Introduction
Chair's foreword
APRA’s primary purpose is to ensure the safety and stability of the Australian financial system. This stability plays an essential role in supporting a thriving and dynamic economy which in turn benefits the Australian community.
Effective risk management is critical to ensuring the financial system remains stable and resilient throughout different operating and economic environments to ensure banks, insurers and superannuation funds can continue to deliver on their promises to beneficiaries, namely bank depositors, insurance policyholders and superannuation fund members.
The ability of our financial system to support essential services is critical at any time, but especially so at a time when the environment is volatile, and disruptions can occur and spread across the financial system with speed. Domestically, high inflation and interest rates and economic uncertainty over 2023-24 has led to pressures being felt by households and businesses. Globally, APRA also sees material risks in the operating environment including ongoing geopolitical uncertainty, with these risks amplified by an increasingly interconnected world and a financial system that is ever more dependent on technology.
APRA’s view of these domestic and international factors has underpinned the development of its Corporate Plan for 2024-25. The latest iteration of the plan seeks to ensure the entities we regulate remain equipped to respond to new and emerging risks, as well as longer-term challenges such as climate related financial risks and an ageing population. But it has also been designed in balance with APRA’s other priorities, including minimising the cost and burden of regulation and supporting beneficial competition.
For the first time, this year’s Corporate Plan has been expanded to include APRA’s annual policy and supervision priorities, as well as a brand new inclusion: APRA’s data collection and publication priorities. Publishing a more fulsome overview of our agenda over the next four years will help industry plan and prepare for upcoming regulatory changes. It also underlines APRA’s commitment to enhanced transparency towards the entities we regulate as well as the community, Financial Regulator Assessment Authority (FRAA) and parliament to whom we are ultimately accountable.
As always, APRA’s people feature prominently in our Corporate Plan. With strong foundations of expertise and insight already in place, the plan outlines how we intend to invest more in learning and development and equip our employees with improved tools and technologies. These investments will help to keep APRA’s supervision capabilities at the forefront of global best practice.
And while we will remain a supervision-led regulator, we retain an appetite to use formal enforcement action where necessary to enforce the law and protect the community.
With that, I am happy to present our 2024-25 Corporate Plan covering the four years to 2027-28 as required under section 35(1)(b) of the Public Governance, Performance and Accountability Act 2013.
John Lonsdale
Chair
Introduction
APRA’s 2024-25 Corporate Plan sets out the strategic objectives that drive its regulatory priorities over the next four years, as well as outlining its agenda to address those priorities.
As ever, APRA’s priority is ensuring its entities keep their financial promises to bank depositors, insurance policyholders and superannuation fund members under all reasonable circumstances, and regulated entities remain able to provide critical financial services to the community.
To achieve this, APRA will continue to use a supervision-led approach to prudential regulation that is risk-based, proportionate, and adaptable as the financial system evolves and risks to stability either emerge or escalate.
While the 2024-25 Corporate Plan builds on the strong foundation of previous plans and remains guided by APRA’s vision of a financial system that is “protected today, prepared for tomorrow”, APRA’s priorities have evolved in response to changes in the operating environment. As a result, this latest Corporate Plan outlines some adjustments and fresh thinking with regards to APRA’s agenda, timelines and areas of focus.
Having spent more than a decade building up the strength of the prudential framework, APRA is now in a position to focus on maintaining that strength. As a result, APRA has shifted from an expansive policy agenda following the Global Financial Crisis and Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, to a more targeted approach aimed at adjusting or recalibrating existing settings.
This pivot is reflected in this document, however, the plan also responds to new threats that we believe may pose challenges both to APRA and regulated entities over the coming four years. These include factors such as the increased reliance of entities and customers on digital technologies, the lessons of last year’s global banking instability and meeting the retirement needs of an ageing population.
Another development reflected in the plan is the recent completion of the multi-year program to modernise the prudential architecture. Although APRA will continue to look for opportunities to sharpen and simplify the prudential framework, the foundations are now in place for a framework that is easier for regulated entities to access and comply with.
APRA retains a strong appetite to increase the intensity of supervision to address inadequate risk management practises or take formal enforcement action against entities where appropriate so there is clear accountability for breaches of the law. APRA also recognises that delivering its purpose to protect the financial interests of Australians requires it to balance the objectives of financial safety with considerations of competition and efficiency. In that spirit, APRA will support the Council of Financial Regulators’ (CFR) review into competition for small and medium banks and remain focused on addressing the affordability and availability of insurance.
APRA’s approach to regulation will be underpinned by key strengths, including its system-wide perspective on the operating environment that seeks to identify emerging risks, assess interconnections between sectors and determine appropriate actions. Perhaps most importantly, APRA will continue to rely on the values, expertise and insights of APRA’s people, which equip them with the judgement and willingness to act decisively to protect the community in a complex and rapidly evolving operating environment.
Strategic objectives
In summary, the strategic objectives in APRA’s 2024-25 Corporate Plan include:
Objectives | Key initiatives |
---|---|
Maintain financial and operational resilience |
|
Respond to significant and emerging risks |
|
Address industry-specific challenges |
|
Key enablers
To achieve these strategic objectives, APRA will invest in key enablers that support its role as Australia’s prudential regulator.
Technology and data: Informing risk-based decision-making
Following additional funding received in the 2024-25 Federal Budget, APRA will invest $73.2 million over four years in material upgrades to technology, data, cyber security and supervision systems. This investment will support data-driven supervision, making it easier for entities to submit information to APRA and strengthen internal cyber controls.
Our people: Empowered by an inclusive, agile and effective organisation
Over the last decade, APRA’s role has increased in response to heightened expectations from stakeholders to respond to new and emerging risks, and in recognition of the ongoing growth in the Australian financial system.
To empower its people, APRA will enhance workforce planning, invest in the capability of its people, strengthen its capability to deliver investments in technology, data, cyber security, and enhance end-to-end visibility of critical processes.
Supervision excellence: Modern and future-ready capabilities
To support its supervision-led approach to regulation, APRA needs to ensure its capabilities keep pace with the complex and fast-moving external risk environment. APRA will increase investment in learning and development to enhance career pathways for its people, increase access to a broader spectrum of on-the-job experience and facilitate greater knowledge transfer.
Policy, supervision and data priorities
This document details APRA’s policy, supervision and data initiatives planned for the banking, insurance and superannuation industries over the next 12 to 24 months.
In the context of the operating environment, these initiatives have been scoped to address identified risks to resilience and safety and ensure that the impact on regulated entities of these activities is proportionate to their size and complexity.
As appropriate, APRA will include details of these initiatives on the Financial Services Regulatory Initiatives Grid (RIG).
APRA operates in a dynamic operating environment characterised by rapid technological advancements, evolving business models, and changing market structures. To safeguard financial stability, they must identify, assess, and mitigate an array of different risks.
In this context, APRA needs to adopt a holistic approach that considers micro and macroprudential risks. For APRA, this means the need to maintain a strong and sustained focus on financial safety and system stability, whilst balancing this focus with competition and efficiency considerations.
To do this effectively, APRA takes a through-the-cycle view to protecting the financial interests of Australians, as history has shown repeatedly that poor or insufficient regulation can lead to severe financial crises, with taxpayers ultimately bearing the costs.
As such, regulators must communicate effectively the critical importance of a strong financial system to protect the financial wellbeing of the community and safeguard the economy.
External developments
While Australia is geographically isolated from other countries, our banking and financial systems are interconnected with global markets. Geopolitical developments around the world can magnify traditional liquidity, market, credit, investment, and insurance risks, and accordingly warrant the ongoing attention of regulators, and regulated entities alike.
Heightened geopolitical tensions across the world have created uncertainty for the global economy, trade and supply chains, international markets and commodity prices. Like many jurisdictions, Australia is facing an elevated threat environment, with many new and emerging national security challenges.
