Prudential Standard SPS 510 Governance
Objectives and key requirements of this Prudential Standard
This Prudential Standard sets out minimum foundations for good governance of an RSE licensee. Its objective is to ensure that an RSE licensee’s business operations are managed soundly and prudently by a competent Board, which can make reasonable and impartial business judgements in the best interests of beneficiaries and which duly considers the impact of its decisions on beneficiaries.
The ultimate responsibility for the sound and prudent management of an RSE licensee’s business operations rests with its Board of directors.
It is essential that an RSE licensee has a sound governance framework and conducts its affairs with a high degree of integrity. A culture that promotes good governance benefits all stakeholders of an RSE licensee and helps to maintain public confidence in the entity.
The governance of an RSE licensee builds on these foundations in ways that take account of the size, business mix and complexity of the RSE licensee’s business operations.
The key requirements of this Prudential Standard are that:
the Board must have a governance framework which includes, at a minimum, the Board’s charter (or equivalent document) and policies and processes that achieve appropriate skills, structure and composition of the Board;
the Board must have a written policy which sets out requirements relating to the nomination, appointment and removal of directors that support appropriate Board composition and renewal on an ongoing basis;
a Board Remuneration Committee must be established and the RSE licensee must have a Remuneration Policy that aligns remuneration and risk management;
a Board Audit Committee must be established; and
an RSE licensee must have a dedicated internal audit function.
- This Prudential Standard is made under section 34C of the Superannuation Industry (Supervision) Act 1993 (SIS Act).
2. This Prudential Standard applies to all registrable superannuation entity (RSE) licensees (RSE licensees) under the SIS Act. However, from 1 July 2023, paragraphs 24 to 45 of this Prudential Standard do not apply to significant financial institutions as defined under Prudential Standard CPS 511 Remuneration.
3. All RSE licensees must comply with this Prudential Standard in its entirety, unless otherwise expressly indicated.
4. For the purposes of this Prudential Standard, a reference to the ‘Board’ is to be read as a reference to the Board of directors or group of individual trustees of an RSE licensee.
5. For the purposes of this Prudential Standard, references to an auditor or an actuary are taken to be references to an auditor or an actuary that an RSE licensee must appoint under RSE licensee law.
6. This Prudential Standard sets out the minimum requirements that an RSE licensee must meet in the interests of promoting strong and effective governance.
7. This Prudential Standard commences on 1 January 2023.
The role of the Board and senior management
8. The Board is ultimately responsible for the sound and prudent management of an RSE licensee’s business operations.
9. The Board, in fulfilling its functions, may delegate authority to management to act on behalf of the Board with respect to certain matters, as decided by the Board. This delegation of authority must be clearly set out and documented. The Board must have mechanisms in place for monitoring the exercise of delegated authority. The Board cannot abrogate its responsibility for functions delegated to management.
10. The Board must ensure that the directors and the senior management of the RSE licensee, collectively, have the full range of skills needed for the effective and prudent operation of the RSE licensee’s business operations, and that each director has skills that allow them to make an effective contribution to Board deliberations and processes. This includes the requirement for directors, collectively, to have the necessary skills, knowledge and experience to understand the risks of the RSE licensee’s business operations, including its legal and prudential obligations, and to ensure that the RSE licensee’s business operations are managed in an appropriate way taking into account these risks. This does not preclude the Board from supplementing its skills and knowledge by engaging external consultants and experts.
11. Where the Board establishes a board committee that has responsibility for activities that have the potential to have a material impact on the interests, or reasonable expectations, of beneficiaries, or to the long term financial soundness of the RSE licensee, any of its RSEs or connected entities, an RSE licensee must ensure that only a director of the RSE licensee holds the position of chairperson on that board committee.
12. Senior management of an RSE licensee must be ordinarily resident in Australia.
13. Directors and senior management of an RSE licensee must be available to meet with APRA on request.
14. The Board must provide the auditor and the actuary, as relevant, with the opportunity to raise matters directly with the Board.
