine Level 3 groups where it considers that material activities are performed within the group across more than one industry regulated by APRA and/or in one or more industries not regulated by APRA, to ensure that the ability of the group’s prudentially regulated institutions to meet their obligations to depositors, policyholders, and superannuation beneficiaries is not adversely impacted by risks emanating from the group, including institutions in the group not regulated by APRA.

The instruments provide for APRA to enforce the Level 3 framework through supervision of the Head of the Level 3 group (Level 3 Head), rather than directly applying prudential supervision to institutions that are not regulated by APRA. Consequently, the instruments allow APRA to determine the Level 3 Head.

To achieve this objective, the instruments determine the following new prudential standards (collectively, the ‘Level 3 prudential standards’): 3PS 001, 3PS 221, 3PS 222 and 3PS 310.

The instruments also determine new versions of the following existing prudential standards (collectively, the ‘cross-industry prudential standards’): CPS 220, CPS 231, CPS 232, CPS 510 and CPS 520.

The instruments will also apply the requirements in the cross-industry prudential standards to a Level 2 group through the Head or Parent of the Level 2 group (Level 2 Head), as defined in Prudential Standard APS 001 Definitions (APS 001) and Prudential Standard GPS 001 Definitions (GPS 001).

Where these prudential standards incorporate by reference the requirements of another prudential standard, this is a reference to the prudential standard as it exists from time to time.

I.                   Level 3 prudential standards

i.                    Prudential Standard 3PS 001 Definitions

3PS 001 defines key terms that are used in the Level 3 prudential standards and cross-industry prudential standards. It applies to Level 3 Heads.

Paragraphs 1 to 3 state APRA’s authority to make the prudential standard, the date which the standard commences and that the definitions in 3PS 001 apply to all prudential standards that are applicable to Level 3 Heads.

Paragraph 4 states the definitions of key terms that are used in the Level 3 prudential standards, as well as elsewhere in APRA’s prudential framework. Some of the key terms defined in 3PS 001 include:

Ensure: This term is used in APRA’s prudential framework in relation to a responsibility of the board.

Level 3 institution: This term defines an institution that is a member of the Level 3 group.

Prudentially regulated institution: This term is defined to cover the set of institutions that are referred to in the Level 3 prudential standards. Note that this term differs from the term ‘APRA-regulated institution’ which is used as the collective term in the cross-industry standards, as ‘prudentially regulated institution’ includes RSE licensees.

Paragraph 4 also describes the institutions that APRA may determine to be a Level 3 Head or part of a Level 3 group.

ii.                  Prudential Standard 3PS 221 Aggregate Risk Exposures

3PS 221 requires a Level 3 Head to ensure that a concentration of risk in one part of, or across, the Level 3 group does not pose a threat to the prudentially regulated institutions in the group. These are qualitative, principles-based requirements that complement the quantitative limits and thresholds required for individual institutions or Level 2 groups in other prudential standards.

Paragraphs 1 to 5 are introductory paragraphs that:

-          state APRA’s authority to make the prudential standard, the date which the standard commences, and that the standard applies to Level 3 Heads;

-          link key terms used in 3PS 221 to their definitions in 3PS 001; and

-          provide for APRA to exercise a power or discretion in writing.

Paragraph 6 defines the key term ‘aggregate risk exposures’ and prohibits unlimited exposures to any individual counterparty unless agreed with APRA. The definition of aggregate risk exposure is based on APRA’s definition for large exposures to unrelated counterparties used in other areas of APRA’s prudential framework in relation to Level 1 or Level 2 requirements, extended to the context of a Level 3 group and aggregated across the Level 3 group. An important element of the definition is that the exposures have the potential to result in material losses for the group or an individual prudentially regulated institution in the group.

The scope of risk exposures is broad as it is intended to ensure that the Level 3 Head has a clear understanding of the aggregate of all relevant exposures to external counterparties, regardless of where they are within the Level 3 group and can effectively identify, monitor, report on, and manage those exposures.

Paragraphs 7 to 11 establish high-level requirements for the Level 3 Head with respect to aggregate risk exposures. These requirements include that it must have an aggregate risk exposures policy, and that the Level 3 Head must conduct forward-looking scenario analysis and stress testing of the Level 3 group’s material aggregate risk exposures. The management of aggregate risk exposures must also be a part of the Level 3 group’s risk management framework required by CPS 220.

Paragraph 12 states requirements that apply to the Board of the Level 3 Head in order to provide for sound oversight and governance of aggregate risk exposures via providing oversight of appropriate policies, systems and controls to manage the risks associated with aggregate risk exposures. These requirements are intended to align with the Board’s responsibility for oversight, rather than placing operational responsibilities on the Board.

