In recent months, APRA has published two information papers which contain important messages for Trustees on the topics of governance, risk management and compliance. The first paper relates to APRA’s review of the superannuation prudential framework, and the second to APRA’s report on governance, culture and accountability self-assessments. The messages are clear.
Firstly, developing and maintaining an efficient and effective regulatory change capability is crucial in order to respond to ongoing regulatory change. Super funds are facing increasing compliance requirements, more assertive regulators and increasing demands from members and stakeholders. Numerous surveys have identified the impact of regulatory change, whether cost, or unintended consequences, as a top risk. At the same time competition is increasing, markets are transforming, and digitalisation marches on. For the superannuation industry this has been ‘the norm’ for a long time and in the long shadow of the Royal Commission, the pressure has only increased. Therefore, having the capacity to respond to regulatory change—not just devoting resources to addressing the latest requirement—must be a core, and strong, competency of any fund.
Secondly, building and maintaining trust is an ongoing exercise crucial to success. One way to build trust is to have strong governance and risk management frameworks which promote the kind of behaviour that generates trust. Making good strategic decisions, and doing so in a transparent manner, helps to drive the right culture internally and promote trust externally.
Prudential Framework Review
APRA’s Review into the Superannuation Prudential Framework was released in April 2019. One of the objectives of the review was to determine if the compliance-based approaches to governance and risk management seen in the pre-prudential standard era, had been replaced with a greater focus on processes and practices in the best interests of members. That is, if the industry had moved from seeing risk management as a compliance exercise, to seeing risk management as a strategic exercise.
APRA determined that the Framework had largely met its objectives although it stated that the “uplift in industry practices has not kept pace with the heightened expectations of members, regulators and the broader community in all areas”.
There are also some signals of potentially greater alignment between the superannuation standards and those which apply to insurers and banks. We have already seen this in the information security space. There is a reasonable chance of more to follow. For example, the requirement to have an independent chief risk officer (CRO) function, a dedicated and distinct risk committee and for boards to form views on risk culture. Many funds already do these things because they recognise them as good practice.
In the paper, APRA identified a range of changes to the prudential standards, albeit at a high level. Reviewing these is time well spent. The message is all too familiar: yet more regulatory change is on the way. Funds should therefore make sure they have the capability to respond to regulatory change both now and into the future. This means having the right resources, and robust systems and governance structures in place. There is almost always pain in responding to new requirements but ensuring that frameworks are in a strong base-state means that responding to changes can be done with maximum efficiency. Many funds are likely adept at this but taking stock and building out regulatory response capabilities is more important than ever.
Governance, culture and accountability self-assessments
APRA’s other paper, which is more thematic in nature, discusses the findings of the self-assessments undertaken by a range of banks, insurers and super funds into their governance, accountability and culture practices. These self-assessments were undertaken at the request of APRA and based on the CBA Report from 2018. In APRA’s view, the self-assessments highlighted four key themes:
- Non-financial risk management requires improvement
- Accountabilities are not always clear, cascaded and effectively enforced
- Acknowledged weaknesses are well-known and some have been long-standing
- Risk culture is not well understood, and therefore may not be reinforcing the desired behaviours
These issues all relate to how an organisation promotes trust with its customers and other stakeholders. The discussion on trust has been somewhat subsumed by culture in recent months. Whilst culture is, among other things, one of the drivers of behaviour that generates trust, trust is the objective. These four themes are therefore worth contemplating in depth. Trust underpins the existence of the superannuation system. Without it all participants—members, governments, regulators and others—would lack the confidence to continue support the system.
Building trust through strong governance and risk management outcomes
To build trust, we must treat members honestly and fairly and act in their best interests. But how does a fund do this? One way to create behaviour which generates trust is to ensure strong governance and risk management outcomes. This means transparent decision-making, free of conflicts; and effective risk reduction through a laser-like focus on achieving strategic objectives. It is transparency that generates trust because stakeholders see that good decisions are being made.
Also critical to effective governance is the interaction between the board and management. The board needs to ensure it has the right balance between challenging management’s strategy implementation and supporting them to achieve their goals, and that it is receiving the right information from management and advisers. A broad range, and the right mix, of skills and experience is essential if the board is to operate effectively as the needs of funds and their members evolve and become more sophisticated.
Funds that are likely to succeed are also those that undertake a robust and honest assessment of their existing risk governance. Monitoring risks on a regular basis to ensure that environmental changes are incorporated into strategy and risk management practices is therefore a must. Regular questions that could be asked include: has anything changed in the environment that impacts on our strategy? Or have our members expectations changed?
Efforts to measure risk culture on a regular basis are also needed to ensure that all staff have a reasonable awareness of the risks associated with their role and areas of responsibility and to identify improvements required in risk governance and/or education of staff.
While super funds have generally not been guilty of poor (read: excessive) remuneration practices, as consolidation creates increasingly larger businesses, care needs to be taken to ensure employees are rewarded fairly and not excessively. This is yet another area where good risk management can help to build trust.
Despite so much uncertainty in the world, we can count on more regulatory change and the need to constantly maintain the trust of our members (and other stakeholders). Regardless of any not-for-profit purposes, the pervasiveness of the trust structure, or the long-term nature of retirement benefits generally, the super industry is expected to operate as if it were competing in a global marketplace. The expectations for governance, professionalism, and sophistication of operations are always increasing.
