The Review's Terms of Reference were
1. Assess APRA’s capability to deliver upon its statutory mandate under the APRA Act and relevant industry acts.
2. Undertake a forward-looking assessment of APRA’s ability to respond to an environment of growing complexity and emerging risks for APRA’s regulated sectors.
3. Identify recommendations to enhance APRA’s future capability, having regard to the changing operating environment and any relevant organisational initiatives which are already underway.
As part of its work the Panel should evaluate the extent to which the following factors support APRA to deliver its statutory mandate:
• well-considered and clear strategy that takes into account the future operating environment, effectively cascaded throughout the organisation;
• decision-making that balances financial safety and financial stability, and considerations of efficiency, competition, contestability and competitive neutrality;
• culture that supports supervisory and enforcement actions in support of strategic objectives; • robust internal governance arrangements, supported by fit-for-purpose internal reporting, performance monitoring and audit and assurance activities;
• appropriate resource allocation, responsive to emerging issues, and efficient utilisation;
• staff with necessary expertise (for example, industry, technical and data analytics) supported by appropriate tools;
• sound process and outcomes realised across APRA’s core supervision, policy and resolution functions (including appropriate utilisation of enforcement tools);
• appropriate engagement with Australian financial sector regulators, including suitable information sharing arrangements; and
• fit-for-purpose statutory powers.
In each case, the Panel should focus on those areas considered to be of greatest relevance to the Review objectives. The Panel should to the extent relevant take into account practices of, and benchmark APRA against, comparable international prudential regulators.
The Panel should also take into account as a starting point relevant recent reviews and reports as they relate to APRA, including the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry Interim and Final Reports, the Productivity Commission’s final report Superannuation: Assessing Efficiency and Competitiveness, the Productivity Commission’s final report Competition in the Australian Financial System, the IMF’s Financial System Stability Assessment of Australia (scheduled for release in early 2019) and APRA’s own internal Enforcement Review (scheduled for completion in March 2019).
In undertaking its assessment, the Panel should take as given APRA’s legislative framework, except as outlined above in relation to APRA’s statutory powers.The Review offers the following recommendations -
Maintaining financial stability in an ever changing world
3.1 While lifting organisational capability across the areas identified in this Review is important and necessary, APRA should retain its long-standing and core capability of fostering financial safety and financial stability.
3.2 APRA should build credit risk capacity to simultaneously maintain high supervisory intensity in both non-retail and retail credit risk.
3.3 Reflecting its role as an independent prudential regulator, APRA should take a more transparent and assertive role in articulating the objectives of its macro-prudential policies, the design of the instruments chosen and assessment of its impacts, including on the broader areas of its mandate. APRA should continue to develop its public communication around the extent of systemic risks, conditions required for macro-prudential actions and assessments of any actions taken.
3.4 APRA should advise the Government of the current state of its resolution capability and crisis preparedness as a basis for assessing whether additional resources are required to advance this work more quickly. This should be completed by the end of 2019.
3.5 APRA should seek to build strong allegiances with public and private sector experts, other regulators and financial firms to augment its internal capacity and to collaborate on ways to strengthen the cyber resilience of APRA’s regulated sectors.
3.6 To better prepare for and respond to the consequences of digital innovation and disruption, APRA should increase its IT risk capacity and capability, including though increased collaboration and partnerships. In doing so, APRA should consider the implications of new business models, management and transformation of legacy IT landscapes, greater reliance on third-party providers (for example, cloud providers), and technology-enabled competition.
3.7 To support its consideration of competition, APRA should: a. create a competition champion within APRA, preferably at Member level. Their role should be to ensure that issues of competition are embedded effectively across all areas of APRA; b. ensure that there is sufficient tension in the internal debate and analysis of competition. It should test how policies are developed and applied by supervisors. This could be done in the Quality Assurance function and reported to the competition champion; and c. report regularly on competition developments in its external accountability assessment (see recommendation 6.4).
Governance, culture and accountability: Broadening APRA’s approach to supervision
4.1 As part of its work to revise and enhance its supervisory and policy frameworks, APRA should:
a. ensure the policy framework is focussed on assessing appropriate outcomes around GCA risk in regulated entities, not just appropriate processes;
b. further develop its toolkit for assessing GCA risks, including board and senior management performance, and ensure that it has an escalating suite of options for engaging with entities;
c. embed the recent entity self-assessment process into its more intense supervision of GCA risks by making it a biennial requirement. The self-assessments should be more prescriptive than APRA’s recent program, including coverage of questions set out in Appendix 2. The self-assessments, APRA’s assessment of each of them, APRA’s thematic reviews, and any rectification requirements imposed by APRA in response to a self-assessment should be published;
d. establish an external panel of experts to assist it in undertaking more in-depth assessments of individual entities; and e. explore ways to collaborate with regtech specialists and other experts to develop more efficient and effective tools to identify GCA risks.
