Australia Coat of Arms
APRA Logo
APRA Logo
copyright privacy disclaimer sitemap  
Advanced search    
 
         
 
     
  Home  
  List of ADIs  
  Foreign bank representative offices (not ADIs)  
  Prudential Framework  
  Basel II implementation in Australia  
  First home saver accounts  
  Consultation packages  
  Other publications  
  Breach reporting  
  Lodging returns  
  Statistics  
  Levies  
  Complaints  
  Links  
  SOARS  
  PAIRS  
     
 

Prudential Note 5-1 -Special Services Providers

Risk Management

 

Objective

To ensure that the operations of special services providers are sufficiently free of all forms of risk, both financial and non-financial, that the likelihood of such bodies failing to meet their obligations to societies is reduced to an absolute minimum. Towards this end, to ensure that special services providers are aware of the risks to which they are exposed and that these risks are adequately measured, monitored and managed so that they are kept to an absolute minimum.

General Background

Special Services Providers (SSPs) must meet high standards of financial prudence because of their key role in the operations of their constituent societies.

Risk is an inevitable component of financial intermediation and trading activity. The prime responsibility for prudent management of these risks rests with the board of directors and senior management of each SSP. AFIC's role is to confirm by observation, inspection and interview that each SSP is operating prudently and to take corrective action if required and, in doing so, protect the interests of societies and the stability of the Financial Institutions Scheme.

In general terms, AFIC must be satisfied that an SSP has in place adequate procedures for identifying and measuring risk, adequate procedures for monitoring risk and appropriate techniques for managing risk. AFIC requires detailed information about the activities of the SSP and expects a comprehensive approach to risk measurement with procedures and practices to manage the risks. Inadequate management practices in this area may result in the SSP coming under direction, additional capital requirements, additional liquidity requirements, or, suspension of or other limitations on trading or other activities.

The precise range of services provided by SSPs will determine the Prudential Standards that must be met. The sections that follow apply most readily to treasury management and settlement services. The general issues and the need to manage risk are common to all SSP activities. In all cases, AFIC will expect SSPs to exceed the minimum Prudential Standards set.

Role Of The Board Of Directors And Senior Management

It is the responsibility of the board of directors and senior management to understand fully the risks associated with the SSP's activities, to question management on the scope and prudent management of those risks and to ensure open and timely discussion regarding potential problems and actual losses.

The board of directors must approve written policies and systems that are consistent with the SSP's business and risk strategies, commitment to members and, Prudential Standards and obligations under the FI Scheme. The board should re-evaluate regularly an SSP's exposure and tolerance to risk. Senior management and those in responsible areas of dealing and settlement should understand clearly the risk measurement and management systems of the SSP. Senior management is also responsible for ensuring that the activities of the SSP are conducted within the framework of policies and systems approved. While policies and systems will differ depending on the activities of the SSP and its risk profile, AFIC expects that policies and systems will include:

  • clear identification of the responsibility for managing risk;

  • adequate systems for measuring risk;

  • structured limits on risk taking appropriate to personnel experience, requirements of the Prudential Standards, management and investment objectives and the SSP's tolerance for risk;

  • effective internal controls, including separation of operations and internal audit; and

  • comprehensive management information systems to ensure monitoring and reporting of exposures.

AFIC will place particular importance on policies and systems in its review of SSPs.

Specific Risks

The business of SSPs, particularly treasury management and settlement services, gives rise to a number of risks typical of any financial intermediary. At the core of management of these risks must be the policies and systems approved by the SSP's board. These policies must be consistent with the following Prudential Standards.

Prudential Standards

5.1 Risk Management

Each SSP must advise AFIC immediately if it is in breach of any Prudential Standard, stating the time and date of occurrence and when discovered, the nature of the occurrence and whether the problem has been rectified or the plans for rectification.

5.1.1 Liquidity Risk

5.1.1.a Each SSP must have comprehensive written policies and systems to measure, monitor and manage liquidity risk. The board of directors must provide initial endorsement of significant policies (and changes, as applicable) and periodic approval thereafter. Senior management is responsible for implementation of policies and systems and their regular review. Policies and systems must be audited annually by the SSP's external auditors. A current copy of these policies must be provided to AFIC and their operation and implementation may be subject to review during on-site inspections by AFIC.

5.1.1 b Where an SSP accepts deposits, made by societies for the purpose of meeting the PLA requirement of the Prudential Standards, these deposits must be held in PLA deposit accounts. The SSP must invest the equivalent amount of these funds in assets that would qualify for PLA. Assets held to meet any PLA requirement must be in the SSP's name, must be unencumbered by any pledge or restriction and must be readily negotiable. Policies to manage liquidity risk must include risk tolerances, operating limits and reporting processes.

5.1.1.c Prime Liquid Assets will include only the following:

(i) Treasury notes;

(ii) other Commonwealth Government securities;

(iii) bank deposits and bank accepted and endorsed bills;

(iv) loans to authorised money market dealers against the security of Commonwealth Government securities; and

(v) State or Territory Government issued or guaranteed securities.

