APRA Chair John Lonsdale’s opening remarks to the Business Council of Australia boardroom lunch

Good afternoon and thank you for inviting me to join you today.

This afternoon’s engagement is a valuable one for APRA. As Chair, I speak regularly to some of the country’s most prominent business leaders, but given the nature of APRA’s responsibilities, they are overwhelmingly from the financial industries that we supervise: banking, superannuation and insurance. I can see a few of those familiar faces sitting around the table this afternoon. But the majority of you represent companies and industries that don’t typically have direct contact with us and so I’m looking forward to hearing your perspectives on APRA’s work as well as the challenges facing the Australian economy and financial system. 

Whether or not you are acquainted with the concept of prudential regulation, what APRA does has a significant financial impact on you both as individuals and business leaders. Our supervision activities protect the security of your bank deposits, ensure your superannuation savings are being well-managed and that insurers have the funds to pay claims you or your businesses might make. Our mandate, however, extends beyond the safety and stability of the banks, insurers and superannuation funds we supervise. The bigger and more important objective is to deliver a safe, stable and resilient financial system for the benefit of all Australians. 

Safety and stability aren’t exciting. They aren’t concepts that get pulses racing or form the basis of inspirational TED talks, unlike “growth”, “risk-taking” and “dynamism”. And globally, the concept of regulation generally has become increasingly unfashionable as governments seek to reduce red tape to boost investment and increase economic growth. The Business Council of Australia likewise maintains a healthy degree of scepticism about regulation. While accepting that regulation provides important protections to society, the BCA also argues that regulation and red tape make it more difficult and more costly to run a business.¹ 

We also agree that regulation is important but it’s true that it comes with a cost. For APRA, we also believe in the value of what we do on behalf of Australian depositors, insurance policyholders and superannuation members. We believe financial stability is important in giving all business the confidence to invest and hire new employees. As the Governor of the Bank of England noted in February, “there is no sustainable growth without financial stability”. But we also recognise that every new regulation creates a financial and compliance burden on those businesses.

Despite this, 97 per cent of respondents in APRA’s most recent stakeholder survey of our regulated entities agreed that APRA’s supervision benefitted their industry, and 93 per cent believed it enhanced the strength of their own company. What’s clear from this is that well-targeted regulation can deliver benefits to business, as well as costs. 

Finding that sweet spot isn’t easy to do, yet it lies at the core of APRA’s mandate: to balance financial safety and stability with other considerations including competition, efficiency and contestability. It’s something we carefully reflect on when developing new policy. What is the impact on competition? Does it unfairly disadvantage smaller institutions? Are barriers to entry unnecessarily restrictive? Are we agnostic about different business models and technologies?

The proportion of respondents to our stakeholder survey that believed we get this right was a little over two-thirds; a comfortable majority but not nearly so emphatic as the earlier responses I mentioned. With that in mind, we are dialling up our focus on finding the right balance as we put together APRA’s next Corporate Plan, which will outline our priorities for the next 12 to 18 months. This work will build on our efforts over recent years to simplify and streamline our regulatory framework and ease the compliance burden, especially for smaller financial institutions. 

One challenge we face when we consider where we could ease regulatory requirements is that risks in the operating environment are increasing, particularly geopolitical risks. The World Uncertainty Index, compiled by leading international economists, currently rates the level of global uncertainty as higher – by some margin – than it was during the GFC, Brexit and the pandemic. 

As Australians, we can take comfort in the financial resilience of our banks, insurers and superannuation funds, which have robust levels of capital and liquidity to help withstand a significant financial stress. These arrangements saw our banking system through the GFC without the kinds of disorderly collapses and government bail-outs needed in many other countries. Our insurers had sufficient reserves and reinsurance arrangements to meet all claims arising from major natural disasters such as the Black Saturday bushfires and 2022 east coast floods. Our superannuation funds could comfortably meet the sudden, unexpected demand from members for the early release of funds in response to COVID-19. Consequently, when APRA considers where we might ease our requirements or make them more proportionate, we don’t believe there is a sound case to wind back the financial resilience we have built-up over several decades. 

Where there might be more room to move is in the broad area of non-financial risks. Interestingly, when we asked APRA’s regulated entities in our stakeholder survey about which business risks most concerned them, some of these types of risks topped the list. The number one concern was cyber risk. Number two was geopolitical risk. Third was operational risk, which relates to managing general business risks such as network outages or technology failures. We agree that these are top risks to manage.   

As Australia’s prudential regulator, it is APRA’s job to ensure our banks, insurers and superannuation trustees are making those preparations. In 2019, we introduced our first prudential standard on information and cyber security, while in two weeks our new prudential standard on operational risk management will come into force. Both of these standards meet community expectations that their money and personal information is secure, and that essential financial services remain accessible in all reasonable circumstances. For evidence, we need only reflect on the public alarm just weeks ago as news emerged that criminal elements had breached multiple superannuation funds. APRA has since responded by lifting our requirements around information security and the implementation of robust authentication controls, noting that “the safety and security of members’ retirement savings and member data is non-negotiable”.

But these heightened requirements on cyber and operational risk also add to the financial and operational compliance burden for our regulated entities. Inevitably this burden is more challenging for smaller institutions with less money and a smaller workforce than the industry giants. Greater proportionality in regulation can be one solution but needs to be weighed against the risks of allowing some cohorts of financial institutions to be less financially and operationally resilient – which in effect means lower levels of protection for their customers.

So how much community protection is enough? This is a question APRA constantly wrestles with as we try to balance the need to preserve a safe and stable financial system with the need to foster competition and economic growth. There is never an easy answer, but we have found one of the best ways to navigate the conundrum is to listen to the voices of our regulated entities and others in the business community. 

Events such as this today are an important means of doing so, and I look forward to hearing your views and exchanging ideas today.