Paragraphs 13 to 16 provide more specific requirements on the content of the aggregate risk exposures policy, including that the Level 3 Head sets limits on aggregate risk exposures that are commensurate with the group’s risk appetite, and describe the systems for monitoring and reporting on aggregate risk exposures to support the Level 3 Head’s oversight of material risks across the group.

Paragraph 17 sets out the circumstances where APRA may require a Level 3 Head to limit or reduce the Level 3 group’s level of aggregate risk exposure, or determine how a Level 3 Head must calculate an aggregate risk exposure. The paragraph also sets out criteria for APRA to consider when exercising its capacity to impose these requirements on Level 3 Heads.

Paragraphs 18 and 19 set out requirements for a Level 3 Head to communicate with APRA within certain timeframes on any breaches of, changes to, or inadequacies with the aggregate risk exposures policy.

Paragraph 20 is a standard paragraph that appears in all APRA’s prudential standards.

Versions of this standard that were previously circulated for consultation included a paragraph that provided for APRA to impose a supervisory adjustment to the prudential capital requirement for the Level 3 group. However, as APRA has deferred the capital components of the Level 3 prudential framework at this stage, that paragraph has been removed.

iii.                Prudential Standard 3PS 222 Intra-Group Transactions and Exposures

3PS 222 requires a Level 3 Head to ensure that associations and dealings within the Level 3 group do not expose prudentially regulated institutions within the group to excessive risk. It adopts the same qualitative, principles-based approach used in 3PS 221, with the policy intent of managing the risk that one institution in the group may compromise the financial or operational position of another institution in the group because of links through intra-group transactions and exposures (ITEs).

Paragraphs 1 to 5 are introductory paragraphs that:

-          state APRA’s authority to make the prudential standard, the date which the standard commences, and that the standard applies to Level 3 Heads;

-          link key terms used in 3PS 222 to their definitions in 3PS 001; and

-          provide for APRA to exercise a power or discretion in writing.

Paragraph 6 defines the key term ‘intra-group transaction or exposure’ (ITE). The scope of the definition is broad, as it is intended that the Level 3 Head has a clear understanding of all exposures within the group in order to be able to effectively identify, monitor, and report on contagion risks emerging from within the Level 3 group – including from Level 3 institutions that are not regulated by APRA.

Paragraphs 7 to 9 establish high-level requirements for the Level 3 Head with respect to ITEs. These requirements include that it must have an ITE policy, and that the Level 3 Head must conduct forward-looking scenario analysis and stress testing of the Level 3 group’s material ITEs. The management of ITEs must also be a part of the Level 3 group’s risk management framework required by CPS 220.

Paragraphs 10 states requirements that apply to the Board of the Level 3 Head in order to provide for sound oversight and governance of ITEs via providing oversight of appropriate policies, systems and controls to manage the risks associated with ITEs. These requirements are intended to align with the Board’s responsibility for oversight, rather than placing operational responsibilities on the Board.

Particular risks may arise when dealing with a related, rather than unrelated, counterparty. To ensure that contractual terms and conditions that are not consistent with arms-length transactions have had adequate oversight, in paragraph 11 APRA requires the Board of the Level 3 Head to approve terms and conditions where a prudentially regulated institution in the group proposes to accept terms and conditions, in dealing with other Level 3 institutions in the group, that are not consistent with terms and conditions that would be negotiated on an arms-length basis.

Paragraphs 12 to 17 provide more specific requirements on the content of the ITE policy, including that the Level 3 Head sets limits on ITEs and describe the systems for monitoring and reporting on ITEs to support the Level 3 Head’s oversight of material risks across the group. The limits on ITEs must be set having regard to limits on exposures to unrelated counterparties under 3PS 221 and APRA expects that the ITE limits are set commensurate with the group’s risk appetite.

APRA recognises that Level 3 groups derive efficiency, consistency and other business benefits from having group-wide operations. However, APRA is concerned that groups may focus on the benefits of such arrangements without adequate regard to understanding or managing the risks of prudentially regulated institutions participating in group-wide operations. Paragraphs 13 and 14 specify requirements for a Level 3 Head to ensure that these risks are identified, understood and managed.

Paragraph 17 sets out the circumstances where APRA may require a Level 3 Head to limit or reduce the Level 3 group’s level of ITEs, or determine how a Level 3 Head must calculate ITEs. The paragraph also sets out criteria for APRA to consider when exercising its capacity to impose these requirements on Level 3 Heads.

Paragraphs 18 and 19 set out requirements for a Level 3 Head to communicate with APRA within certain timeframes on any breaches of, changes to, or inadequacies with the ITE policy.

Paragraph 20 is a standard paragraph that appears in all APRA’s prudential standards.

