prudential supervision of general insurance – stage 2 ... · a significant amount of regulatory...

Prudential Supervision of General Insurance – Stage 2 Reforms

Finance & Risk Management Corporate Governance Fit & Proper Persons

Insurance Council of Australia Limited August 2005 ABN: 50 005 617 318 Level 3, 56 Pitt Street SYDNEY NSW 2000 Phone: +612 9253 5100 Fax: +612 9253 5111

Prudential Supervision of General Insurance – Stage 2 Reforms August 2005

Insurance Council of Australia

Contents

1 Executive Summary...........................................................................................................4

2 Introduction .......................................................................................................................5

3 Overarching Regulatory Concerns.....................................................................................6

3.1 Regulatory Overload .............................................................................................6 3.2 Consistency ..........................................................................................................8 3.3 Enforceability ......................................................................................................11 3.4 One size does not fit all .......................................................................................13 3.5 Role of Management, the Board and APRA.........................................................15

4 Comments on Draft Prudential Standards and Guidance Notes .......................................17

4.1 GPS 220 – Risk Management .............................................................................17 4.2 GGN 220.2 – Risk Management Framework .......................................................19 4.3 GGN 220.3 – Balance Sheet and Market Risk .....................................................21 4.4 GGN 220.4 – Credit Quality.................................................................................22 4.5 GGN 220.5 – Operational Risk ............................................................................22 4.6 GGN 220.6 – Insurance Risk...............................................................................23 4.7 GPS 221 – Outsourcing ......................................................................................24

4.7.1 Related Party Transactions.....................................................................24 4.7.2 Transition Arrangements.........................................................................25 4.7.3 Definition of “Materiality” .........................................................................25 4.7.4 Specific Comments regarding draft Prudential Standard GPS 221 ..........25

4.8 GGN 221.1 – Managing Outsourcing Arrangements............................................28 4.9 GPS 230 – Reinsurance Management ................................................................29 4.10 GGN 230.1 – Reinsurance Management Strategy ...............................................31 4.11 GGN 230.3 – Limited Risk Transfer Arrangements..............................................31 4.12 GPS 310 – Audit and Actuarial Reporting and Valuation .....................................32 4.13 GGN 310.1 – Financial Condition Report.............................................................34 4.14 GGN 310.2 – Liability Valuation Report ...............................................................34

5 Comments on Prudential Standards and Guidance Notes................................................36

5.1 Governance ........................................................................................................36 5.2 GPS 510 Governance .........................................................................................37

6 APRA Fit & Proper...........................................................................................................48

6.1 GPS 520 Fit & Proper Requirements...................................................................49 6.2 Guidance Note GGN 520.1 Fit and Proper Requirements....................................55

Appendix A – Comparison of Outsourcing Prudential Standards ..................................................57

Appendix B – Risk and Financial Management – GPS 220 – Declaration on Financial Information to



be signed by the CEO and CFO ......................................................................................60

Appendix C – Risk and Financial Management – Matters Requiring Submission to, Referral to, or Approval By APRA ..........................................................................................................61

Appendix D – Matters Requiring Approval of, or Actions by Boards..............................................64

Appendix E – Regulatory Alignment.............................................................................................68



1 Executive Summary ICA appreciates the opportunity to provide input as part of APRA’s ongoing consultation on Stage 2 Reforms. In addition to this formal submission, in recent months ICA and APRA have:

• Conducted a major seminar on APRA’s Stage 2 Reforms (Sydney – June 2005);

• Conducted a follow up workshop (Canberra – August 2005); and

• Held several meetings at Working Party level to discuss the general direction of the reforms and the detail concerning major issues.

This submission responds to discussion papers, draft Prudential Standards and Guidance Notes for general insurers released by APRA in May and June of 2005 that relate to:

• Risk and Financial Management;

• Corporate Governance; and

• Fit and Proper Persons.

The submission begins with discussion on some broader overarching regulatory issues around the Prudential Standards and the general burden of regulation facing general insurers. Key points in this section are:

• Regulatory Overload and Cost of Regulation

ICA supports the principles embodied in APRA’s Stage 2 reform but is concerned at the sheer size of the proposals and their impact on an already heavily regulated industry.

ICA has suggested a number of changes to the draft Prudential Standards and Guidance Notes that will enable APRA to regulate effectively but should keep regulatory cost and intrusion to a minimum.

• Consistency

ICA has previously expressed concern at the tendency for regulators to impose overlapping regulatory regimes. ICA recognises that APRA has a strong view that it needs to actively regulate in these areas. In this submission ICA argues that APRA requirements should be consistent with those of ASIC and the ASX, for example. This is not the current position.

• Enforceability

ICA is concerned that the draft Guidance Notes have the status of Prudential Standards and suggest that the draft Guidance Notes no longer form part of the draft Prudential Standards. APRA has previously argued that highly prescriptive Prudential Standards were necessary to achieve enforceability, particularly before a court or the AAT.

ICA believes that APRA’s powers are adequate without resorting to detailed prescription.

• One Size does not fit all



ICA recommends that APRA adopt a more risk based approach and that it allow insurers to seek exemption from prescriptive Prudential Standards and that insurers be able to exercise discretion in the definition of key words such as “material”, “responsible” and “significant”. ICA understands that where such discretion is exercised APRA has the right of final say.

• The Role of APRA, Boards and Management

ICA submits that its prescriptive requirements are forcing Boards into matters of management and that the number of matters requiring APRA approval is placing APRA into the area of business decisions. In this submission ICA proposes that APRA pull back from these positions, so that APRA regulates and Boards set policy and ensure that management is carrying out its role.

The detailed responses to each of the draft Prudential Standards and Guidance Notes address the industry’s main immediate concerns:

• Excessive detail required in the RMS

• The need for further consideration of intra-group outsourcing arrangements

• The excessive number of matters that need to be reported to and referred to APRA, or that require APRA approval

• The need to separate Prudential Standards and Guidance Notes so that the latter serve to guide and clarify

• The need for greater flexibility in the application of the Governance Standard, and the need for consistency with existing regulation in this area

• The excessive prescription of the fit and proper standards

• The need for a process to ensure procedural fairness when investigating whether a person may not be fit and proper

Building on that base, the submission goes on to comment specifically on each of the draft Prudential Standards and Guidance Notes.

These sections primarily focus on matters of detail that are seen to be particularly problematic or that could be altered to achieve the same outcome but at a significantly lower burden to insurers or complexity. This focus on particular elements of detail should not be taken as implicit agreement with all of the remaining provisions or of the level of prescription and inflexible approach found in many of the draft Prudential Standards and Guidance Notes, but rather as recognition of those areas where change is critical.

2 Introduction The Insurance Council of Australia (ICA) is the representative body of the general insurance industry in Australia. ICA membership represents more than 90 percent of total premium income written by private sector general insurers.

ICA members provide non life insurance products ranging from those usually purchased by



individuals (such as home and contents insurance, travel insurance, motor vehicle insurance) to those purchased by small businesses and larger organisations (such as product and public liability insurance, workers compensation, commercial property, and directors and officers insurance).

ICA members, both insurers and reinsurers, are regulated and licensed by the Australian Prudential Regulation Authority (APRA) and are a significant part of the financial services system. Recently published statistics from APRA show that the private sector insurance industry generates direct premium revenue of $25.9 billion per annum and has assets of $78.4 billion.1 The industry employs about 25,000 people.

ICA members issue more than 41 million insurance policies annually and deal with 3.5 million claims each year.2 On average, ICA members pay $55 million in claims each working day.

3 Overarching Regulatory Concerns ICA fully supports APRA and the important role that it has to play in prudential regulation. However, the requirement to regulate must be balanced against the danger of regulatory overload and mounting compliance costs.

In ICA’s view APRA’s prudential regulatory regime should be based on risk; it should not take a “one size fits all” approach and should avoid the tendency for regulatory creep, so that new regulation does not build up on what was there before.

ICA also believes that APRA’s prudential regulatory regime should be subject to a rigorous cost benefit analysis, which is regularly reviewed.

ICA considers it essential that reforms must:

(a) Recognise the global nature of the general insurance industry;

(b) Take account of the commercial and competitive environment of general insurers, and the challenges involved in attracting capital to the industry in Australia; and

(c) Enhance the strength, stability and viability of the industry for the benefit of policyholders, third party claimants, and the economy at large.

3.1 Regulatory Overload

General insurers are already subject to a comprehensive and complex regulatory regime and it appears to ICA that this current regime is sufficient to deliver on its primary purpose, which is the protection of consumers and policyholders.

ICA agrees that effective corporate governance, fit and proper persons, and financial and risk management are essential features of a corporation. However, ICA strongly believes that regulation in these areas should not be made prescriptive but rather should be principles based, with implementation left to the discretion of Boards and company management. 1 APRA, Quarterly General Insurance Performance, March 2005. 2 APRA Selected Statistics on the General Insurance Industry, Year Ending June 2002



There is growing evidence that the complexity of the regulatory environment is creating a compliance mentality within corporations, is stifling change and innovation, and is potentially a barrier to new entrants into the Australian market, thus inhibiting effective competition and encouraging the growth of unregulated players.

While ICA supports the spirit of APRA’s Stage 2 Reforms, ICA strongly believes that the positive aspects can and should be implemented in a manner that keeps regulatory cost and intrusion to a minimum.

Volume and Complexity

The draft Prudential Standards and Guidance Notes released in the most recent round of consultations on the Stage 2 Reforms include 583 paragraphs that make up six Prudential Standards and twelve Guidance Notes.

The overarching response from general insurers, in particular to the Risk and Financial Management Prudential Standards and Guidance Notes, is that the sheer volume of the requirements will make the system unworkable.

APRA Prudential Standards must also be reviewed in conjunction with the overall complexity of general insurance regulation, which includes three core regulators (APRA, ASIC and ACCC), three Commonwealth Ministers, as well as State and Territory governments and other regulatory and quasi regulatory agencies such as the ATO, Accounting Standards Boards, privacy and industry relations regulators. On top of this are court decisions, codes of practice and professional standards that must be considered, as well as international regulation and competitive pressures.

A significant amount of regulatory reform has already taken place in the general insurance industry over the last few years. In particular, the introduction of the Financial Services Reform Act, reforms to the Insurance Act and the introduction of APRA’s new Prudential Standards, and the pending changes to the Insurance Contracts Act, not to mention the industry’s own new Code of Practice.

ICA has strongly supported these reforms, and believes that Australia has one of the strongest regulatory environments in the world. It is important to note, however, that these reforms are still in the early stages of implementation. It will be some time before the full effects on the industry will be evident.

Cost of Regulation

Regulation comes at a cost. While it cannot be denied that some amount of increased regulation and compliance activity was necessary and has had a positive impact in terms of creating a stronger industry, more disciplined pricing and better risk management within individual companies, compliance costs have risen drastically. Ultimately, those costs have to be passed on to the policyholders. Whilst ICA is unable to isolate the specific costs of implementing APRA Stage 2 requirements, there is ample evidence that the total regulatory environment (APRA and ASIC) is having a significant impact on costs of ICA member companies. The following examples may be cited:



• One small insurer estimated that actuarial and audit fees will have doubled in the past three years (inclusive of the implementation of Stage 2);

• A medium sized insurer estimates that total senior management time spent on compliance is five times greater than five years ago and ten times greater than ten years ago;

• Two large insurers estimate that approximately 25% of Board and senior management time is spent on regulatory and compliance issues;

• Two medium size insurers have estimated that their total compliance costs amount to $5.5 million and $7.4 million per annum respectively; and

• A medium sized insurer has reported that:

– Ten years ago they had one lawyer (in the Claims Department) doing all compliance work, plus additional time from accounting and internal audit staff. There was no internal actuary;

– Five years ago this had increased to two in house counsel, with increased contributions required from accounting, internal and external audit staff; and

– Currently – full time compliance manager, four in house counsel, an actuary plus external assistance, enlarged accounting, internal and external staff, plus substantial compliance costs throughout the organisation.

Many ICA member companies have indicated that the culture of their organisation is now dominated by regulation and compliance. Business decisions are taken with compliance as a major factor. This need to focus on compliance at the senior management and board level also has the risk of stifling innovation and creativity. Similarly, the regulatory burden has the very real risk of disadvantaging Australian insurers on the world stage and becoming a barrier to entry into the Australian market, thus encouraging the growth of unregulated players such as Direct Offshore Foreign Insurers (DOFIs) and Discretionary Mutual Funds (DMFs).

3.2 Consistency

General insurers face multiple regulators and operate in a global environment. As such, it is important that any overlap or inconsistencies between APRA and other regulators, both domestic and international, is avoided or at least limited to only those areas where there is a strong and clear prudential reason for the differing regulatory requirement.

As a rule, oversight of a particular element of regulation should be under a single regulator so as to avoid duplication and overlap in regulatory reach. Rather than duplicating the activities or roles of the other regulator, each should rely on the other to provide relevant information, early warning signals and to undertake proper regulatory supervision and action where necessary.

In those limited situations where a clear case can be made for duplication, the specific wording of the regulations should be the same or should be drafted by reference to existing regulation.

In this regard, ICA notes that there are a number of areas of overlap in regulation between APRA and



the Corporations Law as administered by ASIC. Principle amongst these is provisions related to Corporate Governance, Fit and Proper Persons and Outsourcing provisions.

• Corporate Governance

Specific governance and other related requirements for corporations fall primarily under ASIC regulation and are laid out in the Corporations Act with its various amendments, including the most recent CLERP 9 reforms. Companies that are publicly listed are also required to adhere to the Australian Stock Exchange (ASX) Principles of Good Corporate Governance and Best Practices.

The ASX Principles of Good Corporate Governance are not binding but under ASX Listing Rule 4.10, companies are required to provide a statement in their annual report disclosing the extent to which they have followed the best practice recommendations set out in the Principles. Where companies have not followed all the recommendations, they must identify the recommendations that have not been followed and give reasons for not following them. The intention is that shareholders are notified of any deficiency and can require the company to comply with the principles to the extent appropriate for that company.

It is also important to note that many general insurers who are either listed internationally or are part of global conglomerates must adhere to international rules on corporate governance, such as Sarbanes-Oxley.

When APRA introduced its Stage 2 Reforms in November 2003, ICA initially argued that APRA had no role in the regulation of Corporate Governance. Recognising that APRA has a strong view that it should remain in this area, it is critical that:

• Unless a strong prudential or policyholder protection reason exists the Prudential Standards should either mirror exactly those applicable under the Corporations Act and the ASX Principles of Good Corporate Governance, or be applied by reference; and

• Their application should be sufficiently flexible to recognise the diversity of corporate structures in general insurance, as well as the requirements for many companies to also comply with international rules on governance.

Minor inconsistencies in wording between different regulations can create significant administrative problems and increased cost to general insurers with no benefit to policyholders. As an example, Appendix E provides a comparison of ASX and APRA provisions for corporate governance.

• Fit and Proper Persons

Provisions for fit and proper persons are included in a number of different Australian regulations and legislation, in addition to those included in the APRA Prudential Standards. Considering only those applicable to financial services companies, there are provisions under the Corporations Act and FSR Legislation, as well as the ASX Principles of Good Corporate Governance.

