Introduction
Chair's foreword
In March 2023, the swift collapse of Silicon Valley Bank and takeover of Credit Suisse a week later set off alarm in global markets and rattled public confidence around the world.
Australia’s banks remained resilient due, in part, to many years of work by APRA to maintain a strong and stable banking system, an objective which supports a well-functioning economy. APRA sets strong minimum prudential requirements to protect the safety and resilience of banks, insurers, and superannuation trustees, with this being supported by a rigorous and risk-based approach to supervision.
Nonetheless, these recent international events offer lessons for policymakers and regulators the world over. For example, the digital connectedness of financial systems – an evolution which has brought tremendous benefits to entities and their customers – also allowed for a bank run at a speed never previously witnessed. Such a possibility on local shores warrants a re-appraisal of liquidity risk settings, among other considerations.
The events of March are one of several changes in the operating environment over the past 12 months that have influenced the development of APRA’s latest Corporate Plan. Other considerations include:
- Rising interest rates, higher inflation and ongoing geopolitical uncertainty, factors which threaten the stability of the financial system;
- Cyber security and the escalation of hacks and scams are exposing Australians and causing significant financial, operational and reputational loss for regulated entities;
- The increased frequency and severity of natural disasters, linked to climate change, which are reducing access to affordable insurance particularly for those in at-risk areas; and
- The expansion of the superannuation pool, which emphasises the need for an efficient and transparent system, good performance outcomes for members and more options for Australians on retirement.
The plan also responds to the Government’s recent Statement of Expectation (2023) of APRA and the Financial Regulator Assessment Authority (FRAA) review.
As always, APRA’s effectiveness is determined by the drive and capability of its people. This plan outlines how we are investing in our agile and engaged workforce – one that remains ahead of the curve and flexible in responding to the dynamic array of challenges present in the system.
For the first time as APRA’s Chair, I present our 2023-24 Corporate Plan covering the four years to 2026-27 as required under section 35(1)(b) of the Public Governance, Performance and Accountability Act 2013. It outlines how we will continue to protect the community today while ensuring the financial system is prepared for tomorrow.
John Lonsdale
Chair
Introduction
APRA’s purpose is to protect the safety and resilience of regulated entities and promote financial system stability in Australia, while balancing competition and efficiency considerations.
Over many years, APRA has worked to achieve its purpose by strengthening the prudential framework, adapting supervisory processes to new risks and issues, building resolution capabilities, and contributing to the improvement in the coordination of regulatory activities with Australia’s main financial regulatory agencies.
Building on the strong foundation of previous plans, APRA’s 2023-24 Corporate Plan provides a forward-looking view of strategic priorities and key activities. This plan continues to be guided by our vision of a financial system that is, “protected today, prepared for tomorrow”.
The 2023-24 Corporate Plan identifies and seeks to address key challenges identified in the operating environment over the plan horizon:
- System-wide risks, by enhancing stress testing across regulated industries and ensuring macroprudential policy settings remain appropriate for the operating environment;
- Operational resilience, through increased focus on cyber resilience, crisis management and operational risk management practices;
- Climate-related financial risks, by undertaking a Climate Vulnerability Assessment for general insurers and embedding climate risk in our approach to supervision; and
- Superannuation transparency and retirement outcomes, by providing insights about investment performance and increasing focus on retirement incomes.
To deliver the outcomes outlined in this plan, APRA’s dedicated staff and its primary functions as a prudential regulator - policy development, risk-based supervision, enforcement and resolution – will remain core to the organisation as it continues to evolve in response to new risks.
APRA will also strengthen the key enablers that support our primary functions as a prudential regulator to drive the evolution of the organisation:
- Modernising the Prudential Architecture (MPA), which aims to make our prudential framework simpler to support risk-based supervision and reduce regulatory burden;
- Transforming our technology and use of data to enable data driven risk-based supervision, improve insights and transparency, and streamline the data collection process; and
- Cultivating an agile and engaged organisation to ensure that we remain fit for the future.
Further details on APRA’s plan on a page, strategic priorities and key activities are provided below.
Key outcomes
APRA’s 2023-24 Corporate Plan identifies three key outcomes: protecting the safety and resilience of regulated entities, promoting confidence and stability in the financial system, and supporting the community to achieve good financial outcomes. APRA’s approach to delivering these outcomes will by informed by the operating environment and shaped by resources available to execute the strategic priorities and key activities.
APRA’s risk-based and forward-looking approach to supervision remains core to the work we undertake to protect the safety and resilience of regulated entities to ensure that in all reasonable circumstances financial promises made to Australians are kept. Our planned activities for regulated entities in the banking, insurance and superannuation sectors are scoped to address the unique risks facing these sectors and the key challenges outlined in this plan.
By doing this work to protect the safety and resilience of regulated entities, APRA is promoting confidence and stability in the financial system. Along with other Council of Financial Regulator (CFR) agencies, APRA is focused on ensuring the financial system can withstand severe shocks and remain a source of strength for the Australian economy.
