APRA’s responsibility is prudential supervision of the general insurance industry. We have made major improvements here in the past year. And we are light years from what APRA inherited in 1998 when I first spoke at an ICA Canberra Conference.
Headline items of the past twelve months have included:
- changes in the Insurance Act to facilitate a supervisory system that is more adaptable and tougher than the old Act permitted;
- a new set of APRA Prudential Standards that are both more comprehensive and more discriminating in addressing insurance company risks – we have increased regulatory capital requirements, on average, by 50 per cent and ensured more consistency and rigour in liability valuation;
- a period of intense activity from late 2001 through to 30 June this year, when insurers had to convince us that they could meet the higher hurdles of the new regime and qualify to be re-licensed by APRA;
- some consequential rationalisation among the smaller insurers. We now have 112 companies writing new business (down from 137), with another 34 in run-off (up from 24). And 15 licences were returned to us by companies that transferred their business to other members of a group under common ownership.
In this re-licensing process APRA took thorough stock of each company’s soundness and risk controls. This proved to be a very effective way of focusing industry minds on the meaning and content of our new Standards.
The initial material provided by many companies in their applications for re-authorisation was substandard. Many insurers had, in particular, to re-work substantially their Reinsurance and Risk Management Strategies to bring them up to scratch. Companies frequently told us that their Boards had found this exercise both prudentially and commercially useful.
We see the required involvement of Boards in setting risk management strategies as a very important element in the upgraded governance framework now in place.
With standards of corporate governance very much under the spotlight at present, I note that the new requirements of general insurers include considerably strengthened incentives and penalties to discourage deception and neglect.
They impose additional attestation and reporting obligations on directors, executives, auditors and actuaries - all of whom need to be suitable for their role and conscious of their increased responsibilities, including whistle-blowing obligations in the case of the actuary and external auditor.
It goes without saying that companies should have high quality directors, executives and advisers. While APRA will not routinely vet every appointment, we do require companies to investigate the background of key personnel, and we do reserve the right to remove unsuitable persons.
The "fit and proper" tests for directors, executives and advisers now go well beyond the more traditional and narrow requirements of not having, say, a conviction for dishonesty or a history of bankruptcy. Suitability criteria include technical competence, personal honesty, and freedom from conflicts of interest.
In further strengthening the checks and balances in insurance we also now require:
- no disproportionate shareholder representation on a Board
- a non-executive chair and a majority of non-executive directors
- an Audit Committee of the Board, also with a non-executive chair.
The desirability of tighter rules about audit rotation, the joint supply of audit and consulting services and movement of former auditors into directorships or senior management positions with auditees is being debated widely at present. We are finalising our views on these matters (that stretch well beyond general insurance) but will await the outcome of the broader debate before imposing new restrictions on insurers and other APRA-regulated institutions. This does not mean we will necessarily limit any changes to those introduced for companies generally.
The reforms that we’ve made to the prudential framework are an essential strengthening of APRA’s supervisory tools - they bring Australia’s supervisory arrangements more closely into line with international standards of best practice. In many respects they set the pace.
We have, however, always made clear that we do not see these changes as completing the task. The new arrangements are not perfect and, even if they were perfect today, they would not be tomorrow. One advantage of a system based on APRA-issued Prudential Standards is in permitting the rules to be adjusted more readily to keep pace with market developments and supervisory needs.
Items of fine-tuning already on our agenda include:
- some changes to capital factors to improve the risk sensitivity of the framework;
- a review of the investment concentration capital charge;
- provision of a specific treatment for asset revaluation reserves in the definition of capital;
- expanded guidance on the contents of Risk Management and Reinsurance Management Strategy documents;
- additional guidance on calculation of the Maximum Event Retention; and
- a review of the definition of ‘inside Australia’ assets.
Beyond those, we also see two broad areas as needing improvement:
- expansion of supervisory oversight to encompass consolidated group supervision;
- more disclosure of prudential information, both by APRA and insurers themselves.
There needs to be an increased focus on conglomerate/consolidated supervision in the prudential regime for general insurance. Although we now have legislative powers over non-operating holding companies - and are using them - the new framework of Standards still concentrates on individual licensed entities, rather than the wider corporate group of which they may be part. It also lacks explicit regard to activities conducted in related companies overseas.