The Corporations Act imposes a range of duties on directors and officers of corporations and under the FSR provisions, Section 913B(2) and (3) in part 7.6 of the Act, ASIC must be satisfied that there is no reason to believe that a person who is an Australian Financial Services License (AFS License) applicant is not of good fame and character and that there is no reason to believe that the “responsible officers” of a corporate applicant are not of good fame and character before an AFS License is granted. Section 913B(4) sets out what matters are relevant to ASIC in determining good



character, which differ from those adopted in the APRA draft Prudential Standard.

Similarly, Principle 2 of the ASX Principles of Good Corporate Governance that says that an effective board should be structured in such a way that it has a proper understanding of, and competence to deal with, the current and emerging issues of the business; and can effectively review and challenge the performance of management and exercise independent judgement.

Finally, many general insurers must also comply with similar international regulatory provisions.

While clearly each of these regulations have their respective roles, again it is important to understand that minor inconsistencies in wordings between the different regulations may require general insurers to adopt separate or more complex process that can create significant administrative problems and increased cost for general insurers with little or no benefit.

• Outsourcing

Similarly, APRA’s outsourcing requirements must also be viewed in context with the outsourcing requirements faced by general insurers that also hold an AFS License under ASIC. Under the FSR provisions of the Corporations Act, where an AFS Licensee uses third party providers (whether or not within a corporate group) to assist it to provide a service that is part of the financial services business covered by its AFS License, ASIC expects that the AFS Licensee will be able to show that it has measures, processes and procedures in place to ensure that due skill and care has been taken in choosing suitable providers, can and will monitor their ongoing performance, and will deal effectively with any breaches of the service agreement or actions that lead, or might lead, to a breach of the licensee obligations, including reporting where appropriate.3

Regulation by Reference

Where a Prudential Standard seeks to regulate some or all of the conduct regulated by another Act, Regulation or other form of regulation, the most effective way to avoid inconsistency is for the Prudential Standard to require compliance with that other Act or Regulation or other form of regulation. This can be termed “regulation by reference”. For example, where there are inconsistencies between the ASX Principles of Good Corporate Governance and the Corporate Governance Prudential Standard, these could be avoided if the Corporate Governance Prudential Standard were to require compliance with certain principles by reference to the ASX Principles of Good Corporate Governance.

ICA recognizes, however, that this regulatory mechanism is not without its problems. Different terminology in the Act, Regulation or other form of regulation that the Prudential Standard refers to may lead to problems with interpretation. If the number of the section of the Act or clause of the Regulation changes, then this can make the reference ambiguous or even void.

Having regard to these difficulties and the need to avoid inconsistency, ICA supports the introduction of clauses that mirror provisions in other Acts, Regulations or other forms of regulation.

Provisions of Prudential Standards that mirror those in other Acts, Regulations or other forms of regulation should not only mirror substantive requirements, they should mirror the actual words used. This should assist in avoiding interpretation difficulties. In order to avoid the emergence of inconsistencies over time it is important that APRA maintain a careful watch to ensure that any 3 ASIC. “Licensing: Organisation capacities:, dated 28 November 2001, at page 10.



subsequent changes in mirrored provisions Acts, Regulations or other forms of regulation are changed in the Prudential Standard.

ICA makes specific recommendations in Parts 4 through 6 of this submission where mirror provisions would avoid regulatory inconsistency.

3.3 Enforceability

Prudential Standards have the same standing as regulations and as such, non-compliance can have significant consequences to insurers. Prudential Standards must be viewed through a compliance lens. While it is reasonable for APRA to see many of the Prudential Standards and Guidance Notes as best practice, they are legally binding and insurers must interpret, apply and observe them as such. Significance of Prudential Standards

Compliance with the Prudential Standards is a very serious matter for authorised insurers, because the failure to comply carries significant consequences. All authorised insurers must comply with Prudential Standards under the law.4 In the event of a breach of Prudential Standards, APRA can make a direction to an insurer to comply. 5 A failure to comply with the direction may lead to an offence or revocation of the authorisation.6 Failure to comply with a direction is an offence.7 Failure to comply with a Prudential Standard or a direction to comply with a Prudential Standard may also result in a revocation of an authorisation.8 Unlike decisions taken by APRA to disqualify unfit or improper persons, decisions taken by APRA to enforce Prudential Standards are not “reviewable decisions” under the Insurance Act.9 This means that the more prescriptive these Prudential Standards are made, as in the case of the draft Prudential Standards, the starker this lack of remedies becomes. 10 Given the seriousness of Prudential Standards for insurers, including the possible revocation of authority to conduct insurance business, it is critical that they be clear as to their intent and are not unreasonably difficult to comply with. The use of the word “must” in the draft Prudential Standards is understood to reflect APRA’s concerns about the enforceability of its Prudential Standards. This not only increases the compliance burden on insurers, it makes it imperative that the conduct that APRA expects of insurers be expressed in precise terms that clearly convey what constitutes compliance.

4 Section 35 of the Insurance Act 5 Section 36 of the Insurance Act 6 Section 37 of the Insurance Act 7 Section 37 of the Insurance Act 8 Section 15(1)(a)(i) and (ii) of the Insurance Act 9 Part VI deals with 'reviewable decisions' of APRA under the Insurance Act and to which the part applies. Part VI applies to decisions to disqualify a person (section 25A), require removal of a person (section 27) but does not apply to the power to make a direction in relation to a breach (or potential breach) of the Prudential Standards (section 36) or a revocation decision (section 15). 10 For example, if a technical aspect of the standard is breached, the power to make a direction is enlivened. This exercise of a 'discretion' to direct is not reviewable by reference part VI of the Insurance Act.



The level of obligation on an authorised insurer to comply with a provision in the draft Prudential Standards is made unclear by the use of “recommendations”. For example, one Guidance Note provides that it applies to one type of arrangement11 but it is “recommended that the provisions of [that] Guidance Note should be applied to all outsourcing arrangements [emphasis added]12. The weight of APRA’s “recommended” conduct is not clear in the context of draft Prudential Standards that also contain provisions that “should” be complied with. It is critical that insurers have certainty as to what constitutes compliance. Role of Guidance Notes

Most of the draft Prudential Standards that have related Guidance Notes state that the Guidance Notes ”form part of the Standard”. In addition, the draft Guidance Notes contain numerous mandatory requirements, which extend the requirements set out in the draft Prudential Standards through the use of the words “must” and “should”. At the time of the 2001 – 2002 amendments to the Insurance Act, it was understood that the regulatory regime would be based on a three-level system. The first level was to contain legislation, primarily the Insurance Act, APRA Act and the Financial Sector (Collection of Data) Act. The second level was to contain Prudential Standards, which have the status of regulations to Commonwealth legislation, being instruments disallowable by Parliament and thus having the force of law. The third level was to contain Guidance Notes, that provide regulated entities with assistance and guidance in complying with Prudential Standards but which do not have the force of law. ICA is concerned that, depending on the wording, the draft Guidance Notes may “form part of the standard” by operation of law.13 This means that if adopted, the draft Guidance Notes must be complied with by all general insurers by virtue of the requirements to comply with the Prudential Standards. This diverges significantly from the current approach to regulating some other APRA-regulated entities. For example, the Superannuation Prudential Standard on fitness and propriety includes a Guidance Note that states that it is intended to provide guidance only and is not exhaustive in its coverage of rights and obligations under law.14 The Guidance Note is stated to have no legal status or legal effect. ICA believes that Guidance Notes should be used by the regulator in the way in which they were intended to be used. Prudential Standards should state the conduct that authorised insurers must take or avoid. The proper role of Guidance Notes is to explain how Prudential Standards might be complied with by different types of insurers with different capital and ownership and differing risk profiles. ICA further believes that if Guidance Notes are to be used to provide guidance and not requirements, the wording in the Guidance Note must reflect this status and must not include mandatory terms such as “must” and “should”.

11 Material outsourcing arrangements 12 Draft Guidance Note 221.1 at paragraph 1 13 Section 32(6) of the Insurance Act 14 SGN110.1



Similarly, it is through Guidance Notes that APRA should convey those elements that they believe are best practice but that are not directly linked to APRA’s role in protecting policyholders and as such would not necessarily require strict compliance. Concerns with the Administrative Appeals Tribunal

Through various discussions with and public comments by APRA, ICA understands that part of APRA’s motivation for developing prescriptive Prudential Standards has been its experiences in the Administrative Appeals Tribunal (“AAT”). ICA is not convinced that APRA’s experience in the AAT provides good grounds for prescriptive Prudential Standards. It is ICA’s understanding that all of the matters in which APRA has been a defendant in the AAT have been matters in which APRA has made a decision to "disqualify" someone, rather than decisions to enforce Prudential Standards against an authorised insurer. All but one of those matters in which APRA has been a defendant in the AAT has been in relation to disqualification of superannuation trustees. The one case relating to a disqualification decision relating to a person working in general insurance was lost by the applicant on technical grounds not related to the prescriptiveness of the general insurance Prudential Standards.15 The AAT cases in which APRA has not been successful against disqualified superannuation trustees do not, as a matter of logic, lead to the conclusion that the Prudential Standards for general insurance should be prescriptive. Firstly, the superannuation cases have been decided on the regulations that govern fitness and propriety for superannuation trustees, which are much less prescriptive than both the current and draft Prudential Standards. Secondly, while there have been difficulties with disqualification decisions, these no not have any direct bearing on the decisions that APRA may take to enforce Prudential Standards in general.

3.4 One size does not fit all

The Australian general insurance industry consists of a heterogeneous group of corporate structures and risk profiles. These insurers range in size from large multi line insurers to small niche underwriters and include re-insurers, mono line specialist insurers and companies in run off. ICA is concerned that prescriptive Prudential Standards do not take account of the diversity within the industry. As ICA set out in its response to the November 2003 draft Prudential Standards, ICA’s preference would be for the draft Prudential Standards to be principles based. Principles based regulation would allow each authorised insurer to comply with Prudential Standards in a way that is best suited to their own circumstances, risks, processes and procedures. As an APRA Member has recently acknowledged, “Even within two insurers which ‘from the outside’ might appear very similar, there can be legitimately quite different practical approaches to how to apply the [risk management] framework.”16 The core advantage of outcome-based regulation is that it allows two insurers which might appear similar, to take different practical approaches to applying Prudential Standards.

15 Kamha v Australian Prudential Regulatory Authority [2005] FCA 480 16 A Regulator’s view, APRA Member, Steve Somogyi: Insurance Council of Australia conference (August 2005)



ICA notes that, by issuing prescriptive draft Prudential Standards, APRA has shown a preference for prescriptive regulation. In their current form the draft Prudential Standards assume that “one size can fit all”. This is simply not the case. However, even if APRA adopts a prescriptive approach to regulation, ICA believes that it should not do so at the expense of insurers who differ in structure and risk profile. While the ideal form of regulation is principles-based, because it allows for flexible application, it is possible to introduce some level of flexibility by use of discretion that can be exercised by insurers and by APRA. Insurer discretion

ICA believes it is possible to allow some flexibility for insurers in determining how to comply with the Prudential Standards. This can be achieved by allowing insurers the discretion to determine the way in which certain Prudential Standards should apply to their particular structure and risk profile. In an example that is elaborated upon below, insurers should have the discretion to determine the factors that contribute to whether something is “material” in the context of their business. ICA is aware that a number of its members have made submissions to the effect that APRA should allow insurers less discretion by seeking clarification or further definitions around terms like “materiality”, “responsible”, and “significant” to determine the way in which certain requirements apply to them. ICA believes that this is an understandable response but is also aware that the interpretation of these words by an insurer can provide an element of discretion to the insurer in relation to the particular provision of the draft Prudential Standard. ICA further believes that the need on the part of general insurers for greater definition of such terms would not be as important if the Prudential Standards took a less prescriptive approach. ICA acknowledges that ultimately APRA must determine whether an insurer has applied the Prudential Standard to their satisfaction, but would support amendments to the Draft Prudential Standards that allow insurers flexibility to determine the way in which a Prudential Standard should apply to them. In this respect, ICA would seek specific clarification in the Prudential Standard that the interpretation is at the insurers discretion. APRA discretion

APRA has the power to modify Prudential Standards in respect of particular insurers.17 If APRA exercises this power, APRA must have regard to the particular business and circumstances of the insurer. ICA believes that given the prescriptive nature of the Draft Prudential Standards, APRA should describe the process for applying for a modification and the circumstances under which APRA will entertain such an application in relation to each Prudential Standard. APRA also has the power to develop Prudential Standards that include powers and discretions to approve, impose, adjust or exclude specific prudential requirements in relation to a particular insurer or class of insurers18. In addition to those areas where it is currently provided in the draft Prudential Standards that APRA may exercise its discretion flexibly, there are further draft provisions where

17 Insurance Act s32(3B) 18Insurance Act s32 (3D)



discretion will be appropriate to ensure that the Prudential Standards take account of the size and diversity of the marketplace. Finally, APRA has at its disposal the risk-based Prudential regulatory regime introduced in 2002 including the PAIRS19 and SOARS20 systems that allow it to evaluate risk and adopt the appropriate degree of regulatory supervision. APRA has the ability and power to adopt a firmer stance with any regulated entity that it perceives is not complying with its Prudential Standards by increasing the insurer’s capital charge for operational risk and thus requiring a higher MCR.

3.5 Role of Management, the Board and APRA

ICA notes that many of the provisions within the Stage 2 Reforms blur the respective roles of management and the Board of Directors and create an environment where both the Board and APRA are forced into active participation in the day-to-day management of the corporation.

ICA is concerned that the enhanced role of the Board in operations and compliance outlined in the APRA Prudential Standards is contrary to ASX best practices and will inevitably distract the Board from its critical role in high level oversight and corporate strategy.

Similarly, ICA questions the necessity of APRA reporting in certain areas and flags that if APRA approval is to be required, it is imperative that an adequate process be put in place with strict timeframes within which APRA must approve or raise any concerns.

ASX Principles and Best Practice

The ASX Corporate Governance Council’s “Principles of Good Corporate Governance and Best Practice Recommendations”21, Best Practice Recommendations 1.1, sets out the usual responsibilities of the Board:

• Oversight of the company, including its control and accountability systems;

• Appointing and removing the Chief Executive Officer, the appointing and removal of the Chief

Financial Officer (or equivalent) and the Company Secretary;

• Input into and final approval of management’s development of corporate strategy and performance objectives;

• Reviewing and ratifying systems of risk management and internal compliance and control, codes of conduct and legal compliance;

• Monitoring senior management’s performance and implementation of strategy and ensuring appropriate resources are available;

19 Probability and Impact Rating System 20 Supervisory and Oversight Response System 21 Australian Stock Exchange, Sydney, March 2003 15 – 17.



• Approving and monitoring the progress of major capital expenditure, capital management and acquisitions and divestures; and

• Approving and monitoring financial and other reporting. ICA is of the view that the responsibilities set out in this Best Practice Recommendation appropriately articulate the role of the Board and do not in any way dilute policyholder protection. ICA is concerned that a number of the provisions in the APRA draft Prudential Standards and Guidance Notes go further than this ASX Best Practice and are forcing Boards into participation in the day-to-day management of the company.

APRA Requirements of the Board

In addition to the specific provisions in the Corporate Governance and Fit and Proper Persons draft Prudential Standards regarding the role and makeup of the Board, there are 39 references in the Risk and Finance and Risk Management Prudential Standards and Guidance Notes to Board responsibilities; areas requiring Board approval; or provisions that the Board must “ensure” are in place. A detailed overview of these provisions is provided in Appendix D.

ICA is concerned that, in addition to increasing the complexity of Board operations, a number of the provisions in these Prudential Standards force the Board into active participation in the day-to-day management of the organisation.