To guide our priorities, APRA’s 2023-24 Corporate Plan recognises the role we play in supporting the community to achieve good financial outcomes. Each day, our skilled and dedicated people are working to ensure that regulated entities keep financial promises made to depositors, policyholders, and superannuation fund members, and remain able to provide critical financial services to the community.
APRA also continues to engage closely with financial sector regulatory agencies and the Government to address shared challenges to system-wide risks and issues, with current areas of focus being payments reforms, insurance availability and affordability, and the role played by superannuation in the financial system.
Protecting the safety and resilience of regulated entities
In recent years, APRA has adopted a more holistic approach to the supervision of regulated entities, considering the interconnected dimensions of financial, operational and organisational resilience. For all regulated entities, APRA will:
- Ensure that high standards of financial resilience are maintained, with this being a longstanding part of our prudential and supervisory frameworks;
- Heighten focus on operational resilience to maintain continuity of critical financial services, including to combat elevated levels of cyber risk; and
- Embed strengthened requirements and prudential expectations related to organisational resilience in supervision across risk types.
Banking
The Australian banking industry remains safe and resilient with “unquestionably strong” regulatory capital ratios continuing to promote financial stability. There are, however, challenges facing the industry, including a prolonged period of higher inflation and interest rates, heightened geopolitical risks, cost-of-living pressures affecting bank customers, and the emergence of new digital competitors to respond to customer expectations. Further, recent market disruption seen in the international banking sector has provided insights for rethinking supervisory approaches. These challenges require ongoing supervisory focus to ensure that safety and resilience is maintained, along with an evolution in our approach to supervision to address new risks and business models. Over the plan horizon, APRA will:
- Address lessons learned from recent market disruption through:
- Risk-based reviews of financial risk and targeted changes to liquidity and interest rate in the banking book prudential requirements to ensure these risks are being managed appropriately;
- Incorporate relevant learnings from the Basel Committee’s review of recent banking stress, including consideration of options to improve the effectiveness of Additional Tier 1 capital instruments in Australia1; and
- Engage with the Government, Treasury, and other CFR agencies on reforms to modernise the payments regulatory framework.
Insurance
APRA sets and enforces prudential requirements to make sure that insurers are financially strong, with the financial capacity to pay legitimate claims to Australian policyholders. Overall, the industry remains well-capitalised in line with these requirements. However, affordability and availability challenges remain across several lines of insurance. General insurance claims costs have increased due to natural disasters, supply chain disruptions and skills shortages. The resulting impact on profitability, reinsurance and operating costs will continue to impact insurance coverage for Australians. Over the plan horizon, APRA will:
- Address challenges in the reinsurance market for general insurers by reviewing prudential requirements for reinsurance to ensure they remain fit for purpose;
- Maintain focus on the sustainability of individual disability income insurance policies offered by life insurers, particularly in respect to prudential expectations related to governance, strategy, product design and data; and
- Intensify focus on operational resilience for private health insurers, with activities targeted towards cyber resilience and third-party supplier risks for critical outsourced functions.
Superannuation
Australia’s superannuation system is a large and growing component of the financial system – playing an important role in funding economic activity, managing the long-term savings of members during their working lives, and delivering incomes for retirees.
APRA’s work will continue to support improved outcomes for members. To date, performance tests and heatmaps have increased transparency, resulting in improved outcomes for members through reduced fees and better products. APRA has also strengthened minimum prudential requirements and supervision of strategic management, governance, and investment management to drive improved outcomes for members.
APRA’s planned work has also been informed by the recommendations from the review conducted by the Financial Regulator Assessment Authority (FRAA), with specific actions to address the recommendations from this review outlined in more detail below. Over the plan horizon, APRA will:
- Maintain focus on reducing unacceptable product performance by increasing expectations on trustees to close high fee, poorly performing products;
- Drive trustees to improve member retirement outcomes through targeted supervision of the implementation of the retirement income covenant;
- Increase transparency of performance across the superannuation industry by releasing new and expanded statistical publications and conducting the annual performance test;
- Simplify core superannuation requirements in updates proposed to Prudential Standard SPS 515 Strategic Planning Member Outcomes to foster a culture of continuous improvement for trustees; and
- Assess trustee self-assessments against the strengthened Prudential Standard SPS 530 Investment Governance, particularly in respect of the approach taken by trustees to liquidity management, stress testing, and asset valuation.
Organisational resilience
APRA’s focus on organisational resilience has addressed recommendations related to governance, culture, remuneration and accountability made by the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission).
In recent years, APRA has strengthened requirements and increased supervision of remuneration, developed and implemented tools to sharpen the supervision of risk culture, and embedded in our approach to supervision and enforcement the Banking Executive Accountability Regime.
APRA has observed that these actions have increased the focus of boards and senior managers of regulated entities on the financial outcomes of the community, and sharpened accountability to prevent poor outcomes. To continue this work over the plan period, APRA will:
- Ensure that regulated entities are embedding changes to their organisation following risk transformation programs, particularly where an entity has been subject to an operational risk capital charge or licence conditions;
- Implement the Financial Accountability Regime, in partnership with the Australian Securities and Investments Commission (ASIC), subject to enabling legislation being passed by the Parliament; and
- Clarify expectations of boards and simplify the prudential framework to reduce regulatory burden, by amending Prudential Standards CPS 510 Governance, CPS 520 Fit and Proper and CPS 220 Risk Management.