Internationally, support for a global financial regulatory framework is fragmenting. The implementation of the Basel Framework has been contested in some jurisdictions, which has led to some changes and delays to key capital reforms. Although the risk of fragmentation remains elevated, APRA remains committed to adopting international best practice where it is appropriate in an Australian context.
Domestically, parliamentary reports into economic dynamism and competition, and bank closures in regional Australia, are just some of the key developments shaping APRA’s operating environment. By the time our next Corporate Plan is published, we expect to see final parliamentary reports from inquiries into insurers’ responses to the 2022 floods; the impact of climate risk on insurance premiums; greenwashing; Australia’s retirement system; and the cost of living. These issues will feature prominently in discussions about the role of financial regulators over the coming years to address significant new and emerging risks.
Macro-economic environment
High inflation domestically and abroad over the past two years has prompted interest rates to be tightened aggressively by central banks to curb price increases. In 2024, inflation has moderated from these highs, but in most jurisdictions, it remains well above long-term averages.
Higher interest rates are expected to continue to weigh on the economic outlook for households and businesses, despite central expectations being for domestic inflation to fall back gradually within the RBA’s target range. Mortgage arrears are increasing but remain relatively low underpinned by low unemployment, with many households making use of pre-payment buffers or otherwise prioritising repayments over other spending. This is contributing to an overall softening in household spending and below trend economic growth and is likely one of several factors driving reduced levels of insurance coverage across the country.
Australia’s housing and rental markets remain tight, owing to a range of complex demand and supply factors, which is creating challenges for some generational cohorts to enter the housing market.
Technology and innovation
The rapid evolution of digital technologies, including cloud technology, quantum computing and Artificial Intelligence (AI) is driving a profound transformation of the financial services industry. This creates a complex landscape for regulators and entities who need to strike a balance between innovation and agility while mitigating appropriately cyber risks, data breaches and regulatory challenges.
The banking sector, in particular, is undergoing a digital transformation. As banking shifts from face-to-face service in physical branches to computers and smartphones, there is a growing need for sophisticated technology solutions and a re-evaluation of traditional business models.
Despite this shift making it easier and quicker for some customers to engage with their banks, this digital transformation also exposes banks and their customers to heightened cyber threats, including sophisticated scams, and changes the market dynamics influencing the accessibility of physical cash. This trend also amplifies financial risks, such as liquidity risk, as demonstrated by the events related to Silicon Valley Bank last year.
The emergence of AI, while promising efficiency gains, also introduces new risks if not managed appropriately and with sufficient expertise.
Social
Australia is continuing to evolve into a more diverse, urban, and educated society. Population centres have gravitated towards metropolitan areas. This urbanisation has accelerated social and economic change, drove innovation and economic growth, and also presented challenges such as housing affordability and infrastructure strain.
Some regional areas are benefitting from increased workplace flexibility allowing people to complete part or all their jobs remotely but face other challenges including access to essential services.
Australia is experiencing an ageing population, a consequence of increased life expectancy and declining birth rates. This demographic shift has implications for the financial system, particularly the superannuation and health insurance industries, as well as financial services that fall outside of APRA’s focus, such as the availability and affordability of financial advice.
At the other end of the demographic spectrum, younger generations, born into a digital age have different financial priorities and behaviours. Young Australians primarily use digital banking, use cash sparingly if at all, tend to have lower insurance coverage levels, and are more likely to consider sustainability in their investment options.
Legal and regulatory developments
Australia's financial sector legal and regulatory landscape is dynamic, with several industry-shaping bills being passed through the parliament over the past 12 months, and some subject of debate or consideration. These legislative initiatives span a broad spectrum of issues, including superannuation, financial advice, sustainable finance, housing policy and the net zero transition.
A complex legal and regulatory landscape is a challenge which extends beyond domestic shores. Overseas regulators are subject to increasing scrutiny, underscoring the importance of regulatory transparency and stakeholder consultation, particularly when making change. Many regulators have seen their regulatory boundaries expanded to include oversight of areas such as payments, non-bank lending, competition, big tech platforms and foreign interference.
Emerging technologies and focus areas are presenting new challenges in supervising regulated entities, where existing laws and regulations may not be fit for purpose. This global trend again underscores the interconnectedness of the financial system and highlights the need for a coordinated and adaptable approach to regulation.
Environmental
Environmental issues related to the financial risks associated with a changing climate are prominent parts of regulatory agendas globally and prudential regulators are no exception. Governments of many countries, including in Australia, have recognised the systemic risks posed by changing climate, and have committed to a transition to a low-carbon economy.
APRA, like many prudential regulators, is expected to promote prudent practices to ensure the financial system is resilient to climate-related financial shocks, and the adoption of climate reporting standards by regulated entities. To fulfil this expectation, regulators continue to assess the frequency and severity of climate-related financial risks, and how it can augment traditional operational, market and credit risk concerns.
Further, there is increasing pressure for regulators to examine how entities are considering and managing nature and biodiversity risks. While the challenges associated with climate change are significant, there are also significant opportunities for innovation and sustainable growth.
APRA’s strategic objectives reflect its statutory responsibilities, the Government’s Statement of Expectations and frame the regulatory initiatives that will be undertaken to deliver its purpose.
Following careful consideration of the operating environment, APRA has identified strategic shifts in regulatory focus that reflect our assessment of the significance of these risks.
The scope and intensity of planned work has been calibrated to reflect APRA’s resources and risks in the operating environment.
As outlined below, APRA has identified nine strategic shifts where it will heighten regulatory focus. More information about how these strategic shifts translate into specific regulatory initiatives is provided in the policy, supervision and data priorities section for the banking, superannuation and insurance industries.
Maintain financial and operational resilience
Financial resilience
Risk in the operating environment
APRA maintains an effective prudential framework across all regulated industries. This is illustrated by banks having “unquestionably strong” capital levels and maintaining strong lending standards, based on a prudential framework that is supported by robust macroprudential policy tools and ongoing supervision.
However, last year’s global banking turmoil emphasised how technological advances and greater market connectivity have increased the speed with which a financial crisis can spread. Financial risks have further been elevated by heightened geopolitical tensions, which may result in unexpected shocks to financial stability and asset values.
These developments have highlighted the need to ensure regulated entities can withstand a severe but plausible stress event, operate effectively in a crisis, and that the financial interests of beneficiaries are protected.
APRA’s strategic response
APRA’s response over the period will include:
- strengthening financial resilience (including capital and liquidity prudential requirements) so entities are prepared to withstand significant unexpected stress;
- increasing emphasis on system-wide risks, financial transmission mechanisms and interconnections across regulated industries;
- ensuring macroprudential policy settings are calibrated appropriately for the operating environment; and
- understanding the impact of geopolitical risk on the financial system.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- conducting a broader review of Prudential Standard APS 210 Liquidity (APS 210);
- consulting on proposals relating to Additional Tier 1 capital instruments;
- developing APRA’s first system risk stress test to understand interconnections across the financial system;
- continuing to develop a macroprudential policy framework, including engagement with the RBA to develop a process of review and advice on the use of macroprudential policy; and
- working with CFR agencies on risks to financial system resilience, including risks in the geopolitical environment.
Operational resilience
Risk in the operating environment
Greater dependency by both APRA-regulated entities and their customers on technology has produced a commensurate rise in operational risks. As evidenced by several recent high-profile operational failures, managing these operational risks is essential to protect business continuity and financial safety and stability.