RSE licensees that are part of a corporate group
15. Where an RSE licensee is part of a corporate group, and the RSE licensee utilises group policies or functions, the Board must approve the use of group policies and functions and must ensure that these policies and functions give appropriate regard to the RSE licensee’s business operations and its specific requirements.
Governance framework
16. An RSE licensee must at all times have a governance framework that sets out how the Board oversees and exercises its authority in relation to the business operations of the RSE licensee and which encompasses the totality of systems, structures, policies, processes and people within an RSE licensee’s business operations.
17. The Board is ultimately responsible for the establishment, implementation and oversight of the governance framework.
18. An RSE licensee’s governance framework must, at a minimum, include:
(a) a formal charter that sets out the roles, responsibilities and objectives of the Board;
(b) the Board’s policy in relation to voting rights and procedures for the decisions of the Board;
(c) the Board’s policies on:
(i) the size and composition of the Board and any Board committees;
(ii) Board renewal;
(iii) the nomination, appointment and removal of directors, including defined director terms in office and maximum tenure periods;
(d) the RSE licensee’s policies and processes:
(i) to manage risks relating to fitness and propriety of responsible persons; and
(ii) relating to the management of conflicts; and
(e) a review process to ensure that the governance framework remains effective.
Board composition
19. The chairperson of the Board must be a director of the RSE licensee.
20. A majority of directors of an RSE licensee must be ordinarily resident in Australia.
Board performance assessment
21. The Board must have procedures for assessing, at least annually, the Board’s performance relative to its objectives. It must also have in place a procedure for assessing, at least annually, the performance of individual directors.
Board renewal
22. The Board must have in place a formal policy on Board renewal. This policy must provide details of how the Board intends to renew itself in order to ensure it remains open to new ideas and independent thinking, while retaining adequate expertise.
Board nomination, appointment and removal
23. The Board must establish and implement policies and processes for the nomination, appointment and removal of directors. These policies and processes must, at a minimum, address:
(a) the length of the term for which a director is appointed to the Board;
(b) the maximum tenure limit for an individual director;
(c) how vacancies will be managed, including, where applicable, how the RSE licensee will comply with the vacancy requirements in Part 9 of the SIS Act;
(d) the process by which a candidate will be nominated for a vacant Board position;
(e) the factors that will be considered when assessing the suitability of a nominated candidate, including how the RSE licensee assesses the independence of the candidate where relevant and the Board’s process for determining whether a particular candidate is appointed;
(f) the process by which a director will be appointed to the Board;
(g) the factors that will determine when an existing director will be re-appointed, including whether the director has served on the Board for a period that could, or could reasonably be perceived to, materially interfere with their ability to act in the best interests of beneficiaries;
(h) the process by which the Board will resolve disputes about nominations, appointment, re-appointment or removal of directors;
(i) when and how a director will be removed from the Board; and
(j) the Board’s policy on voting rights and procedures in relation to nomination, appointment, reappointment and removal of a director.
Remuneration policy
24. An RSE licensee must establish and maintain a documented Remuneration Policy. The Remuneration Policy must outline the remuneration objectives and the structure of the remuneration arrangements, including, but not limited to, the performance-based remuneration components of the RSE licensee.
25. The Remuneration Policy must be approved by the Board.
26. For the purposes of this Prudential Standard, remuneration arrangements include measures of performance, the mix of forms of remuneration (such as fixed and variable components, and cash and equity-related benefits) and the timing of eligibility to receive payments that a person receives by virtue of the role that they undertake for the RSE licensee. All forms of remuneration are captured by this Prudential Standard, regardless of where, or from whom, the remuneration is sourced.
27. In addition to any other objectives, the Remuneration Policy’s performance-based components of remuneration must be designed to encourage behaviour that supports:
(a) protecting the interests, and meeting the reasonable expectations, of beneficiaries;
(b) the long term financial soundness of the RSE licensee, any of its RSEs or connected entities; and
(c) the risk management framework of the RSE licensee.