In the 2023-24 Corporate Plan, APRA has identified key challenges that inform our strategic priorities over the plan horizon. These key challenges have been informed by:
- An assessment of risks and opportunities arising from the operating environment;
- Developments in the focus of international standard setting bodies;
- Insights from external reviews;
- Expectations of Government as expressed in the Statement of Expectations (2023); and
- Ongoing engagement with regulated entities, peer agencies and members of the community.
System-wide risks
A key outcome for APRA is a safe and resilient financial system, which requires a focus on system-wide risks. Events earlier this year showed that the interconnected nature of the global financial system means that stress experienced by some American and European banks transmitted rapidly between entities and across borders.
APRA’s objective to protect the safety and resilience of banks remains a core part of our work on system-wide risks, due to the central role played by banks in the financial system, and the importance of Australians remaining confident that deposits will be available on demand, and that critical financial services will be available.
As part of its risk-based supervision, APRA scans the operating environment to identify emerging risks, evaluates the impact of these risks on individual entities, industries and the financial system by undertaking stress tests, and uses its regulatory tools to mitigate heightened risks where appropriate.
Over the plan horizon, APRA will:
- Develop a cross-industry stress testing framework to explore how shocks to the financial system might be mitigated or propagated by the interactions between the banking, insurance, and superannuation industries. This will seek to assess system-wide vulnerabilities and consider how APRA could address those vulnerabilities; and
- Use macroprudential tools to mitigate risks to financial stability at a system-wide level, whilst continuing to work closely with the Reserve Bank of Australia (RBA). In response to the Review of the RBA, APRA will work with the RBA to:
- Put in place mechanisms by which the RBA will provide formal advice to APRA on APRA’s use of its macroprudential tools; and
- Update the Memorandum of Understanding between APRA and the RBA to continue our close cooperation to manage financial stability risks.
APRA is also mindful of the risks posed by non-regulated entities to the safety and resilience of the financial system and works with the Council of Financial Regulators (CFR) agencies to determine and coordinate appropriate regulatory responses to these risks.
Operational resilience
Risks to operational resilience are heightened for regulated entities in the current operating environment, particularly due to a significant rise in cyber-attacks, the increasing interconnectedness of the financial system, along with greater reliance on unregulated third-party service providers.
Aligned with the implementation of Prudential Standard CPS 230 Operational Risk Management (CPS 230) that will be effective from 1 July 2025, APRA will:
- Heighten expectations on regulated entities to address identified control weaknesses;
- Increase focus on business continuity and third-party risk management to ensure these risks are managed appropriately; and
- Engage with industry to improve the way non-financial risk data is collected and used to assess the effectiveness of regulated entities’ operational risk management practices.
More generally, APRA’s work to strengthen operational risk management for regulated entities will support action being taken by Government and other agencies to reduce the prevalence and impact of scams on the community.
Strengthen cyber resilience across the Australian financial system
APRA regulated entities are exposed to evolving and more sophisticated cyber risks, as demonstrated by recent incidents. APRA is working closely with regulated entities to strengthen cyber protections to minimise the risk of a material disruption to critical services. In addition, APRA is also working with CFR agencies, the Office of the Australian Information Commissioner and the Cyber and Infrastructure Security Centre within the Department of Home Affairs, to ensure a coordinated response across Government to cyber risk.
Over the course of this plan, APRA will:
- Act on breaches of Prudential Standard CPS 234 Information Security (CPS 234) to strengthen minimum cyber standards;
- Ensure regulated entities are taking action to address issues identified in CPS 234 independent assessments;
- Assess the effectiveness of boards to oversee actions taken by regulated entities to mitigate cyber risk;
- Set clear expectations for specific cyber issues where action by regulated entities is needed to adopt better practices;
- Intensify data-driven supervision for cyber risk to optimise the use of technical specialists on higher risk regulated entities; and
- Focus on supervisory crisis preparedness to ensure a coordinated response to unexpected disruption to critical financial services.
Climate related financial risks
Over several years, APRA has increased expectations on regulated entities to prepare and respond to the financial risks associated with climate change. APRA has increased expectations as climate change impacts the value of certain assets, income streams and underwriting risks which, in turn, impacts the risk profile of regulated entities.
APRA is working closely with international and domestic peers to address climate-related financial risks. APRA chairs the CFR Climate Working Group, is a steering committee member of the Network for Greening the Financial System and participates in a range of international climate risk working groups. APRA is also working with CFR agencies to support the Government’s sustainable finance agenda and contribute to emerging issues such as nature-related financial risks.
Over the course of this plan, APRA will:
- Conduct a Climate Vulnerability Assessment to assess the impact of climate risk on access and affordability of general insurance;
- Embed climate risk in our Supervision Risk and Intensity (SRI) model to require ongoing supervisory assessment of this issue; and
- Use existing and new data collections for climate risk to prepare and develop insights on emerging issues and best practices.
