NCPD non-confidentiality determination and refreshed publication format
Background
APRA publishes aggregated statistics from the National Claims and Policies Database (NCPD) using information provided under the NCPD reporting standards.1
APRA is updating how NCPD statistics are delivered to external users. Historically, external users accessed NCPD outputs through a portal-based approach that generated many preprepared reports. Under the refreshed approach, APRA proposes to provide a smaller, defined set of publication outputs as downloadable datasets. This simplification is intended to make the statistics easier to access and use.
Data collected by APRA under the NCPD reporting standards is protected under section 56 of the Australian Prudential Regulation Authority Act 1998 (APRA Act). APRA may disclose protected data in certain circumstances, including where APRA has determined the information to be non-confidential under section 57 of the APRA Act.
In 2020, APRA consulted on collecting cyber insurance and management liability data for the purposes of the NCPD. APRA also sought representations on whether information about cyber insurance and management liability should be determined non-confidential at the same level of aggregation as other products such that those data may be published as separate products in the NCPD statistics. APRA received no objections to this approach within our previous consultation.
APRA subsequently updated the NCPD reporting standards to collect cyber insurance and management liability data but did not at that time determine data on those additional product types non-confidential.2 APRA is consulting now on the basis that APRA intends to include cyber insurance and management liability data as separate product classes in NCPD publications going forward.3
Proposed NCPD publication approach (what will be published, and how it will be delivered)
Under the refreshed approach, APRA proposes to publish NCPD statistics through a defined set of publication outputs (downloadable spreadsheets) using consistent measures and dimensions. The proposed outputs are set out below. Importantly, this is a change in format (delivery), not a change to content (other than the addition of cyber insurance and management liability data as separate, standalone, product categories).4 The core measures or dimensions, the level of aggregation and the excluded combinations of related data (cross-dimensional data) will remain substantively as described in the existing non‑confidentiality determination for the NCPD.
Policy statistics (General insurers) – publication outputs
APRA proposes to publish four policy cross-sections with the following data measures for each cross-dimensional bucket: the number of policies, number of risks written, number of risks in force, gross earned premium (sum across all policies in a bucket) and gross written premium (sum across all policies in a bucket).
The dimensions will align with those previously published: reporting year, underwriting year, product type, class of business, state, occupation/industry group, excess/deductible/attachment point (EDA) and limit of indemnity. Occupation/industry group, EDA, and limit of indemnity will be published at previous levels of aggregation. Only product types previously separately published, with the addition of management liability and cyber insurance, will be separately published.
APRA intend to publish four policy cross-sections in order to exclude, in accordance with existing practice, high-granularity combinations. The four cross-sections will be by:
- state and limit of indemnity bucket;
- state and EDA bucket;
- occupation/industry and limit of indemnity bucket; and
- occupation/industry and EDA bucket.
Claims statistics (General insurers) – publication outputs
Similarly, APRA proposes to publish four standard claims cross-sections with the following data measures for each cross-dimensional bucket: number of all claims, number of finalised claims, gross claim payments (sum across all claims in a bucket) and gross claims incurred (sum across all claims in a bucket).
The dimensions will align with those previously published: reporting year, underwriting year, accident year, year claim reported, year claim finalised, product type, class of business, state, occupation/industry group, EDA and limit of indemnity. Occupation/industry group, EDA, and limit of indemnity will be published at previous levels of aggregation. Only product types previously separately published, with the addition of management liability and cyber insurance, will be separately published.
As with the policy reports, to exclude high-granularity combinations, the four cross-sections will be by:
- state and limit of indemnity bucket;
- state and EDA bucket;
- occupation/industry and limit of indemnity bucket; and
- occupation/industry and EDA bucket.
Facilities statistics (General insurers)
APRA proposes to publish one facilities publication with the following data measures for each cross-dimensional bucket: number of facilities, number of policies, premium received in the reporting period (sum across all policies in a bucket), number of claims and gross payments made for reporting period (sum across all claims in a bucket).
