Skip to main content

APRA Chair Wayne Byres - Speech to the Risk Management Association Australia CRO Board Dinner

Reflections on a changing landscape

Wayne Byres, Chairman – Risk Management Association (RMA) Australia CRO Board Dinner, Sydney

Thank you for the invitation to join you this evening.

My first public speech as APRA Chair was to this CRO forum, almost exactly five years ago. At least for me, the time since has gone very quickly.

It’s not news to anyone that the past five years have seen rapidly changing environments. Like many industries, the financial sector is being disrupted and challenged in the ways we did not foresee even just a few years ago. The macroeconomic and geopolitical landscape is also posing challenges that were not on anyone’s radar screen until relatively recently.

For regulators, it’s been no different: new technologies, a greater sense of urgency to respond to emerging trends and risks, and increased community expectations have impacted regulators just as much as those they regulate.

So I want to use tonight’s remarks to reflect on these past five years of prudential regulation in Australia, and what they mean for the future. My main reflection is that APRA’s mandate has not changed, but what is expected of APRA undoubtedly has. That obviously has implications for us, and also for those we regulate.

The early days 

I left Australia in 2011 for Basel, when the regulatory and supervisory agenda in this country was very much driven by the post-crisis reforms designed to materially strengthen the financial system through a much more robust regulatory framework.

The centrepiece of that effort was the Basel III reform package agreed by the Basel Committee and endorsed by the G20 Leaders. Australia’s banking system was in much better shape than most around the world, thanks to a good starting point going into the crisis, and extraordinary public sector support during it.  As a result, APRA was at the forefront of the implementation of Basel III: Australia had a relatively well-capitalised banking system and no need for the lengthy transitional arrangements that were (and still are) necessary to assist more fragile banks elsewhere.

At the time of my departure, APRA itself was seen to have performed well during the crisis, and therefore held in high regard. To my mind, that praise was slightly misplaced. Not that APRA didn’t perform well or deserve praise, but rather that its most important work was before, not during, the crisis. Preparing for adversity and building strength in good times is how prudential supervisors like APRA earn their keep. Our work in more recent times is being pursued with the same end in mind.

When I arrived back from Basel in mid-2014, the environment had changed considerably. The Government of the day was pursuing a strong deregulatory agenda. My first task as Chair was to respond to the Government’s new Statement of Expectations for APRA, which emphasised the importance of reducing regulatory burden on industry. The Financial System Inquiry (FSI) was in full swing, and a ‘regulatory freeze’ was imposed while the FSI reviewed the regulatory framework for the financial system. Furthermore, a number of submissions to the FSI suggested the post-crisis international reforms were not needed here, or at least not to the same degree. 

My own view was that the Australian system had become rather complacent, and a bit self-satisfied, about the way it dealt with the crisis[1].  It also seemed Australia was somewhat isolated from some of the debates and agendas that were being pursued elsewhere in global fora. That certainly applied to financial issues, but with hindsight it also applied to so-called non-financial risks. Hence my speech five years ago focussed on the global regulatory agenda, and how that would influence Australia. One particular area that I called for a stronger focus was on issues of governance and culture – a new frontier of supervision which at the time was not, in my view, getting the attention it required. 

Five years ago …. and now

Let me be clear: five years ago, I did not foresee all of the culture-related issues that have since come to light. I definitely underestimated the extent to which these issues and their impact would become front and centre of community debate. But I was certainly sceptical about the claim that issues that existed in many other parts of the world could not be present here, and I do think APRA has played an important role in forcing more Board and management attention to these matters. 

However, five years ago, the idea that APRA should, as we do today, regard lifting standards of governance, culture and accountability as a key strategic priority would have led many to challenge whether we had our priorities right. The idea a prudential regulator would conduct a special inquiry into the governance and culture of a large, financially successful institution like the Commonwealth Bank of Australia – let alone build capability to do similar inquiries in future – would have seemed odd. Even as shortcomings within the industry more broadly came to light, there continued to be debate as to why a core component of the regulatory response – the Banking Executive Accountability Regime (BEAR) – was assigned to APRA. We have certainly come a long way in a short time.

