In 2005/2006, the IMF conducted an assessment of Australia under its Financial Sector Assessment Program (FSAP). A key part of the FSAP was an evaluation of APRA’s policies and practices for the prudential supervision of banks against the Basel Core Principles for Effective Banking Supervision. 1 The IMF’s detailed assessment of Australia’s compliance with the Basel Core Principles is being published separately.
In preparation for the IMF’s assessment, APRA undertook a self-assessment of its compliance with the Basel Core Principles. This paper sets out the material provided by APRA to the IMF to facilitate its assessment.
The 25 Basel Core Principles represent an agreed set of high-level principles against which a country’s prudential supervision framework can be benchmarked and assessed. Each of the principles is supported by a number of detailed ‘essential’ and ‘additional’ criteria to guide a compliance assessment. The Basel Core Principles are supported by an additional set of principles dealing with Preconditions for Effective Banking Supervision.2 The preconditions deal with macroeconomic, legal, accounting and public sector infrastructure that needs to be in place for any regime of prudential oversight of financial institutions to be effective. A separate paper was prepared by Treasury, in consultation with APRA and other Commonwealth agencies, addressing Australia’s adherence to these preconditions. This paper will be published separately by Treasury.
The material provided to the IMF was prepared as at September 2005. Since then, APRA’s supervisory procedures have evolved in some areas: in particular, APRA has finalised prudential standards dealing with Governance and with ‘Fit and Proper’. In addition, the Government has released a draft Bill dealing with Anti-Money Laundering and Counter-Terrorism Financing which addresses issues raised by the IMF.
Australia has a system of laws in place for banking and for each of the agencies involved in banking supervision. The Banking Act 1959 (Banking Act) provides the basis for Australia’s banking regulation. The Act is a Commonwealth statute and applies to all Australian territories.
The Australian Prudential Regulation Authority (APRA) is Australia’s banking regulator. APRA was established under the Australian Prudential Regulation Authority Act 1998 (APRA Act) and this Act governs APRA’s operations. The responsibilities and objectives of APRA are clearly defined by the APRA Act (section 8 ‘Purpose for establishing APRA’, section 10 ‘Advice to the Minister’ and section 10A ‘Cooperation with other agencies’) with APRA’s overarching powers defined in section 11 ‘APRA’s powers’. In addition, specific powers, responsibilities and functions are conferred on APRA throughout the Banking Act.
In its role as Australia’s banking regulator, APRA also relies on the following statutes:
- Commonwealth Authorities and Companies Act 1997, which governs much of APRA’s financial arrangements.
- Financial Sector (Shareholdings) Act 1998, which regulates the extent of shareholdings in financial institutions in Australia.
- Financial Sector (Transfer of Business) Act 1999, which regulates the transfer of the business of an authorised deposit-taking institution (ADI).
- Financial Sector (Collection of Data) Act 2001, which empowers APRA to collect data from ADIs and other non-bank financial institutions.
- Authorised Deposit-taking Institutions Supervisory Levy Imposition Act 1998, which imposes a financial levy for regulation on all entities authorised to operate as an ADI in Australia.
- Financial Institutions Supervisory Levies Collection Act 1998, which empowers the Commonwealth to collect levies from ADIs.
In addition to APRA, the Reserve Bank of Australia (RBA), established by the Reserve Bank Act 1959, regulates Australia’s payments system. The various statutes in place for the regulation of the payments system are:
- Electronic Transactions Act 1999;
- Payment Systems and Netting Act 1998;
- Payment Systems (Regulation) Act 1998; and
- Cheques Act 1986.
The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia's anti-money laundering regulator and specialist financial intelligence unit. AUSTRAC’s role is to oversee compliance with the reporting requirements of the Financial Transaction Reports Act 1988, by a wide range of financial services providers, including all banks.
The Australian Securities and Investments Commission (ASIC) is charged with monitoring corporations registered in Australia under the Australian Securities and Investments Commission Act 2001, including all banks, and enforces and regulates company and financial services laws to protect consumers, investors and creditors.
The Treasurer and Australian Treasury also have involvement with banking regulation in Australia. The Treasurer, and the Treasury in its role of advising the Treasurer, have responsibility for the legislative framework governing the financial sector and have involvement in aspects of APRA’s enforcement activities and the administration of the Financial Sector (Shareholdings) Act 1998.
Section 11AF of the Banking Act empowers APRA to make prudential standards for banks and bank holding companies. These standards are issued as ADI Prudential Standards (APS). Section 11AF(1A) provides for standards to ‘impose different requirements to be complied with in different situations or in respect of different activities’.
APRA has used this power to impose the following standards on banks, covering capital adequacy, securitisation, credit quality, large exposures, related entities, outsourcing, business continuity management, credit card activity and auditing.
- APS 110 Capital Adequacy;
- APS 111 Capital Adequacy: Measurement of Capital;
- APS 112 Capital Adequacy: Credit Risk;
- APS 113 Capital Adequacy: Market Risk;
- APS 120 Funds Management & Securitisation;
- APS 210 Liquidity;
- APS 220 Credit Quality;
- APS 221 Large Exposures;
- APS 222 Associations with Related Entities;
- APS 231 Outsourcing;
- APS 232 Business Continuity Management;
- APS 240 Risk Management of Credit Card Activities; and
- APS 310 Audit & Related Arrangements for Prudential Reporting.
APRA has also recently released for industry consultation Draft Prudential Standard APS 520 —Fit and Proper Requirements for ADIs and Draft Prudential Standard APS 510 — Governance.
In addition, section 11A allows prudential requirements to be prescribed by regulations. These can be made by the Governor-General on the advice of the Treasurer. The Treasurer must have consulted with APRA before advising that such a regulation be made.
APRA and the other agencies involved in Australia’s banking regulation have defined mechanisms for interaction and coordination of actions. APRA participates in a number of councils, committees and working groups with ASIC, the RBA, the Treasury and AUSTRAC, in which regulatory policies and supervisory issues are dealt with in a coordinated manner. In addition, APRA and the other regulatory agencies act together on investigations and enforcement actions that cross more than one agency’s mandate. An example of this is APRA’s recent investigation into irregular foreign currency options at National Australia Bank.
The Council of Financial Regulators (COFRs) is the coordinating body for Australia’s main financial regulatory agencies: APRA, the RBA, ASIC and the Treasury. As specified in the Council’s Charter, the Council’s role is to contribute to the efficiency and effectiveness of financial regulation by providing a high-level forum for cooperation and collaboration among its members. It operates as an informal body in which members are able to share information and views, discuss regulatory reforms or issues where responsibilities overlap and, if the need arises, coordinate responses to potential threats to financial stability.
APRA also meets regularly with the RBA and ASIC through the RBA/APRA Coordination Committee, the APRA/ASIC Liaison Meeting and the Tripartite Data Committee (TDC), which involves APRA, the RBA and the Australian Bureau of Statistics (ABS) and meets quarterly to discuss high level data issues, reporting form changes, emerging data requirements and emerging issues, such as International Financial Reporting Standards (IFRS).
APRA also meets with AUSTRAC on anti-money laundering and counter terrorism related issues. Both APRA and AUSTRAC are members of the Financial Action Task Force/Asia Pacific Coordination Group, which brings together representatives from the Attorney-General's Department, the APG Secretariat, the Australian Federal Police, the National Crime Authority, the Department of Foreign Affairs and Trade, the Treasury, the Australian Customs Service, the RBA, AUSTRAC and APRA.
The Banking Act gives APRA wide ranging powers to revoke a banking authority (section 9A), issue a direction requiring the bank to undertake specific actions in respect of prudential matters (section 11CA), appoint an investigator (section 13A), take control of the ADI’s business when its ability to repay deposits could be threatened (section 13A), appoint an administrator (section 13A) or appoint a statutory manager (section 13C). It is up to APRA to decide on the best course of action to achieve an orderly resolution of a problem bank situation.
Actions can be taken by APRA’s ‘frontline’ supervisory divisions — Specialised Institutions Division (SID) and Diversified Institutions Division (DID) — or the enforcement area within Supervisory Support Division (SSD). APRA’s interventions are aimed at:
- minimising financial loss to depositors by pressing viable entities to rectify weaknesses;
- encouraging unviable entities to exit the market promptly and smoothly;
- seeking criminal prosecution where practicable; and
- recovering losses through civil litigation and disqualifying unsuitable individuals from key roles in the regulated financial system.
Matters being handled by Enforcement are normally referred by SID or DID.
For the most part, Australia’s prudential framework is set down in standards and guidelines. This enables APRA to respond quickly and effectively to new and emerging prudential issues without the need for legislative amendment. Notwithstanding this, the Banking Act has been subject to a number of amendments in the last 60 years to ensure it remains relevant and effective. Recent amendments include: empowering APRA with wide-ranging powers of direction over banks in respect of prudential matters; the incorporation of provisions for the supervision of banking conglomerates; and fit and proper rules for directors and senior managers of banks.
APRA’s policy development area, operating within the Policy Research and Statistics Division (PRS), continuously assesses the need for prudential policy change, and designs new prudential standards and guidance notes in consultation with the industry and the Government. Policy Development also liaises and works with the Treasury in relation to assessing the need for changes in APRA-administered legislation and developing those changes. Policy Development monitors and analyses developments in domestic and international financial systems and keeps abreast of changes in supervisory techniques, to ensure Australia’s banking law and supervision remain effective and relevant.
Section 8 of the APRA Act defines APRA’s purpose as the prudential regulation of financial sector institutions. In performing this role, APRA is to balance the objectives of financial safety and efficiency, competition, contestability and competitive neutrality. APRA is also subject to financial and performance audits by the Australian National Audit Office (ANAO), the latest of these being conducted in 2004. The reports of the ANAO are tabled in Federal Parliament and are publicly available.
In addition, APRA is subject to review before Parliamentary Standing Committees, such as the House of Representatives Committee on Economics, Finance and Public Administration. Its performance is also subject to review by the Senate Estimates hearings and Senate Select committees. Transcripts of the proceedings of all of these committees are publicly available.
Internal oversight of APRA is monitored by the Risk Management and Audit Committee. The Committee comprises an external chair (with casting vote), one external member, one member of APRA’s Executive Group and one Executive General Manager (on a one-year rotation). In addition, regular attendees at committee meetings are the General Manager — Risk Assessment and Internal Audit, the Chief Financial Officer and a representative of the Australian National Audit Office. The Chairman of APRA may attend by invitation.
In addition, section 9 of the Commonwealth Authorities and Companies Act 1997 requires APRA to prepare an annual report for the Minister on its operational and financial performance. APRA’s annual reports are tabled in Parliament and made public.
APRA also has available a number of publications explaining its objectives, procedures and operations.
APRA collects data from the banking industry as part of its ongoing supervision of licensed entities. The primary mechanism for collecting information is by way of the ADI Reporting Standards issued under the Financial Sector (Collection of Data) Act 2001. The APRA’s Statistics team is the central point for the collection, processing, publication, and dissemination of these data. APRA publishes industry-based papers that detail the financial strength and performance of the industries it supervises, including banking. The APRA Insight bulletin is a quarterly publication that combines prudential commentary and feature articles with a set of statistical tables and figures. APRA also releases Monthly Banking Statistics which contain select information on the banking business of individual banks within the Australian market, including high-level breakdowns of the domestic assets and liabilities for each bank. It also provides detailed information on loans and advances to, and deposits from, different sectors of the economy, as well as information on securitisation activity.
In addition, banks are required to lodge annual reports with ASIC under the Corporations Act 2001. Furthermore banks which are listed are obliged to observe continuous disclosure requirements under listing rules of Australia’s main financial markets (Australian Stock Exchange, Newcastle Stock Exchange, Bendigo Stock Exchange and Asia Pacific Exchange).
APRA was established in 1998 as an independent statutory authority charged with responsibility for prudential regulation of the financial sector. APRA brought together eleven different agencies previously involved in the prudential supervision of banks and other deposit-takers, insurance companies and pension funds.
APRA is both independent from, and accountable to, the Australian Government. APRA is headed by an executive Chairman and is governed by a three member executive group, known as the APRA Members. The APRA Members are appointed by the Governor General, on advice of the Minister.
The system of government in Australia draws heavily on the constitutional traditions of responsible government and separation of powers. In Australia, it is recognised that some functions of government — of which the prudential regulation of financial institutions is one example — are best conducted at arm’s length from the political process, while at the same time maintaining an appropriate degree of executive accountability. By placing responsibility for the function of prudential regulation of financial institutions with an independent statutory authority, the Government ensures both that this task receives specialised attention and that it is conducted in a politically neutral manner.
Nevertheless, APRA remains subject to a formal power of direction by the Minister under section 12 of the APRA Act. This power is limited to policies and operational priorities and cannot apply to individual cases. A direction must be in writing and can be given only after the Minister has notified APRA in writing that consideration is being given to making the direction and given the Chairman an opportunity to discuss the need for the proposed direction. The power is tempered by a requirement that the Minister must table any direction before Parliament within 15 sitting days. There have been no instances of APRA being formally directed by the Minister.
APRA is financed by levies imposed on the financial sector entities it regulates. These levies are determined and collected by the Australian Government (as a tax) and are then allocated to APRA and held specifically by APRA to finance its operations. Like all prudential regulators, APRA must compete with the private sector to acquire the skilled resources needed to carry out its responsibilities. Subject to this constraint, APRA is normally able to recruit the resources needed to fulfil its mandate. (See EC3 below.)
APRA has a strong track record of professionalism and personal integrity. This is underpinned by APRA’s corporate values which emphasise the highest standards of individual and corporate integrity, as well as flexibility, openness and accountability. APRA staff are often sought to explain APRA’s requirements and approaches to industry conferences and seminars, and to provide training for financial regulatory staff in the Asia Pacific region.
APRA is financed from levies imposed on all regulated entities, which includes banks. Separate levy scales apply to the different industry sectors supervised by APRA. Section 3 of the Authorised Deposit-taking Institutions Supervisory Levy Imposition Act (ADISLI Act) requires the Treasurer to set the levy amount for banks and other deposit-taking institutions, which occurs after APRA provides input regarding its budget and after industry consultation. In turn, the Financial Institutions Supervisory Levies Collection Act (FISLC Act) authorises the Government to collect the levy monies; and section 50 of the APRA Act requires that the Government pay to APRA the amount of levies collected less the Retainable Amount (for costs incurred by ASIC in providing market integrity and consumer protection oversight of prudentially regulated entities), which is determined by the Minister. As such, the Minister ultimately determines the amount of finance provided to APRA.
However, once levy funds are provided to APRA, these monies can be applied by APRA as it sees fit. As such, APRA has sufficient autonomy and independence in budgeting and expenditure to fully satisfy this essential criterion.
While APRA must compete in highly competitive private sector markets for staff, APRA’s salary scales are generally sufficient to allow it to attract and retain qualified staff, and to hire outside experts to deal with special situations, if required. APRA’s training budget has enabled the development of a comprehensive in-house training program and makes provision for regular external training opportunities for staff, including post-graduate studies. APRA is equipped with up-to-date computer equipment and other tools needed to review the banking industry and APRA has a travel budget that provides for appropriate levels of on-site work, both in Australia and overseas.
The Government is considering changing APRA’s financial accountability requirements, but not changing its funding arrangements. Any such move will need to take appropriate account of the need for the efficient conduct of APRA’s operations and for any negative effects that might arise from particular aspects of new arrangements to be minimised.
Under section 20 of the APRA Act, APRA Members are appointed for a term specified in the instrument of appointment, which cannot exceed 5 years. Section 25 of the Act governs the removal of APRA members during their term of office and specifies the reasons for termination.
There is no legal requirement to publicly disclose the reasons for removing an APRA member from office.
Section 9(3) of the Banking Act identifies APRA as the authority responsible for granting banking licences.
‘9(3) If an application has been made, APRA may grant the body corporate an authority to carry on banking business in Australia. The authority must be in writing, and APRA must give the body corporate written notice of the granting of the authority.
Note 1: The fact that a body corporate is granted an authority to carry on banking business in Australia does not mean it is entitled to call itself a bank. To do this, the body corporate will need to have a consent under section 66.’
Section 9A of the Banking Act identifies APRA as the authority responsible for withdrawing banking licences and provides for the circumstances in which a licence can be revoked.
As noted under Principle 1(1), the principal means through which APRA puts its prudential framework into effect is via standards and guidelines which can be determined administratively. Under section 11AF of the Banking Act APRA is empowered to make prudential standards for ADIs and authorised non-operating holding companies (NOHCs). The Legislative Instruments Amendment Act 2003 requires all Commonwealth legislative instruments to be registered. APRA must also notify the affected banks and the Treasurer (Banking Act section 11AF(4) and (4A)). No change in legislation is required.
There are a number of pieces of legislation that empower APRA to obtain from banks the information it requires to fulfil its obligations as prudential supervisor. At a routine level, section 13 of the Financial Sector (Collection of Data) Act enables APRA to determine reporting standards that are required to be complied with by financial sector entities and require banks to submit data to APRA. APRA has determined 43 such standards under this Act. In addition, the various Prudential Standards issued by APRA pursuant to section 11AF of the Banking Act make provision for the submission of specific prudential information relevant to those standards to APRA.
APRA is also empowered to obtain any information that it requires from banks and their holding companies under section 62 of the Banking Act. And section 13 of the Act specifically enables APRA to obtain information from a bank in relation to its financial stability.
Under section 8 of the APRA Act, APRA is established for the purpose of regulating financial sector entities in accordance with laws that provide for the prudential regulation of those entities. For the most part, the legal framework applicable to the prudential regulation of banks is set down in the Banking Act. Section 11AF of the Banking Act empowers APRA to make prudential standards for banks and other deposit-taking institutions, and their holding companies. In addition, section 11CA of the Banking Act gives APRA wide powers of direction over banks when necessary to ensure compliance with its prudential standards or to protect the interests of depositors. APRA can use these powers to ensure banks fully comply with laws or to cease certain activities, where APRA believes the soundness and safety of the bank is threatened.
Division 2 of the Banking Act empowers APRA to intervene whenever a bank’s ability to repay its depositors is threatened. This includes power to appoint a person to investigate the affairs of a bank; power to take control and manage the affairs of a bank in the interests of its depositors; and, where necessary to protect depositors, power to wind up the bank.
Section 13(3) of the Banking Act requires banks to notify APRA immediately if it is likely to become unable to meet its obligations or suspend payment. In addition, Prudential Standard APS 222 — Associations with Related Entities, requires the directors of a bank to notify APRA immediately after it becomes aware of any breach of a prudential standard or other requirement, or of any circumstance that might reasonable be seen to have a material impact on the bank. It is an offence under section 62A of the Banking Act to fail to notify APRA of any breach of the prudential standards, or of any other matter which adversely affect the entity’s financial soundness.
APRA adheres to the principles of risk-based supervision. APRA’s prudential framework allows considerable room for its responsible supervisors to exercise qualitative judgment, subject to internal procedures designed to ensure consistency and expertise in decision-making. In particular, APRA uses qualitative judgement in undertaking its on-going supervision of banks, to assess the effectiveness and appropriateness of a bank’s risk management systems, its management and board, its access to additional capital, and its management information systems. These qualitative assessments are incorporated into APRA’s internal risk rating system for all its supervised entities — Probability and Impact Rating System (PAIRS) — which aggregates all available risk information about a regulated entity and is itself a qualitative risk assessment tool.
APRA routinely conducts detailed on-site reviews of banks’ internal risk management systems across a wide range of risk areas. It also has access to internal and external audit reports and working papers to supplement these assessments.
In practice, Australian banks afford APRA full access to all records and books of account without the need for legal compulsion. Nevertheless, should the need arise APRA has a number of specific powers under the Banking Act to compel a bank to supply it with information. Section 62 of the Act enables APRA to require a bank (or its holding company or a subsidiary) to supply any information, books, account or documents as may be required by APRA. Section 13 of the Act specifically enables APRA to obtain information from a bank in relation to its financial stability.
In addition, Section 11 of the APRA Act empowers APRA ‘to do anything that is necessary or convenient to be done for or in connection with the performance of its functions.’ It is beyond doubt that the ability to compel the production of documents and to access files on-site is a necessary part of the activities of a prudential regulator.
Both in law and in practice APRA has wide-ranging powers to remediate unsafe or unsound practices.
