A recent speech by APRA Chair, John Lonsdale set out APRA’s priorities for the banking, superannuation and insurance sectors in implementing its Corporate Plan for 2023-24:

• addressing system-wide risks by enhancing cross-industry stress-testing, and ensuring macroprudential policy settings remain appropriate for the operating environment;
• a heightened focus on operational resilience, including cyber resilience, crisis management and operational risk management, to maintain the continuity of critical financial services;
• climate-related financial risks, including a Climate Vulnerability Assessment for general insurers and embedding climate risk in APRA’s approach to supervision; and
• improving superannuation transparency to provide members with enhanced insights about investment performance and increasing APRA’s focus on retirement outcomes.

Speaking about cybersecurity which affects all sectors he said:

“Three years ago, APRA’s information security standard CPS 234 came into force, and yet many entities are still struggling with foundational issues: ensuring third party controls are effective, making sure that systematic security control testing is in place, and regularly testing incident response plans. With the potential for serious impact to millions of Australians, our patience has run out. Where an entity is found to be significantly wanting in its cyber preparedness, we are intensifying supervision, insisting upon remediation plans, and taking enforcement action such as capital overlays and potentially license conditions.

APRA is also lifting operational resilience standards. Our regulated entities have until mid-2025 to be compliant with the requirements of the new standard, CPS 230. It will help entities to understand and manage the risks across their operational value chain, especially those associated with providing essential services to customers. Although the new standard isn’t in place for another 18 months, there are things entities can do now. Mapping out critical operations and identifying material service providers is a practical initial step, as is building organisational awareness. APRA will continue to work closely with entities to prepare them for the implementation of the standard and will issue additional guidance early next year.

Related to operational resilience is APRA’s ongoing focus on governance, risk culture, remuneration and accountability. This includes our work to increase the focus of boards and senior managers on non-financial measures such as community outcomes, and sharpened accountability to prevent poor outcomes.”

With respect to banks, APRA is considering targeted improvements to strengthen banks’ liquidity and capital standards to ensure they remain resilient and that stress at one entity doesn’t have an outsized impact on the system.

In superannuation, APRA is looking closely at liquidity risk, including the valuation of unlisted and illiquid asset classes, as well as lifting transparency and addressing product underperformance.

Declining affordability and accessibility of insurance is a risk to financial stability and is another key priority for APRA.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.