Prudential Standard CPS 510 Governance
Banking Act 1959
Insurance Act 1973
Life Insurance Act 1995
I, Clare Gibney, delegate of APRA:
(a) under subsections 11AF(3) of the Banking Act 1959 (the Banking Act), 32(4) of the Insurance Act 1973 (the Insurance Act), 230A(5) of the Life Insurance Act 1995 (the Life Insurance Act), and 92(5) of the Private Health Insurance (Prudential Supervision) Act 2015 (the PHIPS Act) REVOKE Banking, Insurance, Life Insurance, and Health Insurance (prudential standard) determination No. 1 of 2022, including Prudential Standard CPS 510 Governance made under that determination;
(b) under subsection 11AF(1) of the Banking Act, DETERMINE the prudential standard, which applies to all ADIs and authorised banking NOHCs;
(c) under subsection 32(1) of the Insurance Act, DETERMINE the prudential standard, which applies to all general insurers and authorised insurance NOHCs, and subsidiaries of general insurers or authorised insurance NOHCs where those subsidiaries are parent entities of Level 2 insurance groups;
(d) under subsection 230A(1) of the Life Insurance Act, DETERMINE the prudential standard, which applies to all life companies, including friendly societies, and registered NOHCs; and
(e) under subsection 92(1) of the PHIPS Act, DETERMINE the prudential standard, which applies to all private health insurers.
This instrument commences on 1 January 2024.
Dated: 20 November 2023
Clare Gibney
Executive Director
Policy and Advice Division
Interpretation
In this Determination:
APRA means the Australian Prudential Regulation Authority.
ADI has the meaning given in section 5 of the Banking Act 1959.
authorised banking NOHC has the meaning given to the expression authorised NOHC in section 5 of the Banking Act 1959.
authorised insurance NOHC has the meaning given to the expression authorised NOHC in subsection 3(1) of the Insurance Act 1973.
friendly society has the meaning given in section 16C of the Life Insurance Act 1995.
general insurer has the meaning given in section 11 of the Insurance Act 1973.
Level 2 insurance group has the meaning given in Prudential Standard GPS 001 Definitions.
life company has the meaning given in the Schedule to the Life Insurance Act 1995.
parent entity has the meaning given in Prudential Standard GPS 001 Definitions.
private health insurer has the meaning given in section 4(1) of Private Health Insurance (Prudential Supervision) Act 2015.
registered NOHC has the meaning given in the Schedule to the Life Insurance Act 1995.
subsidiary has the meaning given in Prudential Standard GPS 001 Definitions.
the prudential standard means Prudential Standard CPS 510 Governance.
Schedule
Prudential Standard CPS 510 Governance comprises the document commencing on the following page.
Prudential Standard CPS 510
Governance
Objectives and key requirements of this Prudential Standard This Prudential Standard sets out minimum foundations for good governance of an APRA-regulated institution in the deposit-taking, general insurance, life insurance and private health insurance industries, and of a Head of a group. Its objective is to ensure that an institution and group is managed soundly and prudently by a competent Board (or equivalent), which can make reasonable and impartial business judgements in the best interests of the institution and group and which duly considers the impact of its decisions on depositors and/or policyholders. The ultimate responsibility for oversight of the sound and prudent management of an APRA-regulated institution rests with its board of directors (or equivalent). The ultimate responsibility for oversight of the sound and prudent management of a group lies with the Board of the Head of the group. It is essential that an APRA-regulated institution and group has a sound governance framework and conducts its affairs with a high degree of integrity. A culture that promotes good governance benefits all stakeholders of an institution and group and helps to maintain public confidence in the institution and group. The governance of an APRA-regulated institution and group builds on these foundations in ways that take account of the size, complexity and risk profile of the institution and group. The key requirements of this Prudential Standard for a locally incorporated APRA-regulated institution and a Head of a group are that:
A number of the requirements in this Prudential Standard apply to foreign authorised deposit-taking institutions, Category C insurers and eligible foreign life insurance companies. |
Table of contents
Additional requirements of the Head of a group
A. Governance arrangements – locally incorporated APRA-regulated institutions
The Board and senior management
Definition of non-executive director
Subsidiaries of a parent that is not prudentially regulated
APRA-regulated institutions that are part of a group or any other corporate group
Entities that are part of a group that are not APRA-regulated institutions
B. Governance arrangements – foreign ADIs, Category C insurers and EFLICs
Persons not to be constrained from providing information to APRA
Determinations made under previous prudential standards
Attachment A – Director Independence
Attachment B – Compliance Committee for eligible foreign life insurance companies
Purpose of the Compliance Committee
Continuing responsibility of the Board
Composition and residency status of Committee members
Application for a modified Committee composition
Appointment and removal of Committee members
Duties and responsibilities of the Committee
(a) section 11AF of the Banking Act;
(b) section 32 of the Insurance Act 1973 (Insurance Act);
(c) section 230A of the Life Insurance Act 1995 (Life Insurance Act); and
(d) section 92 of the Private Health Insurance (Prudential Supervision) Act 2015 (PHIPS Act).