Core focus areas
APRA’s delivery of the key outcomes and strategic priorities outlined in this plan are supported by its core focus areas:
- Policy development, that involves APRA’s development and maintenance of a comprehensive framework of prudential standards and practice guides. APRA’s standards set out enforceable requirements, while the prudential practice guides provide guidance on how entities may adhere to and implement these prudential standards.
- Risk-based supervision, which uses APRA’s supervision framework, review and approval processes, SRI model, and data collected from regulated entities to provide oversight of regulated entities, industries and the financial system. Where needed, APRA will increase supervision intensity to address identified issues.
- Enforcement, where APRA adopts a “constructively tough” and transparent approach to the use of formal enforcement tools when a regulated entity does not comply with prudential standards and expectations. These tools include applying additional capital requirements, directing entities to take or cease actions, imposing licence conditions and court-based enforceable undertakings.
- Resolution, where APRA implements a prompt and effective response to the likely failure of a regulated entity to achieve an orderly exit and minimise disruption and losses to beneficiaries.
APRA is strengthening key enablers to drive the execution of its 2023-24 Corporate Plan and ensure the organisation is evolving to address new challenges.
Modernising the Prudential Architecture
APRA’s goal is that Modernising the Prudential Architecture (MPA) will deliver a clearer, simpler, and more adaptable digital prudential framework that will reduce costs, be easier for industry to understand, and be more efficient to supervise and maintain.
Against a backdrop of accelerating digitisation and innovation within the financial sector, the MPA program is focused on these key areas:
- Better regulation to simplify the design of the regulatory framework to make it more cohesive, proportional to the size and complexity of regulated entities, and better aligned to the needs of the users;
- Development of a digital framework to bring together all APRA’s prudential standards, guidance and supporting information into a dynamic format that can be searched and navigated easily; and
- Regulate new risks in a way that does not add complexity to the current framework and enhances existing standards where possible.
Consistent with the intent of the MPA program, APRA will continue to challenge itself rigorously about whether new requirements or guidance are necessary to protect the financial interests of Australians before making changes to the prudential framework and ensure that competition and efficiency considerations remain central to this process.
Transforming our technology and use of data
APRA is committed to being a data-driven prudential regulator to support sharper risk-based supervision and provide greater transparency to stakeholders about the safety and resilience of regulated entities.
As foreshadowed in the December 2022 Data Directions Response paper, APRA has embarked on the first annual review of its data collections roadmap. This review will reconsider the pace, sequencing and priorities of the roadmap, while also seeking to ensure APRA’s data and technology capabilities are aligned with our strategic priorities.
Over 2023-24, APRA will:
- Stabilise data and technology infrastructure, to ensure there are strong foundations to proceed with the ambitious data change program that has been outlined in the Direction for Data Collections Discussion and Response papers;
- Leverage the benefits associated with the creation of a dedicated Technology and Data Division to strengthen data governance and project delivery; and
- Engage with stakeholders to ensure that regulatory costs associated with data collections are minimised.
APRA will also continue its role in collecting and sharing financial sector data with the Government and other agencies and is working closely with the Treasury, RBA, the Australian Bureau of Statistics and ASIC, to plan and design data collections to inform public policy.
Cultivating an agile and engaged organisation
APRA has highly capable and engaged staff that are committed to delivering our purpose and serving the community. To build on our track record of success in responding to new challenges, APRA is clarifying internal roles and responsibilities to support transparent and accountable decision-making and prioritising initiatives to empower staff to “prepare for tomorrow”. Attributes of this work will include sustained focus on prioritisation to respond quickly to new and emerging issues, with leaders being empowered to make risk-based decisions.
Underlying this focus on evolving the organisation to respond to new challenges will be a one APRA mindset to deliver our purpose. This will be supported by APRA-wide actions that are outlined in this plan, as well as innovations being driven by senior leaders to develop and shape better ways of working.
Building capability
APRA is committed to hiring, training, and retaining first rate talent and creating an environment where they thrive. We will build the capability of our people by enhancing supervision training and professional development to address emerging risk issues, evolving the people capability framework, developing new technical leader pathways, and enhancing mobility within APRA and with peer agencies.
Workforce planning
APRA is enhancing its workforce planning to ensure that it has the right people, with the right skills to deliver on the 2023-24 Corporate Plan. This involves improving our analysis and understanding of current and future workforce needs, particularly in relation to identifying capability requirements.
Operational excellence
APRA is focused on ensuring that it performs its organisational activities effectively and efficiently. Over the course of this plan, APRA will:
- Improve business processes, realise benefits from workflow management tools, and establish an internal operational excellence capability;
- Ensure operations are fit-for-purpose, consistent and aligned to risk-appetite; and
- Define and measure key operational performance metrics and instil a culture of continuous improvement.