Effectively, it assumes that supervisors, by ensuring that each licensed insurer is adequately managed and financially sound, can ‘ring-fence’ an insurer from problems elsewhere in the group.
Insurance supervision around the world has historically operated on this basis. Increasingly, however, supervisors are accepting the difficulty of ring-fencing and the need to deal with contagion risk - a danger recognised for many years in banking supervision.
The emergence of financial conglomerates was one of the reasons for APRA’s establishment. Early on, we undertook work on prudential standards for conglomerate groups involving banks and other deposit-takers. Those standards - now substantially complete - incorporate these principles:
- a regulated entity needs to be supervised both as a stand-alone entity, and as part of any wider corporate group;
- a regulated entity should not be able to structure its affairs so as to ‘double leverage’ its capital (i.e. capital invested in subsidiary entities should not also be available to support the activities of the regulated entity);
- a regulated entity should have some limit on its credit and other non-equity exposures to other members of its corporate group;
- there should be group-wide risk management and internal control systems; and
- a regulated entity should be subject to appropriate disclosure/badging requirements so customers know whether they are buying products of the regulated entity, or those of another group entity.
APRA will examine how these principles can be applied to general insurance. We recognise that they could produce tensions with existing commercial practices and that the prudential benefits from any changes will need to be weighed against the costs of disturbing existing arrangements.
Instances where such judgements will be needed include:
- A consolidated capital requirement for internationally operating groups would effectively apply the Australian capital adequacy requirements to the overseas operations of our general insurers. Where those requirements were significantly more onerous than in the host country, that could create a competitive disadvantage for Australian insurers vis-à-vis their local competitors.
- Similarly, applying a consolidated capital requirement to insurers would require us to take even greater interest in overseas activities and acquisitions than we do now. Although our main focus will remain on protecting Australian policyholders, the potential for foreign operations to jeopardise the Australian business needs to be considered, as does the capacity of those operations to meet our prudential standards. This could lead to problems of consistency with regulatory requirements in other jurisdictions.
- Where there are several insurers in a group, it’s common practice for each to reinsure with the parent (or other specialist reinsurer in the group) so as to obtain the benefits of diversification, before any risk is passed to third party reinsurers. Limiting an insurer’s ability to have a substantial reinsurance exposure to its parent might add to the costs of establishing reinsurance programs.
- Many general insurance companies operate in complex corporate structures, and are often not the parent. Indeed, many are subsidiaries of commercial entities (e.g. captive insurers). While we will need some regulatory authority over such operating holding companies, we have no aspiration to supervise the general activities of non-financial entities – whether parents or siblings.
None of these issues is necessarily insurmountable and we plan to begin discussions about them with the industry early in 2003.
Internationally, prudential supervisors are increasingly looking to information disclosure and consequential enhanced market discipline to be allies in their work.
Market disciplines can reinforce supervisory requirements by creating strong incentives for insurers to conduct their business prudently. They can provide an insurer with extra incentive to maintain a healthy capital base as a cushion against potential future losses.
At present, a comparison of the disclosures by Australia’s largest financial institutions would show that, by and large, banks disclose considerably greater amounts of prudential (i.e. risk-related) information. This includes both quantitative data (e.g. risk measures for individual areas of business) and qualitative information (e.g. a description of governance and risk management processes). Disclosure of similar information by general insurers is relatively scant.
Consequently, we intend to pursue a disclosure regime that will give market participants more help in assessing the riskiness and the risk controls of general insurers. We hope the industry will take some initiative on this but, if not, we will use our powers.
Industry has generally been wary of such proposals, with concerns about the additional cost and reluctance to disclose proprietary information. It’s also been argued that, while listed firms could usefully increase their disclosure, the benefits in extra disclosure by smaller entities would not justify the costs.
In response, we believe that:
- the incremental costs of insurers’ publishing extra information will be low, because they should already be collecting the data for their own purposes;
- the information we would want disclosed would not normally involve proprietary material that, if shared with others, might damage competitive position;
- while disclosure is no doubt a more powerful discipline for listed companies, improved disclosure by non-listed firms would be of value to reinsurers and others such as rating agencies and brokers with a significant stake in an insurer’s health.
We need to give further consideration to frequency and scope but the sort of information that we want disclosed would include:
- the risks to which an insurer is exposed, with details of insurance/underwriting risks, credit risks, market risks and operational risks (this could include claims development tables, risk retentions, insurance and investment portfolios broken down by geography, industry and line of business, counterparty exposure tables, market risk analyses and operational losses);
- strategies and techniques used by the insurer to measure and control those risks, including stress tests;
- overview of capital management strategies; and
- the structure, management, and organisation of a company’s risk management functions.