We are now in a world where APRA is being tasked to do more, and more assertively, than we have traditionally done. As a result, our proposals on remuneration are far-reaching and far more prescriptive than has been our conventional approach. The lessons from the Royal Commission will also require us to review and strengthen our governance (CPS510) and risk management (CPS 220) standards. We will need to devote substantially more supervisory resources to these issues and they will need to become a core competency, just as much as bank capital and liquidity.

Another area that has come to the fore has been financial system stability.

Five years ago, APRA’s financial system stability mandate received little attention – at least, outside APRA. Indeed, most saw financial stability as something that the Reserve Bank looked after, so few were aware we are the only agency with a statutory mandate to promote financial stability. It’s well known that the APRA Act requires us to pursue financial safety, and it’s generally known we have some balancing considerations – competition, efficiency, contestability and competitive neutrality – but not many people had focussed on the fact that we are explicitly tasked with pursuing that objective and achieving that balance in a manner that, in all cases, promotes financial stability.

That lack of awareness certainly changed from late 2014 as we intervened quite assertively to lift mortgage lending standards. At the time, our actions were seen as unusual and controversial. Many questioned why we were intervening – if there was concern about macroeconomic trends, wasn’t that the RBA’s job? And if we were concerned that lending was irresponsible, wasn’t that ASIC’s job? In fact, we were concerned about financial stability due to an environment of heightened risks, to which we did not think the banking system was adequately responding. In the end, we believe our intervention achieved its purpose promoting financial stability by recalibrating lending standards to a more sustainable level, reducing risks for both banks and the system as a whole.

We are now in a world in which ‘macroprudential’ actions are seen as part and parcel of APRA’s armoury. And our armoury has more weapons: we have even been granted powers over non-bank lenders, should material risks to financial stability emerge. Particularly as the limits of monetary policy in dealing with both economic and financial risks have become clearer, there is likely to be an increasing focus on APRA’s ability to step in and ‘lean against the wind’ as imbalances emerge. The calls for action will come quicker, and we will need to be ready with the framework and tools to respond.

Five years ago, prudential standards in superannuation were a new feature of the landscape. APRA had operated for most of its existence with only the Superannuation Industry (Supervision) Act 1993 (SIS Act) to administer the industry. Moreover, the Act was missing many of the key powers that APRA possesses for banking and insurance (most notably a directions power, and any controls over the transfer of trustee ownership). The most fundamental provision in the Act – the ‘best interests’ duty on trustees – had no direct penalty if breached. 

For an industry that had been supervised under the SIS Act for a long period of time, the introduction of principles-based prudential standards devised and administered by APRA rather than the Parliament was quite new. Our approach, consistent with the prevailing orthodoxy at the time, was to work with the industry to adjust to the comprehensive set of new principles-based requirements. More recently, however, we have sharpened our attention on the under-performers, something that will significantly intensify from hereon. Critically, the weaknesses in the Act I mentioned earlier were finally rectified earlier this year. Those new powers are game changers for APRA: they will greatly strengthen our hand in supervising the industry.

We are now in a world where we are asked to establish performance benchmarks for superannuation funds, and remove from the industry those that do not meet them. It takes APRA into new territory, but one we are now better equipped to embrace.

Five years ago, the technological disruption that is now reshaping the financial system, and the associated cyber risks that have come with it, were not as immediate as they are today. Yes, there was ample discussion on the importance of technology, but ‘disruption’ was more of a conceptual discussion than immediate reality. And cyber security was definitely on the risk radar, but attacks did not have the scale or sophistication that are routinely encountered today.

We are now in a world where APRA’s traditional modus operandi will be inadequate. The current regulatory framework is not designed for clouds, ecosystems and partnership models. Not only do we need new skills, additional resources and stronger partnerships, but potentially new powers to ensure that as critical functions and data move outside the regulatory perimeter, we are able to satisfy ourselves that the requisite level of safety and control remain in place. The idea of APRA formally reviewing the capabilities of unregulated service providers would have once been rejected as regulatory over-reach – now such service providers may be so fundamental to the operations of a bank that bank supervision cannot properly be done without it.