APRA’s strategic response
APRA will focus on strengthening minimum expectations of operational risk management and business continuity planning, in particular through the finalisation of CPS 230. This will include:
- preparing industry for the commencement of CPS 230;
- maintaining supervisory oversight of regulated entities’ adherence to existing operational risk standards; and
- exploring risks to financial safety and stability introduced by third party providers, particularly those providing critical services.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- supporting entities as they transition from existing operational risks standards to CPS 230;
- engaging externally with industry groups, professional service firms, peer regulators, and industry led working groups to support the consistent application and understanding CPS 230; and
- designing, developing, and deploying a process for breach notifications for material operational risk events and a consistent approach for the Material Service Provider register.
Cyber resilience
Risk in the operating environment
APRA regulated entities, industries and service providers are exposed to increased risk of cyber-attacks from sophisticated and unsophisticated threat actors. In parallel, legal and community expectations around data privacy, security, and continuity of services are rising.
APRA’s strategic response
APRA’s response over the period will include:
- strengthening the cyber risk management practices of regulated entities to minimise the likelihood and impact of cyber incidents, and respond effectively when these incidents occur; and
- partnering with peer agencies as part of a whole-of-government approach to minimise cyber risk.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- embedding Prudential Standard CPS 234 Information Security (CPS 234) and ensuring entities act on findings from CPS 234 independent reviews to lift minimum standards of cyber risk management;
- releasing industry letters on high-risk cyber topics (e.g. securing and testing backups, maintaining security configurations, and maintaining privileged access management) and expecting regulated entities to strengthen practices as appropriate;
- conducting a cyber operational resilience stress exercise to test industry preparedness in responding to cyber incidents; and
- engaging with whole-of-Government initiatives on cyber regulation, generative AI, preparedness and incident response.
Crisis preparedness
Risk in the operating environment
The Australian financial system is strong and stable; however, a financial crisis can significantly impact the economic prosperity of the country.1 Regulated entities need to be prepared to respond to severe but plausible events and APRA needs to minimise the risk to beneficiaries, the financial system and the economy from a disorderly entity failure, broad-based failures or a systemic crisis.
APRA’s strategic response
APRA’s response over the period will include:
- partnering with CFR and New Zealand agencies to test APRA’s ability to respond to severe unexpected events, via a crisis simulation;
- driving improvements in the recovery and exit capabilities of regulated entities to strengthen their own ability to respond to stress; and
- preparing APRA to respond to severe unexpected events by building its crisis toolkit, supporting broader CFR preparedness and prepositioning industry.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- implementing Prudential Standard CPS 900 Resolution Planning (CPS 900) across Significant Financial Institutions (SFIs) and, where prioritised, developing and having prepositioned entity resolution plans; and
- embedding Prudential Standard CPS 190 Recovery and Exit Planning (CPS190) in the risk management practices of regulated entities.
Footnotes
[1] The Basel Committee on Banking Supervision has estimated that the median cost of a financial crisis is more than 60 per cent of a country’s annual gross domestic product.
Governance, Culture, Remuneration, Accountability (GCRA)
Risk in the operating environment
In recognising the progress made to strengthen GCRA practices across the financial system over recent years, APRA is now moving towards a more targeted agenda to embed new standards and approaches to ongoing supervision.
APRA’s strategic response
APRA remains committed to making targeted adjustments to the prudential framework to ensure GCRA related standards are fit for purpose and stronger minimum standards are used to hold individual and entities accountable for poor practices.
APRA’s response over the course of this plan will include:
- partnering with ASIC to implement the Financial Accountability Regime (FAR);
- preparing to review CPS and SPS 510 and 520 to align with FAR and international best practice; and
- monitoring the adequacy of GCRA practices across regulated entities with a focus on ensuring targeted and proportionate remediation actions for identified risks.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- implementing the FAR with ASIC for insurance and superannuation entities;
- consulting on amendments to CPS and SPS 510 and 520; and
- conducting a comprehensive survey across Tier 1 and Tier 2 insurance entities to benchmark and assess staff perceptions of risk culture.
Respond to significant and emerging risks
Climate & nature risk
Risk in the operating environment
APRA-regulated entities are exposed to risks associated with the increased frequency and severity of climate-related events. These events potentially impact the value of certain assets, income streams and underwriting risks.
There is also heightened global focus of the impact of nature-related risks, such as the loss of biodiversity on the financial system and the community.
APRA’s strategic response
APRA’s response over the period will include:
- increasing gradually expectations for regulated entities to consider climate related risk in financial (e.g. lending, underwriting, and investing) decisions and aligning them with emerging best practice globally;
- increasing industry and supervisory awareness of the impact of nature risk on the resilience of entities, the financial system, and the community; and
- continuing to partner with CFR agencies to support the Government’s sustainable finance agenda.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- incorporating climate risk in the prudential framework by consulting on amendments to include climate risk in Prudential Standard CPS 220 Risk Management (CPS 220);
- using the information drawn from the recently conducted voluntary climate risk self-assessment survey of entity practices against CPG 229 Climate Change Financial Risks (CPG 229) to compare and provide insights on better practice; and
- undertaking a Climate Vulnerability Assessment (CVA) to develop an understanding of climate risk drivers of insurance affordability challenges across the five largest household insurers – covering approximately 80 per cent of the household insurance market. The CVA will seek to understand the impact of climate change on household insurance affordability out to 2050.
New and changing business models
Risk in the operating environment
The structure and activities of APRA-regulated entities are changing as new technology and shifts in customer expectations drive the demand for innovative financial services.
Increasingly, entities with non-traditional business models are approaching APRA to be prudentially regulated. In addition, the Government is proposing to expand APRA's regulatory responsibilities into payments.
APRA’s strategic response
APRA’s response over the period will include:
- partnering with CFR agencies on the design of a new legislative framework for payments licensing to ensure that it aligns with the Government’s objectives outlined in the Strategic Plan for the Payments System; and
- considering international best practice for licensing new entrants to ensure that an appropriate balance is maintained between safety, competition and efficiency.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- modernising the licensing framework including by introducing legally enforceable criteria to improve the efficiency of the licensing process; and
- subject to proposed payments licensing legislation being drafted and passed by Parliament, consulting on new prudential standards, including for major Stored Valued Facilities (i.e. with more than $100m in stored value), to set appropriate minimum requirements for these entities.
Address industry-specific challenges
Retirement outcomes
Risk in the operating environment
Retirement income decisions can be complex for superannuation members. Once a member reaches retirement, moving their superannuation balance to the retirement phase requires an active choice, sometimes involving difficult trade-offs.
The Government’s Retirement Income Review presented evidence that a high proportion of the superannuation benefits remain unspent over the retirement phase, which may lead to a lower living standard in retirement than could otherwise have been achieved.2 This highlights that “the retirement phase of the superannuation is underdeveloped” and “most retirees are not currently supported to effectively manage their superannuation when they retire”.3
APRA’s strategic response
APRA’s response over the period will include:
- maintaining supervisory focus on trustees’ implementation of the retirement income covenant; and
- providing increased transparency (data and insights) of trustees’ approach to implementing the retirement income covenant.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- working with ASIC to monitor and drive industry progress in improving the retirement outcomes and customer experience of superannuation members;
- engaging with individual trustees where APRA holds concern about lack of progress being made to effectively implement the retirement income covenant;
- leveraging ongoing supervisory activities to engage with trustees more broadly on retirement-related matters to drive continuous improvements; and
- continuing to engage with life insurance industry to explore ways to reduce barriers for insurers to provide and/or further innovate longevity solutions.
Over the course of this plan, APRA will assess the costs, benefits and capacity of trustees of enhanced data collections for retirement.
Footnotes
[2] Retirement Income Review (2020), p. 432, p. 435.
[3] Corporate collective investment vehicle framework and other measures Bill 2021 – Explanatory Memorandum
Protection gap for household insurance
Risk in the operating environment
General insurance plays an important role in protecting policyholders from unexpected events. A protection gap occurs when insurable risks are not insured or are underinsured relative to the replacement cost. Parts of Australia are currently exposed to a widening protection gap in household insurance resulting from affordability and availability challenges.
