Capability Review of APRA calls for organisational and cultural change


    The APRA Capability Review urges a reset of the regulator and its governance in the wake of the banking Royal Commission, including greater veto power over board appointments.

    In July, Treasurer Josh Frydenberg released the capability review of the Australian Prudential Regulation Authority (APRA) recommended by Justice Kenneth Hayne AC in the final report of the banking Royal Commission in February. The 172-page review was conducted by former chair of the Australian Competition and Consumer Commission Graeme Samuel AC, non-executive director Diane Smith-Gander AO FAICD, and former Reserve Bank of New Zealand deputy governor Grant Spencer.

    The review panel found APRA has had to deal with an expanded remit in recent years and while it has a strong track record in matters of maintaining financial safety and stability, it needed to focus more intensely on governance, culture and accountability in the financial sector. It also concluded APRA’s internal culture and regulatory approach needed to change, noting that internal challenge and debate appeared to be lacking, even discouraged. Other issues were also identified that needed addressing to ensure the regulator is better positioned to respond to an environment of growing complexity and emerging risks for its regulated sectors.

    The panel made 24 recommendations (19 directed to APRA, five to the federal government. APRA has indicated it supports all 19 recommendations directed to it and the government has agreed to act on its five. APRA chair Wayne Byres GAICD announced the regulator would revise its organisational structure to reinforce the impact of the leadership and cultural changes recommended by the review and its strategic plans.

    Key governance recommendations

    The key governance recommendations relevant for directors of financial services entities include that:

    • The government should consider providing APRA with a non-objections power to veto the appointment of directors.
    • APRA should enhance its supervisory and policy frameworks, including to embed the recent entity self-assessment process making it a biennial requirement and making self-assessments and APRA’s assessment of each publicly available.
    • APRA should depart from its behind-closed-doors approach in favour of greater transparency.

    APRA’s regulatory universe

    $6.7 trillion in assets

    510 entities including:

    150 ADIs (banks, credit unions, building societies) with $4.4 trillion in assets

    190 superannuation entities (excluding self-managed super funds) with $1.7 trillion funds under management and,

    170+ insurers with just under $400b in assets.

    APRA’s staff of 656 is forecast to rise to 738 in 2019–2020.

    Source: APRA Capability Review

    Non-objections power

    The review panel commented that the recommendation for APRA to have a non-objections power to veto directors will bring APRA into line with international regulators (such as NZ) and strengthen its capacity to pre-emptively regulate governance, culture and accountability (CGA) risks. Following the review, Byres commented that it would create a moral hazard and an administrative burden for APRA that may make it unworkable.

    However, the Treasurer has said APRA has agreed to accept all recommendations, including the non-objections power, and that APRA will be provided with additional funding to carry out its expanded role.

    Although the panel noted the power should only be available where risks associated with an entity warrant it, the AICD is of the view that the proposed power creates a potential moral hazard — APRA might be seen to be responsible for the quality of the board and management team of regulated entities.

    On the question of moral hazard, AICD CEO and managing director Angus Armour FAICD told the Australian Financial Review: “[What if] APRA agrees to the appointment of several directors to a board who consequently prove incapable of discharging their responsibilities — what are the consequences for APRA?” Having the right board composition for any individual entity must remain a responsibility of the board — if not, accountability will be diluted.

    Further, the AICD believes the current system — which includes a self-assessed fit-and-proper-person test for board and executive roles and APRA’s power to disqualify individuals — is sufficient.

    “It is, appropriately, the board’s decision on who is going to join the board and executive team. APRA has existing powers to comment and to offer advice, but you don’t want to confuse the responsibilities and accountabilities of the board with [those of] the prudential regulator,” said Armour.

    Intensified supervision

    The recommendation that APRA should embed the recent entity self-assessment process — which revealed widespread governance weaknesses in 36 regulated entities — biennially raises concerns. These include the prescriptive set of questions proposed and publication of each self-assessment, thematic review, and any rectification requirements. Rather than promoting better standards and transparency, the AICD queries whether entities may approach the exercise through a compliance rather than good-governance lens (creating a defensive, legal mindset rather than one of continuous improvement).

    The review also recommends that CBA-style prudential reviews be part of the supervisory toolkit in the future. It suggests several such inquiries be carried out in the next few years to reinforce the need for rigorous self-assessments by entities.

    While the CBA prudential inquiry was a valuable and important report, it involved a huge amount of resources. Rolling this out more regularly might not be possible or appropriate. The AICD is of the view a more flexible, needs-based approach should be taken. Byres agrees, stating: “The challenge is that it’s an extremely costly and resource-intensive exercise, so it does come to a question of how we allocate the resources to do that… but we're very happy to work the concept into our plan going forward”.

    79% of APRA staff noted that GCA risks are an important focus, the panel found this was not not evident in implementation of strategy, qualitative feedback, views of senior management or embedded in practice.

    Ending the behind-closed-doors approach

    To embed APRA’s new enforcement approach, the review recommends APRA should change its existing standards, which create a low appetite for transparent supervisory challenge and enforcement by departing from its behind-closed-doors approach with regulated entities and adopting a stronger approach towards recalcitrant institutions. As the prudential regulator, APRA has a different mandate to the conduct regulator, the Australian Securities and Investments Commission. This is an essential and deliberate distinction.

    The AICD is of the view that a close trusted relationship between APRA and entities is essential for stability in the financial system. A focus on stability and having the discretion to respond to system stresses is critical for an effective prudential regulator. Care must be taken not to put that at risk by complicating APRA’s mandate. Increased transparency may have unintended implications for the relationship between APRA and regulated entities and jeopardise financial stability.

