Australia Coat of Arms
APRA Logo
APRA Logo
copyright privacy disclaimer sitemap  
Advanced search    
 
         
 
     
  Home  
  About APRA  
  Careers  
  Policy  
  Research  
  Legislation  
  Statistics  
  Disqualification Register  
  Media Releases  
  Speeches  
  Submissions  
  APRA Insight  
  Non-Regulated Entities  
  Links  
  Contact APRA  
  Brian Gray Scholarship Program  
  Providing information and feedback to APRA  
  Whistleblowers  
  Graduate Program  
     


APRA and Regulatory Compliance ACPA/PwC Seminar

Darryl Roberts
Tuesday, 17 September 2002

Caveat
  • Following is APRAs view of best practice in prudential regulation - not fully applicable yet to all our industries.

Policy objectives

  • An entitys management quality and risk control are the responsibility of the Board - this responsibility cannot be delegated downwards or outwards.
  • An entitys directors, managers and advisers should have business and technical competence, personal honesty, and a capacity and willingness to avoid conflicts of interest.
  • Entities should be acutely aware of their obligations to all stakeholders, including depositors, policyholders, investors and the wider community.
  • Entities should be practising due diligence, peer review and clear documentation in the transaction of day-to-day business.
  • Entities should be complying promptly and fully with the spirit and intent of the regulatory requirements, not just the black-letter wording.
  • Entities should be providing leadership and training so that staff see the need for good practice, and for the compliance function to be commercially integrated, not bolted on.
  • Entities should be willing to cooperate promptly and fully with the regulator in making information available, in rectifying weaknesses and in resolving failures.

Fit and Proper tests

  • A strong compliance culture is set by example from the top of a regulated entity.
  • Fit and Proper tests are a key element of international best practice in financial regulation, and are aimed at getting high quality personnel at the top of an entity.
  • Allan Greenspan said in July: corporate governance to a very large extent reflects the character of the CEO, and lax corporate governance is a symptom of a failed CEO.
  • And went on: although we may not be able to change the character of corporate officers, we can change behaviour through incentives and penalties - APRAs incentives and penalties seek to discourage secrecy, dishonesty and neglect.
  • APRAs governance expectations are for directors, managers, the Auditor and Actuary, to be suitable for their role and conscious of their responsibilities, including whistle-blowing where relevant.
  • Fit and Proper tests for directors, managers and advisers now go well beyond the more traditional and narrow requirements of merely not having a conviction for dishonesty or a history of bankruptcy.
  • Suitability includes technical competence, personal honesty, and freedom from conflicts of interest. Also, Boards and managements should be well-balanced, team-oriented, and not subservient to a dominant personality.
  • If APRA detects a failure to exercise good risk management - for example serious problems are swept under the carpet - then we will not hesitate to deem the top personnel to be unfit, and remove them.

Board attestation

  • Regulated entities should provide annually to APRA a written Declaration of the Board certifying they have:
    • complied with all relevant prudential requirements
    • identified and managed all material risks
    • monitored risk control performance on a regular basis
    • verified the systems work in practice as intended, and
    • spread a strong risk control culture across the entity.
  • APRAs requirement for an annual Board Attestation is not to be taken lightly - Boards are accountable, and should do sufficient due diligence to satisfy themselves that their attestation is fair and accurate.

Auditor sign-off

  • Certification by the Auditor is a key strand of the prudential safety net, but is working well below par in practice.
  • Auditors have an obligation to report on:
    • compliance with statutory reporting obligations
    • compliance with other regulatory requirements

    • matters adverse to depositors/policyholders/investors.

  • The Auditor should be testing adherence to, for example:
    • internal risk controls to assess the overall adequacy of the risk control environment
    • the regulators prudential requirements
    • other relevant statutes & standards
    • reliable statistical & financial reporting.
  • The Auditor should be cooperative in providing access to working papers, and participating constructively in tripartite discussions and targeted reviews - but regrettably, we arent always finding this in practice.
  • A disturbing number of auditors seem to be ignorant of the relevant statutes & standards and failing to detect & flag weaknesses such as:
    • non-compliance with APRA prudential standards
    • APRA returns riddled with errors & lodged late
    • lack of an independent internal audit function
    • delegations set at inappropriate levels of seniority
    • large exposures that breach prudential limits
    • inadequate controls on related lending
    • inadequate controls on risky activity, and so on.

Enforcement

  • APRA is now intervening more promptly, more vigorously and more often under our existing powers than in the past, and we are developing a new comprehensive enforcement infrastructure to upgrade and standardise powers over all the regulated industries: banking, insurance and superannuation. This will require Government support to have legislative effect.
  • The basic powers we would hope to be using in future in the normal course of enforcement include:
    • access to records and books
    • appointments of independent investigators and experts
    • case-by-case increases in capital requirements
    • enforceable undertakings and enforceable directions,
    • cease & desist notices, if we were to get this power
    • licence conditions, including vetoes on business lines
    • removal of unsuitable directors, managers, auditors etc
    • freezing of assets, replacing of boards, and ultimately,
    • putting entities into run-off or liquidation.

Summing up

  • The compliance function should be deeply embedded in an entitys everyday commercial culture, and not regarded as a mere mechanical or legalistic box-ticking exercise.
  • The Auditor should be well-informed about the entitys regulatory obligations, vigilant in detecting breaches and weaknesses, and always ready to qualify sign-offs - regulated entities for their part should ensure that audit obligations are clearly established in the audit engagement.
  • Finally, there is a strong likelihood that a commercially well-run company - in business for the long-term - is also by nature honest, open, professional and prudent.

 


Authorised Deposit-Taking Institutions | General Insurance | Superannuation | Life Insurance | Friendly Societies

Australian Prudential Regulation Authority