Inclusion and diversity
APRA is committed to providing an environment where its people belong, are valued and respected. Over the plan horizon, APRA’s Inclusion and Diversity Council will oversee the implementation of our inclusion and diversity strategy by delivering implementation plans for each dedicated network2 and targeting strategic focus areas through three themes: Our People, Our Space and Our Community.
Modernising APRA’s working environment
APRA has invested in modernising its working environment and enabling modern collaboration tools and techniques, including by redesigning some of its office spaces and embedding the use of cloud technologies. During 2023-24, APRA will complete the rollout of a new information management platform, including strengthened information management security practices.
Environmental, social and governance
APRA recognises that community expectations for transparency on environmental impact, in particular greenhouse gas emissions and climate change broadly, have been growing. At the same time, the Australian Government is requiring that Australian Public Service entities (including APRA) meet minimum disclosure obligations for greenhouse gas emissions reporting. This year, for the first time, APRA’s annual report will provide details of our Scope 1 and Scope 2 emissions, together with our most material Scope 3 emissions (aviation), for the FY23 operating period. 3
Additionally, the Australian Government has established a policy for the Australian Public Service, under which most Commonwealth entities will be required to meet a net zero emissions target by 2030. APRA will assess how it can best align to this target once details of the policy are confirmed.
Financial Regulator Assessment Authority (FRAA) Review
In July 2023, APRA welcomed the release of the FRAA review, which focused on our core capabilities of supervision and resolution through the lens of superannuation. APRA has incorporated the recommendations from the review into this plan as follows:
- Emerging and systemic risk identification: APRA’s heightened focus on “System-wide risks”, combined with supervision activities planned to improve outcomes for members, will be key parts of our response to this recommendation. For example, APRA will increase focus on liquidity risk in superannuation, including the valuation of unlisted and illiquid asset classes, and its implication for the broader financial system. More broadly, APRA will develop a cross industry stress testing framework to assess system-wide risks.
- Staff capabilities: APRA’s initiative to, “Cultivate an agile and engaged organisation” is intended to build capability to support and prioritise our response to new and emerging risks. Actions being taken include strengthening workforce planning, prioritising the recruitment of staff with deep industry knowledge, and refreshing the supervision training program.
- Data and technology: APRA’s initiative to, “Transform our Technology and use of Data" involves a program of work designed to support risk-based and forward-looking supervision and minimise the regulatory burden associated with data and information requests.
- Transparency: This plan provides more information to stakeholders on APRA’s strategic priorities and key supervision activities. APRA is also reviewing how it might provide regulated entities with more information on planned supervision activities and insights gathered from thematic reviews. More generally, APRA will maintain momentum to improve outcomes for superannuation members by publishing performance data on superannuation products and supervising against the results.
- Resolution: APRA is working closely with industry to improve recovery planning and resolution readiness, consistent with Prudential Standards CPS 190 Recovery and Exit Planning and CPS 900 Resolution Planning. Following a superannuation recovery and exit planning pilot exercise, APRA will share examples of better practices with stakeholders, to provide insight into actions that could be taken by regulated entities to enhance these capabilities.
APRA has taken the following factors associated with the operating environment into consideration when setting its 2023–24 Corporate Plan.
External factors
Community expectations
- Perspectives of diverse stakeholders to understand evolving community expectations.
- Insights from our engagement with the Government, other Commonwealth agencies and industry stakeholders about shared challenges to deliver good financial outcomes for the community.
Government expectations and external reviews
- APRA’s Statement of Intent published in June 2023 in response to the Government’s Statement of Expectations.
- The FRAA’s review of APRA that was released by the Government in July 2023.
- The recent Review of the RBA, particularly those recommendations relevant to APRA.
Political, macro-economic and social considerations
- Inflation is expected to remain elevated over the coming year. Higher interest rates to address inflation will continue to place financial pressures on households and businesses.
- Geopolitical tensions may continue to affect supply chains and trading patterns leading to less efficient global trade flows, which could reduce global growth.
- Community and investor expectations regarding environmental, social and governance issues continue to increase, particularly in relation to how regulated entities are adapting their corporate strategies and practices in response to climate change.
Global regulatory developments
- International standard setting bodies, such as the Basel Committee on Banking Supervision and the Financial Stability Board, are reviewing the lessons learned from recent market stress to ensure the financial system is better placed to withstand future stress.
Technology and innovation
- Customers are increasingly engaging with the financial system through digital channels and expect the technology they access to be safe, secure, low cost and available 24/7.
- Customers are also being exposed to more complex scams that often rely on the digital services provided by regulated entities, which is requiring more investment in technology to prevent losses associated with scams.
- Cyber-attacks continue to increase in their frequency and sophistication driving regulated entities to invest more in the security of their systems and data, including improving their cyber-attack prevention and detection capabilities. Regulated entities are also having to increase the protection of themselves and their customers against the contagion effects of cyber-attacks on external service providers.
- The growing use of artificial intelligence (AI) (including generative AI) is transforming how financial services are structured and delivered to end users, and this amplifies risks about the potential misuse of AI, as well as data privacy and security.
Internal factors
Resources and funding
- APRA is funded largely through levies on the entities it regulates. A small number of activities are not levy-funded. These activities are recovered by user charges or Government appropriations.