Versions of this standard that were previously published for consultation included a paragraph that provided for APRA to impose a supervisory adjustment to the prudential capital requirement for the Level 3 group. However, as APRA has deferred the capital components of the Level 3 prudential framework at this stage, that paragraph has been removed.

iv.                Prudential Standard 3PS 310 Audit and Related Matters

3PS 310 requires that a Level 3 Head obtains and makes available to APRA independent advice from an auditor relating to the operations, internal controls and information provided to APRA in respect of the Level 3 Head and the Level 3 group. The requirements in 3PS 310 are based on audit requirements that APRA sets for Level 1 and Level 2 institutions in the individual industry prudential standards.

Paragraphs 1 to 6 are introductory paragraphs that:

-          state APRA’s authority to make the prudential standard, the date which the standard commences, and that the standard applies to Level 3 Heads;

-          link key terms used in 3PS 310 to their definitions in 3PS 001; and

-          provide for APRA to exercise a power or discretion in writing.

Paragraphs 7 to 13 are general requirements relating to the appointment of a group auditor, the terms of engagement of that auditor and the fitness and propriety of that auditor.

Paragraphs 14 to 19 establish responsibilities for the Level 3 Head in relation to the Appointed Auditor and internal audit. These are practical requirements to facilitate the Appointed Auditor or internal auditor in performing their role, and to ensure transparent communication with the Board Audit Committee to facilitate the performance of the Board Audit Committee’s role in governing the audit arrangements of the Level 3 group.

APRA expects an open and productive relationship with the Appointed Auditor and the Level 3 Head in relation to matters covered by 3PS 310. Paragraphs 20 and 21 state APRA’s requirements regarding meetings with, and information provision by, the Appointed Auditor with APRA. For the avoidance of doubt, APRA outlines that meetings may not always include the Level 3 Head, and APRA may choose who attends the meetings related to 3PS 310.

Paragraphs 22 to 23 clarify the material that must be provided to APRA by the Appointed Auditor and that there are circumstances where an Appointed Auditor must not provide material to the Level 3 Head. Paragraph 24 also clarifies that APRA recognises that an Appointed Auditor is likely to consider material produced by APRA in its supervision of the Level 3 group. However, it is not acceptable for the Appointed Auditor to place sole reliance on APRA’s work.

In paragraph 25, APRA recognises that material produced by the Appointed Auditor for the purposes of 3PS 310 may have a dual scope as some requirements relate to the group as a whole, whereas others relate to the Level 3 Head itself. For the avoidance of doubt and to facilitate clarity in communication, APRA requires that the Appointed Auditor must clearly distinguish these differing scopes where relevant in the material it produces.

Paragraphs 26 to 31 set out specific requirements in relation to the reports that an Appointed Auditor prepares on a routine basis or through a special purpose engagement. These requirements cover the content, timeframes and to whom the reports are to be provided.

In the individual industry prudential standards, it is APRA’s practice to specify the particular reporting forms that are to be covered in an Appointed Auditor’s report via an attachment to the prudential standard. A previous version of 3PS 310 that was published for consultation included an attachment. This attachment sets out the proposed specific data collections for Level 3 Heads referred to in paragraphs 27(a) to 27(c), including two proposed reporting forms in relation to capital. However, at this stage there are no specific reporting forms applying to a Level 3 Head and as such, no attachment is provided with 3PS 310. APRA expects to include an attachment to 3PS 310 in the future when reporting requirements for the Level 3 Head relating to capital are implemented.

Paragraph 32 is a standard paragraph that appears in all APRA’s prudential standards.

II.                Cross-industry prudential standards

The changes to implement conglomerate supervision for risk management and governance that were published by APRA in August 2014 were implemented for CPS 220 and CPS 510,[6] but have not yet been implemented for CPS 231, CPS 232, or CPS 520. The instruments described in this explanatory statement adopt the policy intent that was published in August 2014[7], with minor amendments to the drafting of the cross-industry prudential standards to provide clarity and ensure the effectiveness of the Level 3 framework.

The cross-industry prudential standards are currently in force, and these instruments make no material changes to these standards except to facilitate their application at Level 2 and Level 3. This explanatory statement is therefore limited in scope to those changes. Further information in relation to each of these prudential standards is available in the explanatory statements attached to the determinations that established each of the above legislative instruments.

Unless specified otherwise, all the paragraph references in this explanatory statement refer to the paragraph numbering in the new cross-industry prudential standards that are to commence on 1 July 2017.

i.                    Complying with the standards on a group basis

Each of the cross-industry prudential standards has been amended to facilitate the application of the standard to Heads of groups, and clarify how a Head of a group (Level 2 Head or Level 3 Head) must apply the prudential standards to the group. This amendment is located in paragraph 4 of each cross-industry prudential standard.