    Non-executive directors to govern APRA?

    After minimal discussion, the review panel concluded APRA would not be well served by the appointment of additional non-executive directors.

    The AICD continues to support APRA having non-executive directors to help provide independent, impartial oversight of the prudential regulator, which is even more important given APRA’s expanding powers and remit. Having an effective accountability framework for regulators is essential to regaining confidence in the financial system.

    Organisational changes

    The review called for the APRA chair to relinquish his ADI-specific (authorised deposit-taking institution) oversight role and adopt a broader organisation-wide role. It also called for APRA to organise supervision along three industry lines (banking, insurance and superannuation) to increase senior management’s focus and accountability for dealing with industry-specific issues and reinforce the recommended leadership and cultural changes.

    The panel said an objective of the restructure should be to devolve authority more effectively through the organisation. “APRA staff note that decision-making is slow, with issues being taken through various committees and sometimes ‘parked’ for long periods before decisions are made. A new, flatter structure with clear accountability would facilitate this,” the report said.

    The review also called for a shake-up in APRA oversight of the $2.7 trillion superannuation sector by developing its policy and supervision framework and building skills and resources dedicated to the sector. It cited lack of progress on improving efficiency, fees and transparency, and inadequate focus on member outcomes and trustees’ compliance with legal requirements.

    It highlighted that while APRA looked at potential conflicts of interest between individual directors and the trustee, the supervisors paid little attention to the lack of conflict of interest between trustees and related parties in their broader group structures and the members of the fund.

    Digital Dilemma

    Australia is in the middle of a substantial technology shift, which entails substantial challenges.

    The APRA capability review panel noted that while digital disruption reflects healthy competition, and ultimately is of significant benefit to consumers, it carries inherent risks for existing APRA-regulated entities in the transition. It also raises significant strategic issues for APRA.

    New technology and new ways of delivering financial services offer the potential for a more competitive and innovative financial system. “They may also increase the risks to financial stability in ways that are yet to be well understood. APRA has a key role in transparently presenting the issues to the public,” the panel noted.

    The panel identifies three ways that digital disruption is affecting APRA and its regulated entities:

    • The ongoing transformation of existing regulated entities’ IT landscape, including investment in online and mobile services, increased outsourcing (especially use of cloud services), greater interoperability (for example, though application programming interfaces (APIs) and open banking), artificial intelligence-enabled decision-making, and ongoing digitisation of back-office functions.

      “Established market participants face a major forward pipeline of major systems migrations and management of legacy systems,” the panel said.

    • The emergence of new technology-enabled business models.
    • The increased competition from niche and scale technology competitors — for example, Apple’s intention to launch a credit card product.

    “There is the potential for change to follow an exponential path: limited change apparent at first, with some false starts, only for the tempo of change to snowball as multiple technology and business model innovations reach maturity,” the panel said.

    The panel also warned of ongoing and increasingly sophisticated cyber risk threats, noting, “A major cyber attack represents a top-tier operational risk for financial services companies both in Australia and globally.” 

    What they said

    Relevant commentary from the APRA capability review

    APRA expert panel (chair Graeme Samuel AC) – “APRA appears to have developed a culture that is unwilling to challenge itself, slow to respond and tentative in addressing issues that do not entail traditional financial risks. In combination with APRA’s organisational structure, these factors limit its ability to deliver on the breadth of its mandate and adapt to new challenges… APRA needs to shift the dial towards a more strategic and forceful use of communication to ensure it maximises its impact with regulated entities.”

    APRA staff – "APRA is a solid prudential regulator, however, it is an immature organisation in the sense that it has not focused on the “business” of what it does (strategic priorities, strategy implementation, and operational support to achieve the core supervision/policy/resolution outcomes)… APRA does not have a continuous improvement mindset and is change-resistant.”

    APRA chair Wayne Byres GAICD – ”The report highlights the increasingly complex industry dynamics in which APRA operates and that the expectations of its role and mandate have increased. It’s quite a challenge that’s been posed and we’ll need to work with the government to determine how best we can meet the ambitious agenda that’s been laid out for us.”

    Treasurer Josh Frydenberg –”Obviously this would require legislation, but we don’t want to see too much of a heavy hand conducted here. What we want to do is ensure that APRA has all the required tools at their disposal where appropriate to use.”

    APRA expert pane –There are no simple solutions to raising APRA’s capabilities. It operates in a complex, uncertain and dynamic environment. It requires highly skilled staff with good judgment and courage. They need to be supported by strong leadership and technology. APRA also needs to use its independence, powers and authority to greater effect.”

    The journey

    199 APRA established following 1997 Wallis Financial System Inquiry

    2001 Collapse of HIH Insurance

    200 Introduction of superannuation licensing

    2007 Removal of APRA's director disqualification powers

    2008 Global financial crisis (2007–09) Oversight of Financial Claims Scheme for ADIs

    2010 Introduction of remuneration requirements into governance standards; Oversight of Financial Claims Scheme for general insurers; Super System (Cooper) Review

    2013 Stronger super reforms introduced; Increased prudential oversight of ADI residential mortgage lending

    2014 Murray Financial System Inquiry

    2015 Private health insurer supervision; Risk culture requirements; Productivity Commission super inquiry

    2017 Prudential inquiry into CBA begins

    2018 Banking Executive Accountability Regime (BEAR) introduced; Productivity Commission Inquiry into Competition in the Australian Financial System

    2019 Hayne Royal Commission final report

    Source: APRA Capability Review

    Latest news

    This is of of your complimentary pieces of content

    This is exclusive content.

    You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.