The Banking Act gives APRA power to:
- issue a direction to comply with a prudential standard or regulation;
- (section 11CA);
- revoke a banking authority (section 9A);
- place conditions on a banking authority (section 9(4));
- appoint an investigator (section 13A); and
- take control of a bank’s business, or appoint an administrator to take control of a bank’s business (section 13A).
APRA is required to exercise these powers for the protection of depositors, and to promote financial safety and efficiency among deposit-taking institutions.
In practice, if APRA were to become concerned with the risk profile of one of its regulated entities, it would increase the frequency and intensity of its supervisory oversight of that entity. This may include the imposition of a number of remedial measures short of the legal measures listed above. For example, APRA would typically require the bank to meet a higher capital adequacy ratio to reflect its higher risk profile, or it might require more frequent prudential reporting from the area of the bank causing concern.
The liability of APRA and its staff for acts or omissions committed in the course of the conduct of their duties is governed by section 58 of the APRA Act (below). This provision reinforces the position at common law.
‘58(1) Subject to subsection (2), APRA, an APRA member, an APRA staff member, or an agent of APRA, an APRA member or an APRA staff member, is not subject to any liability to any person in respect of anything done, or omitted to be done, in the exercise or performance, or the purported exercise or performance, of powers, functions or duties conferred or imposed on APRA, an APRA member or an APRA staff member by or under:
- this Act or another law of the Commonwealth; or
- a law of a State or Territory referred to in paragraph 9(b); or
- (c) subject to subsection (3), an agreement referred to in paragraph 9(c).
58(2) Subsection (1) does not apply to an act or omission in bad faith.’
While there is no specific legislative provision to indemnify APRA or its staff for any legal action brought against them, section 58 of the APRA Act limits the possibility of a successful legal action being brought against APRA or its staff. In the normal course, both the Commonwealth and APRA would assist staff in defending actions brought against them arising out of the proper discharge of their duties. APRA has resolved to indemnify APRA Members and APRA staff for the costs incurred in defending such actions.
APRA and the other agencies involved in Australia’s banking regulation have defined mechanisms for interaction and coordination of actions. APRA participates in a number of councils, committees and working groups with ASIC, the RBA, the Treasury and AUSTRAC, through which regulatory interventions and supervision activities are coordinated. This network of cooperation and liaison promotes the sharing of information on financial sector developments and risks, and helps to influence the evolution of the domestic and international regulatory frameworks. (Refer also to response to EC3 under Principle 1(1).)
Section 56 of the APRA Act ensures the confidentiality of information provided to APRA. Section 56 also makes provision for such information to be provided to other financial sector regulators. This enables APRA to share confidential information with ASIC, the RBA and AUSTRAC, as well as with supervisory agencies in other countries. Similarly, section 127 of the ASIC Act allows ASIC to disclose confidential information to APRA. At present, AUSTRAC is not able to reciprocate by sharing confidential information with APRA, but this issue is to be addressed in proposed anti-money laundering legislation currently being considered by Government.
APRA has Memoranda of Understanding with ASIC, the RBA and the Treasury which promote effective cooperation and information sharing. In practice, there is significant cooperation between agencies with information exchange on a regular basis, including volunteering of information relevant to another agency’s mandate.
Each Memorandum states that the full and timely exchange of information is a crucial element in coordination between the agencies. Each provides that, subject to legislative provisions, information available to one which is relevant to the responsibilities of the other will be shared as requested. Each organisation will provide relevant information to the other on a best endeavours basis, with due regard to the urgency of doing so. When exchanging confidential information, each agency is required to acknowledge the confidentiality and secrecy requirements of the Acts under which they operate. Each organisation has the right to specify the level of confidentiality attached to information provided to the other. On matters of policy, each agency will notify the other of any proposed changes in regulatory policy, and provide an opportunity to consult on changes which are likely to impact on the responsibilities of another.
In addition, if APRA or the RBA identifies a situation which is likely to threaten the stability of the financial system, each has agreed to inform the other as a matter of urgency. The Treasurer will also be kept informed. The response adopted will depend on the circumstances of the particular case but, in all cases, the APRA and the RBA will keep each other informed of their on-going assessment of the situation and will consult closely on proposed actions.
To assist it in keeping abreast of financial developments and supervisory issues, the RBA will participate from time to time in APRA’s regular on-site reviews of, and prudential consultations with, supervised institutions.
APRA’s system of cooperation and information sharing extends to foreign agencies that have supervisory responsibility for banking operations of material interest to APRA.
The two regions in which Australian banks maintain significant offshore operations are New Zealand and the United Kingdom. Accordingly, APRA’s main offshore contacts are with the Reserve Bank of New Zealand and the Financial Services Authority in the United Kingdom. Operational contact with banking supervisors in other jurisdictions occurs when necessary, but is limited. Nevertheless, APRA maintains close ties with other supervisors on policy development issues and pursuant to its obligations as host supervisor of foreign banks.
As noted under EC1, section 56 of the APRA Act enables APRA to share confidential information with foreign supervisors. Pursuant to this provision and consistent with its obligations to overseas regulators, APRA cooperates fully with its overseas counterparts and routinely makes available relevant prudential information to overseas supervisors irrespective of whether there is any formal agreement in place to provide for this. These exchanges are not limited to home/host supervision obligations, but also extend to host/host relationships and to issues of policy development.
As well as this, APRA put in place Memoranda of Understanding with the following supervisors:
- United Kingdom Financial Services Authority (FSA);
- Reserve Bank of New Zealand (RBNZ);
- Hong Kong Monetary Authority (HKMA);
- Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin);
- China Banking Regulatory Commission (CBRC); and
- United States Office of Thrift Supervision (OTS).
(By the time of the FSAP Mission, APRA also expects to have agreed an MOU with De Nederlandsche Bank.)
The FSA Memorandum was undertaken to establish a formal basis for cooperation with the FSA, including the exchange of information and investigative assistance. It provides for both the FSA and APRA to provide relevant information upon request and on a voluntary basis without a request. In addition each agency may assist the other in obtaining information from third parties.
The RBNZ Memorandum provides for information sharing and the inclusion of the RBNZ in APRA’s on-site reviews of Australian bank branches and subsidiaries in New Zealand. In addition to the MOU, APRA and the RBNZ have agreed a Terms of Engagement for the implementation of the new Basel Capital Framework (Basel II).
Section 56 of the APRA Act empowers APRA to release confidential information to another financial sector supervisory agency (including foreign agencies) for the purposes of allowing that agency to carry out its functions. Consistent with the purposes of section 56, where APRA releases information to another supervisory agency, it is APRA’s practice to notify the receiving agency of the information’s protected status under the APRA Act, and to request that its confidentiality be maintained by the receiving agency. Information released under section 56 retains its protected status under the Act even if it is communicated to another financial sector supervisor and such information should only be used for prudential purposes. (It is an offence under the APRA Act for an officer to disclose ‘protected information’ and this extends to persons to whom protected information has been released.)
Information received by APRA in the course of its prudential supervision activities is protected information under the APRA Act. As such, prudential information held by APRA can only be released for purposes related to APRA’s supervision (eg pursuing a prosecution under a statute administered by APRA), or for use by another supervisory agency (see EC3). APRA cannot be compelled by a court to release protected information. (However, APRA is empowered to make available protected information for the purposes of enabling proceedings under any of the Acts it administers.)
Section 56(11) of the APRA Act exempts APRA from being required to disclose protected information under the Freedom of Information Act 1982.
In Australia, section 5 of the Banking Act defines the term ‘banking business’ as a business that consists of both the taking of money on deposit and the making of advances of money, or such other financial activities as may be prescribed by regulation. All entities wishing to carry on ‘banking business’ in Australia are required to seek authorisation by APRA under section 9 of the Banking Act. (Alternatively, it is possible to obtain an exemption under section 11 of the Act — see EC4 below.) In Australia, all deposit-taking institutions — not just banks — are required to be authorised under the Banking Act.
As noted in EC1 above, ‘banking business’ is defined as the taking of money on deposit and the making of loans. Beyond this, the Banking Act does not specify the permissible activities of banks. We believe that the broad definition currently adopted in the Act is appropriate to the scheme of regulation adopted in Australia, and that further specification would be counterproductive.
Conditions on banking authorities granted by APRA under the Act require authorised banks to adhere to APRA’s prudential requirements at all times and also to consult with APRA in respect of any new business initiatives. In this way, APRA is able to review in advance all new lines of business proposed by banks to ensure that adequate risk controls are in place and that they do not pose disproportionate risks for the bank.
Section 66 of the Banking Act prohibits the use of the words ‘bank’, ‘banker’ or ‘banking’ in relation to a financial business without APRA consent. The Guidelines issued by APRA on the implementation of section 66 explain that the restrictions are necessary to assure the public that a financial business that describes itself as a bank is in fact authorised as such. Generally, only institutions authorised to carry on banking business will be given consent to use these words.
In Australia, only authorised institutions which have at least $50 million in capital or which are branches of foreign banks are able to describe themselves as ‘banks’. Authorised institutions without the requisite capital base or which are mutually-owned are referred to as ‘authorised deposit-taking institutions’. Foreign bank branches are not permitted to accept initial deposits from individuals of less than $250,000.
In Australia it is the norm for deposit-taking institutions to be authorised under section 9 of the Banking Act. In practice, all large and systemically important deposit-taking institutions are authorised banks.
However, section 11 of the Act empowers APRA to grant exemptions from the Act’s provisions. Section 11 exemptions are generally made by way of class order. These exemptions apply to a range of non-bank financial intermediaries, typically wholesale institutions (such as investment banks) or specialised finance companies. These entities are then not subject to prudential supervision by APRA and can engage in retail fundraising. Exempt entities are, however, required to disclose to their customers that they are not supervised by APRA and that they are not covered by the depositor protection provisions of the Banking Act. Also, fundraising by these entities must be in accordance with the disclosure and prospectus requirements of the Corporations Act.
Under these arrangements, certain groups of institutions can operate outside the supervisory framework:
- finance companies — which offer retail savings products in the form of debentures. These require the issue of a prospectus and are conditional on not using the words ‘bank’ or ‘deposit’;
- merchant banks — which operate almost exclusively in wholesale markets; and
- foreign bank branches — which are licensed as banks in their home country and restrict their operations in Australia to wholesale and representative business (refer Principle 25).
These branches are not subject to the minimum deposit requirement that APRA places on authorised foreign bank branches. There is also one Australian territory which operates a Government-owned insurance and banking organisation. The activities of this organisation are not supervised by APRA but its obligations to policyholders and depositors are government-guaranteed.
APRA is considering its policy for granting section 11 exemptions in order to ensure that all significant deposit-taking institutions come within the prudential framework.
Section 9 of the Banking Act empowers APRA to grant or reject applications for an ‘authority to carry on banking business’ (banking authority). APRA determines and publishes the criteria for granting a banking authority. These criteria require an applicant to demonstrate its strategic and financial viability, an effective risk management framework and a capacity to meet all of APRA’s prudential requirements on an ongoing basis. The criteria and information requirements used for assessing an application for a banking authority are available in APRA’s Guidelines on Authorisation of ADIs available on APRA’s website.
There are detailed criteria covering:
- Capital — Applicants for bank authorisation must have a minimum of $50 million in Tier 1 capital. Applicants must satisfy APRA that they are able to comply with APRA’s capital adequacy standards from the commencement of their banking operations. These standards are consistent in all substantial respects with the Basel capital adequacy framework. Subsidiaries of foreign banks are expected to meet comparable capital adequacy standards.
- Ownership — Ownership in locally incorporated banks, including subsidiaries of foreign banks, is governed by the Financial Sector (Shareholdings) Act 1998 (FSSA). The FSSA limits shareholdings of an individual shareholder, or group of associated shareholders, in a bank to 15 per cent of the bank’s voting shares, unless an exemption has been granted by the Treasurer or APRA under the FSSA. Applicants for a banking authority must satisfy the requirements specified in the FSSA, or where relevant, have exemptions granted under the FSSA.
All substantial shareholders of an applicant are required to demonstrate to APRA that they are ‘fit and proper’ in the sense of being well-established, financially sound entities of standing and substance. In the case of foreign bank applicants, this requirement applies both to the foreign bank itself and to the substantial shareholders of the foreign bank. In addition, APRA requires all substantial shareholders to be able to demonstrate that their involvement with the bank will be a long-term commitment and that they are able to contribute additional capital, should this be required.
- Management — Applicants must satisfy APRA that directors and senior management of the proposed bank are fit and proper to hold the relevant position. In reaching its view on the fitness or propriety of any director or manager, APRA has regard to the experience and expertise of the person relative to the duties involved; demonstrated competence in business in the past and/or in the conduct of current duties; integrity in business activities; and reputation within the business and financial community. In addition, directors and management will be subject to APRA’s Draft Prudential Standard APS 510 — Governance and Draft Prudential Standard APS 520 — Fit and Proper Requirements.
APRA also consults, where necessary, other domestic and overseas regulators regarding the suitability of personnel for the proposed bank.
- Risk Management and Internal Control Systems — Applicants must satisfy APRA that their risk management and internal control systems are adequate and appropriate for monitoring and limiting risk exposures in relation to the domestic and offshore operations. This includes, in particular, the maintenance of adequate and appropriate policies and procedures for monitoring and managing credit risk, market risk arising from banking business and trading activities, liquidity risk and operational risk. Applicants must be able to demonstrate that risk control systems are relevant and proportionate to the risks inherent in the bank’s proposed business strategy.
In addition, foreign bank applicants must demonstrate that arrangements for reporting to foreign bank parents or head offices are adequate.
- Information and Accounting Systems — Applicants must satisfy APRA that their information and accounting systems are adequate for maintaining up-to-date records of all transactions and commitments undertaken by a bank. Specifically, applicants are required to demonstrate to APRA that the proposed systems will be capable of producing all required statutory and prudential information in an accurate and timely manner from the commencement of their banking operations.
In assessing the overall adequacy of the proposed information and accounting systems, APRA will have regard to the integrity and security of the database, associated backup facilities and disaster recovery arrangements. Any proposed or existing outsourcing of data processing functions must satisfy APRA’s outsourcing requirements as specified in Prudential Standard APS 231 — Outsourcing.
- External and Internal Audit Arrangements - Applicants must be able to demonstrate that they can satisfy APRA’s requirements in relation to Board Audit Committees and Internal Audit, and that they have in place arrangements with external auditors in accordance with the requirements set out in the Prudential Standard APS 310 — Audit & Related Arrangements for Prudential Reporting.
- Supervision by Home Supervisor— Foreign bank applicants must have received consent from their home supervisor for the establishment of a banking operation in Australia.
Further details on APRA’s licensing requirements can be found in APRA’s Guidelines on Authorisation of ADIs which is published on APRA’s website.
Potential applicants are required to prepare a detailed submission addressing all licensing criteria for APRA’s assessment. The assessments are undertaken by the ‘frontline’ supervision divisions, Specialised Institutions Division (SID) and Diversified Institutions Division (DID), with input from Policy Development and Supervisory Support Division. Typically, this is an iterative process in which potential applicants make a number of revisions to a draft application in response to issues raised by APRA staff.
When complete, all licence applications are reviewed by APRA’s Cross-Divisional Licensing Committee which is charged with:
- ensuring consistent practice and application of licensing standards across all APRA supervised industries;
- issuing APRA-wide guidance on issues which need to be considered prior to a licensing submission being made; and
- reviewing licensing practices across APRA.
The Licensing Committee then makes a recommendation to the delegated decision-maker —in the case of banks, either the APRA Chairman or the Executive General Manager DID or SID.
All licensing criteria are derived from and are consistent with APRA’s published Prudential Standards for banking supervision. Moreover, the initial licensing assessment is undertaken by the team of supervisors who will have responsibility for on-going supervisory oversight of the potential new bank.
Section 9 of the Banking Act confers on APRA the power to grant or reject applications for bank authorisation. In addition, Section 9(4) of the Banking Act permits APRA to impose conditions on banking authorities, and Section 9A of the Act allows APRA to revoke existing authorities.
Ownership structure and management are assessed in detail as part of licensing application process (see EC1).
Applicants for bank authorisation are required to demonstrate that all substantial shareholders are well-established and financially sound entities of standing and substance. Substantial shareholders must be able to demonstrate that their involvement with the bank will be a long-term commitment and that they will be able to contribute additional capital should this be required. Any shareholding over 15 per cent is subject to the requirements of the FSSA, which allows for greater shareholdings only if such a shareholding is not contrary to the national interest. Depending on the nature of the acquisition, either the Treasurer or APRA (within delegations provided by the Treasurer) may approve shareholdings in excess of 15 per cent.
Transparency and complexity of the ownership structure is an important element in APRA’s assessment. APRA requires the applicant to identify the names of substantial shareholders, both direct and ultimate, and their respective shareholdings.
APRA’s Guidelines on implementation of Section 66 - Banking Act 1959 specifies that entities authorised by APRA as banks must have at least $50 million in Tier 1 capital or be branches of foreign banks. In addition to this, APRA has power to specify a higher minimum capital amount by placing conditions on a banking authority or by specifying an individual capital adequacy requirement under Prudential Standard APS 110 — Capital Adequacy.
The criteria set out in Guidelines on Authorisation of ADIs provide for an assessment of proposed directors and senior management as to their expertise, integrity, skills, experience and reputation within the business and financial community (see EC1).
Division 3 of the Banking Act sets out a range of circumstances in which a person is disqualified from acting as a director or in a senior management position of a bank. In particular, these include persons who have been disqualified as not being fit and proper by APRA; persons disqualified under the Corporations Law; persons who have been disqualified in other jurisdictions; or persons who have been convicted of offences of dishonesty. The names of persons disqualified as not being fit and proper under any of the legislation administered by APRA are published on APRA’s website.
In addition, APRA has released Draft Prudential Standards 520 and 521 specifying Fit and Proper Requirements for ADIs and authorised NOHCs of ADIs. The standards place the onus on institutions to ensure that their directors, senior managers and auditors are ‘fit and proper’, and require all banks to have in place a Fit and Proper policy. The draft standards require banks to notify APRA of any change to its responsible officers, or of any adverse fit and proper determination in respect of its responsible officers, within 28 days.
In determining whether a person is ‘fit and proper’ to hold a responsible position, the standards require banks have regard to:
- the person’s competence, character, diligence, honesty, integrity and judgement;
- whether or not the person has been disqualified by APRA; and
- whether or not the person has a material conflict of interest.
In assessing an application for an authority to carry on banking business, APRA will require the applicant to demonstrate its adherence to these standards.
Should APRA determine that a responsible officer of a bank is not fit and proper, APRA may direct the bank to remove the officer, even if the bank has assessed the officer to be fit and proper.
APRA requires an applicant to submit a three-year business plan. The business plan needs to incorporate the goals or milestones of the first three years of operations of the bank, and the banking group, including:
- an outline of the proposed activities and scale of operations, including details of any specialised services proposed and relevant expertise;
- details of borrowing and lending activities to be undertaken;
- details of proposed off-balance sheet activities;
- location of head office and an outline of the branch network envisaged and the timeframe over which the network will be established;
- other intended means of product distribution;
- an estimate of total staff complement envisaged;
- the proposed date for commencement of operations; and
- financial projections (including sensitivity analysis covering expected, upside and downside scenarios) of the following:
- detailed balance sheet, cashflow and earnings (including assumptions);
- key financial and prudential ratios (for example, capital ratios, liquidity ratios, etc) for the proposed bank; and
- key financial and prudential ratios for the proposed bank and its subsidiaries on a consolidated basis.
These business plans are reviewed and assessed as part of APRA’s licensing process.
Draft Prudential Standard APS 510 — Governance
sets out the minimum governance requirements banks must adhere to as part of their overall governance arrangements. The objectives are to ensure that a bank is well managed, has access to appropriate independent expertise, and gives due consideration to the impact of its decisions on depositors. The Standard states that the prime responsibility for the sound and prudent management of a bank rests with the board and senior management. The board and senior management should institute effective governance arrangements within the bank.
The requirements of this Prudential Standard include:
- key principles for governance arrangements in banks. These principles cover board and management responsibility; independence; board renewal; the board’s expertise; diligence; prudence; transparency; and oversight.
- specific requirements in relation to board composition; board size; independence of directors; and shareholder representation;
- the Chairperson of the board must be an independent non-executive director;
- a board audit committee and a board risk committee;
- a dedicated internal audit function;
- independence requirements for auditors of banks;
- a policy on board renewal;
- notification requirements in respect of changes to directors; and
- the removal of any potential impediment to an employee of the bank raising any matter relevant to the prudential supervision of the bank directly with APRA.