As the Head of a group is itself an APRA-regulated institution, for avoidance of doubt, paragraph 4(a) requires the Head of a group to comply with the prudential standard in its own capacity as an individual APRA-regulated institution.

Paragraph 4(b) focuses on application of the prudential standard at the level of individual institutions within the group, including institutions that are not APRA-regulated. It requires the Head of a group to determine an appropriate application of the prudential standard for each institution in the group and ensure that the requirements are effected by those institutions. In particular, for institutions in the group that are not APRA-regulated, the Head of the group must determine whether and how to apply each standard appropriately to those institutions.

Paragraph 4(c) focuses on group-wide application of the prudential standard, rather than individual institution-level application. It requires the Head of a group to ensure that the group arrangements required under the prudential standard meet the requirements of the standard.

Paragraph 4 also establishes the paragraphs that, when applied on a group basis, must be interpreted differently in relation to group arrangements. APRA provides specific instructions on how to read certain terms in those circumstances. For only these paragraphs, and only when applying the standard on a group basis (i.e. when complying with 4(c)), the term ‘APRA-regulated institution’ refers to ‘Head of a group’, and the term ‘institution’ refers to ‘group’. This drafting aligns the requirements for group arrangements with arrangements for individual APRA-regulated institutions, but allows the scope of those requirements to be read in two distinct ways (the individual basis and the group-wide basis).

Consequently, throughout the cross-industry prudential standards the term ‘APRA-regulated institution’ has replaced the term ‘institution’, and vice versa, or the term ‘APRA-regulated institution’ or ‘institution’ has been added or removed, in paragraphs where it is necessary that the requirement to be read at both the individual level and group-wide level.

ii.                  Definitions

Minor amendments have been made to the ‘interpretations’ section of each cross-industry prudential standard. These amendments have been made to facilitate application to Level 2 groups and Level 3 groups.

The instruments amend each cross-industry standard to include a reference to 3PS 001, so that key terms that are defined in 3PS 001 can be used without ambiguity throughout all the cross-industry prudential standards. Further, the instruments for CPS 231, CPS 232 and CPS 520 amend the interpretations section of each prudential standard to include the following definitions: group, Head of a group, Level 2 group, and Level 2 Head. For CPS 220 and CPS 510, these definitions have been updated to ensure consistency in language and presentation of the requirements across the cross-industry prudential standards, but there have not been changes to the substance of these definitions.

iii.                Additional requirements of the Head of the group

APRA has amended the existing ‘Requirements of the Head of a group’ section in CPS 220 and CPS 510 to more clearly indicate which requirements are applicable to Heads of groups on a group basis, and to implement specific requirements that only apply to the Head of a group. For CPS 231, CPS 232 and CPS 520 APRA is introducing these provisions (under the heading ‘Additional Requirements of the Head of a group’) for the first time.

The instruments achieve this objective by aggregating the key requirements of the Head of a group into one section in each cross-industry prudential standard. The title of this section in each standard is ‘Additional requirements of the Head of a group’.

Where the instruments implement a requirement that is applicable to a Head of a group on a group basis, the paragraph will typically state the nature of the requirement (e.g. a group policy or group committee) required by the standard, as well as the paragraphs in the prudential standard that apply on a group basis in relation to that requirement.  For example, see paragraph 14 of CPS 220:

As part of the group risk management framework (see paragraphs 19 to 25), the Head of a group must maintain processes to coordinate the identification, measurement, evaluation, monitoring, reporting, and controlling or mitigation of all material risks across the group, in normal times and periods of stress. The Head of a group must ensure its Board has a comprehensive group-wide view of all material risks, including an understanding of the roles and relationships of subsidiaries to one another and to the Head of a group.

iv.                Requirements for the board

APRA consulted with industry on Improving APRA’s board engagement in October 2014 and has stated in its August 2015 response to industry[8] that it will make amendments to improve the clarity of board requirements in response to issues raised in submissions to that consultation. These amendments clarify that the role of the board is to provide oversight of matters in relation to the APRA-regulated institution and/or the group, rather than assume responsibilities that would normally be assigned to management.