The drivers of this risk are complex and include increasing cost of claims, supply chain inflation and changing dynamics in the global reinsurance market, as well as the increasing frequency and severity of natural catastrophes.
APRA’s strategic response
APRA’s response will include:
- partnering with stakeholders across the public and private sectors to identify initiatives that could reduce the protection gap for household insurance; and
- exploring changes to insurance data collections and the prudential framework to help inform and address this risk.
APRA’s key regulatory activities
APRA’s key regulatory activities to deliver our priorities include:
- working with insurers, communities and Government to better understand insurance coverage and gaps, risk mitigation measures, and to foster greater transparency on the drivers of premium changes, to put downward pressure on premiums;
- reviewing reinsurance prudential requirements to consider options available to improve access to alternative reinsurance arrangements for general insurers;
- progressing work on the Climate Vulnerability Assessment to understand the impact of climate change on household insurance affordability out to 2050;
- supporting the Hazard Insurance Partnership4, working with private and public sector stakeholders on reducing disaster risk and insurance costs; and
- participating in the work examining protection gaps being progressed by the International Association of Insurance Supervisors (IAIS) and Network of Central Banks and Supervisors for Greening the Financial System (NGFS).5
Footnotes
[4] Managed by the National Emergency Management Agency, the Hazards Insurance Partnership, and Strategic Insurance Projects have been established to help communities better prepare for disasters.
[5] IAIS is an international association of insurance supervisors from more than 200 jurisdictions, constituting 97% of the world's insurance premiums. With 138 members and 21 observers, NGFS is a group of Central Banks and Supervisors that share best practises and contribute to the development of environment and climate risk management in the financial sector.
Overview
APRA’s policy, supervision and data priorities have been published in the 2024-25 Corporate Plan to provide stakeholders with increased transparency.
APRA’s priorities are focused on planned regulatory initiatives over the next 12 to 24 months and have been presented by industry to make it easier for regulated entities to plan for expected engagements with APRA. Policy, supervision and data priorities will be updated annually as part of future Corporate Plans.
Regulated entities should read these industry priorities in conjunction with their entity-specific supervisory programs, which are calibrated to their Tier and Stage. Most of the industry priorities below are not new, however this update outlines key areas of focus, timeframes and next steps.
Summary of key policy, supervision and data priorities
Area | APRA priorities |
---|---|
Policy | |
Additional Tier 1 (AT1) | Ensure banks’ AT1 instruments will perform effectively in a crisis. |
Liquidity | Review APS 210 to maintain resilience and address lessons learned from international events. |
Governance | Broad review of governance settings, including those set out in SPS and CPS 510 and 520. |
Supervision | |
System stress test | Conduct APRA’s first system stress test to understand risk transmission mechanisms between regulated industries and across the financial system |
Operational resilience | Implement CPS 230 to strengthen minimum standards of operational resilience. |
Cyber resilience | Maintain a focus on cyber risk management. |
Data priorities | |
Direct to APRA (D2A) transition | Transition the remaining Direct to APRA (D2A) data collections not related to policy priorities to APRA Connect to enable decommissioning of legacy systems. |
APRA will remain adaptable to changes in the external environment and will adjust these priorities as needed to ensure the industries it regulates can continue to respond to new and emerging risks.
Further to the announcement by the Treasurer on 11 March 2024 about the introduction of a financial sector RIG, APRA will support and provide input into this document.
Consistent with the Government’s objective for the RIG, APRA has also consulted with other financial sector agencies to identify opportunities to improve co-ordination and alignment of initiatives.
APRA will also continue to assess new regulatory initiatives in accordance with guidelines from the Office of Impact Analysis.
Industries
Banking initiatives
Banking industry snapshot accessible description
APRA plays an important role in ensuring the Australian banking industry remains safe and resilient. The industry faces several challenges in the current operating environment, including a prolonged period of higher inflation and interest rates, heightened geopolitical and cyber risks, and the greater use of new technology and digitisation.
Ongoing supervisory focus from APRA is needed to ensure that safety and resilience is maintained, while also ensuring the amount and intensity of regulation remains proportionate to the risk profiles of each authorised deposit-taking institution (ADI).
Over the plan horizon, APRA will incorporate learnings from the disruption in international banking markets caused by last year’s global banking turmoil as well as responding to new and changing business models.
APRA’s banking priorities include:
Financial resilience
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Liquidity risk: Ensure banks have the financial resilience to withstand significant unexpected stress. | APRA will conduct a broader review of APS 210 with early industry engagement commencing in the second half of FY24-25. | APRA’s focus for some Liquidity Coverage Ratio ADIs will be continuing to uplift their liquidity stress testing capabilities following 2023 reviews. As indicated in APRA’s July 2024 release, APRA expects that Minimum Liquidity Holding ADIs will note APRA’s prudential concerns regarding bank debt securities as liquid assets and take steps to improve the diversification of their liquidity portfolios. | To align with the review of APS 210, APRA will also conduct a review on Reporting Standard ARS 210.0 Liquidity. As the new liquidity collection will not be completed prior to the transition period, the existing liquidity collections are included in the D2A migration strategic priority. |
AT1 Capital: Ensure banks’ AT1 instruments can stabilise their financial position in a stress scenario and support resolution, if needed, to avoid a disorderly failure. | APRA will issue a discussion paper responding to stakeholder feedback in the first half of FY2024-25. Subject to the outcomes from this discussion paper, APRA will consult on specific changes to prudential standards in the second half of FY2024-25. | N/A | Subject to the outcomes from the AT1 discussion paper, APRA expects to consult on changes to Reporting Standard ARS 110.0 Capital Adequacy in the second half of FY2024-25. |
System wide stress test: Strengthen financial system stability by enhancing insights into risk transmission mechanisms between regulated industries and across the financial system. | N/A | APRA will conduct a system stress test that includes Tier 1 banks (specific entities to be determined) that will involve a design phase in the first half of FY24-25 and commence in the second half of FY24-25 (with this including a data collection). | N/A |
Banking industry stress test: Strengthen financial system stability by ensuring banks are able to withstand a severe but plausible stress scenario. | N/A | APRA will complete the 2024 annual ADI stress test in the first half of FY24-25. The scope and timing of the 2025 ADI industry stress test activity will be confirmed in the second half of FY24-25. | N/A |
Market risk: Ensure banks effectively manage this risk and hold adequate capital against it. | N/A | Internal Ratings-Based banks that have submitted models for approval can expect ongoing engagement as models are reviewed. APRA expects industry to maintain momentum towards Fundamental Review of the Trading Book (FRTB) readiness. Ahead of the release of draft standards, APRA expects entities to continue building preparedness for FRTB-Default Risk Capital, FRTB-Standardised Approach and FRTB-Internal Model Approach but excluding the non-modellable risk factor framework. | APRA will support entities in preparing for parallel run in support of Reporting Standard ARS 117 Repricing Analysis. |
Crisis preparedness: Ensure banks and APRA are ready to respond to significant crises in an orderly way. | N/A | Following the commencement on 1 January 2024 of CPS 190 and CPS 900, APRA will: • continue to embed recovery and exit planning for all relevant entities. • continue to progress staged implementation of resolution planning (entity by entity basis) across all SFIs and any non-SFIs that provide critical functions. | N/A |
Operational resilience
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Operational resilience: Strengthen operational risk expectations to minimise the risks of entity and system disruption associated with inadequate risk frameworks, business continuity practices and management of third-party providers. | N/A | CPS 230 will come into effect from 1 July 2025. APRA will engage with regulated entities to prepare for the implementation of CPS 230 and thereafter implement the supervisory plan. Banks will be required to submit of register of material service providers on an annual basis and APRA will use this information to assess risks associated with these arrangements. | N/A |
Cyber resilience: Ensure banks have taken steps to be resilient and minimise the likelihood and impact of cyber incidents and ensure information security controls are effective across the supply chain. | N/A | APRA will ensure all banks meet the standards expected of them under CPS 234. Where entities are found to have significant vulnerabilities, APRA may intensify supervision, require root cause analysis, request remediation plans and consider enforcement action. | APRA will undertake in the second half of FY2024-25 the next round of technology resilience data collection involving surveying entities on several information technology (IT) and cyber topics including IT resourcing, system health, information security capabilities and disaster recovery statistics. |
Governance: Ensure robust standards of governance underpinning risk management and resilience. | APRA will conduct a review of governance requirements and issue a discussion paper in the first half of FY2024-25. APRA will consult with industry on any draft changes to the prudential framework in 2025. | APRA’s supervisory engagements will continue to focus on governance particularly for entities with material risk transformation programs. | N/A |