2. This Prudential Standard applies to all ‘APRA-regulated institutions’,[1] defined as:
(a) all authorised deposit taking institutions (ADIs), including foreign ADIs, and non-operating holding companies authorised under the Banking Act (authorised banking NOHCs);
(b) all general insurers, including Category C insurers, non-operating holding companies authorised under the Insurance Act (authorised insurance NOHCs) and parent entities of Level 2 insurance groups;
(c) all life companies, including friendly societies and eligible foreign life insurance companies (EFLICs), and registered NOHCs; and
(d) all private health insurers registered under the PHIPS Act.
3. All APRA-regulated institutions have to comply with this Prudential Standard in its entirety, unless otherwise expressly indicated. The obligations imposed by this Prudential Standard on, or in relation to, a foreign ADI, a Category C insurer or an EFLIC apply only in relation to the Australian branch operations of that institution.
4. Where an APRA-regulated institution is the ‘Head of a group’,[2] it must comply with a requirement of this Prudential Standard:
(a) in its capacity as an APRA-regulated institution;
(b) subject to paragraph 43, by ensuring that a requirement is applied appropriately throughout the group, including in relation to institutions that are not APRA-regulated; and
(c) on a group basis.
In applying the requirements of this Prudential Standard on a group basis, references in paragraphs 52 to 78 and 80 to 90 to an ‘APRA-regulated institution’ should be read as ‘Head of a group’ and references to ‘institution’ should be read as ‘group’.
5. This Prudential Standard commences on 1 January 2024.
7. Where this Prudential Standard provides for APRA to exercise a power or discretion, this power or discretion is to be exercised in writing.
8. For the purposes of this Prudential Standard:
‘group’ means a Level 2 group or a Level 3 group, as relevant;
‘Head of a group’ means a Level 2 Head or Level 3 Head, as relevant;
‘Level 2 group’ means the entities that comprise:
(a) Level 2 as defined in APS 001; or
(b) a Level 2 insurance group as defined in GPS 001;
‘Level 2 Head’ means:
(a) where an ADI that is a member of a Level 2 group is not a subsidiary of an authorised banking NOHC or another ADI, that ADI;
(b) where an ADI that is a member of a Level 2 group is a subsidiary of an authorised banking NOHC, that authorised banking NOHC; or
(c) the parent entity of a Level 2 insurance group as defined in GPS 001;
(a) ‘Appointed auditor’ as defined in APS 001, in relation to an ADI (including a foreign ADI) or authorised banking NOHC;
(b) ‘Appointed Auditor’ as defined in GPS 001, in relation to a general insurer (including a Category C insurer);
(c) ‘Auditor’ as defined in Prudential Standard LPS 310 Audit and Related Matters (LPS 310), in relation to a life company (including an EFLIC);
(d) ‘responsible auditor’ as defined in GPS 001, in relation to an authorised insurance NOHC and in relation to a registered NOHC, is an auditor who is required to prepare a report under the Life Insurance Act, prudential standards made under the Life Insurance Act or reporting standards made under the Financial Sector (Collection of Data) Act 2001 (FSCODA);
(e) ‘Appointed Auditor’ as defined in Prudential Standard 3PS 310 Audit and Related Matters (3PS 310), in relation to a Level 3 Head; and
(f) ‘Appointed Auditor’ as defined in Prudential Standard HPS 310 Audit and Related Matters (HPS 310), in relation to a private health insurer.
10. This Prudential Standard sets out the minimum requirements that an APRA-regulated institution and the Head of a group must meet in the interests of promoting strong and effective governance.
11. The Head of a group must maintain governance arrangements for the group.
12. In meeting the requirements of this Prudential Standard on a group basis, the Head of a group must maintain a group internal audit function that meets the requirements of paragraphs 68 and 69 on a group basis.
