The Australian Prudential Regulation Authority (APRA) has released the final version of Superannuation Prudential Practice Guide SPG 223 Fraud Risk Management (SPG 223).

SPG 223 focusses on current and emerging fraud risk factors affecting the superannuation industry, while taking into account broader risk management-related matters raised in Prudential Standard SPS 220 Risk Management and Prudential Practice Guide SPG 220 Risk Management.

APRA suggests that while SPG 223 provides guidance for the superannuation industry, the guidance may be of benefit for authorised deposit-taking institutions, general insurers and life insurers when considering matters related to fraud risk management.

What is fraud risk?
SPG223 says fraud risk refers to the risk of loss from internal fraud or external fraud. These can be defined as:
a) internal fraud – losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy (excluding diversity / discrimination events) which involves at least one internal party; and
b) external fraud – losses due to acts of a third party that are of a type intended to defraud, misappropriate property or circumvent the law.

SPG 223 gives examples of potential fraud (including superannuation-specific fraud risks) as well as fraud prevention controls.

It is APRA’s view that a core element of an effective risk management framework is a strong risk culture that exhibits organisational attributes and behaviours which reflect an intolerance of fraud.

SPS 220 provides the minimum criteria that must be included in an RSE licensee’s risk management framework to appropriately manage different types of material risks.