For example draft GGN 221.1 paragraph 4(d) requires that the Board or delegated Committee should review reports on outsourcing arrangements and be informed on the performance of the service provider.

ICA believes that involvement in such detail is not the role of the Board. If there is to be involvement then materiality should be taken into account.

Matters Requiring Submission To APRA

According to APRA, it is not the regulator’s role to “tell institutions how to manage those particular risk in their own operations… While some of the Prudential Standards we have issued specify some required minimum elements of the broader risk management framework they do not seek to enforce uniformity of risk management systems or process.”22

ICA is concerned, that many of the provisions in the draft Prudential Standards, particularly related to risk management, will imply that APRA is in fact doing just that.

By stipulating that a number of matters must be referred to APRA for approval or reported to APRA, the Prudential Standards run the risk of creating a large bureaucracy and projecting APRA into the General Insurers’ decision making process. Appendix C provides an overview of those provisions requiring APRA approval, reporting or review.

22 “A Regulator’s View”, remarks by Mr. Steve Somogyi, Member APRA at the Insurance Council of Australia Conference, August 2005.



The large number of items that must be submitted to APRA leads to the further question – what is APRA to do with this information? Is it to be filed? Is it to be acted upon? What is the procedure if APRA receives copies of documentation but does not approve of its content? ICA suggests that APRA review these requirements. It may be that it would be preferable for insurers to retain the information, with APRA having the power to request it if required.

ICA believes that the role of the regulator is to regulate and that APRA should restrict its role to the protection of policyholders and ensuring that regulated entities are carrying on their respective businesses in accordance with the Act and Prudential Standards.

4 Comments on Draft Prudential Standards and Guidance Notes

4.1 GPS 220 – Risk Management

The over reaching impression of the Risk and Financial Management Prudential Standard and its associated Guidance Notes is that the sheer volume of APRA mandatory requirements makes the system unworkable. APRA appears to be focused on form and process, rather than the achievement of satisfactory outcomes. The sheer size of the proposed RMS and the fact that it would encompass procedure and system manuals in use throughout the organisation would mean that frequent amendments, many of them minor in nature, would be required with consequent approvals required from the Board and APRA.

Paragraph 2 – Authority and reference to Guidance Notes

ICA response

This paragraph states that the draft Guidance Note “forms part of the standard”.

As discussed in Part 3 of this submission, Prudential Standards and Guidance Notes perform important, but different functions. Prudential Standards have the status of law and must be strictly complied with by APRA-authorized entities.

Guidance Notes should provide practical advice and suggestions to entities regulated by APRA on how Prudential Standards may be implemented. They should assist different types of insurers with different capital and ownership and differing risk profiles to comply with the Prudential Standards in the most appropriate manner. ICA recommends that the draft Prudential Standard should be amended so that the draft Guidance Notes no longer form part of the draft Prudential Standard.

Paragraph 4 – Compliance on a group basis

ICA response

ICA fully supports the concept that certain agreed requirements of the Prudential Standard may be complied with on a group basis.

Paragraph 7 - Minimum matters that risk management framework must, at a minimum include



ICA response

Please refer to comments in 3.1 above. ICA believes that APRA should be concentrating on ensuring that an adequate strategy is in place and is being adhered to. Such detailed “best practice” requirements should not be included in a Prudential Standard. If APRA believes that such details are of value to the regulatory process, then it is recommended that they be included in a Guidance Note as recommended practice.

ICA recommends that the existing wording be replaced by:

An insurer’s risk management framework must include a written Risk Management Strategy (RMS) approved by the Board. The RMS must refer to the insurer’s risk management framework, including:

(a) Policies, procedures, management responsibilities and controls;

(b) Policies and procedures to identify, assess, monitor and report on and mitigate material risks; and

(c) Clearly defined managerial responsibilities and controls.

Paragraphs 8, 9, 26, 30, 32, 52, 64, 66, 67 and 68 – Matters to be referred to, report to and requiring approval by APRA

ICA response

ICA submits that the number of such matters is excessive. APRA has existing powers to enforce such requirements on insurers whose operations justify such action by APRA. ICA suggests that paragraphs 8, 9, 30, 32, 33, 52 and 67 should be dealt with by APRA on an as needs basis, or during site visits.

Paragraphs 25 and 30 – Annual review of Business Plan and RMS

ICA response

The statement in paragraph 25 that a general insurer must, “review and amend its business plan at least annually”, may be problematic if APRA requires review within 365 days of the preceding review. (The addition of the words ‘at least’ suggests to us that this is APRA’s intention). Given the variance in Board dates from year to year, that will not always occur within a year of the preceding view. Paragraph 30 contains a similar requirement.

ICA recommends that an insurer should review its business plan and RMS within a reasonable time prior to the commencement of the financial year to which they relate.



Paragraph 36 – Matters to be included in a Risk Management Statement

ICA response

As already discussed, ICA believes that the RMS should be a strategic document and that such requirements should not be included in the Prudential Standard. If APRA believes that such details are necessary, then it is recommended that they be included in a Guidance Note as recommended practice.

Paragraph 43 – Risk mitigation and control

ICA response

Implementation procedures are not strategy. The requirement should be limited to ensuring that risk mitigation and control strategies are in place.

ICA recommends that the existing wording should be amended so that it reads:

Risk mitigation and control strategies must reflect the size and operations of the insurer and be an essential part of the insurer’s day-to-day operations. As part of its RMS the insurer must set out an overall strategy for the control and mitigation of identified risk. The RMS should refer to detailed controls and processes in place throughout the organisation.

Paragraph 66 – Financial information declaration

ICA response

There are differences between APRA’s required declaration and similar ASX and Corporations Act requirements. ICA believes that the differences add complexity for no benefit and that uniform wordings would be preferable.

Refer Appendix B.

Paragraph 67 – Notification requirements

ICA response

Paragraph 67, as currently worded, causes practical difficulties to Australian branches of foreign insurers. Legally a branch and the foreign insurer, of which it is a part, are part of the one entity. It would be unreasonable to expect the local branch to be aware of all changes in the operations of the insurer. The paragraph should make it clear that notification requirements only apply to the Australian operation.

4.2 GGN 220.2 – Risk Management Framework

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to risk management and that it has no legal status or legal effect whatsoever.



ICA further recommends that all reference to the words “must “ and “should” be removed from the Guidance Note.

Paragraph 4 – Business Plan

ICA response

Given that the plan is only a general indication of future trends, the requirement that sensitivity analysis be applied to the projections for years two and three seems excessive.

Paragraph 5 – Items to be included in the Business Plan

ICA response

ICA understands and supports the need for insurers to prepare a Business Plan. However the depth of detail required is excessive; for example location of offices and details of the branch network.

The Business Plan should be a strategic tool.

ICA believes that the components of a Business Plan will vary from insurer to insurer.

ICA therefore recommends that such requirements be omitted, or if APRA insists that they remain, that they be cited as examples of good business practice.

Paragraph 6 – Business Plan to include financial projections

The requirement to include financial projections in a Business Plan would appear to be a necessity.

ICA therefore recommends that GGN 220.2 paragraph 6 should be inserted into GPS 220 after paragraph 28.

Paragraph 10 – Risk identification and assessment techniques

ICA response

The techniques listed are at a simplistic level, together with the implication that the measures listed are to be preferred to other possibilities.

ICA believes that this paragraph is unnecessary and should be deleted.

Paragraph 24 – Autonomy of the internal audit function

ICA response

ICA supports the proposition that the internal audit function should have unfettered access to the Board Audit or Risk Committees. ICA believes that this can still be achieved whilst leaving the function under the day-to-day administrative control of, for example, the CEO, CFO or CRO.



Paragraph 25 – Internal audit coverage plan

ICA response

ICA believes that this paragraph should be amended to allow the coverage of internal audits to be approved by the Board Audit Committee or the Board Risk Committees depending upon their respective functions and responsibilities.

Paragraph 29 – Risk management declarations

ICA response

Paragraph 29 of Guidance Note GGN 220.2 requires the Board to declare that, “the insurer has systems in place to ensure compliance with the Act…”. ICA understands these words to mean that, “the insurer has systems in place for the purpose of ensuring compliance,” rather than that, “the insurer has systems in place which actually ensure compliance”. This interpretation appears to be consistent with other provisions in the Risk Management Prudential Standard (for instance, clauses 9 and 16). If our interpretation of this requirement is correct, ICA submits that APRA should clarify the meaning of the requirement accordingly.

4.3 GGN 220.3 – Balance Sheet and Market Risk

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to risk management and that it has no legal status or legal effect whatsoever. ICA further recommends that all reference to the words “must” and “should” be removed from the Guidance Note.

Paragraphs 8, 10 and 12 – Matters to be included in the RMS

ICA response

ICA believes that the requirement for such detail is unnecessary. As stated above, the RMS should be a high level strategic document. If APRA believes that such details are of value to insurers then they should be set out as recommended good practice.

ICA recommends that either:

(a) Paragraphs 8, 10 and 12 be deleted, or;

(b) The opening sentence of each of these paragraphs should be amended to read;

“In relation to … it is suggested that, as good practice, the risk management framework may include the following elements.”



4.4 GGN 220.4 – Credit Quality

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Standard relating to risk management and that it has no legal status or legal effect whatsoever.


Paragraph 2 – Risk of default by transactional counterparties

ICA response

Treating policyholders as counterparties raises several issues:

• The requirement to develop a mandate setting out acceptable range, quality, limits and diversification of credit exposures;

• Limits for credit exposures to single industries and single geographical locations;

• Limits for credit exposures to subsidiaries and related entities;

• Requirement to have a management information system that aggregates exposure to any one counterparty, asset class, industry or region.

It is difficult to see how the above requirements could be applied to outstanding premiums owed by policyholders. As a general rule, receivables from policyholders are analysed on an aged basis and credit control issues are managed accordingly. This method has served the industry well over a long period of time.

ICA recommends that APRA removes “policyholder” from the definition of counterparty in the standard.

Paragraph 5 – Matters to be included in the RMS

ICA response

ICA believes that the requirement for such detail is unnecessary. As stated above, the RMS should be a high level strategic document. If APRA insists on listing these requirements then it should be as recommended good practice.

4.5 GGN 220.5 – Operational Risk





Paragraph 8, 11 and 13 – Matters to be included in the RMS

ICA response



(a) Paragraphs 8, 11 and 13 should be deleted; or

(b) The opening sentence of each of these paragraphs should be amended to read:


4.6 GGN 220.6 – Insurance Risk



Paragraphs 8, 11, 13, 14 and 16 – Matters to be included in the RMS

ICA response



(a) Paragraphs 8, 11, 13, 14 and 16 be deleted; or

(b) The opening sentence of each of these paragraphs should be amended to read:




4.7 GPS 221 – Outsourcing

Draft outsourcing requirements are set out in draft GPS 221 and draft GGN 221.1. ICA acknowledges the risks that certain outsourcing activities can pose to the prudential standing of authorised insurers. ICA agrees that the supervision of outsourcing arrangements is an important part of prudential regulation.

4.7.1 Related Party Transactions

There is major industry concern, however, around the way that the outsourcing requirements are to be applied to intra-group or related party transactions, which ICA views as significantly less risky than those with third parties.

ICA understands that the provisions in GPS 221 were designed based on the ADI Outsourcing Prudential Standard (APS 231) and that these provisions have not to date caused significant concerns for Banks. ICA is of the view that the ADI Outsourcing is in fact a more workable Prudential Standard.

Although the obligations in the draft GPS 221 and those in the ADI Outsourcing Prudential Standard are in some respects similar, APRA’s approach overall in relation to the General Insurance Draft Prudential Standard is more prescriptive than the approach it adopted in relation to the ADI Outsourcing Prudential Standard. Draft GPS 221 has a wider scope of application than the ADI Outsourcing Prudential Standard. For example, draft GPS 221 explicitly defines internal audits as “material business activities” for the purposes of the draft Prudential Standard,23 the ADI Outsourcing Prudential Standard does not. Draft GPS 221 has obligations which are not included in the ADI Outsourcing Prudential Standard. For example, draft GPS 221 requires that offshoring arrangements be approved by APRA in advance.24 The ADI Outsourcing Prudential Standard, in contrast, has no equivalent obligation. A list of all the differences between the draft Prudential Standard and the ADI Outsourcing Prudential Standard is provided in the Appendix A.

Another area in which GPS 221 diverges considerably from APS 231 is with respect to the treatment of outsourcing arrangements within a conglomerate. The ADI Outsourcing Prudential Standard applies to all arrangements regardless of whether the activities are outsourced to related or third party entities, but importantly, APRA has “discretion to apply the Prudential Standard in a flexible manner if the outsourcing is to another regulated entity within the group”.25

Under draft GPS 221, APRA does not appear to grant similar discretion.

In considering the issue of intra-group transactions, it is also important to consider the corporate structures of general insurers and banks.

Many, if not most, general insurers operate as part of corporate groups. To achieve economies of scale and other objectives, most groups have stipulated entities within the group that provide service to other entities within the group. Often the general insurance entity is a relatively small component of the total group and its management has very little say in how group services are provided. 23 Draft Standard at paragraph 34. 24 Draft Standard at paragraph 13. 25 ADI Outsourcing Standard at paragraph 3.



The situation with ADI’s can differ in that banks are required to be at the top of their respective corporate structures. The authorised ADI is usually the main operating entity within a group and service providing entities are therefore subsidiaries.

This significant difference in the general corporate structures between banks and general insurers will likely mean that, irrespective of the fact that the General Insurance Outsourcing Prudential Standard is more onerous, its application to intra-group transactions will be significantly different than within the banks.

ICA is of the view that GPS 221 should not apply to intra-group outsourcing arrangements pending the finalisation of the Draft Conglomerates Prudential Standard. The nature of outsourcing arrangements actually affect the level and nature of regulation that may be applied to an unregulated entity with the group under the Draft Conglomerates Prudential Standard, and ICA believes that it would not be appropriate to regulate arrangements with related entities GPS 221 until outstanding regulatory issues are resolved in the Draft Conglomerates Prudential Standard. This should also apply to arrangements with offshore entities, where the supplier is part of the same group.

Refer to specific comments on GPS 221 paragraph 5 under 4.7.6 below.

4.7.2 Transition Arrangements

ICA submits that there should be a reasonable transition time to allow insurers to re-negotiate existing contracts. A reasonable transition time would be in the order of two years.

ICA accepts that it would be appropriate for new arrangements to be subject to the new regime at the time that GPS221 comes into effect.

4.7.3 Definition of “Materiality”

ICA understands that some individual insurers have submitted in their responses to APRA that “material” should be defined. ICA believes that this is a natural reaction to draft Prudential Standards and Guidance Notes that contain mandatory provisions that are invoked on the application of a subjective judgement. In recent discussions with APRA26 it was agreed that a preferable solution would be for the Prudential Standard to make it clear that the judgement of what is or what is not material rests with the insurer. The Prudential Standard should also make it clear that APRA has the last word and can enforce the Prudential Standard or increase an insurer’s MCR. Refer to specific comments on GPS paragraphs 6 – 9 and 21 – 23 under 4.7.6 below.

4.7.4 Specific Comments regarding draft Prudential Standard GPS 221



26 For example – the meeting held between ICA and APRA on 17 August 2005



As discussed in Part 3 of this submission, Prudential Prudential Standards and Guidance Notes perform important, but different functions. Prudential Standards have the status of law and must be strictly complied with by APRA-authorized entities.