4.2 APRA should build on the CBA Prudential Inquiry and entity self-assessments by embedding CBA-style prudential inquiries as an ongoing part of its supervisory toolkit. The Panel would expect to see several prudential inquiries in the first few years to reinforce the need for rigorous self-assessments (see recommendation 4.1). In time, the inquiries should involve retail and industry superannuation, insurance and ADI entities.
4.3 The Government should consider providing APRA with a non-objections power to veto the appointment or reappointment of directors and senior executives of regulated entities. This would bring it into line with international regulators and strengthen its capacity to pre-emptively regulate GCA risks. The power should be available to APRA only where the risks associated with the entity, including but not limited to member outcomes for superannuation funds, warrant it.
Regulating the Superannuation System for members
5.1 APRA should create a new Superannuation Division, headed by an Executive General Manager. A key focus of the Division should be the overall performance of the superannuation system for members.
5.2 APRA should embed and reinforce its increasing focus on member outcomes, and continue to ensure that trustees prudently manage member funds. Consistent with this change of approach, APRA should: a. publish objective benchmarks on product performance and publicly take action to demonstrate its expectations for member outcomes; b. develop a superannuation performance tool that replaces PAIRS by the end of 2019. The tool should be focussed on member outcomes; c. update its superannuation reporting standards and collect product level data that facilitates accurate assessments of outcomes and comparability across funds; and d. increase the resourcing dedicated to the superannuation industry.
5.3 In accordance with recommendation 23 of the Productivity Commission’s Superannuation Inquiry, the Government should legislate to make APRA’s member outcomes mandate more explicit. The Government should clearly outline its expectations for APRA on superannuation in its next Statement of Expectations.
APRA in the System
6.1 The Panel supports the direction of the APRA Enforcement Strategy Review. To effectively embed the Enforcement Approach, APRA should change its existing internal norms that create a low appetite for transparent supervisory challenge and enforcement by: a. departing from its behind closed doors approach with regulated entities; b. adopting a stronger approach towards recalcitrant institutions; c. building organisational confidence and improving management support; and d. increasing its risk appetite and use of the escalation toolkit.
6.2 While APRA’s regulatory tools are generally fit-for-purpose, the Government should consider: a. reviewing the adequacy of penalties across APRA's legislative framework; b. providing APRA with the power to appoint a skilled person to undertake a review of a regulated entity; and c. enhancing its private health insurance licensing powers.
6.3 APRA should reinvigorate its approach to collaboration and information sharing with regulators and its international peers including clear protocols for staff.
6.4 APRA should use its existing external accountability framework more effectively, including a more assertive use of the Statement of Intent and it should publish a regular external accountability assessment.
6.5 The Government should consider streamlining and improving the effectiveness of existing accountability arrangements when establishing the financial regulator oversight authority.
6.6 APRA should take a more strategic, active and forceful approach in its public communications. As an independent regulator, it should use public communications to shape community and government expectations of it. In relation to specific areas, APRA should:
a. publish an interpretation of its mandate;
b. clearly articulate its role and approach to macro-prudential policy (see recommendation 3.3);
c. advise the Government of the current state of its resolution capability and crisis preparedness (see recommendation 3.4). Taking account of the impact on the market, part of this advice could be published; and
The report commentsd. be more transparent in relation to superannuation, including by publishing objective benchmarks for superannuation performance on member outcomes and a strategy to promote long-term industry performance.
This Review was recommended by the Hayne Royal Commission. The damaging revelations revealed during the Commission’s inquiry have had a profound impact on the community. Boards, management and trustees of prominent and financially successful firms and superannuation funds face questions about their competence, integrity and commitment to customers and members. Questions of legality are yet to be determined in many cases. Questions about the inability of regulators to anticipate and deal forcefully with the misconduct revealed by the Hayne Royal Commission have also been raised. Trust in the financial system and its regulators has diminished. Community expectations about the role of regulators have been heightened.
It is important that these problems of misconduct are rectified and that industry behaviour and customer outcomes become better aligned to community expectations. Where laws have been broken there is rightly an expectation that those responsible will be held to account. But for a prudential regulator a ‘litigation-first’ or a litigation-focussed enforcement strategy will not help it achieve its ex-ante mandate, although APRA should not resile from legal remedies when they are needed.