5.1.1.d Where an SSP accepts additional deposits from societies such as excess liquidity or funds to meet settlement obligations, the SSP must invest these funds in highly liquid, high quality investments in accordance with the SSPs policy. Changes to investment policy must be provided to AFIC prior to implementation. Funds deposited by societies for the purposes of operational liquidity can not be used to finance other activities or businesses conducted by the SSP.

5.1.1.e Other than standby lines of credit approved by AFIC, each SSP is to provide a monthly return detailing all liability exposures to individual lenders and/or associated lenders greater than 5 per cent of its total liabilities excluding capital and PLA deposits. In this context, the interpretation of 'associated lenders' will be extended to include concentration on any single source of funds (other than societies) including the wholesale market and overseas markets.

5.1.1.f Before entering into a liability exposure (other than standby lines of credit approved by AFIC) greater than 10 per cent of an SSP's total liabilities excluding capital and PLA deposits, the SSP must first consult with AFIC. The onus will be on the SSP to establish that the exposure does not constitute an excessive risk in the context of its overall deposit book.

5.1.1.g Each SSP must maintain operational liquidity at a level determined by AFIC as being appropriate to the nature of the services and activities conducted by the SSP.

5.1.1.h Each SSP must report monthly to AFIC details on investments and deposits, particularly mismatch, to satisfy AFIC on compliance with the standards and policy. AFIC may choose to tailor this report on a case-by-case basis depending on the activities and reporting systems of the SSP. An SSP that fails to satisfy AFIC that its practices are adequate to the risks involved may be required to maintain higher capital or liquidity, limit activities and investments, report more regularly or take such other steps deemed appropriate by AFIC.

5.1.2 Managing Market Risk

5.1.2.a Each SSP must have comprehensive written policies and systems to measure, monitor and manage market risk. The board of directors must provide initial endorsement of significant policies (and changes, as applicable) and periodic approval thereafter. Senior management is responsible for implementation of policies and systems and their regular review. Policies and systems must be audited annually by the SSP's external auditors. A current copy of these policies must be provided to AFIC and their operation and implementation may be subject to review during on-site inspections by AFIC.

5.1.2.b Depending on the nature of the services offered by an SSP, AFIC may impose gearing or other limits on the duration mismatch of the SSP's management portfolio.

5.1.2.c Where the SSP uses derivatives to manage interest rate or other risk, the SSP must demonstrate that their use is in accordance with the FI Legislation and supported by experienced personnel, appropriate controls and technology.

5.1.2.d SSPs are permitted to raise funds denominated in a foreign currency provided the foreign currency borrowings are hedged so as to minimise the risk of loss from exchange rate movements. Whenever an SSP proposes to raise funds in a foreign currency, it must notify AFIC before proceeding, detailing the proposed method of hedging the exchange rate risk exposure. Before proceeding with the borrowing, the SSP must ensure that AFIC is satisfied that the transaction complies with Section 121 of the FI Code.

5.1.3 Credit and Settlement Risk

5.1.3.a Each SSP must have comprehensive written policies and systems to measure, monitor and manage credit and settlement risk. The board of directors must provide initial endorsement of significant policies (and changes, as applicable) and periodic approval thereafter. Senior management is responsible for implementation of policies and systems and their regular review. Policies and systems must be audited annually by the SSP's external auditors. Their operation and implementation may be subject to review during on-site inspections by AFIC.

5.1.3.b Each SSP must provide AFIC with a written statement of its policies in respect of investment, particularly the quality of investments, policy on exposure limits and diversification of the portfolio. Changes to the investment policy must be provided to AFIC prior to implementation.

5.1.3.c Each SSP must provide monthly a return of all exposures to individual borrowers and/or associated borrowers greater than 5 per cent of its capital base. An exposure is the aggregate of loans drawn and the undrawn portion of committed facilities such as overdrafts, standbys or similar. The intention is to identify concentration of risks and AFIC will declare borrowers to be 'associated' if there is any suggestion of intent to disguise concentration.

5.1.3.d Before entering into an exposure greater than 10 per cent of an SSP's capital base, the SSP must first consult with AFIC. The onus will be on the SSP to establish that the exposure does not constitute an excessive risk in the context of its overall loan book.

5.1.3.e Without the prior agreement of AFIC, the value of loans, undrawn limits of overdraft and standby facilities and similar financial accommodation provided to societies at any one time must not, in aggregate, exceed the sum of standby lines available to the SSP plus other drawn commercial funding programs previously agreed to be included in this limit by AFIC plus 30 percent of the value of non-PLA deposits.

5.1.3.f Each SSP must demonstrate a satisfactory system for monitoring and controlling off-balance sheet obligations in the form of loans approved but not drawn, overdrafts, lines of credit and other similar liabilities, whether direct or contingent.