13. The Board of the Head of a group is ultimately responsible for oversight of the sound and prudent management of the group and must have the following committees for the group:
(a) a group Board Audit Committee that meets the requirements of paragraphs 52 to 67 and that assists the Board by providing an objective non-executive review of the effectiveness of the group’s financial reporting and group risk management framework; and
(b) a group Board Risk Committee that meets the requirements of paragraphs 80 to 87 and that assists the Board by providing an objective non-executive oversight of the implementation and operation of the group risk management framework.
14. The Board of a Head of a group must ensure that directors and senior management of the group, collectively, have the full range of skills needed for the effective oversight and prudent management, respectively, of the group. This does not lessen the responsibility of each of the individual Boards of the institutions within the group for their institutions.
15. Where an entity within the group that is not an APRA-regulated institution engages in business activities that may pose a material risk to the group, the Head of the group must ensure that such business activities are undertaken in a way that complies with the group governance arrangements.[3]
17. The Board must have a formal charter that sets out the roles and responsibilities of the Board.
18. The Board, in fulfilling its functions, may delegate authority to management to act on behalf of the Board with respect to certain matters, as decided by the Board. This delegation of authority must be clearly set out and documented. The Board must have mechanisms in place for monitoring the exercise of delegated authority. The Board cannot abrogate its responsibility for oversight of the functions delegated to management.
19. The Board must ensure that directors and senior management of the institution collectively have the full range of skills needed for the effective and prudent operation of the institution, and that each director has skills that allow them to make an effective contribution to Board deliberations and processes. This includes the requirement for directors, collectively, to have the necessary skills, knowledge and experience to understand the risks of the institution, including its legal and prudential obligations, and to ensure that the institution is managed in an appropriate way taking into account these risks. This does not preclude the Board from supplementing its skills and knowledge by engaging external consultants and experts.
20. Senior management of a locally incorporated APRA-regulated institution, with responsibilities relating to the business in Australia, must be ordinarily resident in Australia.
21. Directors and senior management of a locally incorporated APRA-regulated institution must be available to meet with APRA on request.
22. The Board must provide the auditor and the Appointed Actuary of the institution, as relevant, with the opportunity to raise matters directly with the Board.
24. If the Board of a locally incorporated APRA-regulated institution is in doubt about a director’s independence for the purposes of this Prudential Standard, the APRA-regulated institution may refer the matter to APRA for guidance.
27. The Board must have a majority of independent directors at all times. For a locally incorporated APRA-regulated institution that is a subsidiary[4] of another APRA-regulated institution or overseas equivalent,[5] exceptions may apply as set out at paragraphs 37 to 39. For a locally incorporated APRA-regulated institution that is a subsidiary of a parent company that is not prudentially regulated, exceptions may apply as set out at paragraph 40.
28. The chairperson of the Board must be an independent director of the APRA-regulated institution.
29. A majority of directors present and eligible to vote at all Board meetings must be non-executive directors.
31. The chairperson must be available to meet with APRA on request.
32. For a locally owned and incorporated APRA-regulated institution, a majority of directors must be ordinarily resident in Australia.
33. For a foreign-owned, locally incorporated APRA-regulated institution, at least two of the directors must be ordinarily resident in Australia, at least one of whom must also be independent.
35. Where an individual shareholding is greater than 15 per cent, as approved under the Financial Sector (Shareholdings) Act, the Board representation of that shareholding may be greater than allowed in paragraph 34, although it must still be broadly proportionate to the shareholding concerned.[6]
36. For a locally incorporated ADI that operates as a special service provider, the ADI may apply to APRA for approval for alternative Board composition arrangements that meet the objectives of this Prudential Standard. APRA may approve alternative arrangements for the ADI if satisfied that those arrangements will, in APRA’s opinion, achieve the objectives of this Prudential Standard.
37. For a locally incorporated APRA-regulated institution that is a subsidiary of another APRA-regulated institution or an overseas equivalent, the Board must have a majority of non-executive directors, but these non-executive directors need not all be independent.
43. The board composition and representation requirements in paragraphs 26 to 36 that apply to a locally incorporated APRA-regulated institution do not apply to an entity within the group that is not an APRA-regulated institution.[7]
44. The Board of a locally incorporated APRA-regulated institution must have procedures for assessing, at least annually, the Board’s performance relative to its objectives. It must also have in place a procedure for assessing, at least annually, the performance of individual directors.