- APRA developed its 2023-24 Corporate Plan based on its approved funding in the most recent Portfolio Budget Statement (PBS). 4
Workforce
- APRA strives to provide a flexible, adaptive and inclusive workplace for its employees.
- In 2022-23, APRA renewed its performance, remuneration and capability frameworks and is continuing to embed these frameworks through 2023-24.
Technology and infrastructure
- APRA continues to invest in information and communications technology to support and enable its employees in a hybrid environment and strengthen its cyber resilience.
Risk management
APRA’s delivery of its 2023-24 Corporate Plan is supported by effective risk management practices, including robust governance and accountability mechanisms, with greater focus being placed on risk awareness to strengthen risk culture across the organisation.
APRA’s system of risk oversight, management and internal controls is aligned with section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), including the Commonwealth Risk Management Policy. From 1 July 2023, APRA also came under the jurisdiction of the National Anti-Corruption Commission (NACC), an independent Commonwealth agency that will detect, investigate and report on serious or systemic corrupt conduct in the Commonwealth public sector.
Governance
APRA’s risk profile is overseen by the following governance committees:
- Executive Board;
- Executive Committee; and
- Audit and Risk Committee.
The Executive Board reviews, approves and oversees the operation of APRA’s Enterprise Risk Management Framework, and monitors APRA’s risk profile to ensure that risks are being managed within APRA’s stated risk appetite, or measures are being taken to bring risks back within appetite.
The Executive Committee provides direction on the operational elements relating to APRA’s risk profile and ensures sufficient management attention is given to APRA’s higher-rated risks, including monitoring the progress of remedial actions.
The Audit and Risk Committee provides an independent view on the operation of APRA’s Enterprise Risk Management Framework and advice to APRA’s Chair.
APRA’s Chief Risk Officer regularly reports APRA’s key risks (including risks outside of appetite), material breaches or incidents, and non-compliance with or material deviation from the Enterprise Risk Management Framework.
Framework
The Enterprise Risk Management Framework enables APRA to identify, assess, manage and report the key risks relating to the delivery of APRA’s 2023-24 Corporate Plan.
All APRA staff have a role in managing risks. The Enterprise Risk Management Framework is embedded through a range of training and awareness activities.
In addition to APRA’s centralised Risk Management and Compliance team that administers the Enterprise Risk Management Framework, APRA’s Internal Audit function independently evaluates the effectiveness of internal controls, risk management and governance processes throughout APRA.
Key risks
A description of APRA’s key risks and mitigating actions is outlined below, together with their connection with APRA’s core functions, capabilities and strategic priorities. The key risks broadly align with APRA’s Risk Appetite Statement.
Key risk focus | Mitigating actions | APRA’s core function, capability, strategic priority |
---|---|---|
R1 – Risk of significant changes in the external operating environment stemming from macroeconomic conditions and /or unanticipated changes in community expectations. | Identify and act on insights from existing macroeconomic monitoring to prioritise and sequence initiatives appropriately. Use governance mechanisms to rapidly reprioritise activities and redeploy resources accordingly. Ongoing interagency and government department engagements. | Across the Corporate Plan. |
R2 – Risk of significant changes in the internal operating environment (including ways of working, governance practices), and capacity to recruit/retain expertise to achieve organisational effectiveness and the timely reprioritisation of activities in responding to operating environment changes. | Workforce planning linked to strategy. Ongoing recruitment of required skills and experiences from the market. Continuous training and upskilling of APRA's workforce. Formal governance and oversight of organisational risks and adequacy of mitigation measures. | Cultivating an agile and engaged organisation. |
R3 – Risk of inadequate operational resilience capabilities to effectively protect APRA’s people and data and ensure the continuity of business operations in a heightened external threat landscape. | Cross agency information sharing with peers and law enforcement. Business continuity management and incident response protocols. Continuous improvement of controls targeting cyber, personnel and data risk exposures. Workplace Health & Safety protocols and wellbeing focused initiatives. | Across the Corporate Plan. |
R4 – Risk of not realising the benefits of technology and data transformation arising from the inability to recruit/retain required capability and capacity. | Prioritise and focus on initiative completion and outcome delivery of in-scope initiatives. Robust program governance oversight. Workforce planning linked to strategy. | Transforming our technology and use of data. Creating an agile and engaged organisation. |
R5 – Risk of a weak or poorly designed prudential framework. | Clearly developed muti-year strategy, incorporating insights from global peers. Extensive consultation with stakeholders on new and in-use policies. Adherence to Office of Impact Analysis requirements. | Policy development, Modernising the Prudential Architecture. |
R6 – Risk of inadequate supervisory practices. | Maintain a highly experienced, trained and engaged workforce. Continuous improvement and training program to keep pace with regulatory developments. Independent quality assurance function and peer review practices. Embedded governance and oversight bodies to maintain the standard of supervision and adequacy of risk-based approach. | System-wide risks, risk-based supervision. |
R7 – Risk of inadequate resolution capability. | Ensure appropriate resource allocation to resolution activities. Ongoing testing of APRA's readiness to resolve failures and near failures including administration of the Financial Claims Scheme. Sharing information and cooperating with other regulators on resolution preparedness. | Resolution. |
R8 – Risk of inadequate enforcement capability. | Maintaining a highly experienced and specialised team to support APRA’s Enforcement function. Continuing to develop standardised enforcement processes and procedures. | Enforcement. |
Performance measures
Performance measurement at APRA takes into consideration relevant requirements outlined in the PGPA Act, PGPA Rule and guidance issued by the Department of Finance.