Finally, five years ago, climate change was not on the horizon of prudential regulators. But domestic and international policymakers, as well as investment decision-makers, are now very attuned to climate risks, and that is in turn impacting asset values and markets. Our entrance into this territory followed the signing of the Paris Agreement, the work by the private sector (sponsored by the Financial Stability Board) on climate-related disclosures, and a view that directors’ duties require boards to be cognisant of the climate risks to which their business is exposed.

We are now in a world where climate-related financial risks need to be assessed and addressed alongside more traditional balance sheet and operational risks. We are working with our colleagues on the Council of Financial Regulators to ensure we, and the industries we regulate, have an appropriate awareness of the risks, and how they are being managed. And we need to do so: an APRA survey undertaken last year across Australian banks and insurers had climate change as the most commonly cited long-term financial risk, ahead of economic downturns and cyber security. 

Implications of recent reviews

This rapidly changing landscape and evolving set of expectations has meant there was much grist for the mill for the reviews of APRA that have occurred over the last little while. Over the past year or so, aspects of APRA’s activities have been subjected to six major reviews: by the IMF, the Royal Commission, two Productivity Commission inquiries, our own Enforcement Review, and the APRA Capability Review. Collectively, they delivered to us around 150 recommendations on how we might better fulfil our role. 

Not every one of the reviews examined our core prudential mandate, but those that did found, broadly speaking, we fulfilled it well. No one suggested there were fundamental flaws in our traditional ‘safety and soundness’ role. Indeed, we have been urged not to take our eye off the ball. Financial safety and stability doesn’t just happen, and in today’s challenging environment – including very low and negative interest rates, inflated asset prices, low growth, trade wars and global political tensions, to name a few – stability is far from a foregone conclusion. 

But in all cases, we were pressed to also extend ourselves – to cast our eye wider, think more broadly, work more collaboratively, and step more confidently into a wider range of areas.  

Compared to five years ago, APRA now has a much bigger role to play. We will be firmly stepping into our expanded mandate, and acting more forcefully than we have done in the past. We certainly hope to still have an open and cooperative relationship with regulated entities, since that is essential to good prudential supervision, but will have little patience when that is not reciprocated. Be it governance and culture, financial stability, superannuation or cyber-related risks, our standards and expectations in the future are likely to be more prescriptive and demanding, and our enforcement of them will undoubtedly be firmer and more insistent. 

Concluding remarks

To sum up, APRA’s activities have expanded significantly over the past five years. This has not been a smooth transition: the regulatory pendulum has swung between periods of significant regulatory change, and times when there have been demands to pare back. But overall there is no doubt that expectations of APRA have grown, and they have pushed us into new fields of endeavour. There is no sign that tide is going to turn soon.

I’m not sure what the issues de jour will be in five years’ time but there’s a very good chance they will not be the issues we think are most important today. The past five years has shown that what might seem unusual or out of scope today, can quickly become a core task tomorrow. Some of the topics that I have talked about tonight were not seen, five years ago, to be at the heart of APRA’s role. In contrast, later this week we will publish our 4 year Corporate Plan and a number of them will be called out as our core outcomes, ranking alongside maintaining financial safety and resilience. 

If there is one lesson from the past five years, it is that – be it regulators or risk managers – being ready and able to respond to the demands of a rapidly changing landscape is probably the most important attribute we all need to possess.


[1] It is sometimes said the Australian banking system ‘sailed through’ the financial crisis. While the system did prove relatively resilient, there was extraordinary intervention necessary to keep the system stable and the wheels of the economy turning. That included (i) an unprecedented fiscal response – one of the largest stimulus packages in the world; (ii) an unprecedented monetary response – the official cash rate was cut by 425 basis points in a little over six months; (iii) the RBA substantially expanded its market operations and balance sheet; (iv) ASIC imposed an 8-month ban on the short selling of financial stocks; and (v) the Federal Government initiated a guarantee of retail deposits of up to $1 million, and a facility for authorised deposit-taking institutions (ADIs) to purchase guarantees for larger deposits and wholesale funding out to 5 years (indeed, at one point more than one-third of the banking system’s entire liabilities were subject to a Commonwealth Government guarantee). As I have said previously, if all of the above was needed to keep the system stable and operational, then it is difficult to argue that the system sailed through or that some further strengthening of regulation was not justified.


The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, mutuals, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding around $9 trillion in assets for Australian depositors, policyholders and superannuation fund members.