The dimensions will align with those previously published: six-monthly reporting period (month ending), occupation/industry group, class of business and runoff indicator. Occupation/industry group will be published at the previous level of aggregation.
Lloyd’s publications
APRA proposes to continue to publish three separate Lloyd’s publications, with one publication each for policies, claims and facilities. Consistently with the prior Lloyd’s publications, these will mirror the general insurer publications but exclude some data dimensions and measures:
- The policy publication will exclude occupation/industry group, EDA, limit of indemnity, state, product type and the number of risks in force;
- The claims publication will exclude occupation/industry group, EDA, limit of indemnity, state and product type; and
- The facilities publication will exclude occupation/industry group, runoff indicator, number of facilities, number of policies and number of claims.
Access to NCPD reports
APRA is currently considering how it will deliver the reports to stakeholders and whether any additional data privacy safeguards are needed for residual granular data, including whether any conditions should be imposed on use or access of the reports. APRA will finalise its consideration of these matters following the consultation on non-confidentiality.
Confidentiality proposal
APRA proposes to replace the existing non-confidentiality determination to reflect the addition of cyber insurance and management liability aggregates as separately published product types and the refreshed NCPD publication approach. This will involve making a determination in respect of the cross dimensional aggregates described above, which are contained across the six NCPD reporting forms listed earlier in this paper.
Other than these changes, the proposal is intended to preserve the scope of the existing non-confidentiality determination.
APRA does not propose to make the underlying data items non-confidential, nor to change the levels of granularity or aggregation previously determined to be non-confidential. The existing carve out for high granularity combinations will be retained.5
Consultation (how to respond)
APRA invites feedback on:
- the confidentiality proposal, including whether any information proposed to be released should remain confidential.
Written submissions should be sent to dataconsultations@apra.gov.au by 16 June 2026 and addressed to:
Manager, Supervisory Data
General Insurance and Banking Division
Australian Prudential Regulation Authority
APRA will then finalise its response to the consultation, and subject to feedback, will provide a timeline for the release of the NCPD publications. This will coincide with the formalisation of the data confidentiality determination.
Footnotes
1 The six NCPD reporting standards are GRS 800.1, 800.2 and 800.3 and LOLRS 800.1, 800.2 and 800.3, covering policies, claims and facilities reported by general insurers and Lloyd’s of London.
2 Refer to Australian Prudential Regulation Authority (confidentiality) determination No. 2 of 2021 and APRA’s response letter dated 15 March 2021: Collection of cyber insurance and management liability data in the National Claims and Policies Database (NCPD) | APRA.
3 Reasons for the timing of the proposed publication of the separate product classes include that the dataset on these product types is now sufficiently mature.
4 Previously to date, data on cyber insurance and management liability products have been aggregated with data on other product classes in the NCPD data collection: cyber insurance has been reported under the ‘Public Liability – Other’ product category, and management liability has been reported under existing Professional Indemnity product types.
5 Data items relating to cross‑dimensional combinations of state and occupation/industry, and of limit of indemnity bucket and EDA bucket, will remain excluded from the scope of the non-confidentiality determination.
Note on submissions
It is APRA's policy to publish all submissions on the APRA website unless the respondent specifically tells APRA in writing that all or part of the submission is to remain confidential. An automatically generated confidentiality statement in an email does not satisfy this purpose. If you would like only part of your submission to be confidential, you should provide this information marked as 'confidential' in a separate attachment.
Submissions may be the subject of a request for access made under the Freedom of Information Act 1982 (FOIA). APRA will determine such requests, if any, in accordance with the provisions of the FOIA. Information in the submission about any APRA-regulated entity that is not in the public domain and that is identified as confidential will be protected by section 56 of the Australian Prudential Regulation Authority Act 1998 and will therefore be exempt from production under the FOIA.