With some modifications, these requirements also apply to foreign banks. In assessing an application for an authority to carry on banking business, APRA will require the applicant to demonstrate its adherence to these standards.
Applicants must satisfy APRA that their risk management and internal control systems are adequate and appropriate for monitoring and limiting risk exposures in relation to their operations. APRA’s prudential framework sets out what is expected of banks operating in Australia and includes, in particular, the maintenance of adequate and appropriate policies and procedures for monitoring and managing credit risk, market risk arising from banking business and trading activities, liquidity risk and operational risk.
In assessing whether the policies and procedures proposed for managing and controlling risk are adequate and appropriate for the applicant’s operations, APRA will take account of the size, nature and complexity of the operations, the volume of transactions undertaken, the proposed organisational structure, and the geographical distribution of the business as set out in the business plan.
In addition, as set out under EC1, applicants must satisfy APRA that their information and accounting systems are adequate for maintaining up-to-date records, so as to keep management continuously and accurately informed of the bank’s condition and the risks to which it is exposed.
APRA requires applicants, as part of the three-year business plan, to submit financial projections including sensitivity analysis covering expected, upside and down-side scenarios of the following:
- detailed balance sheet, cashflow and earnings;
- key financial and prudential ratios (for example, capital ratios, liquidity ratios, etc) for the proposed bank; and
- key financial and prudential ratios for the proposed bank and its subsidiaries on a consolidated basis.
As part of any application under the FSSA to hold in excess of 15 per cent of the shares in a bank, APRA requires the applicant to submit financial information on the proposed shareholder for assessment. If there is a shareholding of more than 15 per cent, any application for a banking authority must include an FSSA application.
APRA is both the licensing authority and banking supervisor in Australia.
The Guidelines on Authorisation of ADIs requires that foreign bank applicants have consent from their home supervisor for the establishment of a banking operation in Australia. Only applicants who are authorised banks in their home country will be granted authorities to operate foreign banks in Australia. In addition, foreign bank applicants must satisfy APRA that they are subject to adequate prudential supervision in their home country. In considering the standard of supervision exercised by the home supervisor, APRA will have regard to the Core Principles of Banking Supervision promulgated by the Basel Committee on Banking Supervision. This includes whether the home supervisor supervises the foreign bank applicant on a consolidated basis in accordance with the principles contained in the Basel Concordat, and is prepared to cooperate (in terms of the Concordat) with APRA in the supervision of the bank in Australia.
Section 9A(2) of the Banking Act empowers APRA to revoke a bank’s authority to carry on banking business if the bank has provided information that was false or misleading in connection with its application for authorisation.
The Guidelines on Authorisation of ADIs requires all substantial shareholders of an applicant to be able to demonstrate to APRA that their involvement in the bank will be a long-term commitment and that they will be able to contribute additional capital, if required.
In APRA’s assessment of the applicant’s governance structure, consideration is given to the fitness and proprietary of proposed directors, including banking experience. The board, as a whole, must possess the requisite expertise to oversight the operations of the bank.
New entrants are subject to on-going supervision, in accordance with the APRA Supervision Framework. APRA’s on-going supervision assesses banks against their business and strategic goals and monitors compliance with all of APRA’s prudential standards and with any specific requirements imposed on an individual banking authority.
Individual shareholdings in ‘financial sector companies’ (which includes banks) are limited to 15 per cent by the Financial Sector (Shareholdings) Act 1998 (FSSA), unless granted an exemption by the Treasurer or APRA under the FSSA. Ownership interests covered by the Act are defined very broadly to include any controlling interest or position of influence, or any group of associated interests.
It is an offence under the FSSA to acquire more than 15 per cent of the shares in a bank.
The 15 per cent limit can only be exceeded with the prior approval of the Treasurer. Section 13 of the Act allows the Treasurer to determine that a stake greater than 15 per cent may be held in a bank provided that such a shareholding can be shown to be in the national interest. APRA provides advice to the Treasurer on all applications to exceed the 15 per cent threshold.
The restrictions set out in the FSSA apply equally to new banks and to changes in ownership of existing banks. APRA assesses all significant incoming shareholders on the same basis as it assesses initial shareholders in new banks (refer EC5 under BCP 2).
In addition, the Treasurer may revoke or vary an existing approval to hold a shareholding in excess of 15 per cent if he is satisfied that it is in the national interest to do so, or if there has been a contravention of the existing approval.
Under section 44 of the FSSA the Treasurer can delegate his powers under the Act to APRA. The Treasurer has given APRA delegation to approve shareholdings for all banks with total assets under $750 million, whilst in situations where assets are $750 million or above, APRA advises the Treasurer. Powers exist to direct a reduction in shareholding, or to seek remedial or injunctive orders from the courts in order ensure compliance with decisions made under the FSSA.
All shareholdings in an Australian bank (i.e. in excess of 5 per cent) must be disclosed in the bank’s annual report. In addition, all shareholdings in banks in excess of 15 per cent are subject to FSSA approval by the Treasurer or APRA. APRA’s assessment of ownership interests covers both nominal and beneficial owners.
APRA undertakes detailed assessments of all significant acquisitions and new business lines proposed by banks. APRA expects banks to consult with it early about acquisitions and new business proposals.
APRA’s approval and prior notification requirements for acquisitions and investments are set out in Prudential Standard APS 222 — Associations with Related Entities. This Standard requires banks to advise APRA in advance of any proposed change to its operations (or the operations of its group) which has the potential to alter the group’s overall risk profile to any material extent.
Specifically, APS 222 requires that:
- an ADI should consult with APRA before establishing or acquiring a subsidiary (paragraph 30(a));
- an ADI should consult with APRA before committing to any proposal to acquire an interest of more than 10 per cent in another entity engaged in any business in the field of finance (paragraph 30(b))3;
- an ADI must obtain APRA’s prior approval to establish or acquire another regulated presence either domestically or overseas (paragraph 4(d)); and
- an ADI must obtain APRA’s prior approval to exceed any of APRA’s exposure concentration limits, which include equity exposures (paragraph 29). These limits are addressed in detail under Principle 9.
APS 222 also contains restrictions on a bank’s ability to acquire equity interests in another company arising out of the work-out of problem exposures. These take the form of trigger levels for prior consultation with APRA.
Australia has set criteria and supervisory procedures to judge investment and acquisition proposals. In assessing any proposal APRA considers the material risks to the bank and the operational capability of bank to manage the new business. APRA assesses acquisitions against the following criteria:
- strategic rationale and future business plans;
- how the acquisition is to be funded and impact on capital;
- quality and effectiveness of the due diligence process undertaken by the bank;
- integration issues (including compatibility of IT systems, staffing, reporting to board and management);
- group organisational structure and corporate governance;
- risk management systems and controls to be applied to the new business;
- ability to meet APRA prudential and reporting requirements; and
- (for overseas acquisitions) consent of the home supervisor.
When assessing new investment and acquisition proposals, APRA considers the risks to the institution and the effect on supervision. No approval will be given if APRA does not consider the bank to have adequate financial and organisational resources to handle the investment or acquisition, or if APRA considers its supervision will be hindered.
The thresholds above which proposed acquisitions and equity investments need to be referred to APRA are very low (refer EC1). Most acquisitions or investments proposed by banks are required to be referred to APRA in advance. Aside from these prior notification requirements, all equity associations must be reported to APRA pursuant to paragraph 4(a) of APS 222.
Prudential Standard APS 110 — Capital Adequacy outlines the overall framework adopted by APRA for assessing a bank’s capital adequacy. The Standard sets out detailed capital requirements consistent with the Basel Capital Accord and ensures that banks maintain adequate capital to support the risks associated with their activities on both a stand-alone and consolidated basis.
Paragraph 7 of APS 110 requires banks to maintain a minimum risk-based capital ratio of 4 per cent (for Tier 1 capital) and 8 per cent (for total capital) at all times, on both a stand-alone and consolidated basis.
Guidance Note AGN 110.4 — Risk-based Capital Adequacy Framework defines the risk-based capital ratio as:
The definition of eligible ‘capital base’, including qualifying criteria for individual capital elements, is set out in Prudential Standard APS 111 — Capital Adequacy: Measurement of Capital, and aligns with the standards of the Basel Capital Accord.
A bank’s ‘total risk-weighted exposures’ is calculated as the sum of the total risk-weighted on and off-balance sheet credit exposures and the ‘adjusted’ market risk exposures, determined in accordance with the requirements and procedures set out in Prudential Standard APS 112 — Capital Adequacy: Credit Risk and Prudential Standard APS 113 — Capital Adequacy: Market Risk. This is also in accord with the Basel Capital Accord.
APS 110 also allows APRA to require a bank to maintain capital ratios above the 4 and 8 per cent minima. Typically, each Australian bank is required to meet individually specified Tier 1 and total capital ratios above the minima required by the Standard. Many banks are required to meet total capital ratios of between 10 and 20 per cent. In order to impose a higher required capital ratio, APRA can utilise its powers under the Banking Act to: issue a direction; place a condition on the banking authority; or issue a prudential standard specific to the bank in question. In practice, however, APRA is able to enforce higher than minimum capital ratios without resort to its statutory powers.
APRA expects all banks, as part of their capital management plans, to target and maintain their capital ratios above regulatory minima. APRA has the ability and legal authority to set a bank’s required risk-based capital ratio at any time. A bank’s initial required capital adequacy ratio is determined at the time of its authorisation, based on its assessed risk profile and risk appetite. Banks’ actual capital adequacy ratios are kept under on-going review by APRA. As APRA conducts prudential risk assessments of banks, required capital ratios are reassessed and changed when there is a material shift in the risk profile of the bank. In considering the required capital ratio, APRA considers all material risks - both on and off-balance sheet (refer EC1).
APS 111 defines the elements of a bank’s eligible capital. APRA’s approach to the measurement of capital is based on the risk-based capital adequacy framework developed by the Basel Committee on Banking Supervision. Under this framework, a bank’s total qualifying capital is assessed at two levels: Level 1 (bank stand-alone) and Level 2 (consolidated banking group), with:
- Tier 1 being core capital comprising the highest quality capital elements which fully satisfy all of the following essential characteristics:
- provide a permanent and unrestricted commitment of funds;
- be freely available to absorb losses;
- not impose any unavoidable servicing charge against earnings; and
- rank behind the claims of depositors and other creditors in the event of winding-up.
- Tier 2 capital being supplementary capital, including other elements which, to varying degrees, fall short of the quality of Tier 1 capital but nonetheless contribute to the overall strength of an entity as a going concern, and is divided into:
– Upper Tier 2 capital — comprising elements that are essentially permanent in nature, including some forms of hybrid capital instruments which have the characteristics of both equity and debt; and
– Lower Tier 2 capital — comprising instruments which are not permanent.
In assessing whether an instrument is eligible as Tier 1 or Tier 2 (upper or lower) capital, APRA has regard to both the form and economic substance of the instrument.
For the purposes of calculating a bank’s capital base, Tier 1 capital consists of:
- paid-up ordinary shares;
- general reserves;
- retained earnings;
- current year’s earnings net of expected dividends and tax expenses;
- minority interests arising from consolidation of Tier 1 capital of subsidiaries;
- non-cumulative irredeemable preference shares approved by APRA; and
- other innovative capital instruments (issued through special purpose vehicles) approved by APRA.
In total, the sum of items (f) and (g) above cannot exceed 20 per cent of Tier 1 capital.
Upper Tier 2 capital consists of:
- revaluation reserves of premises and securities;
- general provisions for doubtful debts (limited to a maximum of 1.25 per cent of total risk-weighted exposures);
- cumulative irredeemable preference shares approved by APRA;
- mandatory convertible notes and similar capital instruments approved by APRA;
- perpetual subordinated debt approved by APRA; and
- any other hybrid (debt/equity) capital instruments of a permanent nature approved by APRA, including any capital amounts that are ineligible for inclusion as Tier 1 capital as a result of the limit on amount of hybrids eligible for Tier 1 status.
Lower Tier 2 capital consists of:
- term subordinated debt approved by APRA;
- limited life redeemable preference shares approved by APRA; and
- any other similar limited life capital instruments approved by APRA.
APRA’s minimum capital adequacy requirements, as detailed in paragraph 7 of APS 110, apply to banks at:
- Level 1 — the bank on a stand-alone basis;
- Level 2 — the consolidated banking group (i.e. the bank and all its subsidiaries other than non-consolidated subsidiaries); and
- Level 3 — the conglomerate group at the widest level. Level 3 capital takes into account non-consolidated components of the group including entities not directly regulated by APRA.
Level 1 and Level 2 assessments are applicable to all banks. Level 3 assessments apply only to banks prescribed by APRA. These are typically banks with significant insurance operations or other non-consolidated exposures. Level 3 capital requirements will be introduced in conjunction with APRA’s implementation of the Basel II Capital Accord.
The measurement of a bank’s capital adequacy at Levels 1 and 2 is based on a risk-based capital adequacy framework set out in the Basel Capital Accord. The measurement of Level 3 will be based upon internal capital allocation models agreed with APRA.
APRA has prescribed a set of minimum standards for capital adequacy and sets required capital ratios for individual banks. APRA monitors adherence to these standards and requirements as part of its on-going supervision by way of quarterly reporting of capital levels, components of capital and risk-weighted assets (ARF 110.0 Capital Adequacy). If a bank fails to comply with these standards, APRA is able to intervene promptly to ensure compliance. Should enforcement action be necessary, APRA has power to compel compliance by issuing a direction under section 11CA of the Banking Act. Failure to comply with a direction from APRA is a criminal offence under the Banking Act. In addition, APRA may use its other enforcement powers under the Banking Act to ensure compliance. These include: placing a condition on a banking authority; issuing directions to the bank’s board and management; or, in appropriate circumstances, taking control of the bank’s business.
In practice, APRA has no difficulty directing banks to meet capital adequacy requirements. There have been no instances of a bank refusing to comply with APRA instructions on capital adequacy.
Section 13 of the Financial Sector (Collection of Data) Act 2001 empowers APRA to determine reporting standards that are required to be complied with by financial sector entities, including banks. These reporting standards are issued to require banks to submit data to APRA. Under this Act, APRA has determined the capital adequacy reporting standard (ARF 110.0 Capital Adequacy) which requires banks to submit detailed capital adequacy information, including capital ratios and the components of capital, on a quarterly basis.
APRA’s approach to the measurement of capital applies to all deposit-taking institutions in Australia (including building societies and credit unions) and is based on the risk-based capital adequacy framework developed by the Basel Committee on Banking Supervision.
APRA expects banks to manage their capital adequacy so as to remain above the prescribed minimum ratio at all times, and not just at reporting intervals. The APRA Supervision Framework - Module 5 (Capital) specifies that the minimum risk-based capital ratio prescribed by APRA should be seen as a hard floor and, should capital adequacy be under threat, remedial action should be taken before the capital ratio reaches the specified minimum. Accordingly, APRA requires banks to maintain an adequate buffer above the prescribed minimum. These buffers are set by responsible supervisors in DID or SID and vary in accordance with a bank’s track record of monitoring and managing its capital needs.
If a bank’s capital ratio falls below its agreed target, APRA will investigate the cause of the breach. If the breach is considered to be temporary and likely to be rectified promptly, APRA will take no further action. However, APRA will note the breach as part of its on-going risk assessment of the bank and may impose a higher minimum capital buffer. If the breach is more substantial, APRA will formally require the bank to issue more capital or reduce risk weighted assets. If necessary, this will be done by formal intervention under the Banking Act.
APS 110 states that the board of a bank has the duty to ensure that the bank maintains an appropriate level of capital commensurate with the level and extent of risks to which the bank is exposed from its activities.
The Standard requires that banks have adequate systems and procedures in place to identify, measure, monitor and manage the risks arising from its activities on a continuous basis to ensure that capital is held at a level consistent with the bank’s risk profile; and maintain and implement a capital management plan, consistent with the overall business plan.
The APRA Supervision Framework — Module 5 Capital, sets out guidance for assessing banks’ capital adequacy controls. The Framework requires supervisors to determine the capital management processes in place to monitor and ensure continual compliance with minimum and required capital ratios are consistent with the bank’s risk profile and must include actions and procedures to avert any breaches of minimum and required capital ratios required by APRA.
The systems backing such a process should be sophisticated enough to draw information at any point in time on the capital position of the institution. If this cannot be done, questions should be raised about the ability of the board and senior management to receive accurate and up-to-date capital information.
In addition, as part of the implementation of the Basel II: Revised International Capital Framework in Australia, APRA is assessing banks’ internal processes for the calculation of their overall capital adequacy in relation to their risk profile.
APRA has the authority to require risk-based capital ratios above the Basel Accord requirements. APRA will require higher capital ratios in response to changes in the risk profile of an individual bank or where current economic conditions warrant it.
APRA’s capital adequacy standards apply both to the stand-alone bank and the consolidated banking group.
APRA’s capital adequacy standards apply to all ADIs. Those institutions authorised by APRA to use the word ‘bank’ (pursuant to APRA’s Guidelines on implementation of Section 66 —Banking Act 1959) must have at least $50 million in Tier 1 capital or be branches of foreign banks. ADIs authorised as ‘building societies’ must have at least $10 million in Tier 1 capital.
APRA views credit risk as the single largest risk facing most banks and regards a well-functioning credit risk management system as fundamental to the safety and soundness of a bank. Prudential Standard APS 220 — Credit Quality, emphasises that it is the responsibility of the board and management of a bank to ensure that an effective credit risk management system is in place, commensurate with the risk appetite of the bank. In addition, APS 220 requires that the credit risk management system be regularly reviewed to take account of changing operating circumstances, activities and risks encountered by the bank.
APRA’s regular supervisory activities include the undertaking of on-site prudential reviews to assess the soundness of credit risk management in supervised institutions. These reviews are based around the APRA Supervision Framework (ASF) and the associated suite of Modules, which address the key functional and risk areas of the supervised institutions. Module 6 — Risk Management targets the effectiveness of an institution’s overarching risk management processes and involves an evaluation of how the supervised institution identifies its major inherent risks, the development and implementation of a Risk Management Framework, as well as the adequacy of the compliance function and the Management Information Systems. The reviews are conducted by APRA responsible supervisors and members of APRA’s specialist Credit Risk team within the Supervisory Support Division. This team contains the expertise required to assess the qualitative and quantitative aspects of credit risk management and control.
For banks, credit risk management is an essential competency, so the prudential review program includes a specific module on Credit Risk (ASF Module 8 — Credit Risk) to ensure an in-depth assessment of different aspects of the credit process. Module 8 covers the credit risk management framework, credit approval and underwriting standards, credit concentration management, credit risk grading systems, problem asset management, scorecards and an assessment of the independent credit review process.
In reviewing a bank’s credit risk management systems during on-site prudential reviews, APRA ensures that the credit approval processes are supported by a comprehensive credit policy approved by the board of the bank. APRA expects the credit policy to set out the types of loans that will be written and the process undertaken in writing loans. This includes:
- the bank’s Code of Conduct (for example, what to do if there is a conflict of interest);
- lending principles around what sort of product(s) should be used for particular transactions and industries, including a list of excluded industries and transactions;
- serviceability regimes and what constitutes ‘income’;
- financial analysis of a commercial borrower and critical financial ratios to be satisfied;
- a full list of collateral bank values and valuation processes surrounding this;
- approach to third party security;
- approach to loan grading and application of scorecards if appropriate;
- processes around environmentally sensitive borrowers and types of securities;
- guidance on back-office functions such as preparation of security documentation, loan drawdown and settlement processes;
- review processes for revolving and undrawn standby facilities; and
- roles and responsibilities through the credit origination, approval and funding processes.
In addition, APRA expects to see credit delegations clearly documented to define appropriate levels of authority for credit approval, provisions and write-offs. APRA requires ‘tiering’ in the delegated loan approval matrix so that riskier credits — defined by their credit risk grades and/or dollar value (as a percentage of capital) — are approved at higher levels of management and/or the board. APRA reviews seek to ensure that credit approval delegations are assigned based on credit experience, rather than being based on hierarchy.
APRA tests the application of the credit policy during its on-site work. ASF Module 8 focuses supervisors, when conducting file reviews, on delegation structures, security, loan to valuation ratios, capacity to repay, evidence of periodic review, verification of the supporting documentation, and whether funding procedures are adhered to.