Consequently, changes have been made to the following:

-          paragraphs 22 and 35 of CPS 231 have been amended;

-          paragraphs 12 and 18 of CPS 232 have been amended;

-          paragraph 9 of the previous version of CPS 232 has been amended and merged into paragraph 10;

-          the new paragraph 13 of CPS 510 includes clarifications of the role of the Board;

-          paragraphs 14, 16, 18, and 106(b) of CPS 510 have been amended; and

-          for CPS 232 and CPS 510, the explanatory material at the front of the prudential standard (the ‘grey box’) has also been amended.

v.                  Minor amendments

These instruments also implement minor changes across the cross-industry prudential standards. These changes include:

-          removing all remaining references to the Level 3 capital standards;

o   removed paragraphs 10 and 12 from the previous CPS 220 and CPS 510; and

o   removed a reference to Prudential Standard 3PS 110 Capital Adequacy in footnote 7 to paragraph 23(f) of CPS 220;

-          simplifying expressions such as ‘develop and maintain’ or ‘have and maintain’ to ‘maintain’;

o   in CPS 220: Paragraphs 14, 17, 19, 27, 37(a), and the grey box;

o   in CPS 231: Paragraph 16 and the grey box;

o   in CPS 232: Paragraph 11 and the grey box;

o   in CPS 510: Paragraphs 11, 51, and 85;  and

o   in CPS 520: Paragraphs 12 and 17;

-          changes to the ‘Authority’ section (paragraphs 1(a) to 1(c)) to remove unnecessary detail;

-          changes to the ‘Application’ section (paragraphs 2(a) to 2(c)) to clarify the kinds of institutions that are covered by the term ‘APRA-regulated institution’;

-          inserting a footnote (footnote 1 to paragraph 2) to clarify that the cross-industry prudential standards do not apply to RSE licensees;

-          simplifying the ‘determinations made under previous prudential standards’ paragraph at the end of each cross-industry prudential standard; and

-          changing the grey box for each cross-industry prudential standard to include information about the standard’s application to Heads of groups.

vi.                CPS 220

The instrument implements a number of minor changes to CPS 220:

-          the heading ‘Group risk management’ has been changed to ‘Use of group risk management by an APRA-regulated institution’ to indicate that the requirements in that section apply to individual APRA-regulated institutions that use the group risk management arrangements provided for by CPS 220;

-          amended footnote 6 of paragraph 23(f) to clarify that a Level 3 Head is not required to have a group ICAAP;

-          replaced the word ‘identified’ with ‘required’ in paragraph 35;

-          amended footnote 7 of paragraph 35(f) to include the Banking Regulations 1966 in the definition of ‘prudential requirements’;

-          amended the existing requirement in paragraph 51 to submit the risk management declaration to APRA so that ADIs, authorised banking NOHCs that are not a disclosing entity within the meaning of the Corporations Act 2001, and Level 3 Heads submit the risk management declaration within four months, and all other APRA-regulated institutions within 3 months of its annual balance date; and

-          moved the requirement to submit the group liquidity management policy to APRA from paragraph 52 to paragraph 17.

vii.              CPS 231

The instrument implements a number of other minor changes to CPS 231:

-          amended paragraph 12 to clarify that offshoring only occurs when a Level 2 or 3 institution engages with a service provider that is overseas to that Level 2 or 3 institution.

-          amended paragraph 15 to include the risk management function as a material business activity;

-          amended paragraph 26 to clarify APRA’s policy intent regarding the process for selecting service providers and the due diligence review of the chosen service provider;

-          amended footnote 8  to paragraph 26 that defines the term ‘third party’ for the purposes of CPS 231;

-          amended paragraph 29 to include two new requirements with respect to the outsourcing agreement that relate to the form, ownership and control of data, and reporting requirements;

-          amended paragraph 33 to clarify APRA’s policy intent where an APRA-regulated institution invokes the institution’s Business Continuity Plan (BCP) and enters into a new outsourcing agreement following the sudden failure of an existing service provider;

-          amended a reference to CPS 510 in paragraph 44; and

-          made a consequential amendment to paragraph 46 to avoid duplication with paragraph 8.

viii.            CPS 232

The instrument implements several new requirements:

-          a new paragraph 15 in CPS 232 to clarify the responsibility of the group internal audit function or an appropriate external expert to review the group BCP and provide an assurance to the Board of the Head of the group (or delegated management) on specified matters on a group basis.

-          a new paragraph 23 that requires the Board to approve the Business Continuity Management (BCM) policy. In the case of the group BCM policy, the approval must come from the Board of the Head of the group.

-          a new paragraph 33 that requires APRA-regulated institutions to satisfy themselves of the adequacy of an outsourced service provider’s BCP, and must consider any dependencies between the service provider’s and their own BCP where material business activities are outsourced. This requirement also applies on a group basis, requiring the Head of the group to be satisfied with respect to the group BCP and outsourcing arrangements that are material to the group. 