APRA’s response to the community’s heightened concerns should be in a manner consistent with its mandate. It should retain its focus on maintaining financial safety and stability but focus more intensely on governance, culture and accountability (GCA) in the financial sector.1 It should accept that GCA risks have a major bearing on financial risk. This Review is careful not to make the distinction between financial and non-financial risks common in discussions of GCA. Weaknesses in GCA frameworks feed directly into financial safety and stability. For a prudential regulator there is no binary choice between supervising financial or GCA risks. Failures of GCA have often been at the heart of financial failures and systemic instability. The Global Financial Crisis (GFC) clearly demonstrated this. They are as much a part of a prudential regulator’s remit as capital and liquidity ratios. The Panel notes APRA’s attempts to build capability in this area but questions whether its importance for a prudential regulator has been recognised in the past.
While APRA can supervise these risks more effectively, it cannot guarantee that all customers will have a good experience with their bank, insurance company or superannuation fund. Individual misconduct regulation resides with the Australian Securities and Investments Commission (ASIC). Closer collaboration between APRA and ASIC will be crucial, to agree their respective roles and to deliver the desired outcomes.Importantly it states that 'Variability in leadership, a conformist culture and aversion to transparency are constraining APRA'
The main conclusion of this Review is that APRA’s internal culture and regulatory approach need to change. There is also variability in its leadership capability. There is no doubt that in matters of traditional financial risk APRA is an impressive and forceful regulator. But the Panel observes that APRA’s tolerance for operating beyond quantifiable financial risks has been low. APRA appears to have developed a culture that is unwilling to challenge itself, slow to respond and tentative in addressing issues that do not entail traditional financial risks. In combination with APRA’s organisational structure, these factors limit its ability to deliver on the breadth of its mandate and adapt to new challenges.
The Panel does not want APRA to build capability elsewhere by diminishing its core capability and acknowledges that this will be a challenging task. APRA can do better in other areas without undermining its excellence in regulating financial risk. Changes in capability, focus and structure should occur in line with culture. Equally, changes in APRA’s external governance arrangements and more flexibility in its funding and compensation frameworks should be considered. APRA has a strong preference to do things behind the scenes with regulated entities. The Panel believes that this limits its impact and authority. There are good reasons for a prudential regulator to be discreet, particularly in cases of acute financial stress. However, APRA needs to shift the dial towards a more strategic and forceful use of communication to ensure that it maximises its impact with regulated entities. Its Enforcement Approach should move it in this direction.
Some things need to be kept confidential. But APRA should consider what is appropriate to be communicated to the public. Its expectations of entities should be made public as should any failure by entities to meet those expectations, including responses by APRA to those failures. The Panel met a wide range of senior representatives of APRA-regulated entities during the Review. Almost universally, they praised the openness and integrity of APRA’s senior staff and the to effectiveness of APRA’s discreet approach. They note that this approach benefits both APRA and their firms.
A common observation made in these discussions was that their entities were more willing to cooperate with and provide information to APRA when it worked behind the scenes with them. It was noted that more transparency on APRA’s part would threaten that relationship. The Panel is not persuaded by that argument or the implication that APRA would be less informed if it operated more openly. While cooperation is always to be preferred to compulsion, regulated entities must provide APRA with the information it needs. An approach involving protracted behind the scenes negotiations of prudential issues is out of step with public expectations of regulators following the Hayne Royal Commission. As the Bank of England has noted in a different context, reliance on the lift of ‘Governors’ eyebrows and fireside chats are no match for a clearly communicated framework’ in today’s financial system.
APRA should use strategic communication to better define its authority and shape its own destiny. It is investing in capacity in this area. More effective communication of its priorities and mandate will provide a clear signal to the market as to what the regulator wants, making it more transparent and more effective in its supervision of the financial sector. APRA is independent of the government and has strong and wide-ranging standard-setting powers. It has the foundations of a powerful institution but needs to build on these foundations by better communicating its objectives and achievements. APRA’s current external governance arrangements are not effective in holding it to account against its mandate. These should be reviewed in line with the creation of a financial regulator oversight authority. Even within these constraints APRA could be more effective. As a starting point, a public statement of its interpretation of its mandate and how APRA implements it would benefit APRA and make it easier for others to hold it to account. A useful historical analogue is the Reserve Bank of Australia’s (RBA’s) public definition and ownership of its inflation target in the early 1990s. APRA should also use its Statement of Intent (SoI) more assertively. It is appropriate that APRA take into account the government’s broad objectives when pursuing its mandate. However, APRA should highlight areas where the government’s objectives are outside its Corporate Plan and areas in which APRA has more pressing resourcing priorities. This is entirely appropriate for an independent regulator.