Experience has shown that deficiencies in a bank’s management information systems (MIS) can lead to unforseen credit concentrations that could jeopardise lenders’ viability especially during periods of market distress. APRA requires on-going investment in systems by banks to ensure that risk management capabilities commensurate with the banks’ size, product offering (particularly new forms of lending) and target markets. APRA requires that the MIS in place must support the portfolio management objectives of measuring indebtedness against approved lending limits and concentration thresholds, monitoring credit quality over time, and providing triggers when action is necessary.
As part of APRA’s on-site prudential reviews, it also reviews underwriting risk appetites for particular business activities, the robustness of the credit risk grading systems, valuation methodologies and policies with regards to impaired assets including their collection, provisioning and write-offs.
APRA expects banks to have in place procedures to prevent conflicts of interest and that credit is approved on an arm’s-length basis (i.e. credit is not extended on an unsound basis as a result of outside influence in the credit process). This is checked in the course of the prudential review. As a matter of course, credit extended to directors and related parties are selected for file review. Among the issues examined during on-site credit reviews are the quorum and composition of credit committees, and the veto powers held by the Chief Executive, senior credit officer or a board member.
Credit policies establish the framework for lending and reflect a bank’s credit culture. Consequently, in the course of a prudential review, APRA examines the effectiveness of the bank’s credit policies and how clearly these are documented and communicated to staff. APRA also looks at the medium through which changes or updates to existing policies are communicated to staff. In particular, APRA looks to see whether the bank has mechanisms in place to encourage staff to be familiar with and adhere to the requirements outlined in the policy and procedures, and whether these documents are made available in a form, and sufficiently timely fashion, to be effective.
The Banking Act provides APRA with power to require banks to supply any information, including books, accounts or documents, to enable APRA to discharge its functions. In practice, APRA has full access to information in the bank’s credit and investment portfolios and to their lending officers in the conduct of its on-site reviews.
APRA ensures that credits above certain size, risk or capital thresholds are reviewed or approved at senior levels in the bank (refer EC2).
Prudential Standard APS 220 — Credit Quality requires banks to have a credit risk management system that includes methodologies with respect to monitoring and grading credit quality, measuring asset impairment, reporting impaired assets to APRA (and in published financial statements), valuing security and provisioning.
During on-site prudential reviews APRA reviews banks’ reporting regimes, focussing on the consistency of information, adequacy of security coverage, reliability of data, escalation of issues and reporting to management and APRA.
In addition, banks’ external auditors report to APRA annually on the reliability of data submitted to APRA. This includes the credit information reported to APRA under the Reporting Standards ARF 220 series on credit risk.
In reviewing a bank’s credit policy, APRA would check to ensure that there is clear articulation of a serviceability policy; APRA does not condone lending based exclusively on collateral. Accordingly, the bank must consider a client’s total indebtedness and servicing obligations before granting any credit. A bank should require a borrower to provide full details of its financial position and of its other borrowings, commensurate with the requirements of the product on offer, and the bank should obtain independent verification of this. It should also obtain periodic updates of the borrower’s financial position. As part of an on-site review, APRA would check to see if files contained updated information and if that information has been noted by the bank in its credit reviews.
Prudential Standard APS 220 — Credit Quality and the related Guidance Notes set down prudent practices for banks with respect to the measurement and reporting of, and provisioning for, impaired assets and the adoption of an effective risk grading systems for monitoring asset quality.
Guidance Note AGN 220.1 — Impaired Asset Definition provides the framework for treatment and definition of impaired assets (including non-accrual items, restructured items, past due items, and restoring these to performing items) and income recognition and disclosure.
Guidance Note AGN 220.2 — Security Valuation and Provisioning outlines prudent practices that APRA expects banks to follow in relation to security value and valuation practices; provisioning practices; and disclosure.
Guidance Note AGN 220.3 — Prescribed Provisioning outlines the standardised prescribed provisioning approach that APRA requires less sophisticated banks to apply. APRA encourages more sophisticated banks to apply an internal model based approach to specific provisioning, relying on their own methodologies, supported by robust internal controls and subject to general accounting practices.
Guidance Note AGN 220.4 — Credit Risk Grading Systems details APRA’s regulatory approach to credit risk grading systems and the link with impaired asset reporting. The Guidance Note also requires banks to report to APRA on the grading of its portfolio.
APRA regularly reviews a bank’s loan grading and provisioning policies during on-site prudential reviews. Provisioning levels and classification of problem credits are reported to APRA quarterly in reporting form ARF 220.0 and reviewed by APRA responsible supervisors as part of APRA’s ongoing supervisory oversight. The information supplied in ARF 220.0 is subject to annual review by banks’ external auditors to ensure the accuracy of the information. In addition, APRA has noted the high importance of this information to external auditors (in Guidance Note — Forms subject to audit and application of Materiality — Authorised Deposit Taking Institutions (ADIs)), to ensure auditors pay particular attention to the completeness and accuracy of loan classifications and associated specific provisioning amounts.
The definition of impaired assets under APS 220 includes off-balance sheet exposures. The inclusion of off-balance sheet items in impaired assets, and the reporting of provisions in respect of off-balance sheet exposures, is detailed in paragraphs 6-8 of Guidance Note AGN 220.1.
ADI Prudential Standard 220 (supported by ADI Guidance Notes 220.2 and 220.3) requires that banks employ sound provisioning policies and that asset values, earnings and capital adequacy are accurately stated. Provisions should be adequate to absorb all estimated losses associated with the credit portfolio. Provisioning policies should address both specific and general provisioning. Specific provisions are to be raised whenever reasonable doubt as to the recoverability of particular exposures exists. General provisions are to address risks inherent in a bank’s business, but which cannot be attributed to particular exposures.
Estimates of credit losses should account for all significant factors that affect the collectibility of the credit portfolio as at the evaluation date. Provisioning levels should be reviewed regularly to ensure that the amount of provisioning is consistent with current expectations of credit losses.
The Standard provides for two alternative approaches to specific provisioning: one based on banks’ internal models; and one based on a prescribed standardised approach (refer paragraph 11 of APS 220, paragraph 20 of AGN 220.2 and AGN 220.3). Irrespective of the approach taken to determine specific provisions, APRA requires banks to adopt appropriate policies for the creation and maintenance of general provisions.
Banks’ provisioning policies, and the effectiveness of their implementation, are thoroughly reviewed during an APRA on-site credit risk review and are monitored by responsible supervisors as part of their ongoing supervisory oversight of banks (refer EC2 and EC5).
APRA’s regular on-site prudential reviews of banks (refer EC1 of Principle 7) include a thorough assessment of banks’ problem asset management (in terms of Module 8 of the APRA Supervision Framework). At a minimum, an APRA prudential review would examine credit quality, problem asset recognition, arrears collection strategies and procedures, provisioning methodologies, as well as timeliness and reliability credit quality reports to bank management.
APRA conducts regular on-site inspections of banks to assess the integrity of their credit management processes. In addition to face-to-face discussions with lending personnel, credit bureau and internal audit staff, the on-site review team will undertake statistical checking of files to verify the bank’s adherence to valuation and provisioning methodologies, as well as its risk grading criteria. A selection of problem credits will be reviewed to determine the effectiveness of the collection function and the adequacy of follow-up actions.
APRA’s on-site reviews of banks’ credit quality and credit risk management are supplemented by on-going off-site monitoring of quarterly asset quality data, and problem assets and emerging risk sectors.
The Banking Act confers powers on APRA to direct banks to comply with its prudential standards (including those relating to credit quality, problem loan recognition and provisioning). APRA also has a general power to issue directions to banks as to the way their business affairs are conducted. In practice, however, banks accept APRA’s specific requirements as to appropriate provisioning levels and problem credit categorisation without APRA having to invoke its formal powers.
Every bank is required to provide APRA quarterly information on impaired assets and provisioning levels, as prescribed by ADI Reporting Standard ARS 220.0 and ADI Reporting Form ARF 220.0. APRA also requires banks to provide information on their risk-graded portfolios with amounts of provisions, where appropriate, on a quarterly basis (paragraph 5 of ADI Guidance Note AGN 220.4).
Paragraph 8 of Prudential Standard APS 220 — Credit Quality requires banks to have in place appropriate policies, adopted by its board or an appropriately delegated board committee, for establishing, recording and reviewing the value of securities held against exposures. In addition, APRA requires that banks should put in place review mechanisms to ensure the quality of the valuation processes and valuations received. These review mechanisms are assessed by APRA during on-site prudential reviews. APRA requires bank’s policies and procedures include regular assessments of security values to ensure that adequate security coverage is maintained, despite market-wide changes in security values (paragraphs 16 &17 of ADI Guidance Note AGN 220.2).
Paragraph 4 of Prudential Standard APS 220 — Credit Quality defines impaired assets as items for which the ultimate collectibility of principal and interest is compromised. Paragraph 6 of APS 220 requires impaired assets to be recognised as:
- non-accrual items — where a specific provision has been made, a write-off is taken, or the facility is 90 days past due;
- restructured items; and
- other assets acquired through security enforcement.
During on-site prudential reviews, APRA statistically tests whether banks have correctly classified impaired assets on their books, by reviewing the classification of a sample of exposures. In addition, banks must submit to APRA quarterly impaired asset figures as part of the ARF 220 series of prudential returns. APRA responsible supervisors review this information and query banks where material movements are identified.
Paragraph 8 of Prudential Standard — Credit Quality APS 220 states that all assets taken as security by banks should be valued at their net current market value. The meaning of net current market value is defined in AGN 220.2
The definition of ‘non-accrual items’ in Prudential Standard APS 220 — Credit Quality includes facilities which are ‘90 days past due’ where the net current market value of the security is insufficient to cover payment of principal and accrued interest. A non-accrual item may be restored to accrual status only when the arrears have been reduced to below the dollar equivalent of 90 days worth of contractual payments but not when the repayment of arrears comes from a further advance by the bank (paragraph 18(a) of AGN 220.1).
Prudential Standard APS 220 applies to exposures that are managed on an individual basis, and those that are managed on a portfolio basis. APRA agrees with each bank the maximum value of individual facilities which may be reported on a portfolio basis, giving APRA the scope to determine, on an individual bank basis, the size of credits that must be managed on an individual basis. APRA includes in its file reviews, as part of its on-site Prudential Reviews, both portfolio managed exposures (such as mortgage loans) and individually managed exposures.
Paragraph 8 of Prudential Standard APS 221 — Large Exposures lists the criteria based upon which a ‘group of related counterparties’ should be deemed to exist for the purpose of determining risk concentrations in a bank’s loan portfolio. The key factor is control, whether directly through ownership or indirectly via common management or financial interdependency. The criteria include a ‘catch-all’ clause to deem other connections or relationships which, according to the bank’s assessment, constitute a single risk. In practice, APRA has discretion in determining whether a closely related group exists, by assessing the level of control between the parties. In addition, APRA has discretion to set specific limits on a bank’s exposures to particular counterparties or groups of counterparties on a case-by-case basis (paragraph 12 of APS 221). This allows APRA to limit risk concentrations not otherwise captured by grouping.
APRA has issued Standards that set limits on large exposures to single borrowers and closely related group of borrowers. In addition, limits are in place on exposures to banks’ related parties.
Paragraph 9 of Prudential Standard APS 221 — Large Exposures restricts the aggregate exposure of a bank to a single counterparty or group of related counterparties to:
- 25 per cent of capital base for non-government, non-bank, unrelated parties;
- 50 per cent of capital base for unrelated banks;
- 50 per cent of capital base for foreign parents and their subsidiaries, with aggregate exposure to non-deposit-taking subsidiaries capped at 25 per cent of capital base.
Paragraph 7 of APS 221 defines an ‘exposure’ to include all claims, commitments and contingent liabilities, and holdings of debt and equity securities.
In addition to the requirements of APS 221, Prudential Standard APS 222 — Associations with Related Entities imposes prudential limits and approval requirements on exposures to related entities to the bank.
Paragraph 27 of APS 222 limits exposures to related entities to:
- 50 per cent of capital base to individual related banks;
- 150 per cent of capital base aggregate exposure to all related banks;
- 25 per cent of capital base to other individual regulated related entity;
- 15 per cent of capital base to individual unregulated related entity; and
- 35 per cent of capital base aggregate exposure to all related entities (other than related banks and related overseas based equivalents).
Paragraph 8 of the Standard defines a ‘related entity’ as all entities controlled, whether directly or indirectly, by a bank, other than subsidiaries that form part of the ‘Extended Licensed Entity’5, or by the ultimate domestic parent of a bank. Where appropriate, APRA may deem that other entities, and their subsidiaries, represent a ‘related entity’ of a bank.
APRA does not set any prudential limits or approval requirements on exposures to governments.
Paragraph 4 of APS 221 requires a bank’s board and senior management to ensure that adequate systems and controls are in place to identify, measure, monitor and report large exposures and risk concentrations of the bank in a timely manner.
APRA’s regular on-site prudential reviews (refer EC1 of Principle 7) of a bank include a thorough assessment of its credit concentration management (under Module 8 of the ASF). A key element of the Module involves an assessment of the bank’s compliance with APRA’s prudential requirements for large exposures (see EC2 above). In addition, during APRA’s regular on-site credit reviews, the file review would include at least the 10 largest customer credit files, as well as files within particular concentrations (eg property development). The on-site team would check the bank’s adherence to its large exposure and grouping policy, and assess the senior management’s familiarity with the largest single obligors and major risk concentrations in the bank’s book.
APS 221 requires a bank to seek prior approval from APRA ahead of entering into any exposure that would exceed the APRA-prescribed limits. A bank must notify APRA immediately of any breach of the prescribed limits. A bank must provide APRA quarterly with information on all exposures exceeding 10 per cent of the bank’s capital base. The quarterly return (ARF 221.0) is to be completed for both the stand-alone bank and the consolidated banking group. When on-site to conduct credit inspections, APRA would verify the bank’s files against information provided to APRA in respect of large exposures.
APRA also relies on the external auditors to verify that a bank’s ARF 221.0 quarterly return is completed in accordance with APS 221 (noted in the guidance to external auditors under APS 310).
In addition to ARF 221.0 - Large Exposures, regular returns that contain information on banks’ portfolio compositions include: ARF 230.0 - Commercial Property; ARF 231 — International Exposures; ARF 320.7 — Deposits and Loans Classified by State and Territory; ARF — 391.0 — Commercial Finance; ARF 392.0 — Housing Finance; ARF 393.0 — Lease Finance; ARF 394.0 - Personal Finance and ARF — 395.0 — Business Finance Statistics. APRA may impose additional reporting requirements on banks to obtain any information in relation to large exposures and risk concentrations if necessary.
APRA primarily collects sectoral information via the ARF 395.0 — Business Finance Statistics return. APRA supplements this information with supervisory requests for more detailed sectoral exposure data from banks. Typically, this occurs as part of the preparation of annual prudential consultation notes or as part of on-site credit risk reviews. APRA also expects banks to have large exposure limits by industry sector, country and asset class (paragraph 3 APS 221). Geographic exposure information is detailed in the ARF 231 — International Exposures return and the ARF 320.7 — Deposits and Loans Classified by State and Territory return.
APRA supervisors review this information on an on-going basis, usually quarterly.
APS 221 defines a ‘large exposure’ to be an exposure to a counterparty or a group of related counterparties which is greater than or equal to 10 per cent of a bank’s capital base. Banks are not to have individual exposures to private sector non-bank borrowers or a group of borrowers in excess of 25 per cent of a bank’s capital base without prior approval from APRA.
Paragraph 8 of Prudential Standard 222 — Associations with Related Entities treats all entities controlled, whether directly or indirectly, by a bank or its parent, as a ‘related entity’ of the bank. Furthermore, it provides for APRA to deem other entities (and their subsidiaries) to be related entities. In exercising its power to deem related parties, APRA may draw on the definition of ‘group of related counterparties’ under paragraphs 8 of Prudential Standard APS 221 — Large Exposures as a guide.
Paragraph 10(a) of APS 222 requires a bank to address risks arising from dealing with related entities on an arm’s length basis, as strictly as it would address its risk exposures to unrelated entities.
Where the terms and conditions applying to a bank’s dealings with related entities are inconsistent with the benchmark for unrelated entities, they must be approved by the board of the bank with justifications fully and clearly documented in a register for inspection by APRA at any time (paragraphs 11 of APS 222).
In the course of the on-site credit inspection, APRA would examine a sample of connected lending files to check that directors or senior management of the bank or other influential parties do not seek to override the bank’s established credit approval process. We seek assurance that the lending has been granted on an arm’s-length commercial basis (including pricing) and there is an imposition of strict limits on such lending.
The board of a bank must establish and monitor compliance with policies governing all dealings with related entities (paragraphs 9 of APS 222). As a rule, a person should abstain and be absent from the deliberation and approval of a credit proposal involving a borrower related to the person. For example, a bank director should refrain from voting on a credit proposal to a borrowing corporate of which he is also a director. (Refer also EC3 under Principle 7).
APS 222 requires banks to set prudent limits on exposures to related entities. APRA has set specific limits to different classes of related entities under paragraph 27 of APS 222 (refer EC2 under Principle 9). Where APRA is uncomfortable with the risks associated with a bank’s exposures to related entities, APRA may impose a higher minimum capital requirement on the bank (paragraph 29 of APS 222).
A bank must satisfy APRA that it has adequate systems and controls in place for identifying, reviewing, monitoring and managing exposures arising from dealing with related entities (paragraph 14 of APS 222).
Banks must submit reporting form ARF 222.0 Exposures to Related Entities quarterly to APRA. APRA may impose additional reporting requirements on a bank to seek further information about dealings with related entities (paragraph 33 of APS 222).
Prudential Standard APS 222 — Associations with Related Entities defines, for the purpose of APRA’s related party exposure policies, ‘related entity’ to be all entities controlled, directly or indirectly, by the bank or the ultimate domestic parent of the bank. APRA also utilises the criteria for ‘related counterparties’ in Prudential Standard APS 221 paragraph 8, which include linkages by cross guarantees, common ownership or management, the ability to exercise control and financial interdependency. This definition of related parties is focused on companies, and would include affiliated companies and companies controlled by insiders and shareholders.
APRA has not set specific requirements on banks’ lending to connected individuals such as shareholders, directors or employees, instead relying on the provisions of the Corporations Act and the Australian Stock Exchange (ASX) rules on corporate governance where applicable. APRA reviews credit files of connected parties during on-site Prudential Reviews to obtain assurance that such transactions are at arm’s-length and under the same terms and conditions as independent third-party customers. This supervisory focus reflects the ownership structure of banks in Australia, where no single party can own or control a bank. Unlike in other jurisdictions where ownership often links a bank to its borrowers, there are no such connections in Australia. In fact, almost all the Australian-owned banks are publicly listed and widely owned.
APRA sets large exposure limits on related party lending (refer EC2 under Principle 9). The limit for related banks is the same as for unrelated banks, at 50 per cent of the bank’s level 1 capital base (applied to both level 1 and level 2 for unrelated banks). The aggregate limit for related non-bank regulated entities is 35 per cent of level 1 capital base. This is somewhat more lenient than the exposure limit of 25 per cent of capital base for non-bank unrelated groups.
As part of APRA’s regular credit risk on-site prudential reviews, APRA assesses the overall credit risk management framework of a bank, including the identification and management of country and transfer risk. This is specified in the APRA Supervision Framework (ASF) Module 8 — Credit Risk. It is general practice for Australian banks to monitor country exposures on an individual country basis, and APRA requires banks to do so through the preparation of the International Exposures Return and International Operations Return. The information in these returns is then used by supervisors to analyse the country exposure risk of the bank.
During on-site prudential reviews for credit risk, APRA verifies that banks have information systems, risk management systems and internal control systems to comply with country and transfer risk policies and procedures. As part of APRA’s prudential role, it requires an on-going investment in systems by banks to ensure that risk management capabilities are appropriate. APRA requires that the management information systems in place support the portfolio management objectives of the bank and alert the board and management to emerging risks. These systems should measure indebtedness against approved lending limits, risk concentrations and credit quality over time, and determine if the portfolio reflects board-approved loan policy for international exposures.
