Download speech as pdf
28 March 2018
Appearance before the House of Representatives Standing Committee on Economics, Canberra
APRA’s 2016/17 Annual Report was tabled some months ago but many of the issues discussed within it remain highly relevant today, reflecting APRA’s ongoing agenda to continue to build resilience in the financial system. As we said in the Report, and I repeat regularly in speeches, building resilience when times are relatively favourable is far easier than trying to restore resilience after a period of adversity.
While there has been a great deal of focus in recent weeks on past conduct being examined by the Royal Commission, there are many other issues that are critical into the future for establishing and maintaining a financial system in which the Australian community can have confidence as to its resilience and safety. I would like to say a few words about some of those areas this morning.
As we have regularly discussed at past hearings, APRA is maintaining a strong focus on the quality of new mortgage lending, and measures to reinforce sound lending standards. Although there are differing views as to the level of competition in the housing lending market, we observed that the type of competition that was occurring was clearly unhealthy: the steady erosion of lending standards in the face of strong competitive pressures to generate volume and grow market share. As a result, we have taken a range of measures to moderate the volume of new lending with higher risk characteristics while stronger lending standards are being reintroduced, backed by higher capital requirements for higher risk portfolios.
In our view, these interventions are achieving their purpose. The quality of new lending today is higher than it has been for some time. However, there is more to be done to make sure the improvements in policies are truly embedded into ongoing practices. So we will inevitably need to continue to allocate significant resources to this issue in the year ahead, making sure the industry delivers on its commitment to do better in the future.
Another critical component of a resilient financial system is ensuring we have a strong regulatory framework, particularly in times of crisis. This framework has been strengthened with the recent passage of the Financial Sector Legislation Amendment (Crisis Resolution Powers and Other Measures) Bill 2017. The Bill provides a welcome and substantial improvement to APRA’s crisis management powers, better equipping us to deal with the actual or imminent failure of a financial institution. It is an underappreciated but essential piece of infrastructure that maximises the public sector’s ability to preserve an orderly financial system in times of stress.
Concerns have been expressed in some quarters that the Bill might allow APRA to confiscate or otherwise use depositors’ money to save a failing bank. I would therefore like to use this opportunity to state clearly that that is most definitely not the case. There is no such power in the Bill. Indeed, APRA’s purpose under the Banking Act is to protect depositors, and the idea of ‘bailing in’ deposits would be anathema to that core purpose.
The third important matter that I’d like to highlight this morning is cyber risk. Earlier this month, APRA proposed its first cross-industry prudential standard on information security management, in response to the growing threat of cyber-attacks. The package of measures is aimed at shoring up the ability of APRA-regulated entities to both repel cyber adversaries and respond swiftly and effectively in the event of a breach of their defences.
Australian financial institutions are among the top targets of cyber criminals seeking money or customer data, and evidence suggests the threat is accelerating. This is increasingly one of the most important risks the financial system faces – affecting large and small institutions alike, and stretching across all industries. It is almost inevitable that institutions’ defences will be breached in some way at some time, and no longer implausible to suggest that a cyber-attack could be sufficiently severe to take a regulated institution out of business entirely, with significant losses as a result. The financial institutions we supervise will need to place greater emphasis on, and devote more resources to, this risk into the future, as will APRA. The new standard provides an important new framework within which this will occur.
The fourth area I’d like to mention is the issue of governance. In February this year, APRA announced a package of proposed measures designed to build resilience and improve governance and decision-making in the private health insurance sector. The measures are aimed at introducing stronger prudential standards that have successfully lifted capabilities across other APRA-regulated industries, at a time when the private health insurance sector faces significant strategic and operational challenges. Our emphasis on a strong strategic focus also extends to superannuation. As we said in our Annual Report, we have upped the ante on RSE licensees that appear not to be consistently delivering quality member outcomes, or are not appropriately positioned for future effectiveness and sustainability. To that end, it is pleasing to note that this work is delivering results, with a number of superannuation funds restructuring activities and products in order to deliver better member outcomes, in response to APRA’s observations.
Also related to governance is a review we are close to finalising on the policies and practices in setting senior executive remuneration at large financial institutions. This examined the extent to which remuneration outcomes were consistent with good risk management and long-term financial soundness. We will be publishing the results of this study shortly.
The final major initiative that I would like to mention is the major data transformation program we are undertaking to ensure APRA itself keeps pace with advancements in data, analytics and technology. As part of this program, we have recently embarked on our most substantial program of stakeholder engagement to date as we seek input from the industry into the design and implementation of our next generation data collection tool. This will be the foundation by which we are able not just to improve our own supervisory effectiveness, but also provide more information and transparency to the broader community about the financial health of the industries we supervise.
With those remarks on some of our major work streams, my colleagues and I are happy to answer the Committee’s questions.