Australia:Regulator introduces new initiatives to deal with evolving risks

The chairman of the Australian Prudential Regulation Authority (APRA), Mr Wayne Byres, has highlighted three important issues that are relevant and critical to the long-term strength and resilience of the financial sector.

In a speech yesterday to the Committee for the Economic Development of Australia, he said that the issues are: climate-related risks; governance, culture, remuneration and accountability; and cyber security risks.

APRA is also adapting its supervision in response to evolving risks, launching a number of pilot projects to trial new ways of doing things.

Climate-related risks

Mr Byres indicated that while the financial sector as a whole has been increasingly alert to the potential risks of a changing climate, understanding and managing them is easier said than done given the long-term and unprecedented nature of climate risks.

The processes, tools and data to measure, monitor and manage climate-related financial risks are still developing. There is a deficit of data on how these risks will unfold, in what areas, and over what timeframe. Added to that, the complexity of financial risks and global supply chains means that understanding where and how climate risks will impact on the finance sector is not easy, Mr Byres said.

Initiatives

Against that backdrop, APRA released a draft prudential practice guide on 22 April to help financial institutions better understand and manage the financial risks arising from climate change.

Mr Byres said, “Importantly, the guidance doesn’t tell banks who to lend to, it doesn’t tell insurers what to insure, and it doesn’t tell superannuation funds where to invest. Those are decisions for financial institutions themselves. The draft guide does, though, emphasise that climate considerations need to be part of any decision-making process if financial institutions want to make well-informed decisions.”

Pointing out that it is difficult to assess the direct impact of climate-related risks and potential technological and policy responses, another major plank of APRA’s current work programme on climate-related financial risks would be its pilot climate vulnerability assessment (CVA).

Starting with the five largest banks, the CVA will help to measure the potential financial exposure of institutions, the financial system and economy to climate-related risks; and boost understanding of how institutions might adjust their business models in response to different climate scenarios.

Governance, culture, remuneration and accountability (GCRA) Mr Byres said that systemic weaknesses in GCRA are often the root cause of problems that crystallise into significant, unexpected and damaging financial losses.

Initiatives

APRA has two important initiatives that show its continued commitment to lifting GCRA standards across the financial system.

The most notable is the ongoing work on remuneration. Late last year, APRA released for comment an updated prudential standard on remuneration. Later this week, it will release for consultation a draft prudential practice guide to aid in implementation of the standard.

APRA is also trialling a new approach to examining risk culture. APRA's traditional engagement with financial institutions occurs primarily through boards, senior executives, and risk and compliance personnel. To improve on that, APRA has recently commenced a pilot risk culture survey involving 10 general insurers. If the pilot proves successful, APRA plans to conduct the survey among around 60 institutions across the banking, insurance and superannuation industries from the second half of this year.

The aim is to use the survey to identify themes across the industry that are impacting risk culture, as well as particular institutions that APRA might want to look at more closely.

Cyber security risks

Of the three areas covered, cyber presents arguably the most difficult prudential threat: unlike GCRA or climate risk, it’s driven by malicious and adaptive adversaries who are intent on causing damage.

Mr Byres said that the Australian financial system is an ecosystem of many thousands of interconnected financial entities, markets and infrastructure – not to mention all of the related service providers. The system is only as strong as its weakest link, but APRA only directly supervises around 680 of these.

Initiatives

APRA's new strategy recognises the necessity to work closely with other arms of government, including its peers within the Council of Financial Regulators (CFR) as well as the national security agencies and the Department of Home Affairs. Working collectively to share intelligence, pool resources and respond quickly to plug gaps and fix weak links are essential tactics to keep adversaries at bay.

Work is now underway to finalise a process of independent cyber security reviews across all APRA-regulated industries. APRA is close to completing an initial assessment process with nine pilot entities. This will be followed by a 12-month period where all APRA entities will be asked to conduct independent assessments.

APRA also wants better information on an ongoing basis, so it is piloting a new data collection exercise on technology and cyber risks. It is working too on a more active cyber defence testing regime in conjunction with CFR agencies.

Source: Asia Insurance Review