APRA expects banks themselves to set provisioning levels for all exposures, including international exposures in accordance with the requirements of APS 220. APRA requires the level of general and specific provisions to be reviewed regularly by the bank to ensure that the amount of provisioning is consistent with current expectations of credit losses. APRA reviews all provisioning levels during on-site credit risk reviews. In addition, banks’ external auditors review provisioning levels as part of their annual audit of banks’ publicly disclosed accounts.
Reporting standards ARF 231 International Exposures and ARF 325 International Operations require the quarterly submission to APRA of information on banks’ international operations. These data are reviewed by supervisors and form part of the overall risk assessment of the institution.
APRA ensures that market risk policies and procedures are adequate through regular on-site reviews by market risk and risk model specialists, and through review of updated risk policies submitted by institutions to APRA. Prior to an on-site review, each bank is required to provide APRA with its market risk policies and copies of board and senior management market risk reports, as well as any recent independent internal and external reviews of the effectiveness of the market risk management framework. APRA conducts inspections of both traded and non-traded market risk.
In respect of traded market risk, it is a requirement of Prudential Standard APS 113 — Capital Adequacy: Market Risk that APRA is immediately notified of any changes made to the trading book policy statement, which includes the introduction of new traded products and material changes to market risk limits and policies and procedures in relation to identification, measurement, reporting and control of traded market risk. The Risk Models team will, for approved internal model-users, also review the robustness of the internal market risk model through regular on-site inspections as well as when new traded products are introduced, and when the bank wishes accreditation for a new or improved market risk model.
It is a requirement of APS 113 that internal market risk model-users undertake regular independent internal or external reviews of the market risk management framework, as well as test the accuracy and effectiveness of the internal model. APRA receives information quarterly from internal model users which details Value at Risk (VaR) (and capital) usage, stress test and back testing results.
APRA’s supervision framework ensures that market risk policies for traded and non-traded market risk are reviewed on a periodic basis dependent on the current supervisory stance of each bank.
In relation to non-traded market risk, APRA assesses each bank’s management and control of non-traded market risk against the ‘Basel Principles for the Management and Supervision of interest rate risk (July 2004)’.
Through regular review of each bank’s trading book policy statement and its program of on-site reviews, APRA determines that banks have appropriate limits in place for all relevant VaR, linear and non-linear market risks. APRA also assesses whether intra-day market risk taking is controlled through limits and periodic monitoring.
APRA reviews the products included in each bank’s trading book, its trading strategy, market risk reports, trading budget and profit and loss (P&L) reports. The APRA on-site review includes presentations from:
- senior management on the trading strategy;
- treasury management on dealer mandates, limit utilisation, and P&L performance; market risk management on the risk management framework; and
- internal audit on the robustness of the market risk management framework, including adherence to limits and adherence to escalation processes when limits have been exceeded.
The design of limits is assessed to understand how the limit framework serves to restrict excessive exposures across linear and non-linear risk factors.
APRA also reviews the non-traded market risk limit framework, ensuring that interest rate risk in the banking book is managed in a segregated environment with appropriate limit methodologies.
APRA has the power to raise the capital charge for market risk and will do so should it have concerns over the effectiveness of a bank’s internal market risk model and/or its market risk management framework. This includes the power to raise the multiplication factor, rescind internal model recognition, and/or restrict trading.
Where an ADI is undertaking excessively large non-traded market risk then APRA can, and has, imposed higher bank-wide minimum capital adequacy requirements or capital adequacy requirements that relate specifically to non-traded market risk. APRA has undertaken a number of high profile interventions of this kind.
APRA verifies the veracity of each bank’s market risk management framework by conducting on-site examinations on a regular basis, determined by the supervisory risk rating of each regulated entity. The on-site review includes analysis of front office, market risk management, information technology, accounting, back-office and internal/external auditors. During these reviews, APRA examines compliance with internal polices and limits and the effectiveness of middle and back office functions. At the conclusion of these visits, APRA will present its recommendations to each bank in relation to improving the market risk management framework. Adherence with established limit frameworks is tested along with the disciplinary approach of the bank. Each internal model-user reports to APRA quarterly with statistics addressing the frequency of breaches of limits, both value at risk (VaR) and non-VaR.
During the on-site reviews, APRA will examine policies and systems in relation to deal capture, deal input, confirmation, authorisation and settlement. In addition, APRA also reviews the appropriateness of procedures to capture independent revaluation rates and processes which seek to periodically test the accuracy of such rates. A key requirement is that revaluation rates are sourced by officers independent of the front office, and are validated for accuracy (tolerance and stale price checks). In addition, where the accuracy of the revaluation is in doubt, appropriate accounting treatment is applied, such as provisioning for the amounts in doubt, rather than taking them directly to the Profit and Loss account.
APRA requires that all banks that have an approved internal model undertake a range of standard and institution-specific scenarios and stress tests on a regular basis. These banks are also required to back test their internal models regularly, with the number of exceptions reported to APRA and reviewed by the Risk Models unit who may initiate further investigation of a bank’s internal model should the back testing results suggest poor model performance. Poor model performance may lead to an adjustment in the model’s multiplier.
APRA also has the ability to require all internal model-users to participate in portfolio testing exercises which involves each internal model user calculating the capital charge on a simple standard portfolio determined by APRA. The purpose of this is to ensure consistency across all internal model-users.
APRA assesses the adequacy of stress testing and back testing procedures during regular on-site examinations and through the quarterly review of market risk returns.
APRA also requires that banks undertake regular internal audits of the market risk management system, including a review of the front office and independent risk control unit. This review should encompass at a minimum:
- the scope of market risks captured by the risk management model;
- the integrity of the management information system;
- the accuracy and completeness of position data;
- verification of the veracity and independence of data sources used to run internal models;
- the accuracy of volatility and correlation assumptions;
- verification of the model’s accuracy through frequent back testing;
- the approval process for risk pricing models and valuation systems used by front and back-office personnel;
- the validation of any significant change in the risk measurement process;
- the organisation of the risk control unit; and
- the integration of market risk measures into daily risk management.
Internal and external audit report findings are reviewed by APRA as part of the on-site review.
APRA responsible supervisors are supported by specialist Balance Sheet & Market Risk and Risk Models teams within the Supervisory Support Division. These teams contain the expertise required to assess the qualitative and quantitative aspects of market risk management and control. Both the Balance Sheet & Market Risk and Risk Models teams have extensive relevant regulatory and industry experience.
APRA’s on-site reviews of banks are undertaken by teams drawn from ‘frontline’ responsible supervisors (who have detailed knowledge and understanding of the business operations of the institution under examination), and risk specialists (who possess the particular technical skills and experience to analyse the risk areas being examined).
As part of the on-site review process, APRA reviews market risk reports which have been recently presented to relevant board committees and to senior management committees. Through the review of material and discussions with market risk management and responsible executives, APRA seeks to gain comfort that market risk management is discussed sufficiently, and that market risk issues are elevated to an appropriate level within the bank. APRA also seeks to understand the audit process by which significant market risk audit findings are escalated within the institution.
APRA will intervene, and has intervened, where the level of oversight and governance exercised by the board and management is found to be below the standard expected.
As a part of the on-site review process, APRA reviews banks’ market risk reports with a view to ensuring that market risk information is adequately reported to senior management and relevant board committees. It is a requirement that stress testing results are regularly reported to the board and senior management and APRA reviews the adequacy of this reporting. APRA seeks to understand the detail of stress tests undertaken by the bank, the assumptions and calculation approach employed, and escalation processes where stress test results exceed agreed internal trigger levels.
APRA has specialised market risk and risk models teams in its Supervisory Support Division, which possess the technical skills and industry experience to assess and accredit sophisticated internal models. In addition, the internal model accreditation process requires banks’ internal auditors to undertake an independent assessment of the accuracy and completeness of the internal model used. This assessment must be carried out by an appropriately skilled party and, in most cases, is ‘outsourced’ to an external audit firm.
APRA expects the board and senior management of a bank to take responsibility for the overall risk management framework of the institution. Accordingly, the board must identify and understand the major risks faced by the bank and ensure that an appropriate, adequate, and effective system of risk management and internal control is established and maintained. The board must ensure that senior management monitors the effectiveness of the risk management framework and, when setting policies and making decisions in respect of the bank, the board must have regard to the interests of depositors at all times. APRA has released a comprehensive range of Prudential Standards that require banks to have in place specific risk management processes that are adequate for the size of the bank’s operations, and its risk profile.
Prudential Standards APS 220 — Credit Quality, APS 113 — Capital Adequacy: Market Risk, APS 120 — Funds Management and Securitisation, APS 210 — Liquidity, APS 221 — Large Exposures, APS 222 — Associations with Related Entities, APS 231 — Outsourcing, APS 232 — Business Continuity Management, and APS 310 — Audit and Related Arrangements provide the framework of minimum risk management standards that APRA expects banks to abide by. APRA verifies that banks abide by these standards and ensures they develop their risk management systems according to the business they undertake, through reporting made to APRA, and on-site and off-site reviews.
In addition, Prudential Standard APS 310 — Audit and Related Arrangements for Prudential Reporting requires banks to provide annually to APRA a declaration from the chief executive, endorsed by the board (or in the case of a foreign bank, by a senior officer from outside Australia with responsibility for overseeing the Australian operations) that the board and management have:
- identified the key risks facing the bank;
- established systems to monitor and manage those risks including, where appropriate, by setting and requiring adherence to a series of prudent limits;
- satisfied themselves through adequate and timely reporting processes that these risk management systems are operating effectively and are adequate having regard to the risks they are designed to control; and
- the risk management systems descriptions provided to APRA are accurate and current.
APRA reviews determine that regulated entities have in place effective risk management processes to address liquidity risk, interest rate risk and operational risk. APRA has issued prudential standards on liquidity risk, traded interest rate and foreign exchange risk (traded market risk — see Principle 12) and various operational risks such as outsourcing, business continuity planning, fit and roper requirements, and governance. APRA is also in the process of preparing prudential rules on Interest Rate Risk in the Banking Book (IRRBB) for both capital adequacy purposes and qualitative treatment of the risk.
Prudential Standard APS 210 — Liquidity requires banks to implement a ‘liquidity management strategy’ that APRA agrees is appropriate for the operations of the bank. APRA reviews the strategy on a periodic basis and banks are required to consult with APRA prior to making any material changes to the strategy. The strategy is required to cover both the local and overseas operations of the bank and include a liquidity management policy statement approved by the board of directors or a board committee; a system for measuring, assessing and reporting liquidity; procedures for managing liquidity; clearly defined managerial responsibilities and controls; a formal contingency plan for dealing with a liquidity crisis; and scenario analysis where appropriate (detailed in AGN 210.2 — Scenario Analysis).
APRA conducts an extensive program of reviews to assess banks’ procedures for the identification, monitoring and control of operational risk. These reviews address all risks of potential financial loss arising as a result of error, fraud or failure to perform obligations in a timely manner. These losses could result from a breakdown of systems, internal controls and corporate governance. In this context, APRA reviews and assesses institutions’ operational risk with a wide focus. APRA considers:
- information technology;
- electronic commerce/banking;
- internal control frameworks;
- business continuity planning;
- legal and organisational structure;
- reporting lines;
- product lines and distribution networks; and
- project management.
APRA has a specialist Operational Risk team within the Supervisory Support Division which provides specialist operational risk services to the responsible supervisors. In addition, APRA has issued specific prudential standards in relation to various operational risks, which detail requirements for the prudent management of those risks.
Prudential Standard APS 310 — Audit & Related Reporting Arrangements requires locally incorporated banks to have a comprehensive and independent internal audit process for reviewing and testing their internal controls and risk management systems. The scope of the internal audit should include a review of the processes and controls put in place by management to ensure compliance with APRA’s prudential requirements. Where the scale of a bank’s operations does not justify maintaining a full time internal audit function, the bank should agree alternative review arrangements with APRA. APRA reviews the work done by internal audit during on-site reviews.
Prudential Standard APS 232 — Business Continuity Management aims to ensure that banks implement a whole-of-business approach to business continuity management appropriate to the nature and scale of its operations. This Standard requires appropriate board consideration of business continuity risk; identification of critical business functions; identification of critical resources and infrastructure; and assessment of the impact of plausible disruption scenarios on all critical business functions. This needs to be followed by the development and maintenance of a Business Continuity Plan (BCP) that documents procedures and information which enable the bank to respond to disruptions and recover critical business functions. Banks must notify APRA as soon as possible and no later than 24 hours after experiencing a major disruption that has the potential to materially impact on depositors. APRA reviews business continuity management and BCPs during on-site reviews.
In addition, APRA conducts IT Operational Risk on-site reviews which cover major IT system requirements, modifications and developments. A typical IT Operational Risk on-site review will assess the IT risk management structure and strategy (including risk appetite, areas offocus); board oversight; IT risk policies and procedures; infrastructure management; application development; disaster recovery planning (recovery of IT systems); and security and fraud management.
Refer EC2 above.
APRA’s liquidity guidelines require banks to implement a liquidity management strategy approved by APRA. In addition, APRA requires banks to undertake scenario analysis to ensure they have sufficient liquidity to operate in normal and crisis situations. These tests provide the banks with guidance as to the amount of liquid assets they must hold. The banks then report to APRA periodically against these levels. APRA does not set guidelines for banks that undertake scenario analysis as such, but relies on them to maintain sufficient levels of liquid assets to cover the agreed scenarios.
If APRA deems a bank to be too small to warrant such scenario analysis, the bank is subject to minimum liquidity requirements specified in APS 210 paragraphs 10 — 14.
Guidance Note AGN 210.3 — Minimum Liquidity Holdings states that in assessing whether a particular asset is acceptable for the purpose of the minimum liquidity holdings requirement, APRA will have regard to the marketability and credit quality of the asset. This includes whether there is an established secondary market in which that particular asset can be readily sold, as well as the size of the bank’s holding of that asset relative to the bank’s liquid holding portfolio and to the total volume of the asset on issue. As a minimum, the asset must be free from encumbrances and be readily convertible into cash (Australian dollars if the asset is denominated in foreign currency) within two business days.
Adherence to limits within a bank, whether they be credit, market risk, liquidity or operational limits, is a focus of APRA’s on-site and off-site supervisory reviews. During on-site reviews, the structure of the limits and the appropriateness of limit levels are reviewed, as well as the level of usage of the limits and the adherence to them. APRA reviews ensure that monitoring of limit usage and limit compliance is undertaken by relevant business units, with verification from the bank’s risk management and internal compliance units. The adherence to limits is also reviewed off-site through the periodic reporting provided to APRA.
APRA has a supervisory system in place that includes on-site reviews, quarterly and annual financial analysis and risk rating of institutions (PAIRS). Risk management processes are assessed during on-site reviews and as part of the PAIRS assessment. Adherence to capital requirements is monitored quarterly and forms part of the PAIRS rating. Liquidity levels are also monitored quarterly, with liquidity management and strategy reviewed during on-site work.
APRA has in place detailed capital adequacy measures for credit risk and market risk consistent with those set out in the Basel Capital Accord. Over and above these requirements, APRA expects banks to have in place systems to identify, monitor and control all significant risks to which they might be exposed arising from their operations. A bank should hold a level of capital commensurate with its overall risk profile. Where APRA assesses that a bank capital adequacy is inadequate relative to its risk profile, it will require the bank to hold additional capital.
In this regard, APRA routinely assesses matters such as a bank’s strategic risk (its ‘risk appetite’), its exposure to operational risk, and the effectiveness of its internal compliance systems and, where shortcomings are identified, requires the bank to hold additional capital. As noted under Principle 6, as a result of these assessments, each Australian bank is typically required to meet individually specified Tier 1 and total capital ratios above the minima prescribed in APRA’s Prudential Standard APS 110 — Capital Adequacy. These ratios are kept under review and adjusted for changes in assessed risk or to incorporate risks not measured in the capital adequacy framework.
Annual reports of Australian banks include detailed statements setting out their risk management policies.
APRA follows a systems-based approach in supervising the liquidity of all banks. This approach places primary responsibility for liquidity management on the board of directors and management of a bank, and focuses on the processes and controls adopted by the bank.
Guidance Note AGN 210.1 — Liquidity Management Strategy requires banks with active involvement in multiple currencies and/or with significant positions in specific foreign currencies to address the procedures for liquidity measurement and management of these individual currencies in its strategy. The banks should assess the convertibility of individual currencies, the timing of access to funds, the impact of potential disruptions to foreign exchange markets and exchange risks before presuming that surplus liquidity in one currency can be used to meet the shortfall in another currency. In addition, the banks should have in place backup liquidity procedures for circumstances in which normal access to funding in individual currencies is disrupted.
APRA takes the approach that a bank’s liquidity management strategy must cover both the local and overseas operations across all currencies. Where a bank is active across multiple currencies and/or has significant foreign currency cash-flows, the liquidity management strategy should address the procedures for measuring and managing liquidity in these individual currencies. APRA expects banks to assess the convertibility of individual currencies, settlement conventions, the impact of potential disruptions to foreign exchange markets and exchange risks before presuming surpluses in one currency can offset deficits in another currency. A bank’s liquidity contingency plan should contain backup procedures for circumstances when normal access to funding in individual currencies is disrupted.
APRA requires that larger banks undertake cash flow scenario analysis and, where the bank has a significant presence in foreign currencies, scenarios should be run at both a consolidated and individual currency level, particularly where there are restrictions regarding the free flow of funds and/or local regulatory considerations.
Effective governance arrangements are a key limb of APRA’s prudential framework. Through its framework of prudential standards, APRA requires the boards of banks to ensure appropriate controls and risk management systems are in place to cover the primary risks faced by the bank and its operations as a whole.
APRA’s Draft Prudential Standard APS 510 — Governance sets out the minimum prudential governance requirements banks must adhere to as part of their overall governance arrangements. The objectives are to ensure that a bank is well-managed, has access to appropriate independent expertise, and gives due consideration to the impact of its decisions on depositors.
Draft APS 510 requires the board and senior management to institute effective governance arrangements within the bank, and specifies governance principles covering board and management, board composition requirements, independence, shareholder representation, board committees, internal audit, board renewal policy, notification requirements in respect of changes to directors, and the removal of impediments to raising directly with APRA any matter relevant to the prudential supervision of the bank.
Prudential Standard APS 110 — Capital Adequacy states that the board of a bank has the duty to ensure that the bank maintains an appropriate level of capital commensurate with the level and extent of risks to which the bank is exposed from its activities.
Prudential Standard APS 220 — Credit Quality states that it is the responsibility of the board of directors and management of a bank to ensure that an effective credit risk management system is in place and is appropriate to the needs of the institution concerned. In general, a credit risk management system should include methodologies with respect to monitoring and grading credit quality, measuring asset impairment, reporting impaired assets to APRA (and in published financial statements), valuing security and provisioning.
Prudential Standard APS 113 — Capital Adequacy: Market Risk states that it is the responsibility of a bank’s board of directors to approve strategies and policies with respect to market risk and to ensure that senior management takes the steps necessary to monitor and control these risks.
Prudential Standard APS 210 — Liquidity requires the board of directors and management of a bank to implement and maintain a liquidity management strategy that is appropriate for the operations of the bank to ensure that it has sufficient liquidity to meet its obligations as they fall due.
Prudential Standard APS 221 — Large Exposures states that the board of a bank is responsible for establishing, and monitoring compliance with, policies governing large exposures and risk concentrations of the bank. The board should ensure that these policies are reviewed regularly (at least annually) and that they remain adequate and appropriate for the bank. Any material changes to established policies must be approved by the board.
Prudential Standard APS 222 — Associations with Related Entities requires that for conglomerate groups headed by a bank, the board of the bank is responsible for ensuring that comprehensive policies and procedures are in place to measure, manage, monitor and report overall risk at a group level. To ensure that existing board-approved policies and the relevant controls remain adequate and appropriate for managing and monitoring overall group risk, the board or a board committee should review them regularly (at least annually) to take account of changing risk profiles of group entities. Any material changes to group risk management policies must be approved by the board.
Prudential Standard APS 232 — Business Continuity Management states that the prime responsibility for the business continuity of a bank rests with the board of directors of the bank, or in the case of a foreign branch, the senior officer outside Australia with delegated authority from the board. A key requirement of the Prudential Standard is that the board and senior management of the bank must consider the bank’s business continuity risks and controls as part of its overall risk management framework when completing the risk management declaration provided to APRA on an annual basis.