Guidance Notes should provide practical advice and suggestions to entities regulated by APRA on how Prudential Standards may be implemented. They should assist different types of insurers with different capital and ownership and differing risk profiles comply with the Prudential Standards in the most appropriate manner. ICA recommends that the draft Prudential Standard should be amended so that the draft Guidance Notes no longer forms part of the draft Prudential Standard.

Paragraph 5 – Responsibility for the outsourced activity remains with the insurer

ICA response

ICA believes that the draft Prudential Standard should be consistent with APS 231 – please refer to comments under 4.7.4 above.

In particular APRA should recognise that arrangements with related entities should be treated differently from those with external suppliers.

(a) ICA submits that intra group arrangements with related entities that are also supervised by APRA represent a lower degree of risk than those with external suppliers. ICA submits that GPS 221 should contain a similar provision to APS 231 that allows APRA discretion in dealing with intra-group arrangement.

(b) Irrespective of whether the service provider is APRA regulated or not, ICA requests that all intra-group arrangements be carved out of the draft Prudential Standard until further development of the regulation of conglomerates has taken place.

At this stage the definition of a corporate group for APRA regulatory purposes has not developed beyond the early discussion stage. It may be that contractual arrangements between parties affects the extent of the “ring fencing” around the insurance group.

ICA understands APRA’s desire that such arrangements are properly managed, but requests that further time be given so that the regulation of intra group outsourcing arrangements can be developed in line with the larger issue of the regulation of corporate groups.

Paragraphs 6 – 9 – Materiality

ICA response

ICA recommends that the draft Standard make it clear that the interpretation of “material” rests with the insurer, but that APRA has overriding powers. Therefore it is recommended that paragraphs 6 – 9 be deleted and that paragraphs 21 – 23 be amended to reflect this position.



Paragraphs 21 – 23 – Outsourcing policy

ICA response

Please refer to ICA’s response to paragraph 6 – 9 above and to the discussion of major points under 3.6 above.

ICA accepts the proposition that responsibility for deciding whether an arrangement is material rests with the regulated insurer. ICA also recognises that APRA has the power to disagree with an insurer’s judgement and that APRA has the following remedies:

(a) Give the insurer the option of amending the contractual arrangement to bring it into line with APRA requirements or require that the arrangement be terminated.

(b) Require that the insurer increase its MCR by increasing the capital charge for operational risk.

Paragraph 24 – Risk management framework

ICA response

ICA has no issue with any of the points raised, but strongly believes that the requirement is too prescriptive. APRA’s prudential regulation of outsourcing should be principles based; APRA’s role should be to satisfy itself that each insurer is managing its own risks appropriately.

Paragraph 26 – Outsourcing agreement

ICA response

ICA has no issue with any of the points raised, but strongly believes that the requirement is too prescriptive. APRA’s prudential regulation of outsourcing should be principles based; APRA’s role should be to satisfy itself that each insurer is managing its own risks appropriately.

Paragraph 28 – APRA access to service providers

ICA response

Refer also to GGN 22.1.1 paragraphs 17 and 20.

ICA does not believe that this requirement is justified or reasonable:

(a) It gives APRA powers more akin to a law enforcement agency;

(b) It is not known whether service providers would accept such a requirement.

If APRA insists upon this provision it should clearly set out the circumstances in which the power would be used – this should only be for critical breaches of a material outsourcing arrangement.



Paragraph 30 – Monitoring the outsourcing relationship

ICA response

ICA has no issue with any of the points raised, but believes that by mandating these minimum criteria APRA is being excessively prescriptive. If APRA believes that describing the resources required would be of assistance to insurers, then they should be cited in GGN 221.1 as recommended good practice.

Paragraph 31 – Problems with and termination of an outsourcing arrangement

ICA response

Paragraph 31 requires that an insurer must advise APRA of any significant problems arising from a material outsourcing arrangement and that before terminating such an arrangement the insurer must provide reasonable notice to APRA, together with a report on the impact of the termination.

This requirement is an example of regulatory overload referred to in 3.1 above, whereby APRA is projecting itself into a management role.

ICA reiterates that it believes APRA’s role is to regulate – not become part of the decision making process.

Insurers are already required to develop exit strategies as part of the BCM process. ICA therefore considers that any requirement to give APRA notice before taking any necessary action is an unwarranted restriction on an insurer’s ability to take timely action if required.

It is suggested that the paragraph be amended to provide that where a material outsourcing arrangement is terminated then the insurer should notify APRA within a reasonable time frame, including reasons for the termination and alternative action taken.

Paragraph 32 – Audit

ICA response

ICA considers that the requirement that the audit function covers “any” outsourcing arrangement to be excessive. ICA does not believe that APRA should be mandating the scope of audits but if APRA insists on doing so then the materiality of the arrangements should be taken into account.

4.8 GGN 221.1 – Managing Outsourcing Arrangements

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to outsourcing and that it has no legal status or legal effect whatsoever.




Paragraph 4 – Role of the Board

ICA response

ICA believes that 4 (d) is an example of APRA’s tendency to force Boards into a management role, as discussed under 3.3 above. This item should be transferred to paragraph 5.

Paragraphs 9 – 27 – Managing outsourcing arrangements

ICA response

ICA agrees that the matters raised in paragraphs 9 – 27 may well represent good business practice, but does not accept that APRA should be mandating such procedures. If APRA wishes to cite these details they should be recommended as examples of good practice.

4.9 GPS 230 – Reinsurance Management

The reasons for APRA’s requirements in this Prudential Standard are understood, however, in many instances long standing claims are being recovered from reinsurers even where proper documentation does not exist. In such cases where the reinsurer has agreed to accept liability and make payment, ICA believes that the estimated recovery should be allowable for capital adequacy purposes, even where full documentation does not exist.




Guidance Notes should provide practical advice and suggestions to entities regulated by APRA on how Prudential Standards may be implemented. They should assist different types of insurers with different capital and ownership and differing risk profiles comply with the Prudential Standards in the most appropriate manner. ICA recommends that the draft Prudential Standard should be amended so that the draft Guidance Note no longer forms part of the draft Prudential Standard.

Paragraph 4 – Compliance may be on a group basis

ICA response

ICA supports the concept of a REMS applying to the corporate group.

Paragraph 10 – REMS

ICA response

Reference is made to previous comments regarding the large number of matters regarding APRA approval, or that need to be referred or submitted to APRA, refer Appendix C.



If APRA insists that annual approval of an insurer’s REMS is essential, then ICA recommends that the wording of GPS 230.10 be amended to:

“An insurer must at all times have a REMS that has been approved by its Board and by APRA.

An insurer must review its REMS at least annually or more frequently if required; (eg where there is a material change to the insurer’s business that requires APRA’s approval) to ensure that it accurately documents the insurer’s reinsurance management framework and that the framework itself is satisfactory. The insurer’s Board must approve the REMS at least annually or more frequently if it changes as the result of an interim review.

An insurer must submit its REMS to APRA for approval within ten working days of it being approved by the Board”.

Notwithstanding the recommended wording above, the requirement that an insurer must “review and amend its REMS at least annually” may be problematic if APRA requires review within 365 days of the preceding review. Given the variance in Board dates from year to year, that will not always occur within a year of the preceding review. ICA submits that a review of its business plan a reasonable time prior to the commencement of the financial year to which it relates is a more appropriate response.

Paragraph 16 – Matters to be included in the REMS

ICA response

ICA fully supports the concept that each regulated insurer should have an adequate and robust REMS. However, ICA does not believe that such a list of mandatory items is necessary.

APRA’s role should be to ensure that each insurer has an appropriate strategy; the details of that strategy could be discussed with each insurer.

ICA therefore recommends that this paragraph be deleted. If APRA believes that the items mentioned would be of use to insurers then they should be cited as examples of good practice in GGN 230.1

Paragraphs 18 and 21 – Reinsurance arrangements statement

ICA response

Paragraphs 18 and 21 require that an RAS should be submitted to APRA on an annual basis and that APRA be advised of amendments. This requirement assumes that a cedant insurer’s reinsurance treaties all incept and renew on a common date. In fact this is not the case.

ICA therefore recommends that APRA allow some flexibility; for example updated RAS after major renewal dates, or twice a year – say as at 30 June and 31 December.

ICA understands that by “reinsurance arrangements” APRA means treaties and not facultative placements. This should be clarified.



Paragraph 20 – RAS and REMS

ICA response

Please refer to discussion of major items under 3.7 above. Insurers would find it difficult to finalise their reinsurance arrangements and thus complete their RAS if APRA had not already approved the latest version of the REMS. If APRA insists on approving a certain aspect of an insurer’s operations, for example the REMS, then it must guarantee a response, approval or otherwise, within a minimum timeframe.

Paragraph 25 – Two months reinsurance declaration

ICA response

It is suggested that paragraph 25 be amended to make it clear that facultative placements are not covered by this requirement.

4.10 GGN 230.1 – Reinsurance Management Strategy

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to reinsurance management and that it has no legal status or legal effect whatsoever.


Paragraph 4 – Systems for selecting reinsurance arrangements

ICA response

(a) ICA submits that APRA should not be mandating this level of detail and should be concerned that each regulated insurer has an adequate strategy in place.

(b) 4 (d) states that APRA may require an insurer’s reinsurance counterparties to meet a minimum standard based on the ratings of an external rating agency. ICA is concerned that APRA does not specify the circumstances when it would impose this requirement. ICA also questions the need for APRA to involve itself in this process, given that the risk based MCR allows for such a variance in risk.

4.11 GGN 230.3 – Limited Risk Transfer Arrangements

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to reinsurance management and that it has no legal status or legal effect whatsoever.




ICA response

ICA understands the need to regulate such products. ICA makes the following general comments:

(a) APRA’s criteria for assessing such arrangements should encompass the time value of money and the usual multi year nature of such arrangements.

(b) If APRA approves such a contract as being reinsurance, then it should be available for an insurers’ MCR calculation.

Paragraph 2 – Characteristics of limited risk transfer arrangements

ICA response

ICA is concerned that, on the one hand, the definition of such products has been left open so that what may or may not constitute a limited risk transfer arrangement depends upon the circumstances of each case.

On the other hand, the condition set out in 2 (a) and 2 (b) are characteristics found in many normal reinsurance arrangements.

ICA has no definition to offer at this stage, but recommends that consultation between APRA and the industry continue so that a better definition may be reached.

4.12 GPS 310 – Audit and Actuarial Reporting and Valuation




Guidance Notes should provide practical advice and suggestions to entities regulated by APRA on how Prudential Standards may be implemented. They should assist different types of insurers with different capital and ownership and differing risk profiles comply with the Prudential Standards in the most appropriate manner. ICA recommends that the draft Prudential Standard should be amended so that the draft Guidance Notes no longer forms part of the draft Prudential Standard.

Paragraph 33 – Approved Auditor or Actuary to provide information to APRA

ICA response

ICA does not believe that APRA should approach the Approved Auditor or Actuary for information. All such requests should be directed to the insurer.



If APRA insists upon maintaining such a requirement, then the circumstances in which it would be used should be clearly set out in the Prudential Standard.

Paragraph 42 – Audit scope

ICA response

ICA understands APRA’s desire to have the items mentioned covered in the audit report, but expresses concern that such requirements add to the increasing regulatory burden and also to the cost of an audit.

Paragraph 43 – Financial Condition Report

ICA response

(a) ICA understands and supports APRA’s insistence on the need for an FCR, but remains concerned at the regulatory burden and cost, particularly on smaller insurers.

(b) There is an inference that actuaries, by their training and skills, are the best persons to provide an objective report. ICA believes that persons trained in other disciplines are equally competent to provide such objectivity.

Paragraph 44 – Scope of the FCR

ICA response

ICA member companies remain concerned that mandatory items in paragraph 44 would be outside of the actuary’s normal experience and expertise.

The Approved Actuary must therefore either spend time acquiring the necessary experience and expertise, which will add substantially to the cost of an FCR, or rely on the advice of others.

This applies particularly to 44 (h) – an assessment of the risk management framework.

Paragraph 47 – Liability Valuation Report

ICA response

ICA submits that the scope of each insurer’s LVR be left to the insurer and the competence of the Approved Actuary and the Review Actuary. APRA’s role should be to ensure that each regulated insurer has appropriate methodologies in place.

In particular sub paragraph 47 (g) requires that the LVR include an indication of the uncertainty in the estimate of a standard deviation above the mean. The standard deviation itself is a measure of the uncertainty of the mean. To require the LVR to indicate the uncertainty of the uncertainty belies the spurious accuracy that any indication would involve.



Paragraph 58 – Peer review

ICA response

ICA understands and supports the need for independent peer review, but is concerned at the regulatory burden and cost.

ICA submits that a peer review should be limited to methodologies and assumptions – not an exhaustive check of calculations.

Paragraph 61 – Who may be a reviewing actuary

ICA response

It is noted that APRA would approve a reviewing actuary from the same firm as the Approved Auditor. At the time of preparing this submission it was not clear that such an appointment would satisfy CLERP 9 and Institute of Actuaries requirements. ICA understands that discussions between the IAA and leading audit firms have taken place in an effort to resolve this issue.

4.13 GGN 310.1 – Financial Condition Report

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to audit and actuarial reporting and valuation and that it has no legal status or legal effect whatsoever.


Paragraph 28

ICA response

ICA submits that the requirement in paragraph 28 of Guidance Note GGN 310.1 that the Approved Actuary, “comment on the adequacy, rigour and discipline of the process around documentation and placement of reinsurance arrangements, having regard to the ability and certainty of the insurer to claim reinsurance recoveries around these arrangements,” is an audit requirement and therefore more appropriate for the Approved Auditor. This is also covered by the requirements of REMS and implicitly in the actuaries’ consideration of reinsurance recoveries to be recognized against gross claims.

4.14 GGN 310.2 – Liability Valuation Report

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to audit and actuarial and valuation and that it has no legal status or legal effect whatsoever.




Paragraph 26 – The risk margin

ICA response

Paragraph 26 indicates that risk margins are to be calculated on a gross basis with adjustments to be made for the uncertainty relating to recoveries. In fact, risk margins are offsetting so that recoveries (particularly reinsurance) actually reduce the overall volatility. Risk margins only make sense on a net basis. The current wording may imply that separate gross and reinsurance margins are required. ICA request clarification of this point.

Paragraph 39 – Estimation of reinsurance recoveries

ICA response

ICA requests APRA clarification as to the interpretation of this paragraph.

Paragraph 39 starts from the position that there is an initial assumption of 100% recoverability. If the actual position is anything less than that, it is not clear whether an insurer’s assets should be reduced or whether the assets remain but a “doubtful debt” provision has to be created.

ICA is also concerned re the position of recoveries against a claim that may have occurred many years previously. There may not be adequate documentation of reinsurance treaty that is no longer in force, but the reinsurer may be willing to admit liability and pay claims as required. Surely the emphasis should be on recoverability, not the documentation process, particularly for past arrangements.

Paragraph 40 – Estimation of reinsurance recoveries

ICA response

In relation to paragraph 40, it will be practically very difficult for general insurers to break down reinsurance recoveries into those that derive from documented arrangements on the one hand and those that derive from non-documented arrangements on the other. This will be the case particularly for non-proportional covers.

It is submitted that after the first sentence, a new sentence must be inserted such as “In providing this advice the Approved Actuary must consider the materiality of the reinsurance recoverables”.