46. As in the case of locally incorporated APRA-regulated institutions, the ultimate responsibility for the safety and soundness of a foreign ADI or a Category C insurer resides with its Board. Foreign ADIs and Category C insurers must nominate a senior officer (whether a director or senior executive) outside Australia with delegated authority from the Board (senior officer outside Australia) who will be responsible for overseeing the Australian branch operation.
47. For a foreign ADI or Category C insurer, there must also be a senior manager[8] in Australia responsible for the local operation who is ordinarily resident in Australia. The senior management must be available to meet with APRA on request.
48. A Category C insurer that appoints a corporate agent as its agent in Australia must additionally ensure that:
(a) the Board of the corporate agent has a minimum of three directors at all times; and
(b) a majority of the directors of the Board of the corporate agent are ordinarily resident in Australia.[9]
49. The ultimate responsibility for the safety and soundness of an EFLIC resides with its Board. An EFLIC must establish a Compliance Committee[10] to assist the Board in meeting its responsibilities under the Life Insurance Act. The requirements for the composition of the Compliance Committee are detailed in Attachment B. The senior management of an EFLIC must be available to meet with APRA on request.
50. The senior officer outside Australia or Compliance Committee of an EFLIC, as relevant, must provide the external auditor of the APRA-regulated institution with the opportunity to raise matters directly with the senior officer outside Australia or the Compliance Committee, as relevant.
53. The Board Audit Committee must have at least three members. All members of the Committee must be non-executive directors of the APRA-regulated institution. A majority of the members of the Committee must be independent.
54. The chairperson of the Board Audit Committee must be an independent director of the APRA-regulated institution.
55. The chairperson of the Board may be a member of the Board Audit Committee, but may not chair the Committee.
56. The Board Audit Committee must have a written charter that outlines its roles, responsibilities and terms of operation. The responsibilities of the Committee must include oversight of:
(a) all APRA statutory reporting requirements;
(b) other financial reporting requirements;
(c) professional accounting requirements;
(d) internal and external audit; and
(e) the appointment and removal of that institution’s auditor and Head of Internal Audit.
57. The Board Audit Committee is required to provide prior endorsement for the appointment or removal of the institution’s auditor and Head of Internal Audit. If the auditor or Head of Internal Audit is removed from their position, the reasons for removal must be discussed with APRA as soon as practicable, and no more than 10 business days, after the Committee’s endorsement is agreed upon.
58. The Board Audit Committee must review the engagement of the auditor at least annually, including making an assessment of whether the auditor meets the Audit Independence tests set out in APES 110 Code of Ethics for Professional Accountants,[11] as well as the additional auditor independence requirements set out in this Prudential Standard.
59. For a foreign ADI or a Category C insurer, the assessment referred to in paragraph 58 is the responsibility of the senior officer outside Australia, and for an EFLIC, it is the responsibility of the Compliance Committee.
60. The Board Audit Committee must regularly review the internal and external audit plans, ensuring that they cover all material risks and financial reporting requirements of the institution. It must also regularly review the findings of audits, and ensure that issues are being managed and rectified in an appropriate and timely manner.
61. The Board Audit Committee must ensure the adequacy and independence of both the internal and external audit functions.
62. The members of the Board Audit Committee must, at all times, have free and unfettered access to senior management, the internal auditor, the heads of all risk management functions, the auditor and the Appointed Actuary, as applicable, and vice versa.
63. The Board Audit Committee must ensure that the APRA-regulated institution maintains policies and procedures for employees of the institution to submit, confidentially, information about accounting, internal control, compliance, audit, and other matters about which the employee has concerns. The Committee must also ensure that the APRA-regulated institution has a process for ensuring employees are aware of these policies and for dealing with matters raised by employees under these policies.
64. Members of the Board Audit Committee must be available to meet with APRA on request.
65. The Board Audit Committee must invite the auditor and the Appointed Actuary, as applicable, to meetings of the Committee.
66. The internal auditor must have a reporting line and unfettered access to the Board Audit Committee.
68. An APRA-regulated institution must have an independent and adequately resourced internal audit function for the institution. If an APRA-regulated institution does not believe it is necessary to have a dedicated internal audit function, it must apply to APRA to seek an exemption from this requirement, setting out reasons why it believes it should be exempt. APRA may approve alternative arrangements for an institution where APRA is satisfied that they will achieve the same objectives.