5.1.3.g In the normal course of business, an SSP's exposure to its own fixed assets should not exceed 50 per cent of the value of its capital base. Any intention to create or add to an exposure beyond this level requires prior agreement of AFIC.

5.1.3.h AFIC may vary any or all of these reporting and consultation standards in particular cases as dictated by the nature of the risks involved. Failure by an SSP to satisfy AFIC that its practices are adequate for the risks involved may lead to its being required to maintain higher capital adequacy, liquidity, restrict investment activity, report more frequently or take such other steps deemed appropriate by AFIC.

5.1.4 Transaction and Technology Risk

5.1.4.a Each SSP must have comprehensive written policies and systems in respect of managing transaction and technology risk. The SSP must be able to demonstrate risk management and processing systems that monitor transactions and exposures from transactions. In addition to experienced personnel, each SSP must have the necessary technological support to effect risk management techniques associated with treasury management, settlement and any use of derivatives. Before expanding into new areas of financial intermediation, an SSP must ensure that the proper systems and controls are in place supported by the appropriate technology. Policies and systems must be audited annually by the SSPs external auditors.

5.1.4.b Each SSP must also provide for the physical security of financial transactions and information. The SSPs policies must also identify procedures for off-site backup and other disaster recovery considerations as part of a comprehensive disaster recovery plan. These systems should be tested on a regular basis at least annually.

5.1.4.c The Directors of a SSP should ensure that a full review and assessment of the risks associated with the Year 2000 problem is undertaken. Those systems affected that are critical to using or storing the SSPs data, must be corrected. Directors must:

  • ensure that full testing is carried out to ascertain that any critical systems for using or storing the SSPs data are not affected by the Year 2000 problem; and

  • obtain sufficient assurance that the SSPs systems and dates will not be significantly affected by inaccurate data or failure of services by its suppliers.

5.1.4.d Each SSP must have a comprehensive written statement dealing with the risks and events that may arise due to either the SSP or an external service provider suffering disruptions that may, in turn, disrupt the SSPs normal business operations. These policies and procedures should form part of the SSPs Disaster Recovery Plan in respect of managing both data risk and operations risk.

5.1.4.e All systems and procedures must be documented and available for inspection by AFIC.

5.1.5 Operations Risks

5.1.5.a Each SSP is to provide AFIC annually with a written statement of its policy in respect of insurance and details of its individual insurance policies. Policies and systems must be audited annually by the SSPs external auditors. Each SSP should carry the following insurance policies with cover at an appropriate level:

  • fidelity guarantee;
  • asset protection, including fire and malicious damage;
  • directors and officers liability;
  • public liability;
  • professional indemnity; and
  • business interruption.

5.1.5.b Each SSP must satisfy AFIC that, at all times, it retains appropriate management expertise and resources and conducts activities prudently. AFIC will require evidence that the management of the SSP can demonstrate, amongst other attributes:

· an intimate knowledge of the business of the societies served;

· appropriate systems to ensure adequate financial and internal control over the services offered;

· a proven record of experience among directors and staff in the services offered; and

· the on-going commercial viability of operations.

5.1.5.c An SSP must notify AFIC immediately of any breakdowns in internal controls that could cause a material departure or omission from the legal, prudential or policy obligations of the SSP. Such notification should include the nature of the breakdown, impact on the operations, action to rectify problem and action to prevent similar breakdown in future.

5.1.5.d Each SSP must make a representation each month to AFIC that to the best of its knowledge and belief, no break down in internal controls has occurred that will cause a material departure or omission to the legal, prudential or policy obligations of the SSP, other than any notification made under 5.1.5.c.

5.1.5.e Directors of a SSP should ensure that a full review and assessment of the risks associated with the Year 2000 problem is undertaken. Those systems affected that are critical to the SSPs normal business operations must be corrected. Directors must ensure that full testing is carried out to ascertain that any critical computerised systems and devices required for the SSPs day-to-day operations are not affected by the Year 2000 problem.

5.1.5.f A SSP must keep its insurance contracts under review to ascertain whether it is covered for interruptions to business and possible litigation, due to non-performance or disruption to business, as a result of the Year 2000 problem.

5.1.6.g Where directors are of the opinion that the SSP will be unable to address the Year 2000 problems adequately, with regard to its critical systems, the SSP should immediately notify AFIC.

5.1.5.h Each SSP is required to ensure that its external auditors provide AFIC with an Audit Review Report on a quarterly basis that states whether anything has come to their attention that causes them to believe that the risk management systems have not been adhered to and are not adequate to monitor, manage and control risks associated with the SSPs financial activities. (Negative assurance)

The Audit Statement must be provided directly to AFIC as soon as possible after the completion of the audit work for the relevant quarter.

5.1.5.i AFIC may, by notice, require the SSP to have prepared additional or specific reports from the external auditor.


Authorised Deposit-Taking Institutions | General Insurance | Superannuation | Life Insurance | Friendly Societies

Australian Prudential Regulation Authority