Risk culture: Ensure entities understand and foster a risk culture that supports effective risk management practices and behaviours and delivers sound prudential outcomes. | N/A | Conduct risk culture pulse survey for nominated Tier 1 and Tier 2 entities until early 2025. | N/A |
Respond to significant emerging risks
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Climate and nature risk: Ensure banks are well positioned to manage the financial risks associated with climate change; and build banks’ awareness of the impact of nature risk on the resilience of entities, the financial system and the community. | APRA will consult on amendments to CPS 220 to more clearly embed climate-related financial risk considerations in the second half of FY2024-25. | APRA will release an information paper with insights from the voluntary Climate Risk Self-Assessment survey in the first half of FY2024-25. This paper will provide entities and other stakeholders with insight into the maturity of climate risk management to be considered as part of ongoing risk management. | N/A |
New and changing business models: Ensure the prudential framework evolves to account for new business models, including through the implementation of proposed payments reforms. | After the Government has finalised its reforms for payments regulation, APRA will consult on a proposed new prudential framework for stored value facility providers. | N/A | N/A |
Address industry-specific challenges
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Transition D2A data collections to APRA Connect: Remaining D2A data collections not related to policy priorities will be transitioned to APRA Connect to enable decommissioning of legacy systems. | N/A | N/A | APRA will engage in the second quarter of FY2024-25 on the migration approach. |
Proportionality: Prudential requirements and supervisory approaches are commensurate to the systemic importance and risk profiles of regulated entities. | APRA will review the asset thresholds for SFIs in the second half of FY2024-25. | N/A | N/A |
ADI licensing Framework: Modernise the licensing framework, to support greater clarity and efficiency in the licensing assessment process. | APRA will review its licensing framework for banks, considering lessons learned domestically and internationally, and plans to consult on new licensing criteria in the second half of FY2024-25. | N/A | N/A |
Superannuation initiatives
Superannuation industry snapshot accessible description
Australia’s superannuation system is a large and growing component of the financial system – managing the long-term savings of members during their working lives, delivering income for retirees and playing an important role in funding economic activity.
APRA will continue to support improved outcomes for members by increasing transparency on performance, fees and fund expenses. APRA will also maintain its focus on the supervision of trustees’ approaches to investment governance and improving their members’ retirement outcomes.
Over the plan horizon, APRA’s superannuation priorities will include:
Financial resilience
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
System-wide stress test: Strengthen financial system stability by enhancing insights into risk transmission mechanisms between regulated industries and across the financial system. | N/A | APRA will conduct a system stress test that includes a small number of large superannuation funds (specific entities to be determined) that will involve a design phase in the first half of FY2024-25 and be executed with entities in the second half of FY2024-25 (including a data collection). | N/A |
Crisis preparedness: Ensure trustees and APRA are ready to respond to significant crises in an orderly way. | N/A | Following the commencement on 1 January 2024 of CPS 900, and commencement on 1 January 2025 of CPS 190 APRA will: • continue to embed recovery and exit planning for all registrable superannuation entity (RSE) licensees. • continue to progress staged implementation of resolution planning (entity by entity basis) across all SFIs and any non-SFIs that provide critical functions. | N/A |
Operational resilience
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Operational resilience: Strengthen operational risk expectations to minimise the risks of entity and system disruption associated with inadequate risk frameworks, business continuity practices and management of third-party providers. | APRA will finalise revisions to Prudential Standard SPS 114 Operational Risk Financial Requirement and associated guidance in the first half of FY2024-25. | CPS 230 will come into effect from 1 July 2025. APRA will engage with regulated entities to prepare for the implementation of CPS 230 and thereafter implement the supervisory plan. Trustees will be required to submit of register of material service providers on an annual basis and APRA will use this information to assess risks associated with these arrangements. | N/A |
Cyber resilience: Ensure superannuation funds have taken steps to be resilient and minimise the likelihood and impact of cyber incidents, as well as ensuring information security controls are effective across the supply chain. | N/A | Ensuring all superannuation funds meet the standards expected of them under CPS 234. Where entities are found to have significant vulnerabilities, APRA may intensify supervision, require root cause analysis, request remediation plans and consider enforcement action. | APRA will undertake in the second half of FY2024-25 the next round of technology resilience data collection involving surveying entities on several IT and cyber topics including resourcing, system health, information security capabilities and disaster recovery statistics. |
Governance: Ensure robust standards of governance underpinning risk management and resilience. | APRA is conducting a review of cross-industry governance requirements and will issue a discussion paper in the first half of FY2024-25. APRA will consult with industry on any draft changes to the prudential framework in 2025. | N/A | N/A |
Risk culture: Ensure entities understand and foster a risk culture that supports effective risk management practices and behaviours and delivers sound prudential outcomes. | N/A | Conduct pilot risk culture pulse survey for selected entities until early 2025. | N/A |
Accountability: Ensure a clear, transparent, and common understanding of accountability and that there are proportionate consequences to entities and individuals where poor outcomes occur. | The FAR will come into effect from March 2025 for the superannuation industry and will strengthen accountability in all regulated entities. APRA and ASIC will support the financial services industry to ensure the effective implementation of the FAR and will utilise powers where appropriate. | N/A | APRA and ASIC will release an information package later in 2024 and host a series of webinars to support superannuation entities prepare for the FAR commencement. |
Respond to significant emerging risks
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Climate and nature risk: Ensure trustees are well positioned to manage the financial risks associated with climate change; and build trustees’ awareness of the impact of nature risk on the resilience of entities, the financial system and the community. | APRA will consult on amendments to CPS 220 to more clearly embed climate risk considerations in the second half of FY2024-25. | APRA will release an information paper with insights from the voluntary Climate Risk Self-Assessment survey in the first half of FY2024-25. This will provide entities and other stakeholders with insight into the maturity of climate risk management to be considered as part of ongoing risk management. | N/A |
Retirement outcomes and superannuation transparency: Effective and outcomes focused implementation of the retirement income covenant. Continued focus on holding trustees accountable for addressing underperformance with urgency – particularly where it is widespread across a product set – to improve outcomes for members. | N/A | APRA will focus on adherence to the enhanced Prudential Standard SPS 515 Strategic Planning and Member Outcomes (SPS 515) to promote strong member outcomes. APRA will utilise the new granular expense data set to identify trustees with outlying expenditure for certain discretionary expense categories and will intensify supervisory efforts accordingly, recognising that the use of the enforcement powers may be appropriate in certain circumstances. APRA will monitor trustees responsible for underperforming choice products to ensure they are taking steps to improve or exit them. | APRA will continue to improve industry transparency with the inaugural publication of fund-level expense data. APRA will also finalise phase 2 of the Superannuation Data Transformation program of work by completing the current consultation on RSE Licensee, RSE Operations and Investments data with a response to submission to be released in first half of FY2024-25. |
Address industry-specific challenges
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Investment Governance: Ensure robustness of investment governance frameworks | N/A | APRA will finalise thematic work in relation to unlisted assets, liquidity stress preparedness and the internalisation of investments. The outputs will be used to guide supervisory activities. APRA will conduct a review of trustees’ investment governance practices for a sub-set of choice products. | N/A |
Transition D2A data collections to APRA Connect: Remaining D2A data collections not related to policy priorities will be transitioned to APRA Connect to enable decommissioning of legacy systems. | N/A | N/A | APRA will engage in the second quarter of FY2024-25 on the migration approach. |
Proportionality: Prudential requirements and supervisory approaches are commensurate to the systemic importance and risk profiles of regulated entities. | APRA will review the asset thresholds for SFIs in the second half of FY2024-25. | N/A | N/A |
Insurance initiatives
Insurance industry snapshot accessible description
APRA’s focus is for insurers to be financially strong, with the financial capacity to pay all legitimate claims to Australian policyholders. Overall, insurers are well-capitalised, however the protection gap is growing, and affordability, availability and sustainability challenges remain across all three insurance industries.