APRA uses a mix of qualitative and quantitative measures relevant to the delivery of APRA’s purpose, key outcomes, and organisational effectiveness, supplemented by narrative, case examples and other information to provide a holistic picture of APRA’s performance. Information on targets, methodologies, data sources and key changes regarding each performance measure is provided below. APRA continues to evolve its performance measures, including closer alignment between the key outcomes and activities it strives to achieve.
In 2023, APRA reviewed its performance measures which are drawn from APRA’s biennial stakeholder survey.5 Previous stakeholder surveys retained a core set of questions, with new questions added permanently or on a year-by-year basis as required. In consequence, APRA’s survey became long, and in places repetitive or no longer relevant. Following the 2022 review, the survey was redesigned to be shorter, more relevant and to make use of more direct questions and response options. These changes were intended to make it faster and easier for entities to respond, and to make it clearer how to interpret and answer questions. Just one set of key questions was retained from the previous survey, for calibration purposes. In addition, the 2023 survey included a set of questions for the FRAA. Changes to the suite of stakeholder survey questions by which APRA will measure its performance are reflected in the table below.
APRA’s performance against its 2023–24 Corporate Plan including analysis of the factors contributing to results against performance measures and targets outlined below including the most recent stakeholder survey results where indicated, will be reported in the Annual Performance Statement included in APRA’s 2023-24 Annual Report.
Ref | Performance measure | Target6 | Change from 2022-237 |
---|---|---|---|
1 | Money Protection Ratio (MPR) | Low incidence of failure | Retained. Provided further clarity on methodology and data source. |
Methodology: APRA seeks to protect the Australian community from financial loss and disruption. The MPR indicates the incidence of loss in the financial sector, measured as the dollar value of liabilities to beneficiaries in Australia in a given year less any losses due to prudential failures divided by the total dollar value of liabilities to beneficiaries in Australia in APRA-regulated entities. The higher the percentage the lower the incidence of loss. Data source: APRA’s failures database (for internal use). | |||
2 | Performing Entity Ratio (PER) | Low incidence of failure | Retained. Provided further clarity on methodology and data source. |
Methodology: APRA seeks to reduce the likelihood of a regulated entity failing. The PER indicates the incidence of failure measured as the number of regulated entities that met their commitments to beneficiaries in a given year divided by the total number of regulated entities. The higher the percentage, the lower the incidence of failure. Data source: APRA’s failures database (for internal use). | |||
3 | Aggregate capital ratios for banks and insurers | Above minimum prudential requirements | Amended. Included the word ‘Aggregate’ and provided further clarity on methodology and data sources. |
Methodology: Capital ratios are how much capital a bank or insurer has available reported as a percentage of a bank or insurers’ risk-weighted assets aggregated for the banking and insurance industry. Aggregate capital ratios provide insights into the resilience of the banking and insurance sectors. Data sources: Based on data submitted to APRA by ADIs and insurers per the relevant reporting and prudential standards.8 | |||
4 | Reduction in the number of superannuation members exposed to unsustainable funds | Reduction during the reporting period | Retained. |
Methodology: Measured by the number of member accounts in registrable superannuation entities that APRA considers unsustainable.9 Data sources: Power BI-based tool (for internal use) and entity data submitted to APRA. | |||
5 | Reduction in the number of trustees with sub-standard governance practices | Reduction during the reporting period | Amended. Changed ‘funds’ to ‘trustees’ and included the word ‘governance’. Provided further clarity on methodology and data sources. |
Methodology: Measured by the number of registrable superannuation entities managed by trustees that have a “C” or worse rating for Governance, Culture, Remuneration and Accountability or Governance and Risk Management in APRA’s SRI Model.10 Data sources: APRA’s supervision system ‘Q’; and an Excel-based spreadsheet tool (for internal use). | |||
6 | Reduction in the number of superannuation members in high fee, poor performing MySuper offerings | Reduction during the reporting period | Amended. Focus on MySuper offerings. |
Methodology: Measured by the number of member accounts in MySuper products that failed the performance test as published by APRA each year. Data sources: Annual performance test results for MySuper products11 and entity data submitted to APRA. | |||
7 | Reduction in the number of high fee, poor performing choice offerings | Reduction during the reporting period | Amended. Previously grouped with MySuper performance measure. Changed to focus on trustee-directed products, as per annual performance test. |
Methodology: Measured by the number of trustee directed products that failed the performance test as published by APRA each year.12 Data source: Annual performance test results for trustee-directed products and entity data submitted to APRA. | |||
8 | APRA’s supervision helps protect the financial well-being of the Australian community | ≥80% “agree” or “strongly agree” | New. Introduced new stakeholder survey question. |