The instrument also implements a number of other minor changes to CPS 232:

-          removed references to ‘crisis management and recovery’ in paragraph 22, to avoid any ambiguity regarding the scope of CPS 232;

-          clarified footnote 6 to paragraph 30 regarding the use of multiple BCPs to meet the requirements of the standard;

-          amended paragraph 38 to clarify that external experts that are used to review the BCP and provide assurance to the board must have the appropriate expertise; and

-          amended footnote 8 to paragraph 39 to include a reference to 3PS 310 and to state the full title of Prudential Standard APS 310 Audit and Related Matters in place of its abbreviated form.

ix.                CPS 510

The instrument implements a number of minor changes to CPS 510:

-          corrected paragraph 9 with minor changes to improve the clarity of the paragraph;

-          corrected paragraphs 42 and 43 and their respective headings to more accurately reflect the definitions of key terms such as ‘group’, and the scope of application (i.e. to locally-incorporated APRA-regulated institutions);

-          amended paragraph 57(a)(ii) to make a clearer and more accurate reference to paragraphs 9(a) to 9(e) of CPS 510;

-          amended a reference to the Corporations Act 2001 in paragraph 92;

-          corrected references to CPS 220 and Financial Sector (Collection of Data) Act 2001 (FSCODA) in footnotes 14 and 16;

-          minor corrections to footnotes 19, 20, and 23; and

-          corrected a reference to FSCODA in paragraph 25(g) of Attachment B.

x.                  CPS 520

The instrument implements several new requirements and material amendments to existing requirements:

-          a new paragraph 19, which clarifies the circumstances which the Head of a group must notify APRA with respect to its responsible persons. The paragraph provides that these notifications must only be made if another APRA-regulated institution in the group has not already notified APRA, so as to avoid duplicate reporting.

-          a new paragraph 20(g), which establishes that the scope of ‘responsible persons’ includes those that are responsible persons in relation to a group. The criterion for whether a person is a responsible person in relation to a group is whether the person’s activities may materially affect, either directly or indirectly, the whole, or a substantial part, of the business or financial status of the group.

-          amend an existing requirement in paragraph 43 to require a fit and proper assessment of individuals that APRA has determined under paragraph 22 to be responsible persons.

-          a number of amendments to paragraphs 50 to 55 in relation to whistleblowing to clarify APRA’s requirements. This includes an updated requirement that the Heads of groups and APRA-regulated institutions must ‘explain’ the whistleblower provisions of their Fit and Proper Policy and the associated procedures to directors and employees, where the existing requirement only requires those details to be ‘communicated’. These changes do not reflect a change in APRA’s policy position on whistleblowing. Instead, they reflect APRA’s expectation that Heads of groups and APRA-regulated institutions take reasonable steps to inform directors and employees of the whistleblower provisions of the Heads of groups’ and APRA-regulated institutions’ Fit and Proper Policy and the associated procedures.

The instrument also implements a number of other minor changes to CPS 520:

-          amended paragraph 21 to facilitate the application of the standard to Level 3 Heads;

-          amended paragraph 32(c) to restrict individuals from being considered fit and proper to be an auditor if they are the Chief Executive Officer or a director of the APRA-regulated institution or a related body corporate; [9]

-          amended paragraphs 39 and 40(b) to improve the clarity of the policy intent;

-          amended paragraph 57 to align the responsible person reporting requirements in CPS 520 with those in Prudential Standard SPS 520 Fit and Proper; and

-          amended paragraph 2 of each attachment to clarify the intention that the attachments do not apply to RSE licensees.

3.      Consultation

APRA undertook extensive consultation on its proposed supervisory framework for conglomerate groups from 2010 to 2016. Submissions were received from, and discussions held with the eight conglomerates that APRA had initially signalled as being the  likely Level 3 groups, other institutions regulated by APRA (including groups regulated at Level 2), and industry bodies.

The consultation process was aimed at ensuring that the adoption of the proposed non-capital components of the Level 3 framework would maintain the integrity of the prudential regime whilst remaining relevant to industry.  The consultation also ensured clear communication with industry on the main changes proposed and took into account practical implementation issues.

The consultation process raised a number of issues across the group governance, risk management, risk exposures, and capital adequacy elements of the Level 3 framework.  

A number of public discussion and response papers (with draft standards) were released during the consultation period:

-          March 2010: Discussion paper – Supervision of conglomerate groups;

-          December 2012: Supervision of conglomerate groups (Level 3) - Group governance and risk exposures;

-          May 2013: Supervision of conglomerate groups (Level 3) - Risk management and capital adequacy;

-          September 2013: Supervision of conglomerate groups (Level 3) - Draft reporting requirements;

-          August 2014: Supervision of conglomerate groups (Level 3) - Prudential standards and draft guidance; and

-          March 2016: Supervision of conglomerate groups (Level 3) - Non-capital requirements.

Further information concerning consultation on the making of these instruments is contained in the attached Regulation Impact Statement, and in APRA’s response letter to industry on the implementation of the non-capital components of the conglomerate supervision framework.[10]

4.   Regulation Impact Statement

APRA prepared a Regulation Impact Statement which has been lodged as supporting material.