28. The performance-based components of remuneration must be designed to align remuneration with prudent risk-taking and must incorporate adjustments to reflect:
(a) the outcomes of the RSE licensee’s business operations;
(b) the risks related to the RSE licensee’s business operations; and
(c) the time necessary for the outcomes of those business operations to be reliably measured.
29. The Remuneration Policy must provide for the Board to adjust performance-based components of remuneration downwards, to zero if appropriate, in relation to relevant persons or classes of persons, if such adjustments are necessary:
(a) to protect the financial position of the RSE licensee, any of its RSEs or connected entities, or for the purposes of any other relevant prudential matter; and
(b) to respond to significant unexpected or unintended consequences that were not foreseen by the Board Remuneration Committee.
30. The Remuneration Policy must set out who is covered by the Policy. The Remuneration Policy must cover, at a minimum:
(a) each responsible person as that term is defined in SPS 520, excluding auditors and actuaries;
(b) persons whose primary role is risk management, compliance, internal audit, financial control or actuarial control (collectively ‘risk and financial control personnel’); and
(c) all other persons for whom a significant portion of total remuneration is based on performance and whose activities, individually or collectively, may affect the interests of beneficiaries, the financial position of the RSE licensee, any of its RSEs or connected entities, or any other relevant prudential matter.
A person will be included within one of the above categories if that person is: employed directly by the RSE licensee; retained directly by the RSE licensee under contract; employed by, or a contractor of, a body corporate (including a service company) that is a connected entity or a related body corporate of the RSE licensee; or, subject to paragraph 31, an entity that is not a connected entity or a related body corporate of the RSE licensee.
31. The Remuneration Policy must cover a service contract between an RSE licensee and a body that is not a connected entity or a related body corporate of the RSE licensee, if:
(a) the primary role of the body is to provide risk management, compliance, internal audit, financial control or actuarial control services to the RSE licensee; or
(b) the services provided by the body, either individually or collectively with like services provided by other bodies, may affect the interests of beneficiaries, the financial position of the RSE licensee, any of its RSEs or connected entities and any other relevant prudential matter, under the service contract with the RSE licensee, a significant portion of the total payment to the body is based on performance.
However, the Remuneration Policy need not cover a service contract with such a body if:
(i) the RSE licensee’s risk management framework explicitly addresses the structure of payments to bodies of the relevant kind and the risk that payment incentives can give rise to inappropriate behaviour; and
(ii) oversight of this risk has been delegated to a Board Committee.
32. APRA may determine that an individual or class of individuals must be covered by the RSE licensee’s Remuneration Policy. APRA will notify the RSE licensee of such a determination in writing.
33. The Remuneration Policy must prohibit persons covered by paragraph 30(a), who receive equity or equity-linked deferred remuneration, from hedging their economic exposures to the resultant equity price risk before the equity-linked remuneration is fully vested and able to be sold for cash by the recipient. The Remuneration Policy must specify the actions to be taken where a person is found to have breached this requirement.
34. The Remuneration Policy must ensure that the structure of the remuneration of risk and financial control personnel, including performance-based components if any, does not compromise the independence of these personnel in carrying out their functions.
35. Nothing in this Prudential Standard prevents an RSE licensee from adopting and applying a group Remuneration Policy that is also used by a connected entity or a related body corporate, provided that the policy has been approved by the Board in accordance with paragraph 25 and meets the requirements of this Prudential Standard.
36. The Remuneration Policy must form part of the RSE licensee’s risk management framework.
37. The Remuneration Policy must be provided to APRA on request.
Board Remuneration Committee
38. An RSE licensee must, unless otherwise approved in writing by APRA, have a Board Remuneration Committee that complies with the requirements of this Prudential Standard.
39. The Board Remuneration Committee must have at least three members. All members of the Committee must be non-executive directors.
40. The chairperson of the Board may sit on the Board Remuneration Committee, but may not chair the Committee except where the chairperson of the Board is the only independent director (within the definition of section 10 of the SIS Act) on the Board.
41. The Board Remuneration Committee must have a written charter and terms of reference that outline the Committee’s roles, responsibilities and terms of operation. The Remuneration Committee must be provided with the powers necessary to enable it to perform its functions.
