Building a better regulatory future
APRA’s prudential architecture is a fundamental building block for the financial system. It establishes minimum standards, in law, to support financial safety and system stability for banks, insurers and superannuation trustees, and to protect the Australian community.
We have built this framework piece by piece, brick by brick, from the ground up, over 20 years – we now have 140 prudential standards and prudential practice guides (PPGs) covering the five APRA-regulated industries, plus letters, information papers and FAQs.
This framework has strengthened the resilience of the financial system: the banking industry is unquestionably strong, superannuation trustees are delivering improved outcomes for their members, and the insurance industries have remained resilient in the face of challenging conditions.
While the prudential framework has served the Australian community, our regulated entities and APRA well, there comes a time in the life of every building where it could do with a renovation.
The ground under our prudential architecture is constantly shifting – we’ve modified elements of the framework and built additions to respond to a wide range of external developments, ranging from the GFC, through the Financial System Inquiry and the financial services Royal Commission. As the financial landscape evolves, regulation needs to adapt to remain relevant and fit-for-purpose.
We recently released our first renovation blueprint, an information paper on one of our core strategic priorities – “modernising the prudential architecture” or MPA. Today, I will provide you with a bit more colour and context to this important initiative, and explain how you can help us redesign the prudential architecture for a clearer, simpler and more adaptable regulatory future.
What are we trying to achieve?
Our blueprint for our modernised prudential architecture is focused on changes that make the framework clearer, simpler and more adaptable. What does this mean in practice? Let me explain:
We will be clearer in how we develop and present the prudential standards, guidance and advice. We are exploring, for example, how to replace our existing PDF-based approach with new web-based portals, where you could search, filter and download parts of the framework to your heart’s content. You, the user, could customise your experience to meet your needs – as could your board members, senior executives, risk managers, investors, or others with an interest in APRA’s rules and views.
While complex risks require comprehensive standards, we will seek to make the framework that houses them as simple, straightforward and accessible as possible. As the prudential rulebook has grown in size and complexity, it’s become increasingly difficult to maintain, navigate and – most importantly – comply with. Removing undue complexity from the design of the framework, rationalising and simplifying, can make it easier to comply, reducing compliance costs and allowing you to get on with managing your risks and running your business. In short, ensuring entities understand and meet prudential requirements ultimately delivers better outcomes for the community, protecting Australians’ financial interests in good times and bad.
New technologies, new business models, and new ecosystems will mean regulation needs to be framed and applied differently in the future. We are acutely aware, therefore, of how important it is to have standards and guidance that can be adapted to keep pace with industry practice and emerging risks. We need to ensure that our requirements and guidance can be kept up-to-date without continuing to add to a patchwork of supporting advice that can appear held together with a few nails and a bit of glue.
2022: Shoring up our foundations
Our MPA focus in 2022 has been across four key areas: getting the foundations right, future state design, digital prototypes and defining an approach to addressing new risks.
We’ve bolstered the foundations of our refreshed building by:
conducting an internal review of the framework to identify and assess potential complexities within it;
establishing an advisory panel to provide an independent, external perspective on key initiatives; and
joining up with regulators domestically and internationally who are facing very similar challenges. Our international counterparts are – by coincidence – also examining how they can improve their approach to policy development, including design and digitalisation. We are also in close contact with ASIC to coordinate on common areas.
What will it look like when we are done?
Ultimately, this will manifest as a digital handbook that brings together all of the prudential standards, guidance, information papers, and supporting advice into a more cohesive and dynamic format.
Our approach to execution will be iterative and agile, comprising a series of deliverables over multiple years. We have already tried a few new things and 2023 will see our design elements settled and better navigation via our website.
The expectations we set for both ourselves and you in the industry, and the pace of change, represent a balancing act. Too slow and it could appear that we are not progressing; too fast and it could be destabilising and impose significant transition costs and execution risk.
Instead, we will progress new initiatives over time, and take the opportunity to consolidate and review standards as and when they are updated. We will learn what works, what doesn’t work and decide what we should do differently. This will be an incremental approach – not a quick build, big bang – and we are committed to integrating key initiatives into our ongoing policy development, rather than overlaid or adjunct to it.
How will we get there?
It’s worth making clear what MPA is and what it is not – MPA is about the design, method and structure of the framework. It is the foundations, the walls, the roof – the standards, the guidance and our advice. It is not about the technical content – or soft furnishings if you like; these sorts of changes will continue to be progressed through technical consultation.