Over the plan horizon, APRA’s insurance priorities will include:
Financial resilience
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Crisis preparedness: Ensure insurers and APRA are ready to respond to significant crises in an orderly way. | N/A | Following the commencement on 1 January 2024 of CPS 190 and CPS 900, APRA will: • continue to embed recovery and exit planning for all regulated entities. • continue to progress staged implementation of resolution planning (entity by entity basis) across all SFIs and any non-SFIs that provide critical functions. | N/A |
Operational resilience
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Operational resilience: Ensure insurers understand and manage their operational risks to minimise the likelihood and impact of operational risk incidents. | N/A | CPS 230 will come into effect from 1 July 2025. APRA will engage with insurers to prepare for the implementation of CPS 230 and thereafter implement the supervisory plan. Insurers will be required to submit of register of material service providers on an annual basis and APRA will use this information to assess risks associated with these arrangements. | N/A |
Cyber resilience: Ensure insurers have taken steps to be resilient and minimise the likelihood and impact of cyber incidents, as well as ensuring information security controls are effective across the supply chain. | N/A | APRA will continue to monitor insurers to ensure they are meeting the requirements under CPS 234. Where entities are found to have significant vulnerabilities, APRA may intensify supervision, require root cause analysis, request remediation plans, and consider enforcement action. | APRA will undertake in the second half of FY2024-25 the next round of technology resilience data collection involving surveying entities on several IT and cyber topics including resourcing, system health, information security capabilities and disaster recovery statistics. |
Governance: Simplify expectations of boards so they can be more effective and focus on important strategic issues, while ensuring expectations are aligned with international best practice. | APRA is conducting a review of governance requirements and will issue a discussion paper in the first half of FY2024-25 and consult with industry on any draft changes to the prudential framework in the following financial year. | APRA’s supervisory engagements will continue to focus on governance, particularly for entities with material risk transformation projects. | N/A |
Risk culture: Ensure entities understand and foster a risk culture that supports effective risk management practices and behaviours and delivers sound prudential outcomes. | N/A | Conduct risk culture survey for nominated Tier 1 and Tier 2 entities in the first half of FY2024-25. | N/A |
Accountability: Ensure a clear, transparent, and common understanding of accountability and that there are proportionate consequences to entities and individuals where poor outcomes occur. | The FAR will come into effect from March 2025 for the insurance industry and will strengthen accountability in all regulated entities. APRA and ASIC will support the financial services industry to ensure the effective implementation of the FAR and will utilise powers where appropriate. | N/A | APRA and ASIC will release an information package later in 2024 and host a series of webinars to support insurers’ preparations for FAR commencement. |
Respond to significant emerging risks
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Climate and nature risk: Ensure insurers are well positioned to manage the financial risks associated with climate change; and build insurers’ awareness of the impact of nature risk on the resilience of entities, the financial system and the community. | APRA will consult on amendments to CPS 220 to more clearly embed climate risk consideration in the second half of FY2024-25. | APRA will release an information paper with insights from the voluntary Climate Risk Self-Assessment survey in the first half of FY2024-25. This will provide entities and other stakeholders with insight into the maturity of climate risk management to be considered as part of ongoing risk management. For general insurance, APRA will continue its work on the insurance CVA. The insurance CVA will assess the potential impacts of climate change on home insurance affordability out to 2050. | N/A |
Retirement outcomes: To support life insurers to increase the availability of retirement products for retirees. | N/A | APRA will continue to assess the challenges for insurers offering longevity products and identify learnings from international markets that can be applied to Australia. APRA will evaluate the information gathered through engagements with entities, including a survey held in first half of 2024, and formulate next steps. | N/A |
Protection gap for household insurance: Support stakeholders in improving affordability and availability of household insurance to meet the needs of the community. | In the first half of FY2024-25, APRA will consult on reinsurance settings for general insurance to consider scope to promote access to alternative reinsurance. | APRA will continue to play a role in addressing the growing household insurance protection gap, alongside other stakeholders, including insurers, governments, communities, and peer regulators. APRA will encourage insurers to enhance transparency on the drivers of premium changes and increase clarity regarding the level of insurance coverage in the community. APRA will continue to encourage insurers to seek an appropriate balance between financial health and offering affordable and well-designed insurance products. APRA will also continue to support the Hazards Insurance Partnership and progress work on the Climate Vulnerability Assessment to understand the impact of climate change on household insurance affordability out to 2050. | N/A |
Address industry-specific challenges
Strategic priority | Policy priorities | Supervision priorities | Data priorities |
---|---|---|---|
Outsourced underwriting: Strengthen the general insurance industry’s management of risks related to outsourced underwriting. | N/A | APRA will encourage general insurers to focus on the risks relating to the use of underwriting agencies and the expectations set out by CPS 230 on material service providers. | N/A |
Life Insurance sustainability: Prevent deterioration of viability of certain life insurance products that may result in adverse consumer impacts. | N/A | APRA will monitor leading indicators of unsustainable products or practices. Entities can expect APRA to continue its system-wide initiative to assess life insurers’ progress in meeting product sustainability expectations across both individual and group insurance business. | N/A |
Proportionality: Prudential requirements and supervisory approaches are commensurate to the systemic importance and risk profiles of regulated entities. | APRA will review the asset thresholds for SFIs in the second half of FY2024-25. | N/A | N/A |
Transition D2A data collections to APRA Connect: Remaining D2A data collections not related to policy priorities will be transitioned to APRA Connect to enable decommissioning of legacy systems. | N/A | N/A | APRA will engage in the second quarter of FY2024-25 on the migration approach. |
Technology and data: Informing risk-based decision-making
As the primary data collection authority for the Australian financial system, APRA relies on modern technology and data infrastructure to efficiently collect, process, share and use rich data at scale.
In recent years, APRA’s data collection activities have increased significantly due to a combination of new risks facing the Australian financial system, as well as in response to new government policy initiatives (e.g. superannuation performance test).
Like all public and private sector organisations, APRA has also heightened its focus on ensuring the resilience of its technology and data infrastructure, in recognition of the increased number and sophistication of cyber threats.
In the context of the increased scope of APRA’s role and the evolving operating environment, the Government committed $73.2 million in additional funding as part of the FY2024-25 Federal Budget to strengthen APRA’s capabilities in five areas outlined below.
This additional funding will enable APRA to invest in strengthening its technology and data infrastructure and, over the medium term, provide its people with data and insights to drive continued excellence in supervision.
Key activities planned over the life of this Corporate Plan include:
- implementing a secure cloud-based platform providing enhanced data analytics capabilities;
- transitioning all data collections to APRA Connect and decommissioning legacy systems;
- improving organisation-wide data governance and data management disciplines;
- responding to increased security threats by strengthening cyber security controls and practices aligned with Government frameworks; and
- supporting supervision activities by implementing an enhanced supervision management system.