69. The objectives of the internal audit function must include evaluation of the adequacy and effectiveness of the financial and risk management framework of the institution.[12] To fulfil its functions, the internal auditor must, at all times, have unfettered access to the institution’s business lines and support functions.
70. The Corporations Act 2001 (Corporations Act) contains a number of requirements in relation to auditor independence. The auditor independence requirements in this Prudential Standard are substantially consistent with those requirements, and are intended to help ensure the independence of an auditor engaged to perform work of a prudential nature in relation to the Banking Act, Insurance Act, Life Insurance Act (collectively, the ‘Prudential Acts’), prudential standards and reporting standards.[14]
71. The Board of the APRA-regulated institution, senior officer outside Australia or the Compliance Committee, as relevant, must, to the extent practical, undertake steps to satisfy itself that the auditor, who undertakes work for the APRA-regulated institution in relation to the Prudential Acts, prudential standards or reporting standards, is independent of the institution,[15] and that there is no conflict of interest situation that could compromise, or be seen to compromise, the independence of the auditor.
(a) the auditor is independent, both in appearance and in fact;
(b) the auditor has no conflict of interest situation; and
(c) there is nothing to the auditor’s knowledge (either in relation to the individual auditor or any audit firm or audit company of which the auditor is a member or director) that could compromise that independence.
(a) the auditor is not capable of exercising objective and impartial judgement in relation to the conduct of the work that is undertaken for the institution in relation to the Prudential Acts, prudential standards or reporting standards; or
(b) a reasonable person, with full knowledge of all relevant facts and circumstances, would conclude that the auditor is not capable of exercising objective and impartial judgement in relation to undertaking the work for the institution for the purposes of the Prudential Acts, prudential standards or reporting standards.[16]
74. A person who was a member of an audit firm or a director of an audit company and who served in a professional capacity in the audit of an APRA-regulated institution in relation to the Prudential Acts, prudential standards or reporting standards, cannot be appointed to the role of director or senior manager of that APRA-regulated institution until at least two years have passed since they served in that professional capacity.
75. A person who was an employee of an audit company, other than a director of that company, and who acted as the lead auditor[17] or review auditor[18] in the audit of an APRA-regulated institution in relation to the Prudential Acts, prudential standards or reporting standards, cannot be appointed to the role of director or senior manager of that APRA-regulated institution until at least two years have passed since they acted as the lead auditor or review auditor.
76. A person cannot be appointed as a director or senior manager of an APRA-regulated institution if:
(a) the person was, or is, a director of the audit company or a member of the audit firm that was, or is, responsible for the audit of the APRA-regulated institution in relation to the Prudential Acts, prudential standards or reporting standards; and
(b) there is already another person employed as a director or senior manager of the APRA-regulated institution who was a director of the audit company or a member of the audit firm, at a time when the audit company or audit firm undertook an audit of the APRA-regulated institution at any time during the previous two years.
77. An individual who plays a significant role[19] in the audit of an APRA-regulated institution in relation to the Prudential Acts, prudential standards or reporting standards, for five successive years, or for more than five years out of seven successive years, cannot continue to play a significant role in the audit until at least a further two years have passed, except with an exemption from APRA. APRA may grant an exemption from this requirement if the individual provides specialist services that are otherwise not readily available or there are no other registered company auditors available to provide satisfactory services for the APRA-regulated institution.
78. For a general insurer (including a Category C insurer), a life company (including an EFLIC), or a private health insurer, for the purposes of maintaining their independence and objectivity, the Appointed Auditor and Appointed Actuary cannot both be employed by the same body corporate or related bodies corporate, or by the same firm or related firms.[20]
79. The Board of an APRA-regulated institution (excluding foreign ADIs and Category C insurers but including EFLICs) must have a Board Risk Committee, which assists the Board by providing an objective non-executive oversight of the implementation and operation of the institution’s risk management framework.
80. The Board Risk Committee must be provided with the powers necessary to enable it to perform its functions.
81. The chairperson of the Board Risk Committee must be an independent director of the APRA-regulated institution.
82. The chairperson of the Board may be a member of the Board Risk Committee, but may not chair the Committee. The chair of the Board Audit Committee may also chair the Board Risk Committee.
83. The Board Risk Committee must have at least three members. All members of the Committee must be non-executive directors of the APRA-regulated institution. A majority of the members of the Committee must be independent.