Paragraph 41 – Estimation of reinsurance recoveries for the calculation of premium liabilities

ICA response

ICA notes that it is harsh not to allow a transitionary period, as has been done for MCR and MER purposes. It would seem reasonable that recoveries should be based on the level of documentation that could reasonably be expected for future arrangements.



Paragraph 43

ICA response

ICA assumes that “non-reinsurance recoveries”, referred to in paragraph 43, include future Input Tax Credits and Decreasing Adjustments. It would assist to have that point clarified.

5 Comments on Prudential Standards and Guidance Notes

5.1 Governance

As noted above, when the Prudential Standards on Corporate Governance were first released by APRA as part of their November 2003 discussion paper, ICA, together with other industry groups, argued strongly that regulation in this area belonged under ASIC. Recognising that APRA had a strong view that it should remain in this area, and accepting that certain provisions under ASIC did not apply to all financial institutions, industry called on APRA to adopt a flexible “if not, why not approach and to develop a Prudential Standard that “mirrored” the provisions under ASIC and the ASX.

ICA recognises that APRA has made genuine concessions in the draft Prudential Standard as compared to the November 2003 Discussion Paper. Nevertheless, ICA notes that APRA has not adopted an “if not, why not” approach and has opted instead for a highly prescriptive basis.

ICA believes that many of APRA’s proposals could be improved by the adoption of a more flexible approach. ICA also notes that the uncertainty regarding the governance of branches of foreign insurers is causing such branches concern; ICA requests that APRA should issue specific requirements for foreign insurers as soon as possible.

Implementation and Transition

ICA notes that general insurers have indicated that they will have to achieve some or all of the following in that three-month period:

• Prepare or update their Board Charter to ensure it complies with APRA requirements including roles, responsibilities, authorities and tenures;

• Document the competencies including financial expertise and others listed by APRA as required for each member of the Board to the extent that it has not already been done;

• Review their Board to ensure that member composition is compliant. If it is not, the insurer will have to negotiate the removal of member(s), and recruit new Board members;

• Apply to APRA for a waiver if their chairperson has been the CEO of an insurer in the last three years;

• Update their Board Audit Committee Charter to include oversight of APRA reporting and other listed requirements.



• Assess whether the current systems in place ensure Audit functions and Auditor independence are aligned with requirements;

• Prepare or update the procedures in place for Board and senior management performance;

• Set up new processes for assessing Board and senior management against outcomes;

• Prepare or update the Board renewal policy;

• Review and renegotiate all current employment contracts and also redesign new contracts for employees, consultants, and other contractors to ensure that they allow for disclosure of information to APRA; and

• Seek any consents that may be required for the purposes of compliance with privacy laws.

ICA believes that APRA should provide a longer, staged approach to allow companies to implement these requirements.

5.2 GPS 510 Governance

The following are ICA’s comments on individual paragraphs of the governance draft Prudential Standard.

Paragraph 3 - Application to branches

Foreign general insurers (foreign insurers) have to comply with only those provisions of this Prudential Standard which specifically indicate that they apply to foreign insurers. None of the obligations imposed by this Prudential Standard, on or in relation to foreign insurers, apply in relation to insurance business carried on outside Australia by the foreign insurer.

ICA seeks clarity on how this Prudential Standard will be applied to Branches.

ICA recognises that Branches will be included in these requirements. However, the governance requirements of branches have not yet been defined. An example of this is whether a Compliance Committee will be required and, if so, the requirements for it and any sub committees responsible to it. ICA requests that these matters be clarified as soon as possible, so that ICA and the insurance industry can consider issues in their entirety.

Paragraph 4 – Principles

ICA recommends that this section be removed from the draft Prudential Standard.

ICA supports these principles. However, as discussed in Part 3 of this submission, Prudential Standards have the status of law and must be strictly complied with by APRA-authorized entities. As such, it is not appropriate that they be part of the Prudential Standard.

Paragraph 5 - Minimum requirements



This Prudential Standard sets out the minimum requirements that insurers (including foreign insurers, where relevant) must meet to ensure adequate adherence to these principles. In addition, insurers should review the ASX Corporate Governance Council’s Principles of Good Corporate Governance and Best Practice Recommendations for further guidance on what is deemed to constitute good practice.

ICA believes that APRA’s minimum requirements exceed the ASX Good Governance Principles. APRA should justify why they wish to go beyond current regulatory requirements.

ICA notes that in some instances APRA requirements exceed ASX good governance principles as set out in Appendix A. ICA believes APRA should not go beyond those of the Corporations Act and ASX Guidelines. To date, APRA has not provided any arguments to demonstrate why it needs to go beyond current regulatory requirements in these areas. ICA strongly believes that as a rule additional regulation should not be done without first carefully considering the whole of the regulatory environment.

Paragraph 6 - Board responsibility to policyholders

When setting policies and making decisions in respect of the insurer, the Board must have regard to the interests of policyholders at all times.

ICA believes while it is a worthy corporate objective, however, it should not be a mandatory requirement. ICA recommends that this section should be removed.

ICA notes that life insurance companies have a duty to give “priority” to policyholders, but the duty arises in very specific circumstances. In the investment, administration and management of a statutory fund, a life insurance company must give priority to the interests, as a group, of owners and prospective owners of policies referable to the fund (s32 of the Life Insurance Act 1995). Accordingly, a director of a life insurance company has a duty to the owners of policies referable to a statutory fund (s48 (1) Life Insurance Act 1995). These provisions set up a duty and give priority to the interests of policyholder in the event of a conflict, but only to protect the interests of policies referable to a statutory fund.

ICA suggests that the current drafting of the clause is in direct conflict with section 181 of the Corporations Act. As it is drafted, conflicts could arise including the following examples:

• An authorised insurer might declare the payment of a dividend, either externally or to a parent. This would undoubtedly reduce equity and technically leave policyholders worse off. However, so long as the insurer retains capital in excess of its MCR in accordance with its capital management plan, then such a payment should be regarded as perfectly normal.

• The conflicting decision making parameters in the case where the policyholder’s interest, which might be confined to a twelve-month period, but yet directors are obligated to ensure that the company is soundly managed for the long term.

• In the case of liability, workers compensation and motor vehicle compulsory third party insurance, the injured party is not the policyholder but a third party whose interests may substantially differ from those of the policyholder.



Paragraph 7 - Evidence of board’s oversight

This Prudential Standard sets out the minimum requirements that insurers must implement in this regard. However, adherence to them is not in itself sufficient; they must be considered in the context of the risk profile of the insurer. The Board of an insurer must be able to demonstrate that it provides pro-active knowledgeable guidance to, and oversight of, the business of the insurer, in conjunction with senior management.

ICA believes that setting out a minimum requirement should be sufficient. This section should be removed.

ICA does not feel it is reasonable that a Prudential Standard indicates that an insurer could fulfil the requirements, but still not comply. In ICA’s view, APRA already has at its disposal the MCR system introduced in 2002 which includes the PAIRS and SOARS systems that allows it to evaluate risk and adopt the appropriate degree of regulatory supervision. APRA has the ability and power to adopt a firmer stance with any regulated entity that it perceives is not complying with its standards by increasing the insurer’s capital charge for operational risk and thus requiring a higher MCR. As such, this provision does not achieve APRA’s intention of indicating that some general insurers may be held to a higher level of compliance. Instead it places all companies at risk of being non-compliant by undermining the concept of minimum standard.

ICA would also appreciate clarification as to how a Board can demonstrate these oversight provisions. Further, what process is APRA intending to take to determine this, and what measures will be taken if APRA believes the Board is deficient in its duties?

Paragraph 11 - Residency requirement

Senior management of the insurer (including a foreign insurer), responsible for the business in Australia, must ordinarily be resident in Australia.

ICA recommends that APRA indicate in this paragraph that resident does not imply residency.

Some companies have interpreted this section to mean that senior management must not only ordinarily reside in Australia, but must also be “Australian Residents”. Discussion with APRA indicates that this is not the intention of the section. ICA recommends that APRA clarify its position.

Paragraph 12 - Availability to meet with APRA

Members of the Board and senior management (including senior management of a foreign insurer) must be available to meet with APRA on request.

ICA recommends that “on request” be replaced with “at a mutually agreed time”.

ICA believes meetings with APRA should be made at a mutually convenient time. The inclusion of the term “on request” implies a mandatory meeting time designated by APRA, which is neither practical nor flexible for the general insurer.



Paragraph 16 - Conflicts of interest

Directors of insurers must avoid conflicts of interest, or perceived conflicts of interest, between their role as a director of the insurer and their other activities and commitments. Where an actual or potential conflict of interest arises, the director must inform the Board and remove themselves from any discussions or decision-making with respect to matters where there is such a conflict or potential conflict.

ICA believes that the Corporations Act sufficiently governs conflicts of interest. ICA recommends that APRA remove this section.

ICA believes that this requirement exceeds current regulations, and is inconsistent with section 195 of the Corporations Act. The Corporations Act holds that:

(1) A director of a public company who has a material personal interest in a matter that is being considered at a directors’ meeting must not:

(a) be present while the matter is being considered at the meeting; or

(b) vote on the matter.

(2) The director may be present and vote if directors who do not have a material personal interest in the matter have passed a resolution that:

(a) identifies the director, the nature and extent of the director’s interest in the matter and

its relation to the affairs of the company; and

(b) states that those directors are satisfied that the interest should not disqualify the director from voting or being present.

It is unclear why APRA has decided it is necessary to impose requirements that are more stringent than those imposed under the Corporations Act, nor is it clear how the imposition of those requirements is consistent with APRA’s stated aim of “allowing institutions to manage conflicts of interests on a case-by-case basis”.27

ICA believes the Board should have the power to determine whether a director will need to be excluded in a given situation. Such stringent requirements could act to deny the Board proper discussion, which would be benefited most by Board members with personal understanding of the issue. Merely having a conflict of interest is not enough to ban a director from all related discussions. Boards already have in place appropriate procedures to determine the materiality of the conflict. ICA suggests that the question of a director’s participation should be left to the discretion of the other Board members.

Paragraph 17 - Definition of non-executive director

A non-executive director is a director who is not employed or retained by the insurer or any related bodies corporate, either directly or indirectly, whether by normal employment means, by contractual arrangement, or otherwise, and has not been so at any time during the previous three years. (Note the limited exception in paragraph 33.) 27 See page 9 of the Governance Guidance Note.



ICA recommends that APRA adopt ASX definition of a non-executive director.

If APRA choses not to adopt the ASX Guidelines definition, ICA seeks clarity on whether the definition is meant to exclude board members of subsidiaries from being eligible for non-executive places on the Board. ICA also seeks clarification of “not employed or retained” in the context of Board Sub Committees of the insurer or related companies”. ICA would also like to note that the three-year provision is not contained in the ASX best practice guidelines. APRA should justify why this limitation is required.

Paragraph 23 - Cooling off period for CEO

The chairperson of the Board cannot have been the CEO of the insurer at any time during the previous three years. If the position of the CEO is unexpectedly vacated, the chairperson may serve as an interim CEO. After a period of 90 days approval must be sought from APRA to allow this arrangement to continue.

ICA recommends that APRA explicitly adopt flexibility in this requirement to allow insurers to make a case for exemption from this provision.

ICA understands the principle behind this proposal, but believes that APRA should allow some flexibility. It is suggested that any proposal to appoint a chairperson who has been a CEO within the last three years should be subject to APRA’s approval. However, ICA would prefer that APRA use discretion when making these types of decisions, as there may be cases where a shorter time period would be acceptable.

Paragraph 24 – Foreign insurer availability for APRA meeting

For foreign-owned locally incorporated insurers, the chairperson must be available to meet with APRA, in Australia, if so required by APRA. ICA recommends that “on request” be replaced with “at a mutually agreed time”.

ICA believes meetings with APRA should be made at a mutually convenient time. The inclusion of the term “on request” implies a mandatory meeting time designated by APRA, which is neither practical nor flexible for the general insurer.

Paragraph 25 - Board member requirements

There must be at least one independent non-executive director on the Board who has financial expertise (i.e. the person is a qualified accountant or other finance professional with experience of financial and accounting matters).

ICA recommends that this requirement be aligned with ASX Principles of Good Corporate Governance, and that any definition of “finance expertise” be aligned with the definition determined by ASIC’s current review.

ICA broadly regards this paragraph as being overly prescriptive. APRA’s objective should be to ensure that the Board as a whole has the necessary range of skills, including financial expertise.

ICA also notes that the “Finance expertise” is a definition that is currently being reviewed by ASX.



ICA emphasises that APRA must continually liaise with ASX to ensure consistency in definition and intent.

Paragraph 30-31 - Board representation

Board representation must be consistent with an insurer’s shareholding. Where a shareholding constitutes not more than 15% of an insurer’s voting shares there should not be more than one Board member who is an associate of the shareholder where the Board has up to six directors, and not more than two Board members who are associates of the shareholder where the Board has seven or more directors. A director is taken to be an associate of a shareholder for the purposes of this clause, if the director is an “associate” of the shareholder, or the shareholder is an “associate” of the director, according to the definition of “associate” in clause 4 of Schedule 1 of the Financial Sector (Shareholdings) Act 1998. That definition is to be applied for the purposes of this clause as if subparagraph (1)(l) of that definition were omitted.

Where an individual shareholding is greater than 15%, as approved under the Financial Sector (Shareholdings) Act 1998, the Board representation of that shareholding can be proportional to the actual shareholding, but should not be greater than its proportionate shareholding.

ICA recommends that this requirement mirror the ASX Guidelines Principle in order to avoid the Prudential Standard becoming excessively complex.

ICA recommends that APRA align these standards with those of ASX Guidelines Sections 2 and 10. The Guidelines set out principles for ensuring that a balanced Board is established without placing an undue level of prescription on the industry. If APRA’s concerns are regarding the undue influence of stakeholders, then APRA should require a copy of the Code of Conduct such as the one that is set out under Section 10 of the ASX Principles of Good Corporate Governance.

It should further be recognised, that in limited cases paragraphs 30 and 31 could produce conflicting outcomes. For example, where a Board comprises seven directors:

(a) Paragraph 30 allows two associates of a shareholder owning up to and including 15% to be directors; however,

(b) If the shareholding were greater than 15%, paragraph 31 would not allow for two such directors until the shareholding exceeds approximately 28.6%.

Paragraph 37–40 - Corporate groups

Where an insurer is part of a corporate group (group), the Board of the insurer must have regard to the potential impact of the operations of entities in the group on the insurer.

(a) Is inconsistent with the prudent management of the insurer; or

(b) Will adversely affect the solvency of the insurer; or

(c) Will adversely affect the ability of the insurer to meet its obligations to policyholders.

If the insurer is at the head of the group then it must have regard to the impact of the operations of member entities of the group on APRA-regulated institutions within the group. The Board must ensure that the insurer does not engage in activities that support other group members to the detriment of the insurer.



More generally, the Board of an insurer must not act in the interests of another group. To avoid doubt, this paragraph applies even if the insurer’s constitution expressly authorises the Board or individual directors to act in the interests of another group member.

Member if the Board knows, or has reasonable grounds to believe, that doing so:

The Board of an insurer must exercise oversight of subsidiary entities as well as any dealings between the insurer and group entities. Where group policies or functions are utilised by the insurer, the Board of the insurer must ensure that these policies and functions give appropriate regard to the insurer’s business and its specific requirements.