APRA’s focus on delivering the expected outcomes from these key activities is in addition to the important ongoing work of our people to provide reliable and efficient core technology and data services to the organisation.
Strategy for data collections
The approval of additional funding in the 2024 Federal Budget has enabled APRA to reconsider the approach to its data collections roadmap, especially with regards to the decommissioning of its legacy data collection system, D2A.
D2A was created in 2001 and is nearing end-of-life. If not addressed, the cost of continued use for industry and for APRA of out-dated technology will continue to increase. This leads to the need for specialised legacy environments that are expensive to maintain. To reduce costs and risk, both internally and to industry, APRA is working towards decommissioning industry facing components of D2A by December 2027 with all collections either ceased or transitioned to APRA Connect, which is APRA’s replacement data collection tool.
For collections related to policy initiatives that are due to be completed prior to December 2027, APRA will continue to engage in co-design of data collections in line with the projected policy timelines. The key dates for these changes are available in reference to policy timelines.
All other D2A data collections will be transitioned to APRA Connect. APRA does not intend to make substantive changes to these collections as part of the transition, apart from those required to ensure compatibility with APRA Connect. APRA is aware of the short implementation timelines and has adopted this approach to minimise the impact of this transition on the industry.
APRA is currently working through the practicalities of this migration for each industry and will be providing more information on the approach towards the end of the year.
To create capacity to achieve the objective of decommissioning D2A by December 2027, APRA will limit the development of new collections outside of those required for policy initiatives.
APRA continues to enhance the reporting experience of entities in APRA Connect by introducing additional validations for already migrated collections and reducing the time taken to lodge returns.
APRA’s people: Empowered by an inclusive, agile and effective organisation
APRA’s people enliven its purpose with their commitment and capability being central to our work to protect the financial interests of Australians.
As a supervision-led agency, APRA is dependent on its people to apply judgement, informed by data and experience, to identify, respond to and mitigate significant prudential risks in an operating environment that is complex and evolving rapidly.
This increase in complexity has been driven by factors including:
- expectations by stakeholders to address new and emerging risks (e.g. system-wide, cyber and climate risk);
- new legislation requiring APRA to expand its role and functions (e.g. FAR and the performance test for superannuation); and
- growth in the Australian financial system which has resulted in an increase in the size and complexity of regulated entities. Total assets of APRA-regulated institutions have grown by 63 per cent from $5,488bn in 2014-15 to $8,959bn in 2022-23.6
To adapt and respond to the operating environment, APRA’s workforce has increased by 45 per cent from 589 in 2014-15 to 853 in 2022-23.7
As a purpose-driven and future-ready regulator, one of APRA’s key priorities is ongoing investment in its people’s leadership and capabilities. APRA is doing this by:
- maintaining the balance of supervisory and specialist capabilities of a highly skilled workforce;
- fostering an inclusive culture of respect and sense of belonging where diversity in experience, background and thought leadership is valued; and,
- empowering people to speak up, identify and address significant risks.
These capabilities will enable APRA to respond more effectively to emerging risks and support the optimum distribution of resources across functions.
In addition, APRA’s focus will include the following:
- enhancing project and portfolio governance capability;
- reviewing and enhancing the performance measurement framework to ensure a holistic perspective of organisational performance is provided to senior leaders;
- making significant investment in leadership, future skills and capability development for APRA’s people, in particular supervision excellence;
- provide a compelling employee value proposition to attract, engage and retain high quality people; and,
- focusing on sustainable work, health, safety and wellness of people through targeted programs.
Supervision excellence
With an increasingly complex operating environment, it is essential that APRA continues to invest in its people and approaches to supervision. APRA requires highly skilled supervisors with the knowledge and experience to respond swiftly to emerging risks.
APRA will continue to invest in the development of supervisory capability of its people through:
- enhancing and expanding learning and development programs;
- improving knowledge transfer and use of data and technology in supervision; and
- establishing programs and networks to ensure retention of skills and capabilities of supervisors.
Appendix A: Risk
Risk management
APRA’s delivery of its 2024-25 Corporate Plan is supported by effective risk management practices, including robust internal governance and accountability mechanisms, supported by sustained focus on risk awareness to strengthen risk culture across the organisation.
APRA’s system of risk oversight, management and internal controls is aligned with section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), including the Commonwealth Risk Management Policy.
APRA also comes under the jurisdiction of the National Anti-Corruption Commission (NACC), an independent Commonwealth agency responsible for detecting, investigating and reporting on serious or systemic corrupt conduct in the Commonwealth public sector.
Governance
APRA’s risk profile is overseen by these governance committees:
- Executive Board;
- Management Committee; and
- Audit and Risk Committee.
The Executive Board, comprised by the APRA Members and chaired by the Accountable Authority (i.e. the APRA Chair), is responsible for overseeing APRA’s performance against its mandate. The Executive Board is focused on ensuring that a sound framework of internal control, risk management and compliance is established and maintained. The Executive Board also monitors APRA’s risk profile to ensure that risks are being managed within APRA’s stated risk appetite or actions are being taken to bring risks back within appetite.
APRA has established a Management Committee, comprised by the APRA Executive Directors and chaired by the Chief of Staff and Operations, as a governance body to oversee the day-to-day operations of APRA. The Management Committee provides oversight of how APRA’s Enterprise Risk Management Framework is being implemented and embedded across the organisation and is responsible for escalating to the Executive Board significant risk matters for consideration. These include risks outside of appetite or risks that warrant the attention of the Executive Board.
The Audit and Risk Committee, comprising three independent committee members, provides an independent view to the Accountable Authority on the operation of APRA’s Enterprise Risk Management Framework.
APRA’s Chief Risk Officer reports regularly to governance committees on APRA’s key risks (including risks outside of appetite), material breaches or incidents, and non-compliance with or material deviation from the Enterprise Risk Management Framework.
Framework
The Enterprise Risk Management Framework enables APRA to identify, assess, manage and report the key risks relating to the delivery of APRA’s 2024-25 Corporate Plan.
The Enterprise Risk Management Framework is embedded through a range of training and awareness activities to support the role of all APRA staff in managing risks.
In addition to APRA’s centralised Risk Management and Compliance team that administers the Enterprise Risk Management Framework, APRA’s Internal Audit function independently evaluates the effectiveness of internal controls, risk management and governance processes throughout APRA.
Key risks
A description of APRA’s key risks and mitigating actions is outlined below, together with their connection with APRA’s core functions, capabilities and strategic priorities.