84. The Board Risk Committee must have a written charter that outlines its roles, responsibilities and terms of operation. The responsibilities of the Committee must include:
(a) advising the Board on the institution’s overall current and future risk appetite and risk management strategy;
(b) oversight of an institution-wide view of the institution’s current and future risk position relative to its risk appetite and capital strength;
(c) oversight of senior management’s implementation of the risk management strategy;
(d) constructive challenge of senior management’s proposals and decisions on all aspects of risk management arising from the institution’s activities;
(e) reviewing the performance and setting the objectives of the institution’s Chief Risk Officer (CRO),[21] and ensuring the CRO has unfettered access to the Board and the Committee; and
(f) oversight of the appointment and removal of the CRO.
85. The Board Risk Committee is required to provide prior endorsement for the appointment or removal of the institution’s CRO. If the CRO is removed from their position, the reasons for removal must be discussed with APRA as soon as practicable, and no more than 10 business days, after the Committee’s endorsement is agreed upon.
86. The Board Risk Committee must have free and unfettered access to senior management, risk and financial control personnel, and other parties (internal and external) in carrying out its duties.
88. No prospective, current, or former officer, employee or contractor (including professional service provider) of an APRA-regulated institution may be constrained or impeded, whether by confidentiality clauses or other means, from disclosing information to APRA, from discussing issues with APRA of relevance to the management and prudential supervision of the institution, or from providing documents under their control to APRA, that may be relevant in the context of the management or prudential supervision of the institution. Such persons are not to be constrained or impeded from providing information to, as applicable, auditors, the Appointed Actuary and others, who have statutory responsibilities in relation to the institution.
90. APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to an APRA-regulated institution.[23]
92. For all APRA-regulated institutions other than private health insurers, an exercise of APRA’s discretion under a previous version of a governance prudential standard continues to have effect under this Prudential Standard. For the purposes of this paragraph, ‘a previous version of this Prudential Standard’ includes any versions of:
(a) Prudential Standard CPS 510 Governance;
(b) Prudential Standard APS 510 Governance;
(c) Prudential Standard GPS 510 Governance; and
(d) Prudential Standard LPS 510 Governance.
A director is not independent if the director:
2. is employed, or has previously been employed in an executive capacity by the APRA-regulated institution or another member of the group, and there has not been a period of at least three years between ceasing such employment and serving on the Board;
3. has within the last three years been a principal of a material professional adviser or a material consultant to the APRA-regulated institution or another member of the group, or an employee materially associated with the service provided;
4. is a material supplier or customer of the APRA-regulated institution or another member of the group, or an officer of or otherwise associated directly or indirectly with a material supplier or customer; or
5. has a material contractual relationship with the APRA-regulated institution or another member of the group other than as a director.
(a) ensure the eligible foreign life insurance company (EFLIC) complies with the requirements in, or imposed under, the Life Insurance Act; and
(b) assist the Board in meeting its responsibilities under the Life Insurance Act.
2. As required by subsections 16ZF(1) and (4) of the Life Insurance Act, the Board must delegate sufficient powers of management to the members of the Committee to enable Committee members to ensure that the EFLIC complies with the requirements in, or imposed under, the Life Insurance Act. The Board must do so irrespective of anything to the contrary in the EFLIC’s constitution.
3. Establishment of the Committee does not free the Board from ultimate responsibility for ensuring the Australian branch of the EFLIC complies with the requirements in, or imposed under, the Life Insurance Act.
4. In recognition of this, the Board must:
(a) have the power to appoint and remove, at its discretion, members of the Committee, as long as certain composition and residency requirements pertaining to the Committee continue to be met (refer to paragraphs 5 to 8 of this Attachment);
(b) ensure that the delegation of relevant managerial powers (of the kind referred to in paragraph 16ZF(1)(a) and (b) of the Life Insurance Act) is not irrevocable, and that the Board retains the powers delegated; and
(c) establish adequate procedures for monitoring and supervising the operation of the Committee, as well as assessing its performance.
(a) at least one director of the Board of the EFLIC;
(c) at least two independent members.
6. A member cannot satisfy more than one of the composition requirements contained in subparagraphs 5(a), 5(b) and 5(c) of this Attachment (i.e. the director, PEO and independent members must all be separate individuals).
7. At least two of the Committee members must be ordinarily resident in Australia, one being the PEO and the other an independent member.
9. APRA may, on application from an EFLIC, determine a modified Committee for the EFLIC where it can be demonstrated that it is appropriate to do so.
