APRA Executive Board Member Suzanne Smith – Speech to the Members Health Directors’ Professional Development Program

Preparing for an uncertain future
 

Hello and thank you for the invitation to address this valuable forum.

Good health is essential to our lives, communities, and future. The important role of private health insurance cannot be overstated, and the sector plays an important role in complementing the public system and ensuring that individuals and families have access to the care they need, when they need it.

As some of you may remember, I spoke at this event two years ago, when I was just four months into my role as an APRA Executive Board Member responsible for insurance. At the time, I suggested that the private health insurance industry could feel ‘cautiously satisfied’ with its position and trajectory. 

APRA still believes that’s the case. The industry’s vital signs have continued to improve, however, we can also see it is experiencing significant change and faces a range of immediate and longer-term challenges. 

With that in mind – and noting that this forum is focused on your important role as directors – I’d like to use this address to invite you to consider three key areas:

1. The first is your oversight on how your businesses are being run and ensuring today’s risks are managed effectively.     
2. The second is how you’re thinking about the future.
3. The third is your accountability as directors and the functioning of your boards.

As you are all in the business of supporting the health outcomes of Australians, I’ll draw some analogies to running as I talk through these points. 

You can let me know at the end if you think they have legs, so to speak! You should also have time to ask some questions after my speech.

1. Overseeing how your business is run and risks are managed

Let’s start with the current running path, which has been marked by both supporting and challenging forces since we’ve emerged from COVID.

On the supportive side:

More people have signed up for private health insurance and strong investment returns have been making valuable contributions to your bottom lines.

We have seen claim expenses subdued for a period as a result of the pandemic.

Member numbers have increased; at the end of September last year, just under 15 million people held some form of private health insurance. This was 300,000 more than the year before and over 5 million policyholders source their health cover from the 23 insurers that belong to your Member’s Health Fund Alliance. 

Net insurance margins have returned to historical averages of around 5 per cent and appear sustainable. 

On the investment side, earnings rose to almost 4 per cent of premium revenue in the 2024 financial year, driven by favourable conditions in global asset markets.

Private health insurers have also adjusted to the new capital framework for the industry and the new AASB17 accounting standard. Both measures were implemented just over 18 months ago, and APRA will continue to monitor how well the industry matures into these new settings. 

So today, policyholders can feel confident that the industry is well capitalised and that private health insurers have the financial capacity to pay valid claims, absorb unexpected shocks and invest in their businesses. 

This is, of course, APRA’s primary concern as the sector’s prudential regulator.

The challenging path ahead

But if you were running a race – let’s say it was a marathon – then I’d suggest that you may be about to enter a more challenging section of the course.

Some of these challenges are new. Others are longer-term issues that were suppressed as a result of COVID, but certainly haven’t gone away.

• One key issue is that hospital and medical costs are rising faster than headline inflation, which has itself has been rising faster than Australians have been recently accustomed to. In the 2024 financial year, hospital and medical inflation stood at 6.7 per cent, which was almost double the headline inflation rate of 3.8 per cent.  

  We have all seen how the gap between healthcare costs and premium increases continues to drive tensions between insurers and hospitals. These are challenging conversations that require a disciplined and strategic approach from insurers – along with data to back up positions.

• At the same time, private health insurance policyholders continue to age. The ratio of adults under 65 to those over 65 is at a historic low of 2.6 to 1, having fallen from 4.6 to 1 over the past 20 years, placing more strain on our community-rated health insurance system.

• And while premium increases over the past two years have been lower than wage increases throughout the economy and the total number of private health policyholders has risen, there’s no avoiding the fact that consumers are experiencing pressure in their household budgets. 

  These pressures are making it harder for people to hold the level of cover they would like, so we continue to see people migrate to lower levels of cover and to self-insure more risk by opting for higher excesses.  

• Yet, at the same time, consumers expect a more fulsome service and digital offerings. This is creating a need for insurers to invest in customer relationship management systems and improved customer interfaces to better serve their needs and to remain competitive on dimensions other than price. 
• We are also seeing innovation in business models, with growing numbers of private health insurers expanding to become more than passive payers of claims and expanding their role in the health journeys of customers. 

In addition to all these considerations which are specific to the healthcare industry you are not immune to issues facing other industries we supervise. 

• The economic and market outlooks are inherently uncertain, including interest rates and investment returns. But we are increasingly seeing shocks coming from new directions, making it more difficult to assess this uncertainty. Examples of these are geopolitical risks, which are already affecting global supply chains, or the impact of climate change. 
• Cybercrime is escalating and we have seen that health insurers can be prime targets for criminal groups. This is forcing the industry to invest more in cyber defence to protect policyholders.

Being on your toes

In short, the environment is harsh and you, as directors, need to be on your toes and ready to move.

You, your fellow directors and your senior executive teams should be working harder and smarter than ever to ensure that your organisations can navigate these challenges and manage risk well. You should also recognise that the structures, processes and skillsets that have served you well until now may need reshaping and refreshing.

CPS 220 came into effect for private health insurers in 2019, bringing risk management expectations in line with APRA’s other regulated industries. 