ICA recommends APRA remove this section. ICA believes it is important that Corporate Groups not be subject to regulation that may conflict with the final decisions of the Conglomerate Prudential Standard.

ICA believes that in a large complex group, where the authorised insurer may play a minor role, that it is unreasonable to expect the insurer’s directors to be fully aware of the operations of the other entities. ICA understands APRA’s intent, but believes that the wording does not recognise the issue facing corporate groups. For example, a payment of a dividend by an insurer to its parent might adversely affect the insurer’s solvency, whilst still leaving its MCR above APRA’s minimum in the group. ICA urges APRA not to regulate on Corporate Groups before the Conglomerates Prudential Standard has been finalised.

ICA questions the degree of materiality involved. Is it APRA’s expectation that directors are supposed to be aware of every intra-group transaction even those that do not involve the licensed insurer?

Paragraph 50 – Role of Board Audit Committee

Board Audit Committees play an important role in establishing, maintaining and developing the control systems and compliance culture within an insurer. The Board Audit Committee should generally assist the Board in providing an objective non-executive review of the effectiveness of the insurer’s financial reporting and risk management framework.

ICA recommends that the Section deletes “play an important role in establishing, maintaining and developing the” and replace it with “has an oversight role in ensuring appropriate policies are in place to manage…”

ICA believes there is a clear delineation between the Board and management. The requirements should reflect those differences rather then blur them. The Board is responsible for ensuring that an appropriate policy is in place to manage compliance and has oversight of its implementation, including promotion of a sound compliance culture. However, APRA appears to suggest the Audit Committee has a direct role in the establishment, maintenance and development of the Insurer’s control systems. This is generally considered to be the responsibility of senior management, with the role of the Audit Committee limited to the important area of oversight. This further appears to impose obligations on the Board and its Audit Committee that would otherwise be delegated to management and should be reconsidered, in light of the separation between these two roles.



Paragraph 55 – Board Audit Committee expertise

All members of the Board Audit Committee must be financially literate, and at least one member must have financial expertise.13 Some members of the Board Audit Committee should also have expertise in the industry.

ICA believes that the meaning of the term “expertise in the industry” is unclear. ICA recommends that APRA does not make this a requirement under the Prudential Standard.

If having “expertise in the industry” requires some direct involvement in the industry through, for instance, an executive role in an insurer or a position with a regulator, the requirement that there be two such non-executive directors on the Board Audit Committee (assuming that the term “some members” means two or more members) could be very limiting. In particular, it is doubtful whether there are sufficient competent non-executive directors available to Australia’s general insurers, which have such expertise. If having “expertise in the industry” includes expertise as a non-executive director of an insurer, an issue arises as to the level of expertise required (ie. by definition, all directors of an insurer will have some such expertise). We submit that this requirement should be clarified and posed as a preferential rather than a prescriptive requirement.

Paragraph 59 – Oversight of audit functions

The Board Audit Committee must ensure the adequacy and independence of both the internal and external audit functions.

ICA believes that the CLERP 9 Standard of being “reasonably satisfied” should be used instead on “ensured”.

APRA should justify why it is necessary to go beyond the CLERP 9 Standard. ICA believes that to “ensure” adequacy and independence may be impossible to comply with. The CLERP 9 requirement of being “reasonably satisfied” with reasons given would be more appropriate. APRA also needs to clarify the requirements for local branches of foreign insurers.

With regard to Auditors, APRA should be aware that the requirement for the Audit Committee to be responsible for the appointment of the Insurer’s auditor could create complications in some instances. In particular, foreign-owned Insurers may have an audit firm appointed for the Group as a whole, so the local Insurer will not be able to select the audit firm. However, it will ordinarily be able to approve the particular audit partner responsible for the local audit and the Prudential Standard should clarify that this is the appointment referred to in the Prudential Standard in such situations.

Paragraph 61 - Responsibility to employees

The Board Audit Committee should establish and maintain policies and procedures for employees of the insurer to submit, confidentially, information about accounting, internal control, compliance, audit, and other matters about which the employee has concerns. The committee should also have a process for ensuring employees are aware of these policies and for dealing with matters raised by employees under these policies.

ICA recommends that “establish and maintain” be replaced with “review the effectiveness of management’s”, and that “also have” be replaced with “ensure there is”.



ICA believes there is a clear delineation between the Board and management. The requirements should reflect those differences rather then blur them. ICA believes that establishing and maintaining policies and procedures is the role of management – not the Board or a Board Committee. The role of the Audit Committee should be to review the effectiveness of management’s policies and procedures. The requirements should reflect these differences in duties.

Paragraph 63 – Auditor and Actuary involvement

The Board Audit Committee must invite the insurer’s Approved Auditor and Approved Actuary to meetings of the committee. The Approved Auditor and Approved Actuary must be given unfettered access to the committee to ensure that they can freely raise matters with the committee without reference to other directors or senior managers of the insurer.

ICA recommends that “must” be replaced with “should consider inviting”, that “relevant” be inserted before “meetings”.

ICA believes that the requirement that the Approved Auditor and Approved Actuary must attend all meetings is unnecessarily prescriptive and should be deleted. Access can be provided without having to ensure that these individuals attend all meetings. Consideration should be given to the costs that would be associated with this requirement as general insurers often move meetings to various cities throughout the year.

Paragraphs 66– Board Risk Committee

The Board Risk Committee should be responsible for formulating the risk strategy of the insurer, for determining policies that ensure the strategy is adhered to, and for monitoring adherence to those policies.

ICA recommends that this section be replaced with “The Board Risk Committee should provide oversight for the risk strategy of the insurer. The Committee should review whether there are policies in place that ensure adherence to this strategy and that there is a monitoring process in place.”

ICA believes there is a clear delineation between the Board and management. The requirements should reflect those differences rather then blur them. ICA believes that the establishment and maintenance of policies and procedures is the role of management – not the Board or a Board Committee. The role of the Risk Committee should be to review the effectiveness of management’s policies and procedures.

Paragraph 67 – Board Risk Committee composition

The Board Risk Committee should have at least three members, all of whom should be non-executive directors of the insurer.

ICA queries why it is proposed that executive directors cannot be members of the Risk Committee, as compared to the specific exclusion in paragraph 52. Is it APRA’s intention to keep these persons from acting in these roles as well?



Paragraph 68 – Merging committees

If the Board Risk Committee does not have any decision-making capacity with respect to particular transactions of the insurer, or its group, then it may, with APRA’s approval, be combined with the Board Audit Committee. ICA recommends that APRA replace this provision with “An insurer may combine their Board Risk Committee and their Board Audit Committee.”

If APRA does not alter their position, then ICA recommends that APRA clarify what they deem to be “decision-making capacity with respect to particular transactions”.

ICA supports the decision that some general insurers be able to combine their committees. ICA believes that APRA has not provided sufficient justification for why the two committees cannot be combined. Insurers should be able to make decisions on their corporate governance structures without APRA approval.

If APRA does not alter their position, then APRA should define what types of decisions would keep insurers from being able to request approval to be exempt from having to separate committees.

Paragraph 73 - Auditor independence

It is the responsibility of the Board (and the senior officer outside Australia with delegated authority from the Board in the case of a foreign insurer) to ensure that the auditor, who undertakes work for the insurer (or foreign insurer) in relation to the Insurance Act, the Prudential Standards, or the Reporting Standards, is independent of the insurer (or foreign insurer), and that there is no conflict of interest situation that could compromise or be seen to compromise the independence of the auditor.

ICA recommends that all references to “the insurer’s auditors” be replaced with Approved Auditor as defined under the Insurance Act.

It should be noted that the reference to “the insurer’s auditors” appears to refer to an audit firm. Presumably this reference should be to the Approved Auditor as defined in the Insurance Act.

ICA would also like to highlight that the requirement to “ensure” independence is onerous and may be difficult to comply with. ICA would prefer the CLERP 9 requirement of being “reasonably satisfied”.

Paragraph 80– Auditor rotation

An individual who plays a significant role in the audit of an insurer (including a foreign insurer) in relation to the Insurance Act, the Prudential Standards or the Reporting Standards, for five successive years cannot continue to play a key role in the audit until at least a further two years have passed, except with the approval of APRA. APRA may grant an exemption from this requirement if the individual provides specialist services that are otherwise not readily available or there are no other registered company auditors available to provide satisfactory services for the insurer.

ICA believes these requirements should mirror the requirements in CLERP 9.

APRA should clearly state that the determination of a “significant role” should be left to the discretion of the insurer.

ICA is concerned that this requirement will result in an unnecessary rotation of senior audit staff with valuable client experience and knowledge.



Paragraph 83 - Board and senior management performance

The Board of an insurer must have in place procedures for assessing the Board’s performance relative to its objectives. It must also have in place a procedure for assessing the performance of individual directors and senior managers. The insurer must be able to demonstrate to APRA application of this policy, including making assessments available to APRA if requested to do so.

ICA prefers that this requirement be consistent with ASIC reporting.

ICA strongly objects to assessment results being given to APRA.

ICA is supportive of general insurers having to have structures in place to assess the board, individual directors and senior managements against respective objectives. ICA strongly objects to the results of these assessments being provided to APRA. The Board is required to notify APRA if they believe an individual may no longer be a fit and proper person. It is not necessary for confidential documents to be provided to APRA in order to confirm this.

APRA should consider that these requests could breach privacy legislation, and may cause the general insurer to breach the rights of the individual in these cases. It is likely that this request may violate both contract law and employee rights. Given the private and confidential nature of such assessment documents, ICA does not believe that they should be made available to APRA. APRA’s role is only to be satisfied that the procedures are in place.

Paragraph 85 - Board renewal

The Board of an insurer must have in place a formal policy on Board renewal. This policy must provide details of how the Board intends to renew itself in order to ensure it remains open to new ideas and independent thinking, while retaining adequate expertise. The insurer must be able to demonstrate to APRA application of this policy, and must provide details of the policy to APRA if requested to do so. ICA recommends that the section be replaced with “The Board of an insurer must have a formal policy on Board renewal. A copy of this policy should be provided to APRA.”

The paragraph implies an obligation on the Board to demonstrate the effectiveness of its renewal policy. APRA should take into consideration that such effectiveness can only be demonstrated over time and, in all cases, any assessment will be purely subjective. It is ICA’s view that APRA’s role is to be satisfied that this policy is in place. It is not to determine content or its functionality. ICA believes this section should only state the requirement, and views on possible content should be provided in a Guidance Note and not in a Prudential Standard, which has the force of law.

Paragraph 88 - Provision of information to APRA

No prospective, current, or former officer, employee, or contractor (including professional service provider) of an insurer (including a foreign insurer), may be constrained or impeded, whether by confidentiality clauses or other means, from disclosing information to APRA, from discussing issues with APRA of relevance to the management and prudential supervision of the insurer, or from providing documents under their control to APRA, that may be relevant in the context of the management or prudential supervision of the insurer. Such persons are not to be constrained from providing information to auditors, the Approved Actuary, and others, who have statutory responsibilities in relation to the insurer.



ICA believes that this section should be reconsidered. It is not possible for employers to retrospectively vary a former employee’s contract. ICA recommends that this provision only apply to current or new employees.

The requirement re former officers, employees or contractors would be impossible to comply with. Any such requirement should only apply to employees and other members of the company who leave the company’s service after these Prudential Standards commence.

6 APRA Fit & Proper ICA recognises that APRA has made genuine concessions in the draft Prudential Standard as compared to early Discussion Papers. ICA appreciates that APRA has moved much of the detailed requirements into the Guidance Note in order to limit the highly prescriptive base of the Prudential Standard. ICA is of the belief that Guidance Notes should provide practical advice and suggestions to entities regulated by APRA on how Prudential Standards may be implemented. They should assist different types of insurers with different capital and ownership and differing risk profiles comply with the Prudential Standards in the most appropriate manner.

ICA still believes that the provisions in the Prudential Standard are too prescriptive especially in the detailing of the processes for determining whether a person is fit and proper. APRA needs to recognise that there is significant regulation regarding Fit and Proper already in place. Some of these provisions are still likely to lead to a checklist approach to fitness and propriety on the part of APRA-regulated entities. It would be advisable that APRA consider instead mirroring those provisions on fit and proper that have been put into place by ASIC.

APRA’s responsibility is to ensure that there is a system in place that allows general insurers to identify whether responsible officers are fit and proper. This is laid out in APRA’s provisions requiring:

• A list of identified responsible officers be provided to APRA;

• A copy of the fit and proper policy be provided to APRA; and

• Information on the approved and appointed fit and proper persons.

ICA believes that these provisions along with a designated process for determining if someone is not fit and proper are sufficient to confirm to APRA that all responsible persons have met the fit and proper requirements. ICA does not believe that APRA needs to provide further detailed requirements as to how a fit and proper person should be approved. APRA also does not need to create an additional burden on the industry by requesting different information than ASIC when notifying appointments. This continues to create a regulatory burden that is unnecessary and is not consistent with the regulatory environment already in place for the general insurers.

Implementation and Transition

ICA strongly supports that there be a suitable transitionary period in order to enable such arrangements to be made in an orderly fashion. It should be recognised that there is a full range of activities associated with the implementation of the governance and the fit and proper Prudential Standards, and that the three-month implementation period currently proposed by APRA is unlikely to be enough for full implementation.



ICA notes that General insurers have indicated that they will have to achieve some or all of the following in that three-month period:

• Prepare or update their fit and proper policy and have it approved by the Board;

• Document the competencies required in respect of each responsible person position to the extent that it has not already been done;

• Train all persons occupying responsible person positions in relation to the fit and proper policy and its application;

• Assess the employment contracts of all persons occupying responsible person positions;

• Seek any consents that may be required for the purposes of compliance with privacy laws;

• Reassess (under the new policy) the fitness and propriety of all persons occupying responsible person positions;

• Set up new processes to assess fitness and propriety under the new policy for new appointments; and

• Identify if any changes are necessary to the regulated entity’s constitution and, if so, make those changes.

These are complex tasks, some of which are likely to require more than three months to complete. ICA requests that a longer implementation time be allowed, or in the alternative, that APRA allows for more flexible implementation arrangements.

ICA feels there has been significant regulatory burden placed on the industry in recent times. With the level of regulatory overlap and legislative inconsistency, there has been a significant level of cost to the industry to ensure compliance. These regulations will add an additional burden to the industry, which will need to be absorbed.

6.1 GPS 520 Fit & Proper Requirements

ICA wants to minimise regulatory burden. ICA continues to believe there is an excessive amount of detail in the provisions, and that no consideration has been given to the high level of cost that will be incurred by companies. It is ICA’s view that many of these requirements are duplicative to those found in the ASIC requirements, however, APRA continues to insist that a person that has been recognised as fit and proper by ASIC is not sufficient for purposes of the APRA Standard.

There continues to be a lack of recognition of the regulatory environment and the requirements already placed on insurers. APRA should recognise that there is a need for consistency and harmonisation across regulators, rather than requiring institutions to reassess fit and proper criteria for each regulator.

The following are ICA’s comments on individual paragraphs of the fit and proper persons draft Prudential Standard and Guidance Note.

Paragraph 1 - Authority



Draft Prudential Standard GPS 520 paragraph 1 states that the draft Guidance Note “forms part of the standard”.