10. In making this determination, APRA will take into account the following factors:
(a) the quantum of liabilities written by the EFLIC;
(b) the cost effectiveness or otherwise of establishing a Committee;
(c) any restrictions on the lines of business written by the EFLIC;
(d) whether these restrictions limit the number of policyholders of the EFLIC (for example, by targeting specific policyholder characteristics, such as age, nationality or geographical location); and
(e) whether the EFLIC has written any material amount of long tail business.
11. The composition of any modified Committee would be determined on a case-by-case basis by APRA, but the possible modifications could take one or more of the following forms:
(a) a Committee with fewer than five members;
(b) replacing the director of the Board of the EFLIC as required by subparagraph 5(a) of this Attachment with the PEO; or
(c) a Committee with fewer than two independent members.
12. The power to appoint and remove members of the Committee resides with the Board.
13. The Board must have appointed all members and formally constituted the Committee within seven days of receiving notification of registration.
14. Each member of the Committee must be fit and proper for the role in accordance with the requirements for fitness and propriety as set out in CPS 520.
15. The Board must ensure that the Committee as a whole possesses the necessary skills and expertise to ensure that the EFLIC complies with the requirements in, or imposed under, the Life Insurance Act, and to discharge the duties and responsibilities of the Committee provided for in this Prudential Standard.
16. The Committee must have a policy for dealing with conflicts of interest.
17. Notwithstanding the Board’s power to appoint and remove members, APRA may, under section 230B of the Life Insurance Act, direct an EFLIC to remove a member of the Committee.
18. While membership of the Committee is the responsibility of the Board, the powers to appoint and remove members of the Committee must not be used in a manner that impedes, discourages or otherwise hinders the Committee from discharging its duties and responsibilities. Examples that would be cause for concern by APRA would be an excessive turnover of members, or the removal of members at inappropriate times (for example at critical reporting periods). If requested to do so by APRA, an EFLIC must, within a time stipulated by APRA (which must not be unreasonable), provide a written report to APRA responding to any queries APRA has regarding the removal of members.
19. At least three members of the Committee are required to be present at a meeting of the Committee to form a quorum. The PEO, and at least one independent member who is ordinarily resident in Australia, must be amongst the three members present.
20. The chairperson of the Committee must be a non-executive member.
21. Resolutions can be passed only by a majority with the chairperson having a casting vote.
22. The Committee must meet as often as required to discharge its duties and responsibilities, although APRA would expect the Committee to meet on at least a quarterly basis. Members, and individuals who may be needed to address the Committee, must be given reasonable notice of pending meetings.
23. The Committee must ensure that the Appointed Actuary is given reasonable notice of any meeting of the Committee at which matters are to be considered that relate to the functions and duties of the actuary, including matters:
(a) that relate to, or may affect:
(i) the solvency of the company; or
(ii) the adequacy of the capital of the company; or
(b) that relate to advice given by the Appointed Actuary to the directors; or
(c) that concern a matter in relation to which the Appointed Actuary will be required to give advice.
24. Written minutes of Committee meetings must be taken and copies kept and made available to APRA on request. Any papers or submissions put to the Committee must likewise be kept and made available to APRA on request.
(a) the Life Insurance Act;
(b) the Life Insurance Regulations 1995;
(c) the prudential standards determined under section 230A of the Life Insurance Act;
(d) the Prudential Rules made under section 252 of the Life Insurance Act;
(e) any conditions placed upon the EFLIC under section 22 of the Life Insurance Act at the time of, or after, its registration;
(f) directions given under the Life Insurance Act; and
(g) FSCODA.
26. The Committee members must report to APRA, within 14 business days of becoming aware:
(a) that the EFLIC has failed to comply with a requirement referred to in paragraph 25 of this Attachment; or
(b) the Committee believes there is a material risk of the EFLIC being unable to meet its obligations at some future time.
27. The report must:
(a) be in the form of a written report explaining the causes of the failure or the material risk to the solvency of the EFLIC identified by the Committee; and
(b) outline a plan and timeframe for rectifying the failure or mitigating the risk of insolvency.
28. APRA would expect the Committee to provide a copy of the report to the Board.
[1] Note, for the purposes of this Prudential Standard, an RSE licensee is not treated as an ‘APRA-regulated institution’. Refer to Prudential Standard SPS 510 Governance (SPS 510) for requirements relating to the governance of an RSE licensee.
[2] Where a Level 2 group operates within a Level 3 group, a requirement expressed as applying to a Head of a group is to be read as applying to the Level 3 Head.