APRA places the responsibility for ensuring banks have adequate and appropriate internal controls and risk management processes on the board of directors and senior management. APRA requires the board to sign off on the adequacy of risk management systems annually. To assess and review whether the systems in place are sufficient, APRA conducts on-site Prudential Reviews, which cover all the main risk areas of the bank and the banking operations as a whole. In these reviews, APRA assesses the appropriateness of delegations and limits, separation of duties, decision-making procedures, management information systems and reports, accounting procedures and adequacy of resourcing.
In addition, APRA places considerable reliance on the work done by external and internal audits to review and assess the appropriateness of accounting systems and reporting. APRA periodically reviews these assessments and reports, particularly before and during on-site prudential reviews.
APRA places considerable importance on ensuring the board and senior management of a bank appreciate the underlying risks of the business they are running. Draft Prudential Standard APS 510 — Governance places the ultimate responsibility for the sound and prudent management of a bank on the board. The Standard states the board must identify and understand the major risks faced by the bank and ensure that an appropriate, adequate, and effective system of risk management and internal control is established and maintained. In addition, the board must ensure that senior management monitors the effectiveness of the risk management framework.
During APRA’s licensing process, the membership and overall composition of bank boards and senior management are assessed for their skills, experience and fitness and proprietary. In addition, board members and senior management are assessed as part of APRA’s ongoing supervisory work, including during prudential reviews and when undertaking PAIRS assessments.
Draft Prudential Standard APS 520 — Fit and Proper Requirements requires banks to notify APRA in writing within 28 days after any appointment, resignation, retirement or removal of a director, including:
- for an appointment, the person’s personal details, experience, professional associations, any current business or other professional relationships, a statement whether the person complies with the fit and proper criteria contained in the Standard; and
- for a material change of responsibilities, details of the change.
When assessing appointments to the board, APRA ensures that individual directors and the board as a whole possess the requisite skills and experience to manage the risks undertaken by the bank.
There are also a number of formal legislative provisions relating to the composition of bank boards and senior management. Primarily, the Banking Act Division 3 prohibits a ‘disqualified person’ from acting as a director or senior manager of a bank. The Division defines who is to be considered a ‘disqualified person’ (section 20) and empowers APRA to disqualify a person. In addition, the Division empowers APRA to direct a bank to remove a director or senior manager who does satisfy APRA’s ‘fit and proper’ requirements.
APRA’s direction-giving powers under section 11CA of the Banking Act take this a step further by allowing APRA to remove any employee of the bank or appoint a person as a director, secretary, executive officer or employee when APRA considers that the affairs of the bank are being run in an unsound way or that there is a threat to its ability to repay depositors.
During APRA’s various on-site Prudential Reviews, the skills and resources of back office and operations functions are assessed. These reviews test whether back office functions and controls are adequately resourced and are able to act as an effective ‘counterweight’ to front office business units.
Prudential Standard APS 310 — Audit and Related Arrangements for Prudential Reporting, as well as APRA’s Draft Prudential Standard APS 510 — Governance, requires the board of locally incorporated banks to establish an Audit Committee made up of a majority of non-executive directors to monitor compliance with the board policies, as well as prudential and statutory requirements. The Audit Committee should, as a minimum, oversee the bank’s financial reporting, internal and external audits, and appointment of the external auditor. Internal audit must have a reporting line and unfettered access to the Board Audit Committee. Members of the Audit Committee must be available to meet with APRA as required.
In addition, APS 310 requires locally-incorporated banks to have a comprehensive and independent internal audit process for reviewing and testing their internal controls and risk management systems. The scope of the internal audit should include a review of the processes and controls put in place by management to ensure compliance with APRA’s prudential requirements.
APS 510 requires the Board Audit Committee to take responsibility for oversight of APRA reporting requirements, as well as compliance with other accounting and reporting standards. The Committee must ensure the adequacy and independence of the internal and external audit functions, and must regularly review both internal and external audit programs. These must be adequate to the risks borne by the bank and its financial reporting requirements. The Committee must put in place procedures to enable employees to submit to it, confidentially, any concerns about the bank’s accounting, internal control, compliance and audit practices.
APRA reviews the workings of a bank’s audit function as part of its program of on-site prudential reviews. Whether they are a market, credit or operational risk focus, internal audit’s involvement in the business lines and the resourcing of the function is reviewed and assessed. If there are deficiencies, APRA will require additions or changes to the function to ensure it has appropriate access, resources and independence.
In practice, APRA has access to all bank reports, files and documents. These documents are routinely obtained, particularly as part of APRA’s on-site prudential reviews. Should APRA need to exercise formal powers to obtain this information, these are available under the Banking Act. Specifically, audit reports could be obtained from banks through section 62, which empowers APRA to obtain any information that it requires for prudential purposes, while section 13 of the Act specifically enables APRA to obtain information from a bank in relation to its financial stability.
Australia employs a unicameral board structure. APRA’s Draft Prudential Standard APS 510 — Governance requires the board of a bank to have a minimum of five directors at all times and maintain a majority of independent non-executive directors. The Chairperson of the board must be an independent non-executive director and a majority of directors present and eligible to vote at all board meetings must be non-executives. In addition, there must be at least one independent non-executive director on the board who has financial expertise (that is, the person is a qualified accountant or other finance professional with experience of financial and accounting matters).
Refer EC 5.
APRA’s Draft Prudential Standard APS 510 — Governance requires that banks have a Board Audit Committee. Paragraphs 49 — 64 of APS 510 set out APRA’s requirements for Board Audit Committees. These include requirements relating to the composition of the committee:
- Board Audit Committees must have at least three members — all of whom must be non-executive directors;
- a majority of the members of the committee must be independent;
- the chairman of the committee must be both independent and non-executive, and cannot be the Chairman of the full board; and
- all members of the committee must be financially literate and at least one member should have relevant expertise.
APRA has promulgated licensing guidelines for banks to ensure that applicants of suspicious repute or with weak internal controls would not be granted authorisation (refer Principle 3). Directors and senior management of a proposed bank must satisfy APRA that they are fit and proper to run the bank, with integrity and reputation among the key attributes. A proposed bank must have policies and procedures in place to ensure compliance with laws and regulations. Bank applicants must also satisfy APRA that their risk management and internal control systems are adequate and appropriate for monitoring and limiting risk exposures, including exposures to operational risk. In addition, applicants must have information systems and organisation structures that allow prompt and timely reporting internally and to meet statutory reporting requirements.
Section 16 of the Financial Transaction Reports Act 1988 (FTR Act) requires cash dealers in Australia to report suspicious transactions to the Australian Transaction Reports and Analysis Centre (AUSTRAC), Australia’s financial intelligence unit. The scope of reportable transactions includes tax evasion, terrorist financing and offences against Commonwealth or territory law including money laundering. State legislation also requires reporting of suspicious transactions relating to offences against state laws.
Section 7 of the FTR Act requires cash dealers to report significant cash transactions (any transaction with a cash component of $10,000 or more) to AUSTRAC. In addition, section 17B of the FTR Act requires cash dealers to report all customer-based international funds transfer instructions. These reports allow AUSTRAC to identify items of interest which may relate to criminal activity, including fraud.
The term ‘cash dealer’ includes all deposit-taking institutions authorised under the Banking Act.
The FTR Act requires cash dealers offering accounts, as defined by the legislation, to obtain the necessary identification verification information from all signatories to ‘accounts’ offered by the individual institution. The term account is defined in section 3 of the FTR Act, along with the terms ‘account information’, ‘signatory’ and ‘signatory information’. These definitions broadly define the necessary information the bank is obliged to obtain and retain.
The documents retention provisions of the FTR Act are addressed in sections 20 and 23 and Part 6A (sections 40C—40S) and include specific requirements for customer identification, reportable transaction and the period of time such information needs to be retained.
In its on-site prudential review of banks, APRA conducts analysis of a bank’s risk management framework, including an assessment of the bank’s compliance and internal audit functions. Prevention and identification of fraud is one of the basic topics covered under an operational risk review.
Under Part IVA of the FTR Act, AUSTRAC conducts inspections of cash dealers in relation to compliance with reporting and other obligations under the Act. AUSTRAC produces a number of Information Circulars and Guidelines to assist industry, including banks, to understand correctly its various FTR Act obligations, including suspicious transaction reporting.
Section 7 of the FTR Act also requires cash dealers to report significant cash transactions (any transaction with a cash component of $10,000 or more) to AUSTRAC as transactional information i.e. mandatory threshold reporting. In some cases, a submission of a significant cash transaction report is accompanied by a suspicious transaction report.
Section 17B of the FTR Act also requires cash dealers to report international funds transfer instructions, from which AUSTRAC is able to identify items of interest which may relate to criminal activity including fraud.
The FTR Act requires cash dealers to meet their reporting, customer identification and document retention obligations. There is no legislative requirement to appoint a specific senior officer with anti-money laundering responsibilities. However, AUSTRAC does recommend that a designated senior officer be appointed with responsibility for compliance with the FTR legislation.
APRA reviews a bank’s compliance framework in its prudential review process. At a minimum, APRA expects a bank to have procedures to:
- identify all relevant legislative requirements with which the bank is required to comply;
- record who has primary responsibility for ensuring compliance with specific requirements;
- specify who is responsible for monitoring compliance with each of these requirements;
- establish a procedure for compliance sign-offs by senior management and the board as appropriate;
- set out a timetable for compliance monitoring; and
- establish a structure, methodology and timetable for reporting to the board (or board committee) on compliance.
Refer EC4 above.
AUSTRAC considers the suspicious reporting chain of command, including standard operating procedures, amongst other things, when doing compliance inspections on regulated entities.
APRA considers the management structures of banks in prudential reviews conducted under the APRA Supervision Framework — Module 2 — Management. This process ensures there is appropriate balance between the roles and responsibilities and formal delegations for senior and key operational managers. APRA checks the reporting lines flowing between senior and operational managers to the board and board committees of banks at on-site examinations. APRA requires every bank to have an Audit Committee, made up of a majority of non-executive directors, to monitor compliance with board policies, as well as all prudential and statutory requirements.
Refer response to EC1 on reporting of suspicious transactions to AUSTRAC.
The Banking Act imposes a duty on APRA to protect depositors. In this regard, APRA requires banks to inform APRA of any matters, including criminal offences or fraudulent activities, that may jeopardise the ability of the bank to repay depositors.
Sections 16 and 17 of the FTR Act provide protection for cash dealers submitting suspicious transaction reports to AUSTRAC in certain circumstances.
AUSTRAC’s regulatory program includes compliance inspection of cash dealers to ensure they are fulfilling relevant obligations under the FTR Act. In practice this requires an assessment of an institution’s respective AML compliance program. The FTR Act contains both injunction and criminal penalties.
APRA reviews a bank’s compliance framework as part of its on-site prudential reviews. Sanctions that exist for APRA, as the prudential regulator, may apply for AML/CFT measures where relevant to their regulatory objectives and functions.
Section 27(11A) of the FTR Act enables AUSTRAC to share information with ‘foreign countries’. This section does not restrict the organisations with which AUSTRAC can share information in those countries. To this point in time, AUSTRAC has not been approached to exchange information with agencies other than other financial intelligence units (FIUs), but it can exchange information with foreign supervisory bodies. AUSTRAC currently has 43 exchange agreements allowing it to share financial intelligence with other FIUs. It also maintains agreements with 28 partner agencies including a broad range of domestic law enforcement, national security, revenue collection and social justice agencies (as listed in section 27 of the FTR Act) which enable the exchange of financial intelligence.
Section 56 of the APRA Act allows APRA to disclose protected information to a financial sector supervisory agency, or any other agency (including foreign agencies) specified in the regulations, when the disclosure will assist the agency to perform its functions or exercise its powers. In this regard, Regulation 5 has specified AUSTRAC, the Australian Federal Police, the Police Forces of all states and territories, and the Australian Crime Commission as agencies to whom APRA may disclose protected information. APRA has also entered into MOUs with ASIC, the RBA and the Australian Tax Office to facilitate cooperation and information-sharing.
APRA has issued Draft Prudential Standard APS 520 — Fit and Proper Requirements setting out minimum standards that banks must apply in determining the fitness and propriety of individuals to serve in responsible positions.
Currently the main AML/CFT legislation that affects financial institutions is the Financial Transaction Reports Act 1988 (FTR Act) and the Financial Transaction Reports Regulations 1990, which are largely compliant with the FATF’s Forty Recommendations (1996 version).
Australia is in the process of undertaking a review of AML/CFT measures involving extensive consultation with industry. A draft exposure Bill is currently being prepared that will bring Australia’s AML/CFT regime in line with the latest FATF recommendations. It will address areas of FATF interest including customer verification and ongoing due diligence requirements, suspicious and other threshold transaction reporting obligations, recordkeeping and other requirements relevant to the financial sector.
Whilst not a legislative requirement AUSTRAC strongly encourages institutions to train staff on anti money-laundering detection and prevention. AUSTRAC provides some education/awareness raising for banks on the FTR Act, on an as requested basis. A comprehensive AML/CFT e-learning program is available on AUSTRAC’s website.
Whilst there is no legislative obligation to inform relevant criminal authorities of any suspicious transactions, as an operational FIU, AUSTRAC acts as a conduit between industry and law enforcement, providing suspicious transactions reports to the relevant agency. Approximately 2500 staff in 28 partner agencies have direct on-line access to AUSTRAC’s data. This access is to AUSTRAC’s financial transaction database, which contains nearly 70 million reports and more than 1 billion bits of information. AUSTRAC’s technology solutions also scan the database and, through the use of data mining and other tools, identifies ‘items of interest’ (AUSTRAC-generated suspicious transactions) across all of the reporting organisations. AUSTRAC is not just limited to one suspicious report, but rather several networks of information from a range of different transactional activity collected across all reporting entities. It provides these items of interest to joint agency taskforces, and also bilaterally to investigators in its partner agencies. Part IV (Secrecy & Access) of the FTR Act (sections 25 — 27AA) addresses the issue of access to AUSTRAC’s financial intelligence by the broader partner agency community which includes law enforcement, national security, revenue collection and social justice authorities.
AUSTRAC is able to provide financial intelligence to the agencies designated in section 27 of the FTR Act. Those agencies have direct on-line access to AUSTRAC data. APRA may provide protected information to agencies listed under regulation 5 (refer EC10 above). See also the information provided in relation to AC3. The information referred to in AC3 is used as intelligence and can be provided to prosecutors. However, reports of suspicious transactions are not required to be provided to a court of law. In most cases, transactional reports identify evidence which is then obtained by investigators and submitted to the courts by; the prosecutors.
AUSTRAC is Australia’s financial intelligence unit (FIU) and has a dual role as both an FIU and anti-money laundering regulator.
APRA has a comprehensive system of on-site and off-site reviews and analysis. APRA takes an integrated approach to the conduct of its off-site and on-site assessments with frontline responsible supervisors working closely with risk specialists to bring together technical expertise and institutional knowledge in the preparation of prudential assessments.
APRA’s off-site analysis addresses all material risks to which the institution being assessed is exposed, and typically includes:
- strategy and business risk;
- capital adequacy;
- earnings and financial performance;
- asset quality (included impaired assets);
- traded market risk;
- interest rate risk;
- operational risk, including IT systems;
- changes to business mix or to organisational structure;
- changes to subsidiaries and associates;
- contagion risk from subsidiaries and associates; and
- legal and regulatory compliance. APRA’s program of on-site analysis of banks is built around the key risk areas of:
- credit risk;
- balance sheet and market risk;
- operational risk; and
- models risk.
but also assesses the effectiveness of a bank’s overall risk management framework and corporate governance. Included in this, APRA assesses the bank’s board and management, its risk management systems, internal controls, and management information systems during on-site Prudential Reviews. In addition, these reviews assess compliance with APRA’s prudential requirements.
APRA utilises external auditors to ensure the information provided by banks is reliable. Paragraph 13 of Prudential Standard APS 310 — Audit & Related Arrangements for Prudential Reporting requires external auditors to provide simultaneously to APRA and the Audit Committee (or in the case of foreign banks, the senior country managers) a report as at the latest balance date detailing the external auditor’s assessment of the reliability of the statistical and financial data provided by the bank to APRA.
APRA’s off-site work involves assessing the financial strength of an institution and qualitative assessment of an institution’s management, operations and risk management systems. The analysis includes regular ‘quarterly analysis’, annual reviews, PAIRS risk assessments and assessment of prudential issues as they arise.
Financial analysis focuses on capital levels and quality, risk assets and risk weighting, market-traded product activity, credit quality, provisioning levels, large exposures, liquidity and earnings, and is based on data provided in APRA’s quarterly returns:
- ARF 110.0 Capital Adequacy;
- ARF 112.1 On Balance Sheet Risk Weighting Schedule;
- ARF 112.2 Off Balance Sheet Business Return;
- ARF 113.0 Market Risk;
- ARF 113.1 Repricing Analysis;
- ARF 210.0: Statement of High Quality Liquid Assets Calculation;
- ARF 220.0 Impaired Assets;
- ARF 220.3 Prescribed Provisioning;
- ARF 220.5 Movements in Provisions for Impairment;
- ARF 221.0 Large Exposures;
- ARF 222.0 Exposures to Related Entities;
- ARF 230.0 Commercial Property(Banks);
- ARF 231.1, 231.2 & 231.3 International Exposures;
- ARF 320.0 Statement of Financial Position;
- ARF 320.1 Debt Securities Held;
- ARF 320.2 Equity Securities Held;
- ARF 320.3 Debt Securities on issue;
- ARF 320.4 Accepted and Endorsed Bills;
- ARF 320.5 Securities Subject to Repurchase & Resale & Stock Lending & Borrowing;
- ARF 320.7 Deposits and Loans Classified by State and Territory;
- ARF 320.9 Intra-Group Receivables and Payable;
- ARF 321.0 Statement of Financial Position (Offshore Operations);
- ARF 323.0 Statement of Financial Position;
- ARF 325.0 International Operations;
- ARF 326.0 Offshore Banking Units;
- ARF 330.0 Statement of Financial Performance;
- ARF 330.1 Interest Income and Interest Expense;
- ARF 330.2 Other Operating Income;
- ARF 330.3 Other Operating Expenses;
- ARF 331.0 Selected Revenue and Expenses;
- ARF 332.0 Statement of Economic Activity;
- ARF 391.0: Commercial Finance;
- ARF 392.0: Housing Finance;
- ARF 393.0: Lease Finance;
- ARF 394.0: Personal Finance;
- ARF 395.0 Business Finance; and
- ARF 396.0 Points of Presence.
Annual reviews and PAIRS risk assessments incorporate all information available to supervisors, including material and analysis undertaken during on-site review work, internal and external audit reports, research and commentary from the general market and discussions with the institution in relation to specific issues. In addition, the quarterly information submitted to APRA is reviewed for compliance with prudential standards.
Each quarter a chartbook containing banking sector trend information and individual bank data is produced and made available to responsible supervisors. This chartbook, along with a publicly available set of banking sector statistics (some of which show distributional as well as aggregate data), helps identify outlier bank data. Each half-year a report overviewing banking sector trends, performance and issues is produced for consideration by APRA senior management and is made available to responsible supervisors so they aware of these issues and to assist them in reviewing the risks and performance of their banks.
Banking sector trend analysis is undertaken by bank analysts when preparing quarterly and annual assessments.
Refer EC1 above.
APRA applies both on-site and off-site techniques to the prudential supervision of Australian banks, and the two functions are closely integrated (refer EC1).
APRA’s off-site analysis of banks is conducted by responsible supervisors in its frontline divisions, Diversified Institutions Division and Specialised Institutions Division, with supervisors being assigned a portfolio of institutions. (In the case of larger institutions, this portfolio might consist of a single institution or part of an institution). Off-site analysis is undertaken on a continuous basis, with responsible supervisors producing annual and quarterly assessments on the prudential condition of their assigned institution.
The frequency of on-site reviews to banks is determined by a combination of minimum review cycles and risk-based prioritisation. Where a bank is assessed as being subject to additional risk, or where APRA has identified a potential risk weakness, APRA will increase the frequency and intensity of its on-site reviews.
At the heart of APRA’s risk prioritisation is its Probability and Impact Rating System and its Supervisory Oversight and Response System. These two key tools provide the infrastructure to ensure that risks are being assessed consistently across APRA and that proportionate prudential interventions are being taken.