So what do we hope this modernised framework will deliver? It will deliver:
better regulation in the form of prudential requirements that are easy to find, navigate and understand and which will enable the industry to continue to operate on solid foundations for the benefit of the beneficiaries we are charged with protecting;
a digital first approach, where we better enable suptech, regtech, and AI solutions, driving better compliance at lower cost; and
capability to respond to innovation, to deal with the digital economy without attempting to force the new into the old. We, and you, will be better able to respond to emerging and evolving themes, like crypto-assets, climate change risks and – dare I say it – cyber-attacks.
Let me take each of these in turn.
Our “better regulation” lens is about improving the design elements of the framework – when we succeed, our framework will be cohesive, easy to understand, simple to update, and quick to access.
This will involve some obvious changes. We have already started to consolidate and simplify our structure. Our recent draft CPS 230 on operational risk management is a great example of how we can maintain the integrity of our requirements, driving the right outcomes, even while we remove length and density. Where we previously had five prudential standards, now we will have one.
Similarly, our recently released draft CPG 190 on resilience planning and draft SPG 530 on investment governance showcase a more targeted way of thinking about prudential guidance. By connecting specific requirements and specific guidance, we hope that you will get to the heart of what you have to do and how APRA expects you to go about it without having to find a number of standalone documents and connect the dots yourself.
You may have also noticed that the guidance in these prudential practice guides (PPGs) is sharper, targeted and more clearly focused on outcomes, rather than process. We are also conscious of reducing duplication, standardising definitions, the use of language, cross- referencing and readability.
We are also taking a proportionate approach in our standards – for all new and amended requirements, we are asking the question “how can we drive the same outcome for smaller entities, without causing undue regulatory burden?” Our soon to be finalised CPS 190 on recovery and exit planning is, we believe, a great example of where we have struck a careful balance between requirements for all, and heightened obligations to reflect the risks of the more significant entities.
Our other recent leap ahead is the Guide for ADI Directors, which you may have seen released this week. The board of a regulated institution is ultimately accountable for ensuring that the institution it oversees meets APRA’s standards, and is therefore a logical starting point for better regulation. We are using this new Guide for ADI directors to support directors in understanding their current obligations, which are spread across various standards and PPGs. We anticipate that, as the framework simplifies over time, this compendium of board obligations will also evolve.
APRA is not alone in asking these searching questions of its prudential framework – our peer overseas regulators are also starting to explore how regtech and suptech can be used to support better regulation, such as through developing machine-readable regulation to automate compliance.
This digital first approach is driving us to challenge our traditional approach to explore how digital tools can be used to make it quicker and easier to access and navigate the framework, for both readers and coders. We are investigating how to draft standards in a way that facilitates regtech solutions and supports institutions’ governance, risk and compliance (GRC) systems. We are starting to make some improvements to our website and an internal prototype digital handbook, with functionality to search, navigate and analyse standards and guidance.
New risk, new rules
Over the last 20 years, we have adapted our requirements and guidance to deal with numerous emerging risks. Evolution is inevitable, so we will have to continue to be able to absorb the new and different into our prudential architecture: for example, the advent of crypto-assets and digital ledger technology, the financial risks associated with climate change, and the increasingly prevalent risks associated with cyber security.
We are also now dealing with very different types of business models than sat in our regulated population in the early 2000s; groups are far more complex than the traditional vertically integrated model and with complexity comes new challenges and accentuated risks.
We are embracing the opportunity for new thinking – in our requirements and our guidance, and in our role more generally – to ensure our framework can, with minimal fuss, incorporate new risks without also generating complexity. Rather than simply creating further standards to cater to these new risks and new business models, our priority will be to enhance existing requirements where possible. We’re also bringing greater discipline to how we frame and draft our guidance and advice – we will identify what our regulated industries have in common and harmonise through cross-industry requirements where we can, rather than maintaining industry nuances.
Through all of this, we will work with our peer agencies to ensure we remain joined up on risks that traverse regulatory mandates to ensure a coordinated approach.
We are well aware that we have set ourselves an ambitious plan – this is a big renovation and is not to be taken lightly. It is important to get it right – for regulated entities, our stakeholders and ourselves.
Getting it right requires us to be determined, and incremental. This will be a multi-year build and refresh, and one that is to be integrated with ongoing policy development, rather than overlaid or adjunct to it – the reason being that we will learn what works and what doesn’t as we go, technology will evolve to make it easier and we can’t stop to re-write everything. You might say that we are still working in the building while we renovate a few floors at a time!
Getting it right also means balancing competing priorities of not just positioning the framework for the future, but also maintaining stability and managing the cost of change for our industries.
If I can leave you with one thing today, it is to engage with us and stand ready to take an active role in shaping the prudential framework of the future. We are already meeting with regulated entities and industry associations as we take confident steps towards the digital platform that will house our prudential framework in the long run.
We look forward to hearing your views on our modernised framework as we work together towards a clearer, simpler and more adaptable future.