As discussed in Part 3 of this submission, Prudential Standards and Guidance Notes perform important, but different functions. Prudential Standards have the status of law and must be strictly complied with by APRA-authorized entities. Guidance Notes should provide practical advice and suggestions to entities regulated by APRA on how Prudential Standards may be implemented. They should assist different types of insurers with different capital and ownership and differing risk profiles comply with the Prudential Standards in the most appropriate manner. ICA recommends that the draft Prudential Standard should be amended so that the Draft Guidance Note no longer forms part of the draft Prudential Standard.

Paragraph 2(e) and 3 – Responsible persons

ICA recommends that APRA explicitly state that the identification of responsible officers is solely at the discretion of the insurer.

Paragraph 3(e) - APRA nomination of persons in significant role

A responsible person of a foreign general insurer (foreign insurer) is defined for this Prudential Standard as:

(e) any other person whom APRA determines by notifying the foreign insurer in writing being a person whom APRA is satisfied plays a significant role in relation to the management or control of the foreign insurer, or provides services or support for it which are of a prudentially significant nature.

ICA recommends that “prudentially significant services” be removed from the definition.

For small companies, especially those with a mixture of local and foreign staff, if APRA chooses to define significant persons based on their role in “prudentially significant services”, it is quite likely that this will result in contractor and other outsourced suppliers being selected.

Paragraph 4 – Senior management

For this Prudential Standard and for section 3(1) of the Act, for locally incorporated insurers and authorised NOHCs, senior management responsibilities means any relevant activities for which the person is responsible that may materially affect the whole or a substantial part of the regulated institution’s business or its financial standing. For this Prudential Standard, relevant activities mean any of the following:

(a) participation in decision-making;

(b implementing strategies and policies approved by the Board of directors (Board);

(c) developing and implementing processes or systems that identify, assess, manage or monitor risks in relation to business activities and operations; and

(d) monitoring the appropriateness, adequacy or effectiveness of risk management systems.



ICA believes that APRA should mirror the definition provided in the Corporations Act.

ICA is unclear why APRA has decided to provide a definition, which differs from the one included in the Corporations Act. Although they are similar, it is not clear whether these differences are material or not. It is believed that APRA’s definition could be interpreted as being considerably broader as it applies to those who implement decisions they have no role in making.28 By contrast, the definition in the Corporations Act only applies to persons directly involved in the “decision making” process.

If it is APRA’s intention that the two definitions will operate in the same way, then the two definitions should be identical. If not, APRA should provide further information on the rationale for the differences and the manner in which the definition in the draft Prudential Standard should be applied.

Paragraph 15(a) - Fit and Proper criteria for assessment

(a) it would be prudent for a regulated institution to conclude that the person possesses the competence, character, diligence, honesty, integrity and judgement to properly perform the responsible person position;

ICA recommends that the key criteria required of a responsible person should be replaced with “competence” and “probity”.

ICA does not support the use of a subjective test as a means of assessment. Terms such as “diligence”, “honesty”, “integrity”, “character”, “justifiable criticism”, and “discreditable” are not definable ground for determining criticism. ICA continues to believe the key attributes required of a responsible person should be “competence” and “probity”.

If APRA continues to use these subjective terms as assessment tools, then they must provide examples of determinations, which reflect negatively on the above traits so that the insurers can have clear guidance when making these determinations.

Paragraph 18- Eligibility criteria for Auditors

ICA recommends that the APRA accept the requirements of ASIC and the Corporations Act.

Under the Corporations Act, auditors must be registered with ASIC. To be registered, auditors must show they have minimum educational requirements and practical experience, and must also show they are fit and proper persons. 29 The Corporations Act also includes a requirement for auditor independence and it imposes an obligation of disclosure to ASIC where conflicts of interests exist.30 If APRA wishes to impose additional requirements beyond the regulation already in place, then ICA believes a compelling argument needs to be made.

Paragraphs 20-30 – Process for assessment of fitness and propriety

ICA recommends that APRA allow general insurers to establish their own processes for assessment, which are aligned with current regulator requirements. The Prudential Standard should only indicate those requirements that are beyond those that are already regulated.

28 See paragraph 5(b) of the Fit and Proper Standard. 29 See section 1280 of the Corporations Act. 30 See Division 3, Part 2M.4 of the Corporations Act.



The process for assessing and reassessing the fitness and propriety of responsible persons is overly burdensome. These processes should be considered in context of the current environment, whereby the majority of responsible officers across the industry were reauthorised in July 2002, and are subject to ASIC processes for assessing fitness and propriety. ICA recommends that, in light of these recent reviews, APRA re-examine its proposed timelines for re-assessment of responsible officers that have already been approved by APRA.

Further, ICA recognised that not all APRA regulated entities are subject to APRA review. It is recommended that in these cases, the provisions set out mirror those of ASIC. If APRA wants to impose additional regulations to ASIC’s, then APRA should justify their reasons for doing so.

Paragraphs 31-34 Whistle blowing

The Fit and Proper Policy must include adequate provisions to encourage whistle blowing when an employee or director of the regulated institution or any of its subsidiaries believes that a responsible person does not meet the regulated institution’s fit and proper criteria. The Fit and Proper Policy must provide that in that case, the employee or director may notify the person responsible for the assessment of the fitness and propriety of the responsible person who is believed not to be fit and proper or APRA or both of that belief and the reasons for it.

ICA recommends that paragraphs 31-34 relating to whistle blowing be removed.

The whistle blowing provisions overlap with other Commonwealth legislation. In 2004, the Commonwealth Government passed the Corporate Law Economic Reform Program (Audit and Corporate Disclosure) Act 2004 to introduce new provisions into the Corporations Act designed to create a regulatory framework that would encourage whistle blowing. The Corporations Act provisions31:

• Protect persons who blow the whistle from criminal and civil liability. These provisions have been carefully framed. A person receives protection if they have reasonable grounds for their disclosure and if they make it in good faith. They prevent the enforcement of contracts against whistleblowers in certain circumstances.

• Require persons who receive information from whistleblowers to keep it confidential. One of the exceptions to this is that a person who receives information may disclose that information to APRA.

ICA believes that the whistle blowing provisions should be removed because:

(a) There is overlap between the Draft Prudential Standard and the Corporations Act provisions that could result in conflicts. For example, paragraph 31 requires a Fit and Proper Policy to allow a director who has received information from a whistleblower that the person has breached the Fit and Proper Policy to pass that information on to the person responsible for fitness and propriety. Such a disclosure may contravene the confidentiality provisions contained in s1317AE of the Corporations Act.

(b) All corporations, including all insurers, must comply with the whistle blowing provisions of the Corporations Act. A “stand alone” whistle blowing regime should be in place under the

31 Part 9.4AAA of the Corporations Act



Corporations Act that also operates alongside the fit and proper policy.

One way of addressing APRA’s desire for information provided to whistleblowers to be used to make an assessment of fitness and propriety may be to clarify that as long as the requirements of Part 9.4AAA of the Corporations Act are met, disclosure under the Fit and Proper Prudential Standard will be a qualifying disclosure for the purposes of Part 9.4AAA. As APRA does not have the power to directly provide protection under the Corporations Act, such clarification will protect the whistleblower from the various legal consequences (eg, civil or criminal liability) of making a disclosure under the Fit and Proper Prudential Standard.

Paragraph 37 – When APRA determines that a responsible person is not fit and proper

Should a regulated institution conclude that a person is not fit and proper, but for some reason be unable to refuse to make the appointment or remove the person, it must notify APRA under paragraph 42. A regulated institution must not hinder APRA in exercising, or considering the exercise of, its powers of removal and disqualification in relation to the person.

ICA recommends that APRA identify the stage when a company must report that they have formed a view that someone may not be fit and proper. APRA should also indicate at what stage a company could be found to be in breach during this process.

ICA seeks to remind APRA that there are potential liability issues for an APRA-regulated institution in removing responsible persons because of applicable clauses/provisions under contract law and employment legislation. Timelines for removal and potential court action will have to be considered, so that companies are not found in breach of APRA regulations while they are in the process of complying.

Paragraphs 35-39 - Where a Responsible Person is found to be not Fit and Proper

ICA recommends that APRA set out a system that provides procedural fairness for persons being considered.

ICA recommends that APRA identify when a general insurer would be in breach during this process.

ICA members are concerned that neither the Prudential Standard nor the Guidance Note provides a process for ensuring procedural fairness. APRA should realise that such claims or reviews of whether a person may not be fit and proper will have significant impact on the person involved. It is vital that those persons being affected be assured of their rights if their status comes into question. ICA recommends that APRA provide a process in the Prudential Standard that establishes the rights of the individual in such as situation. ICA is particularly concerned that APRA has not defined when a company should notify them, and at what stage they may be considered in breach. Should a company notify APRA once they have formed an opinion, once they have notified the person they are being investigated, once they have made a preliminary conclusion, once the person has had the opportunity to respond, or once an appeal has been allowed, or once the decision has been finalised? Will a company be held in breach if they determine the person in not fit and proper, but do not remove them, due to contractual negotiations or due to unresolved legal action?



Disqualification

ICA firmly recommends that a person who is found to be not fit and proper can only be disqualified for five years. This is aligned with ASIC’s powers of disqualification.

Under the Corporations Act 2001 206B(1) and similarly in 206C(1), ASIC, on application to the court, may disqualify a person from managing a corporation if they are convicted on the indictment of an offence. The disqualification starts on the day the person is convicted and lasts for five years, from the day of conviction, or five years from their release from imprisonment. Conversely, APRA’s disqualification of a person who is found not to be a fit and proper person appears to be a ban for life without even the provision for a court decision. ICA believes that APRA’s approach is inconsistent with natural justice and allows a person who may have committed a minor offence to be removed from the ability to manage for life. This policy under the Corporations Act as found in the case of Chew v NCSC32 was established to deter people from offending and to protect the public rather than punish the convicted person. Under the APRA Act, APRA has a power to reconsider someone that has been disqualified, however, there is no timeframe for that consideration, and the test that is to be applied is very high, and would be unlikely to have favourable results for the person that has been removed. It is clear that APRA’s policy goes much further and ICA questions whether that is aligned with the intentions of the Government. Paragraph 40 – Informing APRA

A regulated institution must promptly notify APRA in writing, in such form if any as APRA publishes from time to time, of the following details to the extent known to it for each of its responsible persons: (a) their name, date of birth (for identification purposes only), responsibilities and full curriculum vitae including qualifications, membership of professional associations, occupational experience and any current business or other professional relationships; and (b) whether the person complies with the fit and proper criteria in paragraph 15. ICA strongly recommends that APRA seeks to streamline its processes with that of ASIC’s including adopting their Statement of Personal Information.

ASIC already requires that regulated entities fill out Statements of Personal Information of all of their responsible officers. The Statement of Personal Information asks responsible officers to respond to a number of questions to demonstrate that they have the necessary experience, expertise and are of good fame and character, and to provide details regarding their educational qualifications and organisational experience.

What APRA is requiring exceeds ASIC’s requirements. ICA strongly believes that APRA does not need to have access to this level of data as APRA already receives the list of responsible officers and the fit and proper policy. With this information and the power to issue a direction to vary these documents, APRA does not need to receive such detailed information. By putting a separate and varied system in place, APRA is creating a duplicative and overlapping process, which will be a regulatory burden for general insurers. It is recommended that APRA adopt ASIC’s approach in order to reduce regulatory burden. If not, then APRA should justify its need for a greater level of detail then regulated elsewhere. 32 1985 WAR 337



6.2 Guidance Note GGN 520.1 Fit and Proper Requirements

ICA recommends that, for clarity, the draft Guidance Note should set out expressly that its purpose is to provide general guidance to APRA authorised insurers on issues arising out of the Prudential Standard relating to fit and proper requirements and that it has no legal status or legal effect whatsoever.

ICA further recommends that all references to “must” and “should” be removed from the Guidance Note.

Paragraph 8(m) – Criteria to determine if a responsible person is fit and proper

(m) was unreasonably or improperly obstructive of, or was misleading or untruthful in dealing with, a court, tribunal, official inquiry, regulator, complaints handling body, dispute resolution body, or professional or industry body;

ICA believes that “unreasonably or improperly obstructive” is an inappropriate criteria for assessment because it is subjective and exceedingly difficult to identify. ICA recommends that section 8(m) be removed.

ICA believes it would be extremely difficult for the person/s assessing the fitness and propriety of a “responsible person” to determine whether that person has been “unreasonably or improperly obstructive”. In order to do so, they would need to obtain detailed information regarding the actions of the person and the circumstances in which they were taken, along with a firm understanding of the legal rights of the person to take those actions. Much of this information would be very difficult or impossible to obtain. Even if the person assessing fitness and propriety is able to obtain sufficient information, it remains very unclear how the person is expected to assess whether the “responsible person” has been “unreasonably obstructive”.

Paragraph 17 - Succession planning

APRA expects that the regulated institution’s Fit and Proper Policy will provide for assessments of the fitness and propriety of persons identified in accordance with the regulated institution’s succession plan as those who may become holders of responsible person positions. The assessment should be made of whether the person would be fit and proper for the position to which they may be appointed under the succession plan. APRA expects that, to the extent prudent, such assessments will occur when the person is identified as a person who may be appropriate to fill a responsible person position (for succession planning purposes), rather than only when it is certain that they are to be appointed to the position. APRA recognises that a person may be required, in limited circumstances, to fill a responsible person position on an interim basis when it would have been unreasonable to conduct a fit and proper assessment of the kind that would be appropriate for such an appointment under normal circumstances. Under those limited circumstances, certain checks are still reasonable, such as obtaining reliable information from appropriate referees.

It is recommended that regulated entities be allowed to identify persons in succession plans, but not be required to carry out full fitness and propriety assessment until such time when it becomes reasonably certain that the persons will be offered the position subject to due process including satisfying the fit and proper requirements.

ICA recommends that this section be removed.



ICA believes that a full assessment at the point of succession planning would be administratively burdensome as there is no certainty that the person identified will be appointed to a responsible person position. The assessment should be undertaken at the time of actually considering a person for a role, rather than capture a larger group who may never be formally considered for a responsible person role.

Paragraph 24 – Contravening other laws

A regulated institution must comply with the Fit and Proper Policy in all respects even if it would breach a contract or contravene another law (other than a law of the Commonwealth) even if the regulated institution does not have adequate contractual relationships with responsible persons in place.

ICA is opposed to APRA statements that indicate the General insurers should act unlawfully in order to comply with this Prudential Standard.

ICA strongly objects to the recommendation that companies should be asked to contravene non-Commonwealth law, State law, or to breach a contract in order to fulfil their APRA requirements. Such actions will leave companies exposed to legal action. This will not only create a reputational risk for members, but also may expose the companies to fines, penalties or damages claims.

This requirement disregards contract law and fails to recognise the duties of care that companies have to their employees. APRA regulations should not recommend potentially breaching employment contracts in order to vary the contract to suit APRA’s needs. If it is the intention of APRA to override current contracts, then they will need to provide a statutory provision that provides immunity from liability in cases where contracts were forced to be breached in order to comply with APRA’s regulatory requirements.



Appendix A – Comparison of Outsourcing Prudential Standards APS 231 (ADIs) GPS 221 (Insurers) Role of Guidance Note In the objective, states that the

Prudential Standard should be read in conjunction with the Guidance Note.

Paragraph 2 – explicitly states that it forms part of the Prudential Standard.

Materiality (factors to be considered)

Paragraph 5. Paragraph 7 – same factors plus: • Potential losses to insurer’s

customers in event of service provider failure; and

• Affiliation or other relation between insurer and service provider

Notification of outsourcing agreement

Paragraph 6 – no later than 30 days after execution of outsourcing agreement.