Methodology: As outlined on APRA’s website ‘Stakeholder survey’ page. Data source: Responses from a biennial survey of APRA’s key stakeholders undertaken by an external provider. | |||
9 | In its supervision, APRA effectively pursues financial safety, balanced with considerations of efficiency, competition, contestability, and competitive neutrality, and promotes financial stability | ≥80% “agree” or “strongly agree” | New. Introduced new stakeholder survey question. |
Methodology: As outlined on APRA’s website on the ‘Stakeholder survey’ page. Data source: Responses from a biennial survey of APRA’s key stakeholders undertaken by an external provider. | |||
10 | Status of APRA’s strategic programs of work | Majority of APRA’s strategic programs of work are ‘Green’ status | Amended. Adjusted target and provided further clarity on methodology and data source. |
Methodology: Progress against plans and defined ‘Red/ Amber/ Green’ criteria. ‘Green’ status indicates delivery progressing in line with plan. Data source: APRA’s internal performance report as at 30 June each year. | |||
11 | Recommendations from independent reviews13 addressed during the reporting period | Closure within approved timeframes | Retained. Provided further clarity on data source. |
Methodology: Closure within approved timeframes. Data source: APRA’s internal database of external review recommendations. | |||
12 | Delivery of services in line with key performance indicators set out in APRA’s Service Charter14 | As per APRA’s Service Charter | Retained. |
Methodology: Definitions as outlined in APRA’s Service Charter. Data source: APRA’s management information systems. | |||
13 | Budget versus actual for the reporting period | Within budget | Retained. |
Methodology: Budget versus actuals for the reporting period. Data sources: APRA’s PBS and Financial Statements. |
Performance measures aligned to the principles of regulator best practice15
Type of performance measure | |||
Effectiveness, efficiency, output measures | Regulator measures | ||
Effectiveness | 1; 2; 3; 4; 5; 6; 7; 8; 9; 11; 12 | Continuous improvement and building trust | 11; 12 |
Efficiency | 4; 5; 6; 7; 9; 10; 12; 13 | Risk based and data driven | 1; 2; 3; 4; 5; 6; 7; 8 |
Output | 10; 12 | Collaboration and engagement | 12 |
Footnotes
[1] APRA’s 10 August 2023 letter to industry provided an interim update on policy priorities.
[2] Networks include: gender; generations; Culturally and Linguistically Diverse; Aboriginal and Torres Strait Islander; and lesbian, gay, bisexual, trans and gender diverse, intersex and queer (Pride).
[3] Scope 1 covers emissions from sources that an organisation owns or controls directly. Scope 2 are emissions that an organisation causes indirectly and come from where the energy it purchases and uses is produced (e.g., using electricity in offices). Scope 3 encompasses emissions that are not produced by the organisation itself nor the result of activities from assets owned or controlled by them, but by those that it is indirectly responsible for up and down its value chain (e.g., buy and use products from suppliers).
[4] Portfolio Budget Statements (treasury.gov.au)
[6] Targets apply to the four reporting periods covered by APRA’s 2023–24 Corporate Plan including 2023-24; 2024-25; 2025-26; and 2026-27.
[7] Five performance measures have been removed since APRA’s 2022-23 Corporate Plan was published. All of which related to questions from APRA’s biennial stakeholder survey.
[8] Prudential and Reporting Standards for APRA Regulated Industries
[9] APRA measures the sustainability of a superannuation fund based on a number of factors including its operating expenses, size, growth rate, and returns relative to benchmarks.
[10] Information on APRA’s SRI model
[11] Methodology for the superannuation performance test contained in the Superannuation Industry (Supervision) Regulations 1994 (SIS Regulations). View the 2022 MySuper performance test results.
[12] Methodology for the superannuation performance test is contained in the SIS Regulations.
[13] Recommendations from independent reviews relate to the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry; APRA’s Capability Review; and the Financial Sector Assessment Program undertaken by the International Monetary Fund in 2018-19; and the FRAA review of APRA completed in July 2023.
[14] APRA Service Charter
[15] The three principles of regulator best practice are: 1) continuous improvement and building trust; 2) risk based and data driven; and 3) collaboration and engagement. These are referred to as ‘regulator measures’ by APRA. Further information is available on the finance.gov.au website.
Acknowledgment of Country
We at APRA acknowledge the traditional owners and custodians of Country throughout Australia and recognise their continuing connection to land, waters, and community. We pay our respects to Elders past and present and extend that respect to all First Nations people.
We would also like to recognise our Aboriginal and Torres Strait Islander employees who are an integral part of our workforce.
Disclaimer and Copyright
While APRA endeavours to ensure the quality of this publication, it does not accept any responsibility for the accuracy, completeness or currency of the material included in this publication and will not be liable for any loss or damage arising out of any use of, or reliance on, this publication.
© Australian Prudential Regulation Authority (APRA)
This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that APRA endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/