Key risk focus | Mitigating actions | Elements of APRA’s Corporate Plan |
---|---|---|
Strategic objectives | ||
Inability to achieve the Corporate Plan objectives and desired strategic shifts due to insufficient capacity, a lack of capability and organisational mechanisms to manage competing priorities or pivot quickly in response to evolving risks. | Maintain effective and formalised governance and oversight of organisational risks and adequacy of mitigation measures. Enhance governance mechanisms to rapidly reprioritise activities and redeploy resources accordingly. | Key enabler: Our people: empowered by an inclusive, agile and effective organisation |
Inability to respond or pivot effectively to the scale, frequency, and/or convergence of changes in the operating environment and/or stakeholder. expectations, impacting regulated entities and the Australian community. | Maintain effective and formalised governance and oversight of organisational risks and adequacy of mitigation measures. Enhance governance mechanisms to rapidly reprioritise activities and redeploy resources accordingly. | Key enabler: Our people: empowered by an inclusive, agile and effective organisation |
Risk that APRA’s prudential policies and supervision activities are not aligned to APRA’s purpose to protect the financial interests of the Australian community. | Clearly developed multi-year strategy, incorporating insights from global peers. Extensive consultation with stakeholders on new and in-use policies. Adherence to Office of Impact Analysis requirements. Independent quality assurance function and peer review practices. Embedded governance and oversight bodies to maintain the standard of supervision and adequacy of risk-based approach. | APRA’s policy, supervision and data priorities: Banking initiatives Superannuation initiatives Insurance initiatives Key enabler: Supervision excellence |
Risk of inadequate resolution or enforcement capabilities. | Ensure appropriate resource allocation to resolution and enforcement activities. Ongoing testing of APRA's readiness to resolve failures and near failures including administration of the Financial Claims Scheme. Ongoing sharing of information and cooperation with peer regulators on resolution preparedness. Maintaining a highly experienced and specialised team to support APRA’s Enforcement function. Continuing to develop standardised enforcement processes and procedures. | APRA’s policy, supervision and data priorities: Banking initiatives Superannuation initiatives Insurance initiatives |
Key enablers | ||
Risk of inadequate operational resilience to effectively secure APRA’s people, data and third-party services, and ensure the continuity of business operations in a heightened internal and external threat environment. | Maintain effective business continuity and incident response protocols. Continuous improvement of controls targeting cyber, personnel and data risk exposures. Workplace health and safety protocols and wellbeing focused initiatives. | Key enablers: Technology and data: Informing risk-based decision-making Our people: empowered by an inclusive, agile and effective organisation |
The risk that APRA’s people (and enabling processes) do not act with integrity or in compliance with APRA’s values and obligations resulting in scenarios such as regulatory capture, which impacts on staff wellbeing and erodes APRA’s reputation. | Maintain a highly experienced, trained and engaged workforce. Maintain a framework of integrity policies supported by embedded processes and controls that enforce integrity and compliance expectations. Formal governance and monitoring of organisational integrity risks. | Key enabler: Our people: empowered by an inclusive, agile and effective organisation |
Inability to maintain appropriate workforce planning, engagement and employee wellbeing strategies to effectively retain, attract and develop the necessary talent and ensure the right people with the right skills are in place. | Workforce planning linked to strategy. Ongoing recruitment of required skills and experiences from the market. Continuous training and upskilling of APRA's workforce. Formal governance and oversight of organisational risks and adequacy of mitigation measures. | Key enabler: Our people: empowered by an inclusive agile and effective organisation |
Appendix B: Performance measures
A robust performance measurement framework is important for APRA to ensure that it remains a high-performing regulator and can demonstrate to external stakeholders that regulatory functions are being performed effectively and resources are being managed appropriately.
APRA utilises a holistic performance measurement framework that is outlined below, which places emphasis across three different categories of results: external outcomes, regulatory activities and outputs, and its internal organisational efficiencies. The framework and associated measures take into consideration relevant requirements outlined in the PGPA Act, PGPA Rules, guidance issued by the Department of Finance, and the FRAA's “Draft Financial System Metrics Framework”.
APRA recognises that many of the strategic shifts outlined in this plan require action by a diverse range of public and private stakeholders to deliver meaningful outcomes for the financial system and the community. In recognition of this challenge, APRA will be pragmatic in the evolution of its performance measurement framework to ensure a balanced view on resource allocation and assessment of organisational performance is maintained.
APRA will report on is performance against these measures in the Annual Performance Statement that will be included in its 2024-25 Annual Report. Over the course of calendar year 2024, APRA will also continue to make enhancements to its performance measures.
Category | Results category | Key results areas description |
---|---|---|
1 | External outcomes | Specific outcomes in APRA’s operating environment, including APRA’s three outcome areas. • Financial institution resilience • Financial system safety and stability • Community financial outcomes |
2 | Regulatory activities and outputs | APRA’s regulatory activities encompass a range of regulatory interventions. These include prudential policy, risk identification and remediation, licensing, supervision, approvals/advice, enforcement and resolution. Outputs of regulatory activities are wide and varied. They include but are not limited to, verification of compliance with prudential standards, correction or non-compliance and direction to institutions regarding enhanced prudential controls. |
3 | Organisational efficiencies | APRA’s ability to regulate effectively and efficiently is dependent upon having appropriate internal capabilities. This includes but is not limited to, people, data, governance, IT systems and project delivery capabilities. |
Category 1: External outcomes
Area | Outcome | Performance measure | Target |
---|---|---|---|
Institution resilience- financial | Protection of loss in the financial sector | Money Protection Ratio | Low incidence of loss |
Reduction of failure in the financial sector | Performing Entity Ratio | Low incidence of failure | |
Capital: Resilience of the banking and insurance sectors | Aggregate capital ratios for banks and insurers | Above minimum prudential requirements | |
Community financial outcomes | Sustainability of superannuation funds and acceptable performance for members | Number of superannuation members exposed to unsustainable funds | Reduction during the reporting period |
Number of superannuation members in high fee, poor performing MySuper offerings | Reduction during the reporting period | ||
Number of high fee, poor performing choice offerings | Reduction during the reporting period |
Category 2: Regulatory activities and outputs
Area | Activities and outputs | Performance measure | Target |
---|---|---|---|
Regulatory posture | Delivery of recommendations from independent reviews of APRA | Recommendations from independent reviews addressed during the reporting period | Closure within the reporting period |
Regulatory efficiency and outputs | Delivery of regulatory services in line with commitments to stakeholders | Delivery of services in line with key performance indicators set out in APRA’s Service Charter | 100% as per APRA’s Service Charter |
Category 3: Organisational efficiencies
Area | Organisational capability | Performance measure | Target |
---|---|---|---|
Organisational infrastructure | Management of financial resources | Budgeted expenses versus actual | Within budget |
Organisational investment | Delivery of the corporate plan | Status of strategic programs of work. | >75% of strategic programs of work are in line with plan |
Appendix C: Internal context
APRA’s capability to deliver its purpose is dependent using its available resources to provide its people with a modern and flexible work environment.
Funding
APRA is funded largely through levies on the entities it regulates. A small number of activities are not levy-funded. These activities are recovered by user charges or Government appropriations.
APRA developed its 2024-25 Corporate Plan based on its approved average staffing level of 893 for 2024-25 and funding allocated over the next four years in the most recent Portfolio Budget Statement.
APRA Portfolio Budget Statement: Budget 2024-25 | ||||
---|---|---|---|---|
2024–25: Budget $'000 | 2025–26: Forward estimate $'000 | 2026–27: Forward estimate $’000 | 2027–28: Forward estimate $'000 | |
APRA expenses | 270,171 | 265,671 | 255,664 | 256,889 |
Inclusion and Diversity (I&D)
APRA’s Inclusion and Diversity strategy for the period 2021-25 remains focused on people being “Stronger Together”. This vision and guiding actions are overseen by the Inclusion and Diversity Council to shape an organisation where everyone feels valued and respected. The Inclusion and Diversity strategy recognises that better outcomes will be delivered for the Australian community if its people are provided with a supportive environment to share and discuss ideas, which reflect a diverse range of insights, experiences and points of view.
APRA is taking action to modernise its workplace, so it is reflective of the diversity of the community, with this being benchmarked against practices observed across the public and private sector.
Melbourne Office
In September 2024, APRA’s Melbourne office will be moving to 600 Bourke Street to provide staff in this location with modern and centrally located facilities. The design of the office will reflect consultation with staff and Inclusion and Diversity teams.
Sustainability
APRA is also adapting its internal sustainability practices to ensure that it is on track to meet the target set by the Australian Government to achieve net zero greenhouse gas emissions from government operations by 2030.
To achieve carbon neutrality by 2030, APRA will:
- implement energy-efficient practices across all offices and change to renewable energy sources;
- seek to "reduce" the impact of its business practices on the environment (e.g. reducing travel and stationary consumption);
- invest (if appropriate) in emissions offset programs and projects; and
- disclose progress in the Annual Report.