[3] This paragraph does not override any requirements in SPS 510 applying to an RSE licensee.
[4] ‘Subsidiary’ means a subsidiary within the meaning of the Corporations Act 2001 (Corporations Act).
[5] An ‘overseas equivalent’ is an entity which is not authorised in Australia but is authorised and subject to prudential regulation in a foreign country.
[6] Note that, where the proportionate shareholding does not equate to a whole number, it may be rounded to the nearest whole number.
[7] This paragraph does not override any Board composition and representation requirements applying to an RSE licensee in SPS 510.
[8] For foreign ADIs, ‘senior manager’ has the same meaning as in CPS 520. For Category C insurers, ‘senior manager’ has the same meaning as in the Insurance Act read with CPS 520. Note that the person who performs this role may be the same as the agent in Australia (where the agent is an individual) or a director or senior manager of the agent in Australia (where the agent is a corporate agent) as required under section 118 of the Insurance Act.
[9] Note that, by virtue of paragraph 118(6)(a) of the Insurance Act, an individual agent in Australia must be resident in Australia.
[10] Compliance Committee has the same meaning as in subsection 16ZF(1) of the Life Insurance Act.
[11] APES 110 Code of Ethics for Professional Accountants was issued by the Accounting Professional and Ethical Standards Board in December 2010.
[12] Refer to Prudential Standard CPS 220 Risk Management (CPS 220) for the requirement for a review of an APRA-regulated institution’s risk management framework. Such a review carried out by a role or function within the institution, other than internal audit, does not relieve the internal audit function from carrying out a review of the risk management framework, though the internal audit function may rely on such other review in carrying out its own review.
[13] Refer also to Prudential Standard APS 310 Audit and Related Matters, 3PS 310, Prudential Standard GPS 310 Audit and Related Matters (GPS 310); LPS 310 and Prudential Standard HPS 310 Audit and Related Matters (HPS 310).
[14] ‘Reporting Standards’ are those standards made under FSCODA.
[15] Independent of the APRA-regulated institution means that the auditor has been assessed as independent in terms of paragraph 58 of this Prudential Standard.
[16] This definition is based on that used in section 324CD of the Corporations Act to describe the circumstances under which a conflict of interest situation is considered to exist, and is intended to be interpreted in a similar manner. Without limiting the situations that may cause a conflict to arise for the purposes of this Prudential Standard, it is expected that any circumstances of the type that would lead to a breach of the Corporations Act requirements for audit independence, whether or not these provisions actually apply in relation to the audit of the APRA-regulated institution, will also result in a breach of the provisions of this Prudential Standard.
[17] Lead auditor means the registered company auditor who is primarily responsible to the audit firm or the audit company for the conduct of audit work conducted in relation to the Prudential Acts, prudential standards or reporting standards.
[18] Review auditor means the registered company auditor (if any) who is primarily responsible to the individual auditor, audit firm or audit company for reviewing audit work conducted in relation to the Prudential Acts, prudential standards or reporting standards.
[19] For the purpose of this paragraph ‘an individual who plays a significant role’ means an individual auditor who acts as the auditor in respect of any of the requirements of the Prudential Acts, prudential standards or reporting standards, or the lead or review auditor where such audit work is performed by an audit company or audit firm.
[20] For the purposes of this Prudential Standard, related firms means either two or more firms, or a firm and a body corporate, that have common ownership or management, or where one has a substantial shareholding in the other. Refer to CPS 520 for a similar restriction on the Appointed Auditor and Appointed Actuary being from the same entity. Refer also to GPS 310 and Prudential Standard CPS 320 Actuarial and Related Matters.
[21] Refer to CPS 220.
[22] Also refer to the provisions for the protection of whistleblowers in Part VIA, Division 1 of the Banking Act, Part IIIA, Division 4 of the Insurance Act, Part 7, Division 5 of the Life Insurance Act, and the whistleblowing provisions in CPS 520.
[23] Refer to subsection 11AF(2) of the Banking Act, subsection 32(3D) of the Insurance Act and subsection 230A(4) of the Life Insurance Act and section 92 of the PHIPs Act.
[24] The circumstances outlined in this Attachment are adapted from the guidance on ‘Relationships affecting independent status’ to be considered by a Board when determining the independent status of a director set out in Box 2.1 of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations (2nd Edition 2007).
[25] For the purpose of this Attachment, a ‘substantial shareholder’ is a person with a substantial holding as defined in section 9 of the Corporations Act.