5.   Statement of compatibility prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

A Statement of compatibility prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 is provided at Attachment A to this Explanatory Statement.

 

Attachment A

 

Statement of Compatibility with Human Rights

 

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

 

Banking, Insurance and Life Insurance (prudential standards) determinations No. 1 to 9 of 2016

 

These Legislative Instruments are compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 (HRPS Act).

 

Overview of the Legislative Instruments

 

In keeping with its mandate of financial stability, APRA is developing a conglomerate framework (Level 3 framework) that would seek to capture the contagion, reputation, moral hazard and other related risks that could have significant impacts on Australia’s financial stability. While group membership may offer benefits to prudentially regulated institutions, it may also expose institutions to risks that emerge from other group members that may or may not be regulated by APRA. There are also risks that may emerge from the size, scope, and operations of the group itself, rather than any particular institution in the group.

The Legislative Instruments determine four new Level 3 prudential standards 3PS 001, 3PS 221, 3PS 222 and 3PS 310 and five new cross-industry prudential standards CPS 220, CPS 231, CPS 232, CPS 510 and CPS 520 to replace the existing CPS 220, CPS 231, CPS 232, CPS 510 and CPS 520. The purpose of these instruments is to promote sound practices regarding governance, risk management and management of risk exposures for financial conglomerates designated by APRA to be subject to conglomerate supervision. These conglomerates are referred to as Level 3 groups. The cross-industry standards also include requirements for Level 2 groups, which are smaller financial groups that are involved in banking or general insurance.

To promote sound practices across the group, these instruments establish a prudential framework for group governance, risk management and management of risk exposures that APRA can apply to protect the interests of depositors, policyholders, and superannuation beneficiaries of prudentially regulated institutions that are members of these groups.

Human rights implications

1.      Banking, Insurance and Life Insurance (prudential standards) determinations No. 1 to 8 of 2016

APRA has assessed these Legislative Instruments and is of the view that they do not engage any of the applicable rights or freedoms recognised or declared in the international instruments listed in section 3 of the HRPS Act. Accordingly, in APRA’s assessment, these Legislative Instruments are compatible with human rights.

2.      Banking, Insurance and Life Insurance (prudential standards) determination No. 9 of 2016

APRA has assessed the instrument against the international instruments listed in section 3 of the HRPS Act and determined that Article 17 of the International Covenant on Civil and Political Rights (ICCPR) is potentially of relevance to the instrument.

Article 17 of the ICCPR prohibits the arbitrary or unlawful interference with a person’s privacy, family, home and correspondence, and attacks on reputation. Article 17 is exclusively concerned with prohibiting interference with the privacy and/or reputation of individual persons. It does not extend to the privacy and/or reputation of corporate entities.

CPS 520 requires APRA-regulated institutions to determine the fitness and propriety of responsible persons as defined within CPS 520. Responsible persons can include directors, secretaries and senior managers of the APRA-regulated institutions, other individuals who play a significant role in the management of the APRA-regulated institution and a person whose activities may materially affect, either directly or indirectly, the whole, or a substantial part, of the business or financial status of the Level 2 or Level 3 group to which the APRA-regulated institution belongs. As a result, the scope of individuals who may be considered ‘responsible persons’ is not limited to employees of APRA-regulated institutions and could include employees of service providers and other institutions within the Level 2 or Level 3 group to which the APRA-regulated institution belongs. The requirements of CPS 520 necessitate APRA-regulated institutions obtaining personal information about any responsible persons in order to make an assessment about their fitness and propriety.

The personal information APRA-regulated institutions are required to obtain under CPS 520 is essential to the effective operation of CPS 520. This information is collected to ensure that only individuals with appropriate backgrounds, qualifications and experience hold key positions relating to the management of an APRA-regulated institution or the Level 2 or Level 3 group to which the APRA-regulated institution belongs. The APRA-regulated institution’s understanding of who the directors and the principal individuals are within an APRA-regulated institution or the Level 2 or Level 3 group to which the APRA-regulated institution belongs is essential to effective governance.

This information ultimately supports APRA achieving its mission of ensuring that, under all reasonable circumstances, financial promises made by the institutions APRA supervises are met within a stable, efficient and competitive financial system.

APRA also considers that Article 6(1) of the International Covenant on Economic, Social and Cultural Rights (ICESCR) is arguably relevant.  The ICESR proclaims the right to work in a general sense. The United Nations Committee on Economic, Social and Cultural Rights (the UN Committee) has stated that ‘the right to work affirms the obligation of States parties to assure individuals their right to freely chosen or accepted work, including the right not to be deprived of work unfairly’. The right not to be deprived of work unfairly is relevant for the purposes of this Legislative Instrument. 