Paragraph 10 – notification to be no later than 20 business days.

Requirement to consult with APRA re materiality

Paragraph 6 – ADI’s to consult with APRA if there is uncertainty as to whether an arrangement is material

No such requirement

APRA Standard applicable to non-material arrangements

Paragraph 4 – APRA expects in normal course that its required practices to all outsourcing arrangements

Paragraph 6 – requirement that the practices set out in the GPS and GGN apply to all outsourcing arrangements

Form of notification of outsourcing

No requirements. Notification of all outsourcing to be in writing and include a copy of due diligence assessment and final proposal to board/senior management upon which the decision to outsource was based.

Approval of off shoring arrangements

N/A Paragraphs 13 and 14 – insurer to obtain APRA’s written approval to offshore outsourced activity, APRA may require insurer to terminate agreement if no such approval obtained.

Transition arrangements Paragraph 7 – ADIs to notify APRA of all existing outsourcing agreements at the time the Prudential Standard comes into effect.

Paragraphs 15 (domestic outsourcing) and 16 (off shoring – insurers to notify APRA within 3 months of Prudential Standard coming into effect. Paragraph 16 also provides that APRA may require alternative



APS 231 (ADIs) GPS 221 (Insurers) arrangements if it has prudential concerns re off shoring.

Board and senior management responsibility

Paragraphs 8 – 9 – Board and senior management “should” ensure inclusion of management policy covering outsourcing and “should” be actively involved in assessing processes involved in outsourcing.

Paragraphs 18 – 19 – Board and senior management “must” do the same. Paragraph 18 additionally requires written statement where insurer has policy not to outsource.

Outsourcing policy Paragraph 11 – “ADIs should develop a policy document…”

Paragraph 21 – “An insurer must develop a policy document…”

Risk management framework for outsourcing

Paragraph 13 – framework “should cover …It should also deal with renewal arrangements…”

Paragraphs 24 and 25 – framework “must cover…It must also deal with the renewal process…”

The outsourcing agreement Paragraph 14 – “arrangements should be undertaken using a written, legally binding agreement… should address…”

Paragraph 26 – “arrangements must be formalised using a written, legally binding agreement…must address…” Additional items for insurers to address: • Scope of arrangement and

services to be supplied;

• Subcontracting;

• Insurance; and

• Off shoring (including through subcontracting).

APRA access to service providers

Paragraph 15 – outsourcing agreement “should include a clause giving APRA access to documentation related to outsourcing arrangement”

Paragraph 28 – “must give APRA access” to same documentation. Further considerations necessary as outlined in Guidance Note for off shoring.

Monitoring and managing the outsourcing relationship and the Board

Paragraph 16 - ADI “should” devote sufficient resources to monitor and manage relationship. Paragraph 17 – should advise APRA of significant problems.

Paragraph 30 – insurer “must” devote sufficient resources to monitor and manage relationship. Paragraph 31 – insurer must advise APRA of any significant problems.

External audits Paragraph 18 – APRA may Paragraph 33 – APRA may



APS 231 (ADIs) GPS 221 (Insurers) request external audit ”where considered appropriate”.

request external audit and power not limited to “where considered appropriate”.

Internal audits No requirement. Paragraph 34 – internal audit function to be considered a material business activity. Must be satisfied that external auditor is free of conflicts of interest if function is to be outsourced, auditor has to meet requirements of Governance Prudential Standard.



Appendix B – Risk and Financial Management – GPS 220 – Declaration on Financial Information to be signed by the CEO and CFO

CORPORATIONS ACT ASX RECOMMENDATIONS APRA

The CEO/CFO declaration is an opinion that states:

• The financial records of the entity for the financial year have been properly maintained in accordance with section 286 of the Corporations Act 2001.

• The accounts present a true and fair view and comply with Australian Accounting Standards in all material respects.

• Includes any other matter prescribed by regulators.

The CEO and CFO are required to state in writing to the Board that the company’s financial reports represent a true and fair view, in all material respects, of the company’s financial condition and operational results and are in accordance with relevant accounting standards.

In addition the CEO and CFO are required to certify that these statements are founded on a sound policy of risk management and internal compliance and control which implements the policies adopted by the Board and that the risk management and internal compliance and control system is operating efficiently and effectively in all material respects.

The CEO and CFO are required to confirm to APRA that they are satisfied that the financial information supplied to APRA, the Approved Auditor and the Approved Actuary is a true and accurate representation of the financial position of the insurer.

The declaration attests that financial information lodged with APRA has been prepared in accordance with the Insurance Act, the Data Collection Act, as well as accounting standards and professional reporting requirements (to the extent that such accounting and professional standards contain no requirements contrary to legislative and prudential requirements).



Appendix C – Risk and Financial Management – Matters Requiring Submission to, Referral to, or Approval By APRA APRA Requirements - Stage 2 Reforms Ref Details Requirement Refer GPS220-8 Adequacy/appropriateness of an

RMF APRA will review

GPS220-9 Risk framework to provide APRA will review Assurance GPS220-26 Each BP & revised BP, as Must be submitted to APRA well as changes to the BP GPS220-30 RMS reviewed annually & Must be submitted to APRA approved by Board GPS220-32 Changes to the RMS to be Must be submitted to APRA approved by the Board GPS220-33 Deviations from the RMS Must be submitted to APRA must be approved by the Board GPS220-52 Material breaches of control Must be reported to APRA GPS220-64 Risk management declaration Must be provided to APRA GGN220.2-

28,29 GPS220-66 Financial information declaration Must be provided to APRA GGN220.2-

32,33 GPS220-67 Changes to risk profile APRA must be consulted before change is

implemented

GPS220-68 Right to conduct business Must be reported to APRA outside Australia withdrawn GPS221-10 Material outsourcing Must be reported to APRA Arrangements within Australia GPS221-13 Material outsourcing APRA's prior approval required Arrangements outside Australia GPS221-15 Existing material outsourcing Must be reported to APRA Arrangements GPS221-17 Transitional arrangements Need to consult with APRA GPS221-28 Outsourcing arrangement Must give APRA certain rights Contract GPS221-31 Outsourcing problems &/or Must be reported to APRA termination of contract



Ref Details Requirement Refer GPS221-33 Outsourcing arrangements - APRA may request the external auditor Audit to assess the risk GPS230-7, 10

REMS APRA approval required

GPS230-9 Limited risk transfer

arrangements APRA approval required GGN230.3-4

GPS230-12 Changes to REMS Must be reported to APRA GPS230-14 Substantial deviations from

REMS Must be reported to APRA

GPS230-15 Anticipated material problems Must be reported to APRA arising from reinsurance arrangements GPS230-18 Annual RAS Must be submitted to APRA GPS230-21 Amended RAS Must be submitted to APRA GPS230-25 Two months reinsurance Must be available to APRA on request Declaration GPS230-28 Lack of reinsurance Must be reported to APRA documentation GPS230-29 Six months reinsurance Must be submitted to APRA Declaration GPS230-36 Revised RAS Must be submitted to APRA GPS310-8 Appointment of Approved

Auditor APRA approval required

GPS310-9 Appointment of Approved

Actuary APRA approval required

GPS310-12 Certificates & reports by

Approved Must be submitted to APRA

Auditor & Approved Actuary GPS310-15 Exemption from the requirement APRA approval required to have an Approved Actuary GPS310-16 Annual attestation to maintain Must be submitted to APRA Approved Actuary exemption GPS310-20, 22

Audit certificate Must be submitted to APRA Ins Act 49 J (3)

GPS310-26, 43

FCR Must be submitted to APRA Ins Act 49 K 1(b)

GPS310-23 Special purpose reviews by APRA may specify & require to be done Auditor



Ref Details Requirement Refer GPS310-32 Non-routine reports APRA may require GPS310-26, 46

LVR Must be submitted to APRA Ins Act 49 K 1(b)

GPS310-51 Variation between insurer's APRA must be advised liabilities & LVR



Appendix D – Matters Requiring Approval of, or Actions by Boards REFERENCE DETAILS REQUIREMENT

GPS 220 – 7 Risk management Insurers RMF must contain an RMS that has been approved by the Board.

GPS 220 – 10 Risk management Board has primary responsibility.

GPS 220 – 11 Risk management framework Board must ensure that RMF is established and maintained and that senior management implements.

GPS 220 – 12 Risk management framework Board may delegate formulation of RMF to Risk Committee, must retain responsibility.

GPS 220 – 13 Risk management framework Board must ensure that the RMF is subject to effective and comprehensive review.

GPS 220 – 14 Risk management framework Board is responsible for ensuring that competent senior management are in place to implement the RMF.

GPS 220 – 15 Risk management framework Board is responsible for instilling a strong risk culture.

GPS 220 – 25 Business plan Board must approve.

Revised business plan Board must approve annually.

GPS 220 – 30 Risk management strategy Insurer must maintain an RMS that has been approved by the Board.

RMS review Board must approve reviewed RMS annually.

GPS 220 – 32 Changes to RMS Must be approved by the Board.

GPS 220 – 33 Material deviations from RMS Must be approved by the Board.



REFERENCE DETAILS REQUIREMENT

GPS 220 – 47 Monitoring of risk Results reported to Board.

GPS 220 – 49 Reporting of risk management

Regular results reported to the Board or Board Risk Committee.

GPS 220 – 52 Material deficiencies or breaches of controls

Must be reported to the Board or Board Risk or Audit Committee.

GPS 220 –58 Review of RMF Results of annual review must be reported to the Board.

GPS 220 – 59 RMS must name responsible persons

RMS should set out the role of the Board and Board Committees.

GPS 220 – 61 Review of internal control system

Board must ensure regular reviews.

GPS 220 – 63 Internal audit Material findings must be reported to Board Audit or Board Risk Committee.

GPS 220 – 64 Risk management declaration Board must provide annual declaration to APRA. Refer also to GGN 220.2 – 28 – 31.

GGN 220.2 – 2 Risk management framework Prime responsibility rests with the Board, who may seek the advice of the Approved Auditor, Approved Actuary or other experts.

GGN 220.2 – 14 Segregation of duties Where this is not achievable, Board oversight must be increased.

GGN 220.2 – 25 Internal audit coverage plan Must be approved by the Board Audit Committee.

GPS 221 – 18 Outsourcing arrangements Board must ensure that there is a formal policy.




GPS 221 – 19 Outsourcing arrangements The Board or delegated Committee must be actively involved in the oversight and management of material arrangements.

GPS 221 – 20 Outsourcing arrangements Responsibility may be delegated to senior management.

GPS 221 – 27 Risk management framework for outsourcing

Must cover the role of the Board in approving agreements.

GGN 221.1 – 4 Outsourcing arrangements:

• Material business activities

Board approval required.

• Risk management policy for outsourcing

Board approval required.

• Compliance with outsourcing policy

Board regular review required.

• Reports on outsourcing arrangements and service provider performance

Board regular review required.

GGN 221.1 – 9 Business case for outsourcing arrangements

Board in principle decision to proceed required.

GGN 221.1 – 13 Outsourcing arrangements – final approval for material business activity

Approval or endorsement by Board or delegated Committee required.

GGN 221.1 – 29 Outsourcing activities Board or delegated Committees should receive regular reports.

GGN 221.1 – 32 Off shoring Risks to be considered by the Board.

GPS 230 – 6 Reinsurance management Board responsible for the insurer having a sound framework.




GPS 230 – 7 Reinsurance management framework – must contain a REMS

Board must approve REMS.

GPS 230 – 10 Annual review of REMS Revised REMS must be approved by the Board.

GPS 230 – 12 Material changes to REMS Revised REMS must be approved by the Board.

GGN 230.1 – 2 Reinsurance management Board has primary responsibility, but may seek the advice of Approved Auditor or Actuary or other experts.

GGN 310.2 – 6 Valuation of liabilities The onus for justification of the appropriateness of any approximate method rests with the Board and the Approved Actuary.



Appendix E – Regulatory Alignment APRA

Recommendations APRA Discussion Paper/GPS 510 (May 2005)

ASX (March 2003)/ CLERP 9

2.1 Independence of directors

Requires board to be comprised of majority of independent, non-executive directors, with an independent chair

Definitions: Independent will be that of ASX; Non-Executive has been modified from ASX (in Prudential Standard)

Responsibilities: Boards will be required to act in best interests of institution, not a group member; even if Board constitution authorizes to act in interests of another group member

Exceptions:

With APRA Regulated Parent –Subsidiary boards will not be held to independent rule; and non- executives can be members (board, snr mgmt) of parent company.

Prudential Standard will set minimum requirement for independents; will require independent chair

With Non-APRA Regulated Parent - Independents of Parent can act on Subsidiary Board. Held to all other requirements.

ASX requires the majority of the board be independent directors, with an independent chair CLERP 9 provides restrictions on employment between auditor and client

2.2 Chairperson of the Board

Independent, non-executive

Uses ASX definition of independence

ASX requires Chair to be independent and separate from CEO.

ASX defines independence as no relationship in the last three years.

2.3 Board Composition Agreed to remove limitations on Board requirements.

Will monitor cross-directorship, but agrees to let companies oversee any conflicts of interest.

ASX has no direct requirements on composition of board or on cross-directorship

2.4 Board member resignations

Report to APRA within 14 days of resignation or removal of a director.

Requirement to report reasons has been replaced with a right to investigate.

Require that companies not create barriers that would prohibit former directors from speaking to APRA about their resignation.

ASIC only requires written notification when changes occur to Board.



APRA Recommendations

APRA Discussion Paper/GPS 510 (May 2005)

ASX (March 2003)/ CLERP 9

2.5 Board Audit Committee

Sets out minimum number of members for the committee (3) and that all members must be Non-executive and majority independent. Chair of Board may sit on Audit committee, but may not chair the committee.

ASX – must have AC, must be non-executive and majority independent with independent chairperson who is not chair of the board, at least 3 members.

2.6 Board Risk Committee

Require establishment of a Board Risk Committee responsible for developing setting and monitoring adherence to risk management strategies.

Could be combined with Audit Committee – Board Audit and Risk Committee (restrictions on when can be combined)

ASX provides that Board committee should establish policies on risk oversight and management.

2.7 Board & Senior Management Performance

Require procedures to be in place for assessing the performance of the Board and senior management relative to objectives. These will be subject to review through APRA’s supervisory process.

ASX provides for disclosure of the process for performance evaluation of the Board, its committees, individual directors and key executives.

2.8 Length of service for directors

Each Board must establish a policy dealing with Board renewals. This policy should lay out ways to ensure that they balance both independence and expertise. These will be subject to review through APRA’s supervisory process.

ASX states that there should be specified appointed terms, which are subject to re-election.

2.9 Independence of approved auditors and actuaries

Will require institutions to ensure their auditor is compliant with auditor independence provisions under CLERP 9.

Intend to propose mandatory peer review for approved/appoint actuary.

Will require auditor and actuary (if external appointment) not to come from the same or related firms

CLERP 9 has provisions for rotation of auditors; requires disclosure of those services; and requires Auditors and Audit firms to put in place adequate internal systems.

2.10 Internal Audit All institutions have an adequately resources, dedicated internal audit function, unless alternative arrangements are approved by APRA. The internal auditor will be required to have both access to and a reporting line to the BAC at all times.

prudential supervision of general insurance – stage 2 ... · a significant amount of regulatory...

Documents