42. The responsibilities of the Board Remuneration Committee must include:
(a) conducting regular reviews of, and making recommendations to the Board on, the Remuneration Policy. This must include an assessment of the Remuneration Policy’s effectiveness and compliance with the requirements of this Prudential Standard;
(b) making annual recommendations to the Board on the remuneration of the responsible persons identified in paragraph 30(a), other persons whose activities may in the Board Remuneration Committee’s opinion affect the financial soundness of the RSE licensee’s business operations, and any other person specified by APRA; and
(c) making annual recommendations to the Board on the remuneration of the categories of persons covered by the Remuneration Policy (other than those persons for whom such recommendations are already required under paragraph 42(b)).
43. The Board Remuneration Committee must:
(a) have free and unfettered access to risk and financial control personnel and other parties (internal and external) in carrying out its duties; and
(b) if choosing to engage third-party experts, have power to do so in a manner that ensures that the engagement, including any advice received, is independent.
44. Where an RSE licensee is part of a corporate group, the Board may use a group Board Remuneration Committee in order to meet the requirements of paragraphs 38 to 39 inclusive of this Prudential Standard, provided that the other requirements set out in this Prudential Standard are met, all members of the group Board Remuneration Committee are non-executive directors of the head of the group and the Board has unfettered access to the group Board Remuneration Committee.
45. Members of the Board Remuneration Committee must be available to meet with APRA on request.
Board Audit Committee
46. An RSE licensee must have a Board Audit Committee, which assists the Board by providing an objective non-executive review of the effectiveness of the RSE licensee’s financial reporting and risk management framework unless, with respect to risk management, there is another Board Committee which carries out this function.
47. The Board Audit Committee must have sufficient powers to enable it to obtain all information necessary for the performance of its functions.
48. The Board Audit Committee must have at least three members. All members of the Committee must be non-executive directors.
49. The chairperson of the Board may sit on the Board Audit Committee, but may not chair the Committee except where the chairperson of the Board is the only independent director (within the definition of section 10 of the SIS Act) on the Board.
50. The Board Audit Committee must have a charter that includes a reference to the fact that the Committee is responsible for the oversight of:
(a) all APRA statutory reporting requirements;
(b) other financial reporting requirements;
(c) professional accounting requirements;
(d) internal and external audit; and
(e) the appointment of both the RSE licensee’s auditor and internal audit function.
51. The Board Audit Committee must review the engagement of the auditor at least annually, including making an assessment of whether the auditor meets the Audit Independence tests set out in APES 110 Code of Ethics for Professional Accountants, as well as the additional auditor independence requirements set out in this Prudential Standard.
52. The Board Audit Committee must regularly review the internal and external audit plans, ensuring that they cover all material risks and financial reporting requirements of the RSE licensee. It must also regularly review the findings of audits, and ensure that issues are being managed and rectified in an appropriate and timely manner.
53. The Board Audit Committee must ensure the adequacy and independence of both the internal and external audit functions.
54. The members of the Board Audit Committee must, at all times, have free and unfettered access to senior management, the internal audit function, the heads of all risk management functions, the auditor and the actuary, as applicable, and vice versa.
55. The Board Audit Committee must establish and maintain policies and procedures for employees of the RSE licensee to submit, confidentially, information about accounting, internal control, compliance, audit, and other matters about which the employee has concerns. The Committee must also have a process for ensuring employees are aware of these policies and for dealing with matters raised by employees under these policies.
56. Members of the Board Audit Committee must be available to meet with APRA on request.
57. The Board Audit Committee must invite the auditor and the actuary, as applicable, to meetings of the Committee.
58. The internal auditor must have a reporting line, and unfettered access, to the Board Audit Committee.
Internal audit
59. An RSE licensee must have an independent and adequately resourced internal audit function. An RSE licensee may outsource this function where the outsourcing agreement meets the requirements of Prudential Standard SPS 231 Outsourcing. If an RSE licensee does not believe it is necessary to have a dedicated internal audit function, it must apply to APRA to seek an exemption from this requirement, setting out reasons why it believes it should be exempt. APRA may approve alternative arrangements in writing for an RSE licensee where APRA is satisfied that they will achieve the same objectives.