Probability and Impact Rating System (PAIRS)
PAIRS is a tool used by APRA supervisors to classify regulated financial institutions on two key dimensions:
- the probability that the institution may be unable to honour its financial promises to beneficiaries — depositors, policyholders and superannuation fund members. To prepare a PAIRS profile, the various elements of inherent risk in institutions — counterparty risk; market risk; operational risk; liquidity risk; legal/regulatory risk; strategic risk and related party risk — are assessed; and
- the potential impact should the institution fail (which is measured by the institution’s balance sheet size).
PAIRS involves supervisors considering and assessing:
- for each of the elements of inherent risk, how risky each is and how significant it is for each institution;
- for seven elements of management and control in institutions, how important and effective are these at mitigating the institution’s inherent risks;
- for three elements of capital support, how much of a buffer does this support provide to deal with unexpected issues and losses; and
- taking into account inherent risks, management and controls and capital support, what is the overall risk that the institution will fail to meet its obligations to its beneficiaries.
Each institution is assigned one of five PAIRS ratings: Low; Low Medium; High Medium; High; or Extreme.
Supervisory Oversight and Response System (SOARS)
SOARS is the system APRA uses to transform PAIRS risk assessments of a supervised entity into a supervision strategy for the entity. The PAIRS rating, together with the bank size, produces one of four supervisory stances for the supervision of the bank: Normal; Oversight; Mandated Improvement; or Restructure. SOARS thus determines the qualitative nature of the supervisory relationship between APRA and the supervised entity and the planned supervisory activities for that entity in the near future.
Normal supervision activities include assessment and analysis of regular data received from banks, monitoring market intelligence on developments affecting a bank, maintaining a good knowledge of changes occurring within a bank, conducting on-site and off-site reviews on specific areas of a bank’s business and operations and conducting a formal PAIRS risk assessment of the bank.
Extra supervision activities may include ensuring a bank rectifies identified shortcomings in its strategy, structure, personnel, systems or business and, in the extreme, using formal sanctions to adjust a bank’s business and risk profile to bring it within acceptable limits.
PAIRS and SOARS are supported by:
- the APRA Supervision Framework which sets out the methodology for the conduct of APRA prudential reviews; and
- the Activity & Issue Management System which records and tracks all prudential reviews and other activities and interventions.
APRA Supervision Framework (ASF)
ASF requires that responsible supervisors undertake a prudential review of the following functions at least every year for all banks:
- board workings;
- management team effectiveness;
- business strategy;
- structure and relationships of the institution;
- adequacy and sustainability of capital; and
- risk management framework.
On-site visits are conducted based on the key areas identified during the PAIRS risk assessment process. ASF provides supervisors with detailed guidance on topics to examine, what is good and bad practice and how to assess topics so that consistent PAIRS ratings result.
Activity & Issue Management System (AIMS)
A record of all planned supervisory activities is held in AIMS and successful completion of these activities is recorded. This enables supervisory resources to be appropriately allocated and management to effectively follow up planned or outstanding supervisory activities.
APRA continuously reviews and upgrades its supervisory process and practices, drawing on international and local regulatory expertise. Predominantly, this process is undertaken by management in APRA’s ‘frontline’ and in its Policy, Research and Statistics Division. Management review of supervisory practices and procedures is supported by APRA’s Business Improvement Unit.
APRA routinely examines reports prepared by both internal and external auditors.
Section 16B of the Banking Act empowers APRA to require a person who is, or has been, an auditor of a bank or a bank subsidiary to provide information to APRA about the bank or subsidiary, if APRA considers that the provision of the information, or the production of the books, accounts or documents, will assist APRA in performing its functions under the Banking Act.
APRA’s PAIRS risk rating system and ongoing prudential review modules determine the way in which responsible supervisors assess the risks faced by banks and focus supervisors on the higher risk areas (refer EC4). The system is designed to promote early detection of potential risks and ensure that these are responded to in a consistent fashion. This enables APRA’s prudential interventions and further supervisory work to be targeted on those areas which present the more significant risks.
Refer Principle 1(6).
Internal audit work conducted within Australian banks is generally thorough and of a high standard. A high degree of professionalism is maintained by internal auditors and this is supported by reporting lines direct to Board Audit Committees. APRA makes extensive use of internal audit reports in conducting its prudential reviews. These reports valuable insights into the workings of a bank’s risk management and internal control systems, and add value to APRA’s prudential analysis.
APRA meets regularly and frequently with bank management. APRA meets annually with the chief executive and heads of relevant functions to review APRA’s assessment of the prudential condition of the bank and discuss any issues of emerging concern. APRA also meets with senior executives of the bank when conducting its prudential reviews and when issues that arise in the course of its ongoing prudential oversight.
APRA meets periodically with bank boards. During these meetings, APRA discusses emerging areas of concern and draws the board’s attention to any significant issues it has with the bank.
The APRA Supervision Framework requires supervisors to periodically review and assess the bank’s board, management, strategy, structure and relationships, capital, risk management, operational risk, credit risk, and balance sheet and market risk. These reviews involve assessing information off-site and conducting on-site prudential reviews. When on-site, APRA meets with senior and middle management to discuss the above topics.
APRA’s supervisory system encompasses on-site reviews, off-site analysis and regular meetings with bank management, staff and board on various issues. The off-site surveillance is based on information supplied to APRA on a quarterly basis through the APRA returns (information required through reporting standards issued by APRA) and other information required to be submitted by prudential standards. APRA’s on-site prudential reviews are conducted on a regular basis, depending on the size, complexity and risk rating of the institution.
Refer to Principle 16 for more detail of APRA’s on-site and off-site review methodologies and of how these fit together.
Banks are required to notify APRA in advance of any material change to their business operations or mix of business, and to notify APRA immediately they become aware of any material adverse development to their risk position. While this requirement is not expressed in any prudential standard, it is a norm to which APRA strongly expects banks to adhere; a failure to do so would have a negative impact on APRA’s risk assessment of the bank or may attract enforcement action.
For conglomerate groups, paragraph 4 of Prudential Standard APS 222 — Associations with Related Entities requires the board of a bank to advise APRA in advance of any proposed changes to the composition or operations of the group with the potential to materially alter the group’s overall risk profile, including any proposed changes to the bank’s stand-alone operations, and obtain APRA’s prior approval for the establishment or acquisition of a regulated presence domestically or overseas. The Standard also requires banks to establish appropriate policies, systems and procedures to monitor compliance with APRA’s prudential requirements on a group basis. Banks are required to provide APRA with details of group members, including nature of business, management structure of the group, intra-group support arrangements and intra-group exposures.
In addition, banks are required to notify APRA immediately after it becomes aware of any breach of a prudential standard requirement or a condition of a banking authority by any group entity and of any circumstances that might reasonably be seen as having a material impact and potentially adverse consequences for a bank in the group or for the overall group.
APRA assesses the quality of management as part of the bank licensing process (refer EC1 under Principle 3).
The APRA Supervisory Framework Module 2 requires APRA supervisors to conduct prudential reviews to assess the quality of bank management. The assessment includes management composition and structure, and fit and proper test. In addition, the APRA PAIRS assessments require supervisors to rate the quality of senior management.
All of APRA’s key prudential requirements apply on a solo and consolidated bank basis.
APRA has authority under the various powers conferred on it by the Banking Act to collect all information it deems necessary for prudential supervision. In addition, under paragraph 13 of the Financial Sector (Collection of Data) Act, APRA is empowered to collect information by determining reporting standards for banks. APRA has determined 43 of these standards (see http://www.apra.gov.au/Statistics/ADIs-Reporting-Standard.cfm), which require the submission on a quarterly and annual basis relevant financial information in both the stand-alone and consolidated form.
The returns capture data in relation to the financial position and performance of the bank; capital adequacy; provisioning; large exposures; derivative activity and related party activity and include both on and off-balance sheet items. (Refer to EC2 under Principle 16 for a list of the APRA returns.) In addition, a number of reporting obligations arise out of requirements in APRA’s prudential standards and guidance notes which responsible supervisors analyse and monitor.
APRA reporting standards, and reporting instructions accompanying APRA returns, specify the information that APRA requires, the form in which it is to be presented and the accounting standards under which the information is to be prepared. Where appropriate, APRA is able to specify that information be reported in a form different from the applicable accounting treatment.
APRA places the overall responsibility of ensuring that an appropriate set of policies and procedures for the authorisation of data submitted to APRA is in place on the board and senior management of the bank.
APRA reporting standards require the submission of data for specific reporting periods and timeframes. Failure to abide by the requirements of a reporting standard incurs a criminal sanction. In addition, section 14 of the Financial Sector (Collection of Data) Act requires the Principal Executive Officer of a bank to notify the board of the bank, as soon as practicable, if there has been a failure to meet a reporting requirement. Failure or refusal to notify the governing body is an offence under the Act.
APRA reporting standards specify the level of authorisation required for the submitted data. In most cases, if submitting data in paper form, APRA requires either the Principal Executive Officer or the Chief Financial Officer of the bank to authorise the data. If submitting data using the ‘Direct to APRA’ software, it will be necessary for an officer of the bank to digitally sign, authorise and encrypt the relevant data. For this purpose, APRA issues ‘digital certificates’, for use with the software, to officers of the bank who have authority from the bank to transmit the data to APRA.
APRA requires inaccurate information to be resubmitted.
APRA has power under the Financial Sector (Collection of Data) Act and the Banking Act to obtain from banks the information it requires to fulfil its obligations as prudential supervisor (refer Principle 1(3)). These powers do not specifically provide access to information on subsidiaries; however, in practice, APRA receives full cooperation from banks in Australia with regard to requiring information on the entire group operations. It is unlikely that a request for information on a subsidiary would be denied. If necessary, APRA has the power under section 11AF of the Banking Act to determine prudential standards in relation to subsidiaries and APRA may determine such a prudential standard to require a bank or subsidiary to submit information.
APRA collects a wide range of statistical data and qualitative information from banks. In addition, in preparation for on-site prudential reviews, detailed information on risk management systems, internal controls and processes, and operations are collected by APRA.
APRA supervisors use this information to undertake quarterly financial analysis, covering capital, risk weighted exposures, liquidity and funding, large exposures, credit quality & impaired assets and profitability; PAIRS risk rating assessments; and prudential reviews, covering board, management, strategy, structure and relationships, capital, risk management, operational risk, credit risk, and balance sheet and market risk.
The use made of this information and how it is incorporated into APRA’s supervisory planning process are explained in detail under EC3 of Principle 16.
The regular quarterly and annual information APRA collects from all banks is in a standardised form and is required to be submitted for specific periods. This enables responsible supervisors to prepare comprehensive peer group analyses. Periodically, APRA prepares industry papers drawing on this comparative analysis.
APRA collects a wide range of monthly, quarterly and annual prudential data for all banks.
APRA has a comprehensive program of reviews and analysis, in which on-site review work plays a major part. APRA takes an integrated approach to the conduct of its on-site prudential reviews with frontline responsible supervisors working closely with risk specialists to bring together technical expertise and institutional knowledge in the preparation of prudential assessments (refer EC4 under Principle 16).
A prudential review assesses the operations of an institution to a degree of depth that enables supervisors to form an accurate risk assessment of those operations. Prudential reviews are based around a suite of Modules that form the basis of the review and address the key functional and risk areas of institutions — board, management, strategy, structure and relationships, capital support, risk management and control, operational risk, credit risk, balance sheet and market risk.
The frequency with which modules must be covered in a prudential review is dependent on the supervisory stance assigned to the bank through APRA’s PAIRS and SOARS framework.
PAIRS is a rating tool that assigns banks one of five ratings — Low, Low Medium, High Medium, High or Extreme. This rating, together with the bank size, produces one of four supervisory stances for the supervision of the bank through SOARS — Normal, Oversight, Mandated Improvement and Restructure. These supervisory stances dictate the intensity of supervision and the corresponding supervision activities, both off-site and on-site, that form the basis of the supervision strategy for a particular bank.
APRA also utilises external auditors to undertake ‘targeted reviews’ (refer EC3), review the reliability of statistical and financial data provided by the bank to APRA and to rectify reporting issues as they arise. Regular tripartite meetings, with APRA, the bank and its external auditor, are held to discuss the auditor’s reports and any matters arising from the auditor’s reviews.
Bank auditors report directly to APRA annually on banks’ adherence to banking requirements; the reliability of submitted data; and any matters that may have the potential to prejudice the interests of depositors. In addition APRA may, in consultation with a bank, request its external auditor or, where appropriate, another external auditor or specialist consultant, to undertake a specific review of a particular aspect of the bank’s operations or risk management system. APRA reviews this information and may request further work to be undertaken or redone if it feels the quality of work was not commensurate with the request, or where APRA feels insufficient testing was undertaken by the auditor in arriving at its conclusions.
Division 2A of the Banking Act requires an auditor to inform APRA if there are any grounds to believe that a bank may be at risk of insolvency or has failed to comply with a prudential requirement. Auditors are also obliged to inform APRA of any information that is capable of assisting APRA in the performance of its prudential oversight of banks. (Refer AC3 and AC4 under Principle 21.)
While APRA normally does not interfere with a bank’s choice of external auditor, Division 2B of the Banking Act allows APRA to remove a bank’s external auditor. In addition, under APRA’s proposed Prudential Standard APS 520 — Fit and Proper Requirements, APRA has the power to oppose the appointment of an external auditor. APRA expects banks’ external auditors to have the requisite skills and experience for this task.
Prudential Standard APS 310 — Audit and Related Arrangements for prudential reporting allows for APRA to request an auditor to undertake a specific review of a particular aspect of a bank’s operations or risk management systems. The report of such reviews is submitted to APRA and the bank simultaneously. The subject of these ‘targeted reviews’ is agreed between the bank, auditor and APRA. APRA then provides the auditor with the scope of the intended review.
In practice and in law, APRA has full access to all bank records and is able to speak with all relevant officers (directors, management, staff) as required. In its role as the banking regulator, APRA’s requests for information from banks command a high priority.
Should it be necessary, APRA has extensive powers under the Banking Act, the APRA Act and the Financial Sector (Collection of Data) Act to gain access to or require the submission of, any information that relevant to its prudential supervision of banks (refer Principle 1(3)). In addition, section 16B of the Banking Act empowers APRA to require an auditor of a bank to produce any information that APRA deems to be of importance to its prudential supervision role.
Pursuant to its powers under the Banking Act and Financial Sector (Collection of Data) Act, APRA has issued a number of reporting standards that require the quarterly submission of a suite of financial information for the purposes of supervision, known as APRA returns (refer EC2 of Principle 16). This information includes capital adequacy, impaired assets, provisioning, large exposures, commercial property, international exposures, full financial position and financial performance and a full range of other financial reporting items. This information is reviewed quarterly by APRA responsible supervisors and contributes to an institution’s PAIRS rating and the supervisory action plan for the institution.
To ensure the veracity of the data, APRA’s Statistics Unit, in the Policy, Research and Statistics Division, reviews the data for common errors and validation, prior to releasing the information to supervisors. Any large or material movements are queried with the banks and required to be resubmitted if incorrect. In addition, the banks’ external auditors must attest annually to APRA as to the reliability of the data submitted by the banks in the returns, and APRA has specified that certain key APRA returns, including capital adequacy, need to be audited annually.
Following a ‘targeted review’, APRA meets with either members of the board or executive management, and the auditor to discuss the findings of the review.
APRA meets quarterly with the major accounting practices in Australia as part of the Auditor Liaison Group, in order to discuss major accounting and regulatory issues.
APRA undertakes global consolidated supervision of banking groups. APRA has both stand-alone and group-wide capital requirements and requires the submission of data on a stand-alone and consolidated basis. Material risks to the banking organisation from non-bank operations are also reviewed, analysed and included in APRA’s risk-rating and supervisory action processes. In addition, APRA’s conglomerates policy, incorporating Prudential Standard APS 222 — Associations with Related Entities and a third level of capital requirements for consolidated groups with non-consolidated subsidiaries, is being implemented to ensure all the risks faced by the corporate group of the bank are identified and managed.
To facilitate this level of supervision, APS 222 requires banks to provide APRA with details of group members, management structure of the group, intra-group support arrangements and intra-group exposures. The bank must notify APRA in advance of any proposed changes to the composition or operations of the group with the potential to materially alter the group’s overall risk profile and obtain APRA’s prior approval for the establishment or acquisition of a regulated presence domestically or overseas.
A bank is required to provide APRA with descriptions of group risk management policies and the procedures used to measure and control overall group risk and disclose in the group’s published annual report each year an outline of its group risk management policies, including the policies governing dealings between the bank and other group members.
In addition, within three months of a bank’s annual balance date, its chief executive should provide APRA with a declaration, endorsed by the board, which attests that:
(a) the board and management of the bank have identified the key risks facing the overall group;
(b) the board and management of the bank have established policies addressing those risks (including where appropriate prudent limits on risk exposures) and have systems and procedures in place to monitor and manage those risks;
(c) these policies have been effectively implemented and are adequate having regard to the risks they are designed to control; and
(d) the descriptions of group risk management policies, systems and procedures provided to APRA are accurate and current.
As an integrated prudential regulator of deposit-taking institutions, insurance companies and pension funds, APRA adopts a group-wide focus to its supervision of conglomerate groups. Analysis of risks posed by non-banking activities of a banking group are incorporated directly into APRA’s supervisory framework for banks and are addressed specifically in APS 222 (refer EC1).
The Banking Act provides the basis for APRA’s supervision of banks. The Act empowers APRA to impose standards, regulation, sanctions, and anything else it deems necessary to protect the interests of depositors. This includes the supervision of non-traditional banking business operated by banks. APRA has the power to direct banks in relation to non-banking subsidiaries they control and to cease or not undertake investments in non-bank businesses.
In addition, in its capacity as prudential regulator of insurance companies and pension funds, APRA is able to ensure the prudent management of these entities within a banking group via its powers under the Insurance Act, the Life Insurance Act and the Superannuation Industry (supervision) Act, and prudential standards made pursuant to these Acts.
As integrated prudential regulator, APRA is well-placed to undertake supervision of financial conglomerates; banks are supervised on a stand-alone, consolidated banking group and conglomerate group basis. This reaches to supervision of risks to the bank arising from related affiliates and subsidiaries. In the instance where a bank has a minority stake in an operation, APRA has the legal power to require the submission of information on the operation and will assess the risk to the bank of that operation.
The Banking Act gives APRA the authority to impose prudential standards on a consolidated basis. Section 11AF of the Act specifically allows for APRA to impose prudential standards on banks themselves and their subsidiaries. APRA has used this power to established prudential standards in relation to banks, including capital, exposure limits and reporting requirements, on a stand-alone and consolidated basis.
APRA collects consolidated financial information for locally incorporated banks and full financial information for branch operations in Australia.
As an integrated prudential regulator, in most cases, APRA itself is also the prudential regulator of the related business. In other cases, APRA has arrangements in place to facilitate information sharing with ASIC, AUSTRAC and the RBA (refer Principle 1(6)).
The Banking Act affords APRA wide-ranging powers that include issuing directions to banks to undertake a specific action when APRA considers that the affairs of the bank are being run in an unsound way or that there is a threat to its ability to repay depositors (section 11CA). This action could be to limit or circumscribe a range of activities of the bank itself or of a subsidiary in Australia or overseas.
The ownership structure of Australian banks is regulated by the Financial Sector (Shareholdings) Act. This Act limits individual ownership in locally-incorporated banks, including subsidiaries of foreign banks, to 15 per cent of the bank’s voting shares. The Act allows for shareholdings over 15 per cent if such a shareholding is in the national interest. (Refer Principle 4.)
In most cases, Australian banks have wide ownership. Where the bank is part of a conglomerate group the bank entity is usually the head of the group. Corporate ownership of banks is permissible but only when the corporate owner is authorised as a Non-Operating Holding Company (NOHC). NOHCs must be authorised under section 11AA of the Banking Act. APRA’s powers under the Banking Act apply to all banks and authorised NOHCs. There are a few cases where small banking operations are owned by corporations that are neither banks nor authorised NOHCs, but these are subject to strict limits on intra-group exposures, restrictions relating to their corporate governance, and commitments from shareholders to contribute additional capital should that be required.
APRA has the power to review the activities of any bank or NOHC. APRA does not have the direct power to review the activities of foreign parents of Australian banks, but can obtain information from home country supervisors.
