The first quarter of 2018 has seen the introduction (yet again) of a myriad of new regulation in the Australian Financial Services industry, most notably in the areas of Finance, Risk and Regulatory Reporting. In this blog we take a look at the key regulatory announcements made in the first quarter of 2018 and how these will impact the regulatory roadmap for financial institutions in Australia for the next 3-4 years.
(Click to enlarge image)
APRA consults on Basel III reform
APRA is commencing consultation on revisions to its capital requirements based on the Basel III reforms and meeting the objectives of unquestionably strong capital announced in 2017 (in response to the Financial Services Inquiry).
No surprise that after the BCBS released its final papers in December 2017, APRA released for consultation its local response to the new Capital Adequacy regime.
Key announcements included:
- credit risk, specifically the treatment of the residential mortgage portfolio and other revisions to the standardised and IRB approaches
- the operational risk framework, including the replacement methodology for the advanced measurement and standardised approaches
- market risk framework and on proposed revisions to the treatment of interest rate risk in the banking book (IRRBB).
- introduction of a RWA floor for advanced modelling methodologies
APRA also proposed for a simpler capital framework for small ADIs.
APRA is undertaking a Quantitative Impact Study (QIS) to better understand the exact impact of the proposed standards which will allow for further fine-tuning of the requirements.
APRA proposes an implementation date of 1 January 2021 for all revised measures and has proposed following key dates.
APRA announces new information security standard (CPS 234)
On March 7, at the Insurance Council of Australia's Annual Forum, APRA announced its prudential standard on information security. In an engaging speech, Geoff Summerhayes introduced the new standard as APRA's response to the accelerating risk of cyber security.
APRA warned the regulated industry that "a significant cyber incident on an APRA-regulated entity is probably inevitable" and recommended that all entities adopt an ‘assumed breach’ mentality and focus on formalised response plans for plausible cyber security scenarios.
In the same speech, APRA also put the industry on notice on the rise of "algorithm risk" (more commonly referred to as "model risk"). Artificial Intelligence, machine learning, the Internet of Things, pose great potential benefits, but also introduce new risks. "But algorithm use also brings risks that are not yet fully understood by industry or regulators. It is – if you like – an emerging risk within an accelerating risk."
Submissions are open until July 7th, 2018 and the standard will come into effect in July 2019.
APRA finalised EFS data quality practice guide (RPG 702)
When APRA announced a new reporting data quality standard in January 2017 it was met with heavy resistance from the ADI and RFC industry (as well as from the big 4 audit firms), due to the low threshold levels and very strict assurance requirements. In the final EFS package (August 2018), the quality standard was turned into a prudential practice guide and the "thresholds" became "benchmarks"; the audit requirements were re-aligned to APS310 (the existing standard on Audit and Related Matters) and RPG 702 was issued for further consultation.
The final RPG 702 was announced in March 2018 and has broadly remained unchanged from the version published in August 2017. Whilst a significantly watered-down version of the initial proposed data quality standard, it is clear that APRA, RBA and ABS have heightened expectations around data quality and regulated entities will need to embrace data governance and data lineage in their implementation of EFS.
APRA initiates the D2A overhaul project
Initially announced in its Corporate Plan 2016-2020, APRA has finally officially initiated the D2A overhaul project. The data collection platform (D2A) will be replaced with a modern solution which provides improved data collection and taxonomy management, reporting capability, security and software compatibility.
APRA has started the project with an active "engagement" phase, and is inviting all industry stakeholders (entities, consultants, technology providers) to provide their view of how the new collection platform should look like. APRA has organised a number of webinars and roundtables and will initiate a formal tender process later in Q2 of this year. The new solution is expected to be fully implemented by mid-2020.
APRA responds to productivity commission report Competition in the Australian Financial System
APRA recently responded to the Productivity Commission’s draft report on Competition in the Australian Financial System. In its 640 page report (get a one page infographic summary here), the Commission made several recommendations to APRA to increase competition in the Financial Services industry.
These recommendations included
- to have increased focus on customer and competition in the standard setting process (including appointing ACCC or ASIC as "competition champion")
- reducing barriers to entry
- reduce capital requirements for lending to SME's
- allow use of own data to determine regulatory capital for credit risk
- review risk weights for standardised approach for residential mortgages
- APRA to collect more granular home loan data in the EFS collection with a view to provide this data to ASIC and ultimately publish this data to the public.
APRA generally responded positively to the recommendations made and pointed out several of the recommendations were linked to recent policy announcements (e.g. Basel III). APRA also pushed back on several items (including collecting additional data in the EFS data collection), pointing out the suggested timeframe would impact ongoing committed timelines.
The productivity commission's final report to the Government is due on July 1st, 2018.
ASIC consults on aggregate and granular data collection
Although not publicly announced, ASIC has been consulting on collection of financial services data since late 2017. Rather than collecting data through APRA, ASIC proposes requiring the financial services industry to provide aggregate and granular data to ASIC directly; starting with a pilot program in 2018.
During informal consultation rounds with industry, ASIC has flagged six areas for data collection for credit: 1. Individual loan level data to provide enhanced visibility of market landscape. 2. Corporate information and financial to assist understanding of market size and growth areas. 3. Corporate compliance information to identify entities with deficient compliance structures. 4. IDR activities to ensure IDR schemes are properly designed and resourced. 5. Marketplace lending data. 6. Add-on insurance.
It is clear that, with both the Productivity Commission recommending, and ASIC commencing informal consultation, the provision of granular (loan level) data collection will become reality in the very near future.
Finance, Risk, Reporting & Technology experts
Our team consists of highly experienced business and technology consultants who are passionate about assisting Australian financial services companies leverage technology to drive efficiencies, deliver insight and ensure regulatory compliance.