As prudential regulator, APRA needs not only to develop a strong set of minimum standards for insurers - where enormous progress has clearly being made in the past year. We also need to monitor insurers’ operations regularly against these standards and to take early action where compliance is lacking.
We are tackling this task on two fronts: first, by increasing the number and the quality of people devoted to the task and, second, by introducing more sophisticated and structured supervisory processes within APRA.
I won’t say any more about the first of these - other than to note that we’ve added to our front-line strength recently and a new Insurance Risk team has been established to provide expert support. I have been very pleased at the quality of recruits we’ve been able to attract from the market to supplement our existing experience and expertise.
As to supervisory process, we use a risk-based approach. This means drawing on an internal rating system that scores each company - across all the industries we regulate - to decide the appropriate supervisory strategy in each case and to guide the allocation of our limited resources.
During the past year we’ve designed an upgraded rating system called the Probability And Impact Rating System, or PAIRS for short.
This system is more sophisticated and objective than the previous one. Importantly, it also takes into account the potential impact of a regulated entity’s failure, as well as its probability of failure. We combine the probability and impact measures to create a single numerical Supervisory Attention Index.
The probability component of the rating system is a systematic and structured measure of:
- each entity’s inherent risk, minus
- the mitigating effect of its risk controls and capital support.
The impact component of the system is currently based simply on size, measured by assets - but more sophisticated measures (for instance, taking account of an entity’s linkages to other parts of the financial system) will be incorporated in the next generation of PAIRS.
The composite Supervisory Attention Index is a non-linear measure of the "threat" an entity poses to its stakeholders and the financial sector as a whole. As probability of failure and impact of failure rise, the composite Index goes up exponentially.
We won’t be publicising our ratings, but regulated entities will be in no doubt how we view them as PAIRS is progressively introduced across all of our 3,000 plus "clients" in the next two years.
When the system is bedded down, we will be better placed than previously to gauge the scale of APRA’s overall supervisory task to protect the interests of policyholders, depositors and superannuation fund members; to identify priority areas within the regulated population and allocate resources according to degree of risk; and to monitor trends in market risk profiles.
Once an insurer is assigned a PAIRS rating, a commensurate strategy will be designed to align the intensity of our supervision with the assessed threat of serious problems. To describe supervisory strategies we have identified four broad stances: Normal, Oversight, Mandated Improvement and Restructure.
In "Normal" mode we are collecting and analysing data and making routine on-site visits.
"Oversight" means a significant step up in our information collection and inspection intensity, and sending the entity’s management and board strong signals that we are less than comfortable with its position.
A typical course of action, particularly for larger entities, would have the dedicated supervisor and our Consulting Services Group carry out a detailed investigation. This would include considerable primary document review, plus specially targeted on-site visits. We would normally speak to auditors and actuaries, and might commission special work from external experts.
When the intense information gathering and analysis concludes, a typical next step will be to present our views to senior management and the entity board. The idea here is that the entity should be in no doubt as to APRA’s assessment, and the consequences of ignoring this. Where relevant, we will lift minimum capital requirements - both prudent for risk control and an effective signal to the entity that it needs to lift its game.
"Mandated Improvement" entities are operating in an unsustainable way - and we will direct them to present and execute a business plan that quickly restores financial strength. At this level we are allowing the entity to keep control of its destiny, but are clearly signalling that significant change must happen. Either the entity will improve rapidly, or we will commence intrusive enforcement proceedings. We might give constraining directions at this stage, including prohibitions on acquisitions, capital reductions and specific risky activities.
"Restructure" entities have failed or are at risk of near-term failure. For these entities we will apply our full enforcement powers, including replacing people and issuing directions. With insurers, our paramount concern at this stage will be to avoid any losses to policyholders.
To sum up, there are two key messages I want to leave with you.
First, over the past year we have achieved a significant strengthening in prudential supervision of general insurance in Australia. There is no doubt that the industry is better for that - more robust, more attuned to risk and generally better managed.
Second, that is no ground for complacency. For both APRA and the industry the task of maintaining compliance with the new regime - and improving that regime further in important respects - will be ongoing.