As we approach its six-year anniversary, APRA is beginning to see the second round of triennial comprehensive reviews from major private health insurers. Unfortunately, we have been underwhelmed by the apparent state of risk governance maturity found in those reviews, compared to APRA’s cross-industry expectations. 

So, there is more work to do. I want to stress that CPS 220 is the foundation for CPS 230, the new operational risk management standard, which will come into force mid-year. This standard is to ensure organisations can maintain critical operations throughout disruptions.  

Both standards complement CPS 234 regarding information security. It has been in place since 2019 to enhance entities’ resilience against information security incidents – including cyber-attacks – and their ability to respond swiftly and effectively in the event of a breach.  

APRA’s unprecedented tripartite reviews across the entire regulated population identified areas of uplift for many of your organisations. Moreover, the threat landscape will continue to evolve, requiring ongoing vigilance, oversight and investment.

All these risk management structures are ultimately about ensuring that you have a strong business with its core built around financial and operational resilience. 

To return to our running analogy, it’s about focusing on your core strengths so that you can perform well and avoid injuries as you move along the track. 

2. Thinking prudently about the future 

As you focus on your business and the risks it faces, I would also invite you to consider how you and your executive teams are thinking about the future. In particular, how are you thinking about the long-term sustainability of your organisation? 

This is my second key point.

Many of your organisations have long and proud histories of serving your members and communities, many in regional parts of the country. You do that on a not-for-profit basis and some of you have been doing it for more than 100 years. 

It’s a great achievement, but can you see your organisation still existing in 100 years’ time?  If so, what would it take to reach that milestone? What would your operation look like? How might it have had to change?

Perhaps 100 years is a bit too long, but I challenge you to think deeply about how the future might unfold and how your organisation will continue to deliver value to members over time.

Recovery and exit planning

CPS 190, our prudential standard outlining recovery and exit planning, formalises the requirements for entities to consider their response to worst-case scenarios. 

Over the past year, we have reviewed the plans that have been submitted following its implementation. We found that private health insurers generally met the requirements of the standard. This is not surprising given your recovery planning journey started in 2019. 

However, some entities have been more willing to explore the more ‘frightening’ end of the spectrum and map out their potential exits in greater detail. I’d encourage all of you to be so brave, because it is a good risk management and strategic planning exercise. 

3. Your role as a director and the operation of your board

To come to my third point, I urge you to continually reflect on your role as a director and the way that your board works. In essence, are you doing your part to drive your organisational strategy and risk management with effective oversight?

As this session and others during this event might make clear, being the director of a regulated entity in Australia is certainly not for the faint-hearted. 

It’s a big job and the buck stops with you when determining the future of your organisation. You also have the fiduciary obligation that APRA oversees, even if you work with numerous partners across the healthcare and insurance systems.

The extension of the Financial Accountability Regime to insurers in March will further reinforce your personal responsibility and accountability as directors or senior executives.

To be blunt, you need to ask yourself whether you’re willing to commit the time and energy that is required to run this race. Are you ready to take on the responsibility or to continue doing so? 

You and your fellow board members should also have honest conversations about whether you have the right people, skills and processes in place to navigate the challenges of today and tomorrow.

For example, if cybersecurity is a challenge for your organisation, does your board contain the collective expertise it needs to challenge the information it receives and arrive at solutions? If not, how is it supplementing any gaps that exist?

As directors, you have specific obligations to fulfil. While this list is not exhaustive, some of the key obligations we assess you against are the need to:

• Define the organisation’s purpose, values and desired risk culture – and ensure that the related expectations are being met.
• Set the tone from the top and ensure it cascades through the entity.
• Be self-critical and willing to let external parties benchmark your practices. You should be open to acknowledging and responding to gaps.
• Challenge management. You should satisfy yourself that you’re getting the right information and that it’s based on sound data.

These are themes that your APRA supervisors will explore with you this year as we increase our focus on governance. 

We are also finalising a discussion paper that proposes changes to our core governance prudential standards across all APRA-regulated industries; to be released in the coming months. 

Seizing the opportunity 

In closing, I encourage you to recognise that you have an opportunity now. 

Your current strength certainly shouldn’t encourage you to be complacent. There are simply too many signals that suggest the future is uncertain and could be volatile. 

As you hopefully embrace this period of opportunity, I recommend that you focus on your financial and operational strengths, as well as your resilience. This is a baseline expectation.

You should also focus on your potential future. Be brave and imagine many scenarios.

Finally, you should concentrate on the governance of your organisation and your own role as a director. You simply won’t be able to face into the challenges that come if you don’t get this right. 

How will you and your colleagues lead your entity? Are you ready to ask the tough questions? Do you have the energy, vision, skills and processes that are required for an effective board?

For our part, APRA looks forward to working with you in the year ahead. We will continue to challenge you – constructively – in ensuring you’re able to meet your obligations and continue meeting your policyholders’ needs for many years to come.

Let me finish with a quote from the American marathon runner and author John Bingham, who said: “The miracle isn’t that I finished. The miracle is that I had the courage to start.” 

I hope that inspires you to be courageous as you perform your roles and maybe even to run a marathon. 

Thank you and I’m happy to take some questions.