This definition implies that depriving an individual of work may not be a violation of Article 6(1) where that deprivation is regarded as fair. In determining what is ‘fair’, regard may be had to Article 2 of the ICESCR. Article 2 prohibits discrimination in access to and maintenance of employment on the grounds of race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status, which has the intention or effect of impairing or nullifying exercise of the right to work. Where an individual is deprived of work on the basis of any of these grounds, it is reasonable to assume that that deprivation will be regarded as ‘unfair’ and, therefore, that the right to work has been engaged.

Under CPS 520, an individual who fails to meet the prescribed criteria for determining if a person is fit and proper will be prohibited from being appointed to, or continuing to hold, a responsible person position. The criteria are whether the person:

(a)    possesses the requisite competence, character, diligence, honesty, integrity and judgement;

(b)   is not disqualified under the Banking Act, Insurance Act or Life Insurance Act from holding the position; and

(c)    either:

(i)     has no conflict in performing the duties of the position; or

(ii)   if the person has a conflict, the conflict will not create a material risk that the person will fail to perform properly the duties of the position.

These fit and proper criteria are based on the competence and character of the individual having regard to the function and duties of the responsible person position. The criteria are not based on any of the grounds of discrimination stated in Article 2. Therefore, it is arguable that prohibiting an individual who does not satisfy the above criteria from holding a responsible person position is not unfair and, therefore, does not engage the right to work contained in Article 6(1).  

Article 7 of the ICESCR provides further support that depriving a person of work will not be regarded as unfair where it is based on a lack of competence and/or character. Article 7 ensures ‘equal opportunity for everyone to be promoted in his employment to an appropriate higher level, subject to no considerations other than those of seniority and competence’. 

In addition, regard may be had to the Fair Work Act 2009, which provides that the dismissal of an employee will be ‘unfair’ where that dismissal was ‘harsh, unjust or unreasonable’ (section 385), taking into account whether there was a valid reason for the dismissal related to the person’s capacity or conduct (section 387). This also implies that depriving a person of work will not be regarded as unfair where it is based on a lack of competence and/or character.

Accordingly, since the fit and proper criteria in CPS 520 are premised on the individual’s competence and character, it is arguable that the individual is not being unfairly deprived of work and, therefore, the right to work has not been engaged. 

However, the proper interpretation of the right to work contained in Article 6(1) is ambiguous and, in particular, the right not to be deprived of work may not be qualified to the notion of unfairness. Therefore, the above analysis is not conclusive and the alternative might be argued: that is, this Legislative Instrument does engage the right to work. 

Article 4 of the ICESCR provides that countries may subject economic, social and cultural rights only to such limitations ‘as are determined by law only in so far as this may be compatible with the nature of these rights and solely for the purpose of promoting the general welfare in a democratic society’.  The UN Committee has stated that such limitations must be proportional and should be of limited duration and subject to review. 

The objective of CPS 520 is to ensure that an APRA-regulated institution prudently manages the risks posed to its business operations by having persons acting in responsible positions who are fit and proper. Persons who are responsible for the management and oversight of the business operations of an APRA-regulated institution or the Level 2 or Level 3 group to which the APRA-regulated institution belongs need to have appropriate skills, experience and knowledge, and act with honesty and integrity. These skills and qualities strengthen the protection afforded to beneficiaries and other stakeholders. This contributes to APRA’s broader objective of ensuring that, under all reasonable circumstances, financial promises made by supervised institutions are met within a stable, efficient and competitive financial system.

Failure to limit access to reasonable person positions in an APRA-regulated institution or the Level 2 or Level 3 group to which it belongs considerably increases the risk of significant loss to depositors, policy holders and superannuation beneficiaries. Consequently, the limitation of the right to work by this Legislative Instrument is reasonable, necessary and proportionate to its objective as described above.

Conclusion

Banking, Insurance and Life Insurance (prudential standards) determinations No. 1 to 8 of 2016 are compatible with human rights because they do not raise any human rights issues.

Banking, Insurance and Life Insurance (prudential standards) determination No. 9 of 2016 is compatible with human rights because to the extent that this determination arguably limits human rights, those limitations are reasonable, necessary and proportionate.

 


[5] See definition under the heading “i. Prudential Standard 3PS 001 Definitions” below.

[6] These changes were implemented through Banking, Insurance and Life Insurance (prudential standard) determinations Nos. 3 and 4 of 2014.

[9] N.B. this restriction only applies to assessments of fitness and propriety of auditors required under the prudential acts – see paragraphs 17(2)(b) and 21(3)(b) of the Banking Act; paragraphs 39(3)(a), 43(2)(b) and 44(3)(b), and subparagraph 44(1)(a)(ii) of the Insurance Act; and paragraph 245A(3)(b) of the Life Insurance Act.