The Banking Act and APRA’s prudential standards give APRA wide ranging powers, for both banks and NOHCs: to take remedial action, including direction issuing powers to comply with a prudential standard or regulation; revoke a banking authority; place conditions on a banking authority; appoint an investigator; take control of a bank’s business; or appoint an administrator to take control of a bank’s business. APRA also has the power to direct banks and NOHCs in relation to the non-banking subsidiaries they control or to cease or not undertake investments in non-bank businesses. APRA’s powers over NOHCs enable it to protect depositors from contagion risks arising from other parts of a conglomerate group.
Draft Prudential Standard APS 520 — Fit and Proper Requirements applies to both authorised banks and authorised NOHCs. As such any corporate owner of an Australian bank is subject to these fit and proper requirements, which include requirement on the board and senior management (refer Principle 3).
Bank management in Australia (and all other corporate management in Australia) is responsible for the financial record keeping systems and the reliability of data they produce, primarily under the Corporations Act and through regulation by the Australian Securities and Investment Commission (ASIC), which regulates company and financial services laws. As such, APRA primarily relies on the general requirements of the Corporations Act and ASIC to ensure that the management reports and financial statements issued by a bank are reliable and receive proper external audit scrutiny and verification.
The Corporations Act requires that banks (and all other corporations) maintain proper financial records, that these are subject to appropriate independent audit, and that disclosure is adequate and in accordance with Australian Accounting Standards. Where there is concern that these requirements were not being met, APRA would liaise with ASIC to determine an appropriate course of action.
The Corporations Act states that a financial report and directors' report must be prepared for each financial year by disclosing entities, public companies, large proprietary companies and registered schemes (section 292); and the financial report must be audited (section 301).
The Corporations Act contains general and specific content requirements for the annual financial report and the annual directors' report along with special rules for public and listed companies (sections 295, 295A, 298, 299, 299A, 300, 300A). There is an obligation that annual financial reports comply with accounting standards (section 296) and present a true and fair view of the financial position and performance of the entity (section 297).
In relation to the data and information submitted to APRA for supervisory purposes, the ADI Reporting Standards (ARS) issued by APRA require the submission of information to APRA, which must be subject to processes and controls developed by the ADI for the internal review and authorisation of that information. The Standards state that it is the responsibility of the board and senior management of the ADI to ensure that an appropriate set of policies and procedures for the authorisation of data submitted to APRA is in place.
In addition, paragraph 13 of Prudential Standard APS 310 — Audit & Related Arrangements for Prudential Reporting requires external auditors to provide simultaneously to APRA and the Audit Committee (or in the case of foreign banks, the senior country managers) a report up to the latest balance date detailing the external auditor’s opinions as to whether (among other things) the statistical and financial data provided by the bank to APRA are reliable. Management Letters relating to work undertaken by the auditor which have a bearing on the auditor’s opinion should accompany the report.
As noted under EC1, it is a requirement of the Corporations Act that the annual financial report and directors' report be audited.
In addition to the external audit verification process prescribed by APS 310, APRA reviews management information systems and the data that is produced by these systems during on-site reviews. APRA’s Statistics Unit also conducts data validation checks for common errors and material movements (refer EC5 under Principle 19).
It is generally accepted practice in the Australian banking industry for APRA and auditors to interact directly or in conjunction with banks, as part of APRA’s tripartite arrangements, and open communication is maintained. Bank auditors report directly to APRA annually on adherence to prudential standards and statutory banking requirements by the bank; that the statistical and financial data provided to APRA are reliable; and any matters that may have the potential to prejudice the interests of depositors.
APRA has the power to engage external auditors. APRA may, in consultation with a bank, request its external auditor or, where appropriate, other external auditors to undertake a specific review of a particular aspect of the bank’s operations or risk management system.
The Banking Act also mandates communication with auditors by requiring an auditor of a bank to inform APRA if the auditor has reasonable grounds for believing that the bank is insolvent, or is at risk of becoming insolvent; the bank has failed to comply with a prudential requirement; or an existing or proposed state of affairs may materially prejudice the interests of depositors.
APRA reporting standards, and the instructions to lodging APRA prudential returns, instruct banks as to what information APRA requires, the form as to which it is to be presented and the accounting standards under which the information is to be prepared.
APRA reporting standards, and the instructions to lodging APRA prudential returns, specify valuation methods and where applicable appropriate accounting standards to be applied.
APRA has the power under the Banking Act and prudential standards to engage external auditors to undertake specific audits of banks’ accounts. The scope of these audits is determined by APRA.
The Corporations Act requires that all locally incorporated banks lodge annual financial accounts with ASIC. APRA may require the bank to submit the data to APRA prior to its lodgement with ASIC and can require changes to be made.
All information supplied to APRA, unless previously publicly disclosed or expressly permitted to be disclosed by the bank, is protected information under section 56 of the APRA Act and is required to be kept confidential. Section 56 of the APRA Act does, however, allow this information to be shared with other supervisory bodies (refer EC3 under Principle 1(6)).
The Corporations Act requires that banks (and all other corporations) maintain proper financial records, that these are subject to appropriate independent audit, and that disclosure is adequate and in accordance with Australian Accounting Standards. Where there is concern that these requirements were not being met, APRA would liaise with ASIC to determine an appropriate course of action.
Section 17 of the Banking Act empowers APRA to remove a person from the position of an auditor of a bank if APRA is satisfied that the person has failed to perform the functions and duties of the position as required by the Banking Act or prudential standards or does not meet the fit and proper criteria set out in the prudential standards.
APRA utilises external auditors to supplement its normal supervisory work (refer EC2 under Principle 19).
APRA strongly supports the principles of transparency and statutory disclosure of financial information to enhance the pursuit of its prudential objectives.
The Corporations Act requires periodic disclosure through the financial reports and directors' report to be prepared for each financial year and publicly released. These reports must be lodged within 3-4 months of the end of the financial year, depending on the type of entity. The financial reports must comply with Australian accounting standards (section 296). Australia Accounting Standard AASB 101 has the overall objective of ensuring comparability both with an entity's financial reports of previous periods and with the financial reports of other entities.
The Corporate Law Economic Reform Program (Audit Reform & Corporate Disclosure)Act 2004 provides for the establishment of a reconstituted Auditing and Assurance Standards Board (‘AUASB’) as an independent statutory body. As the national auditing and assurance standards setter, the AUASB has an important role in developing high quality standards and related guidance for auditors and providers of other assurance services. The AUASB uses, as appropriate, International Standards on Auditing (ISAs) from the International Auditing and Assurance Standards Board (IAASB) as a base from which to develop Australian Auditing Standards. The IAASB functions as an independent standard setting body under the auspices of the International Federation of Accountants (IFAC). The mission of the IAASB is to establish high quality auditing, assurance, quality control and related services standards and to improve the uniformity of practice by professional accountants throughout the world, thereby strengthening public confidence in the global auditing profession and serving the public interest.
Bank auditors report directly to APRA annually on adherence to prudential standard and statutory banking requirements by the bank; that the statistical and financial data provided to APRA are reliable; and any matters that may have the potential to prejudice the interests of depositors.
Division 2A of the Banking Act requires an auditor to inform APRA if there are any reasonable grounds to believe that a bank has failed to comply with a prudential standard, a requirement under the Banking Act or the Financial Sector (Collection of Data) Act, or a condition placed on a banking authority.
Section 16C of the Banking Act permits auditors to provide information to APRA where that information is relevant to the performance of APRA’s functions.
Division 2A of the Banking Act requires an auditor of a bank to inform APRA if the auditor has reasonable grounds for believing that the bank is insolvent, or is at risk of becoming insolvent; or that there exists an existing or proposed state of affairs that may materially prejudice the interests of depositors.
As noted under EC4 of Principle 1(4), the Banking Act gives APRA wide ranging powers, that include the ability to revoke a banking authority (section 9A), issue a direction requiring the bank to undertake a specific action (section 11CA), appoint an investigator (section 13A), to take control of the bank’s business (section 13A), appoint an administrator (section 13A) or appoint a statutory manager (section 13C). When APRA deems a bank to be not complying with laws and regulations, or it is or is likely to be engaged in unsafe practices, APRA can utilise these broad powers to both take prompt remedial action and impose sanctions.
In practice, if APRA were to become concerned with the risk profile of one of its regulated entities, it would increase the frequency and intensity of its supervisory oversight of that entity. This may include the imposition of a number of remedial measures short of the legal measures listed above. For example, APRA would likely require the bank to meet a higher capital adequacy ratio to reflect its higher risk profile, or it might require that the bank discontinue certain lines of business until the problem is remedied. Typically, more frequent prudential reporting from the area of the bank causing concern would also be required.
Section 11CA of the Banking Act confers on APRA powers to issue a broad range of directions to banks when necessary to ensure compliance with its prudential standards or to protect the interests of depositors. These include:
- removing a director, executive, secretary or employee of the bank;
- restricting the powers of a director, executive, secretary or employee of the bank;
- appointment of a person to act as a director, executive, secretary or employee of the bank;
- replacing an internal auditor;
- placing restrictions on a bank’s activities;
- restricting or suspending dividends or the repayment of shares;
- not to give any financial accommodation to a person;
- not to repay any indebtedness;
- restricting asset transfers; and
- anything else as to the way in which the affairs of the bank are conducted (or not conducted).
The Banking Act also empowers APRA to bar person from acting as a director or senior manager of a bank, by disqualifying the person under section 21 of the Act. APRA may also remove a director or senior manager of bank under section 23 of the Act, if APRA considers the person does not meet the criteria specified in Prudential Standard 520 — Fit and Proper Requirements.
APRA is able to withhold approval for new business activities or acquisitions. Prudential Standard APS 222 — Associations with Related Entities requires a bank to consult with APRA before establishing or acquiring a subsidiary (paragraph 30(a)) and consult with APRA before committing to any proposal to acquire an interest of more than 10 per cent in another entity engaged in any business in the field of finance (paragraph 30(b)). If APRA does not consider the acquisition to be prudent, it can use its powers under the Banking Act to prevent the acquisition going ahead. In addition, APS 222 requires a bank to obtain APRA’s prior approval to establish or acquire another regulated presence either domestically or overseas (paragraph 4(d)). (Refer EC1 under Principle 5).
The Financial Sector (Shareholdings) Act (FSSA) also gives the Treasurer power, with advice from APRA, to prevent acquisitions of greater than 15 per cent in a bank or insurance company (refer Principle 5).
In practice, APRA could participate in arranging a take-over by or merger of a troubled institution with a healthier institution, and would be able to influence the actions of controlling owners. It would only do this, however, if such an outcome was not a material detriment to depositors in the healthier institution.
Wherever possible, APRA seeks to make timely and preventative prudential interventions to bring the risks down to acceptable levels. APRA gives effect to this through its supervisory methodology, based around continuous off-site monitoring and risk-based program of on-site reviews, and supported by the PAIRS risk-rating tool, the SOARS response system and the APRA Supervision Framework. These tools assist responsible supervisors to take timely and proportionate remedial actions.
For more serious breaches or where depositors’ interests are threatened, APRA is able to respond quickly using its legal powers under the Banking Act (refer EC1 and EC2).
APRA’s senior executive group receives monthly a report on the profile of the PAIRS ratings of banks and a profile of the SOARS stances of banks along with recent upgrades and downgrades. This provides a mechanism for querying and follow-up of individual cases which may not appear to be getting adequate and timely attention.
The Banking Act enables APRA to apply penalties and sanctions in a number of circumstances to the bank or to an officer of the bank in relation to a direction given by APRA. Section 11 of the Act states that a bank’s officers are guilty of an offence if they fail to take reasonable steps to ensure the bank complies with a direction given by APRA. The penalty for such an offence is prescribed by the Act.
APRA’s powers are wide-ranging and enable APRA to respond quickly when warranted by the situation. All powers to take corrective action under the Banking Act are conferred directly on APRA and are not subject to ‘cooling off’ periods. Judicial review of APRA decisions is available to ensure that APRA’s decisions are lawfully made, but this does not amount to a rehearing on the merits.
All requirements and instructions given to banks in relation to their operation and systems are in writing. In almost all cases, progress on actions is reported to APRA in writing. Significant issues are addressed to the board.
Following all on-site reviews to banks, APRA writes to the bank setting out its findings and noting any ‘required’, ‘recommended’ or ‘suggested’ actions.
All operations of locally incorporated banks and their subsidiaries, whether they be in Australia or overseas, are subject to the global consolidated banking supervision undertaken by APRA. To strengthen the scope of its consolidated supervision, APRA has implemented a conglomerates policy for banks, which includes Prudential Standard APS 222 — Associations with Related Entities and the development of a third level of capital requirements for consolidated groups with non-consolidated subsidiaries to be introduced in conjunction with the Basel II capital framework.
APRA requires the board of a bank to ensure the bank establishes appropriate policies, systems and procedures to monitor compliance with APRA’s prudential requirements on a group basis. This includes APRA’s requirements on risk management policies and functions. Prudential Standard APS 222 requires within three months of a bank’s annual balance date, the chief executive to provide APRA with a declaration, endorsed by the board, which attests that the board and management of the bank have identified the key risks facing the overall group; the board and management of the bank have established policies addressing those risks and have systems and procedures in place to monitor and manage those risks; these policies have been effectively implemented and are adequate having regard to the risks they are designed to control; and the descriptions of group risk management policies, systems and procedures provided to APRA are accurate and current.
APRA’s on-site prudential reviews examine banks’ activities on a group-wide basis and consider the ability of the board and head office management to oversight and control regional operations. For significant offshore operations, APRA will conduct on-site reviews to the local office. These reviews will include forming a view on the expertise and appropriateness of local management.
APRA’s on-site reviews of credit risk, market risk and operational risk include the oversight of foreign operations. In these reviews, APRA determines whether the information received by local management on foreign operations is sufficient. When reviewing operations on-site at overseas centres, APRA reviews compliance with internal controls and ensure that head office oversight of the overseas operation is effective.
APRA has broad powers under the Banking Act to issue directions to banks where necessary to ensure compliance with its prudential standards or to protect the interests of depositors. These directions could require the bank to divest itself of certain businesses or branch offices, or place limits on the certain business activities. (Refer EC2 under Principle 22.)
APRA’s methodology for prioritising the extent and frequency of its on-site and off-site prudential analysis is explained in detail in EC4 under Principle 16 and EC1 under Principle 19.
Essentially, the frequency of on-site reviews to banks is determined by a combination of minimum review cycles and risk-based prioritisation. These are determined by the PAIRS risk-rating tool and the SOARS response system. Where a bank is assessed as being subject to additional risk, or where APRA has identified a potential risk weakness, APRA will increase the frequency and intensity of its on-site reviews. This would normally include an increased level of reporting.
The PAIRS and SOARS systems use supervisors’ analyses to determine the supervisory action and timeframes applicable to an institution. PAIRS ratings are updated following a prudential review or any material regulatory event. This then determines the level and timing of any supervisory action required. In addition, supervisors are encouraged to be pre-emptive in their supervisory activities.
As part of APRA’s risk-based supervision, it assesses the risks of foreign operations of local banks and adjusts the intensity of its supervisory activities accordingly. APRA may also enlist the support of the host country supervisor.
For banks with materially significant offshore operations, APRA will conduct on-site prudential reviews to the local office. Australian banks have significant operations in New Zealand and the United Kingdom. APRA supervisors review these operations on-site and liaise with the host supervisor in the process.
APRA keeps abreast of host country supervision where material to Australian banks. Currently, Australian banks have significant overseas operations in the United Kingdom and New Zealand. APRA has a close working relationship with the Financial Services Authority (UK) and the Reserve Bank of New Zealand and is very familiar with their methods.
The Australian banking industry has significant operations in New Zealand and the United Kingdom. APRA has a close working relation with the Reserve Bank of New Zealand (RBNZ) and the Financial Services Authority (FSA) and has a Memorandum of Understanding with both agencies.
The Memoranda establish a formal basis for cooperation with the RBNZ and FSA, including the exchange of information and investigative assistance. It provides for both the FSA and RBNZ to provide relevant information to APRA upon request and on a voluntary basis where information is deemed to be relevant. In addition, these agencies may assist APRA in obtaining information form third parties.
Paragraph 4 of Prudential Standard APS 222 — Associations with Related Entities requires banks to advise APRA in advance of any proposed changes to the composition or operations of the group with the potential to materially alter the group’s overall risk profile and to obtain APRA’s prior approval for the establishment or acquisition of a regulated presence domestically or overseas. If APRA considers the proposed operation to be too risky it can use its powers under the Banking Act to prohibit a bank from setting up the operation. Section 11CA 2(p) allows APRA to direct a bank to do anything as to the way in which the affairs of the body corporate are to be conducted or not conducted.
APRA has memoranda of understanding with the RBNZ and the FSA that facilitates the sharing of information in regards to Australia banks’ operations in the New Zealand and the United Kingdom. When reviewing these operations on-site, APRA meets with the host supervisors to discuss the operations. In addition, where APRA’s assessment of the operations raises concerns, APRA promptly contacts the host supervisors and informs them of its concerns. APRA obtains relevant information on the global activities of foreign banks during the licensing process and as part of its ongoing supervision. In many instances, prudential assessments and reports are exchanged.
In taking any action in respect of the overseas operations of an Australian bank, APRA would always liaise closely with the host supervisor.
APRA exchanges information with other agencies where appropriate and APRA currently has formal memoranda of understanding with agencies in countries that have less significant Australian bank operations, such as the Hong Kong Monetary Authority, Bundesanstalt für Finanzdienstleistungsaufsicht, China Banking Regulatory Commission and the Office of Thrift Supervision. APRA is also in discussion with the De Nederlandsche Bank in relation to formalising a memorandum of understanding. (Refer EC2 under Principle 1(6).)
All local branches and subsidiaries of foreign banks authorised by APRA to conduct ‘banking business’ in Australia, as defined by the Banking Act, are subject to similar prudential, inspection and regulatory reporting requirements as domestic banks.
However, as discussed in Principle 2, Australian law allows foreign banks to operate in Australia without being authorised by APRA, provided they disclose they are not supervised by APRA and they do not take deposits otherwise than by issuing or selling securities in accordance with the Corporations Act.
The quality of prudential oversight by home country supervisors is an important element in APRA’s assessment of any application from a foreign bank to be authorised to carry on banking business in Australia. Whether the home-country supervisor practises consolidated global supervision is a consideration in making this assessment.
APRA’s Guidelines on Authorisation of ADIs require that foreign bank applicants must have received consent from their home supervisor for the establishment of a banking operation in Australia. APRA will not authorise a bank to conduct banking business in Australia without this consent.
There is no impediment to APRA’s ability to share relevant prudential information with overseas regulators (refer EC2 under Principle 1(6)). However, this capacity to share information only applies in respect of licensed foreign banks and does not extend to those foreign banks operating in Australia pursuant to an exemption under section 11 of the Banking Act (refer EC1 above).
APRA facilitates any requests from home country supervisors to examine the Australian operations of foreign banks. APRA is also generally available to participate in these reviews.
APRA advises home country supervisors of any material issues that arise affecting the Australian operations of a foreign bank or where APRA makes a material prudential intervention affecting a foreign bank.
APRA obtains relevant information on the global activities of foreign banks during the licensing process and as part of its ongoing supervision. If there is reason to contact the home supervisor for further information, APRA will do so. In many instances, prudential assessments and reports are exchanged.
1 Basel Core Principles for Effective Banking Supervision, Basle Committee on Banking Supervision, September 1997. Refer also to the Basel Committee’s Core Principles Methodology (October 1999), and its Conducting a Supervisory Self-Assessment Practical Application (April 2001).
2 Basel Core Principles for Effective Banking Supervision, Basle Committee on Banking Supervision, September 1997.
3 Note that APS 222 currently contains no specific requirement to notify APRA in advance of any acquisition or investment outside the field of finance. Nevertheless, the general requirement to report all material changes remains applicable. This gap will be addressed in changes to paragraph 30(b) to come into force in 2007 contiguous with APRA’s implementation of Basel II. These changes will require all proposals to acquire a more than 20 per cent equity interest in any entity to be notified to APRA in advance.
4 The definition can include not only legally related companies but also financially related companies, for example, with common ownership. Also physical persons are considered as being parts of ‘closely related groups’, for example, when they have large economic interests at stake in the groups (for instance, when they are large shareholders).
5 Subject to satisfying the criteria set out in AGN 222.1, an ADI and any APRA-approved subsidiaries will be treated as a single entity (i.e. the Extended Licensed Entity) for the purposes of measuring the ADI’s exposures to related entities.