60. The objectives of the internal audit function must include evaluation of the adequacy and effectiveness of the financial and risk management framework of the RSE licensee. To fulfil its functions, the internal auditor must, at all times, have unfettered access to all the RSE licensee’s business lines and support functions.
Auditor independence
61. The Corporations Act contains a number of requirements in relation to auditor independence. The auditor independence requirements in this Prudential Standard are substantially consistent with those requirements, and are intended to help ensure the independence of an auditor engaged to perform work of a prudential nature in relation to RSE licensee law.
62. The Board must, to the extent practical, undertake steps to satisfy itself that the auditor, who undertakes work for the RSE licensee in relation to RSE licensee law, is independent of the RSE licensee and the RSE, and that there is no conflict of interest situation that could compromise, or be seen to compromise, the independence of the auditor.
63. As part of the process of ascertaining the independence of the auditor, an RSE licensee must obtain a declaration from the auditor to the effect that:
(a) the auditor is independent, both in appearance and in fact;
(b) the auditor has no conflict of interest situation; and
(c) there is nothing to the auditor’s knowledge (either in relation to the individual auditor or any audit firm or audit company of which the auditor is a member or director) that could compromise that independence.
64. A person, who was a member of an audit firm or a director of an audit company, and who served in a professional capacity in the audit of an RSE licensee in relation to RSE licensee law, cannot be appointed to the role of director or senior manager of that RSE licensee until at least two years have passed since they served in that professional capacity.
65. A person, who was an employee of an audit company, other than a director of that company, and who acted as the lead auditor or review auditor in the audit of an RSE licensee in relation to RSE licensee law, cannot be appointed to the role of director or senior manager of that RSE licensee until at least two years have passed since they acted as the lead auditor or review auditor.
66. A person cannot be appointed as a director or senior manager of an RSE licensee if:
(a) the person was, or is, a director of the audit company or a member of the audit firm that was, or is, responsible for the audit of the RSE licensee in relation to RSE licensee law; and
(b) there is already another person appointed or employed as a director or senior manager of the RSE licensee who was a director of the audit company or a member of the audit firm, at a time when the audit company or audit firm undertook an audit of the RSE licensee at any time during the previous two years.
67. An individual who plays a significant role in the audit of an RSE in relation to RSE licensee law, for five successive years, or for more than five years out of seven successive years, cannot continue to play a significant role in the audit until at least a further two years have passed, except with an exemption in writing from APRA. APRA may grant an exemption from this requirement if the individual provides specialist services that are otherwise not readily available or there are no other registered company auditors available to provide satisfactory services for the RSE licensee.
68. For the purposes of maintaining their independence and objectivity, the auditor and actuary cannot both be employed by the same body corporate or related bodies corporate, or by the same firm or related firms.
Persons not to be constrained from providing information to APRA
69. No prospective, current, or former officer, employee or contractor (including professional service provider) of an RSE licensee may be constrained or impeded, whether by confidentiality clauses or other means, from disclosing information to APRA, from discussing issues with APRA of relevance to the management and prudential supervision of the RSE licensee, or from providing documents under their control to APRA, that may be relevant in the context of the management or prudential supervision of the RSE licensee. Such persons are not to be constrained or impeded from providing information to, as applicable, auditors, actuaries and others, who have statutory responsibilities in relation to the RSE licensee.
70. An RSE licensee must ensure that its internal policy and contractual arrangements do not explicitly or implicitly restrict or discourage auditors or other parties from communicating with APRA.
Adjustments and exclusions
71. APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to an RSE licensee.
Previous exercise of discretion
72. An RSE licensee must contact APRA if it seeks to place reliance, for the purposes of complying with this Prudential Standard, on a previous exemption or other exercise of discretion by APRA under a previous version of this Prudential Standard.
