As the Australian banking industry gears towards meeting the next wave of revised and new compliance requirements, we are taking a stock of all the upcoming prudential developments to unfold over the next 3-4 years. Click on the roadmap below for a snapshot of APRA's regulatory roadmap for banks.
Unquestionably Strong Banking Industry
APRA’s quest to achieve ‘unquestionably strong’ capital ratios benchmark for authorised deposit-taking institutions (ADIs), kicks off with the implementation of revised APS 180, the Standardised Approach to Counter-party Credit Risk (SA-CCR); effective from 01 July 2019.
With the onset of 2019, the large exposures reporting standard APS 221 also came in effect to help APRA keep the industry’s concentration risk in check. Another measure proposed by the agency to control ‘over’ exposure of ADIs to related parties is ‘Prudential Standard APS 222 Associations with Related Entities’. Currently, APRA is engaged with the industry to iron out the details of the standard such as definition of related parties, the limit framework and the extended licensed entity regime, which serves to exclude certain intra-group exposures from related party limits. The targeted date of implementation for APS 222 is towards mid-2020.
APRA has released for consultation its highly anticipated consultation paper on revisions to the capital framework for authorised deposit-taking institutions. The consultation includes APRA’s response to its initial proposals on revised credit risk and operational risk requirements, and simpler prudential requirements for small, less complex ADIs. It also includes draft prudential standards APS 112 Capital Adequacy Standardised Approach to Credit Risk, APS 113 Capital Adequacy Internal Ratings-based Approach to Credit Risk (residential mortgages extract only) and APS 115 Capital Adequacy Standardised Measurement Approach to Operational Risk.
Another related measure under consultation is the Leverage Ratio. APRA aims at aligning the norm with those of international standards and has proposed higher ratio requirement for IRB ADI's, along with simpler reporting framework for the Standardised ADI's. The regulator completed the first round of consultation in November 2018 and is planning to implement the changes alongside aforementioned prudential regulatory capital requirement standards in 2022.
APRA also plans on joining its international peers in introducing framework for minimum loss-absorbing and recapitalisation capacity (a.k.a TLAC). The newly proposed loss absorbency capacity regime aims at enhancing resiliency of the banking players, thereby minimising the need of support from government/regulator during the times of crisis. The agency has also proposed to increase the total capital requirement for the Australian D-SIBs.
Note that APRA is yet to provide a timeline for market risk reforms which have been widely expected to be incorporated in next policy priority guideline of 2020.
Click here for the detailed summary of the major changes proposed in finalized Basel III guidelines.
Operational Risk with Data taking Center Stage
Since the release of CPG-235, the guide for regulated entities on managing data risk; APRA has since raised the bar on data related mandates by introducing enhanced prudential data quality benchmarking pertaining to EFS Reporting, RPG-702 and information security standard CPS-234. The agency expects regulated entities to be CPS 234 compliant starting 01 July 2019. As the Australian banking industry transitions into open banking regime, the information security prudential guideline CPG-234 has also been revised by the regulator to offer cutting edge ways & means that the industry can implement and thus, revamp its ability to protect its information assets from modern threats and/or cyber-attacks.
APRA has initiated these mandates as part of its operational risk overhauling initiative that also covers the business continuity (CPS-232) and outsourcing (CPS-231) norms. The new operational risk prudential standard CPS-230 is also on anvil to be enforced by the agency in mid-2020 whereas the revised CPS-232 & 231 are expected to be finalized by 2021/22.
Economic and Financial Statistics
As the banking industry gears towards meeting the deadline of implementation of Phase II and III of EFS reporting, focus has also expanded towards ensuring availability of high quality data that is fit-for-purpose (RPG-702) and has been protected under appropriate controls as mandated in CPG-235. The ADI executives, therefore, have been actively engaged in gaining assurance over the existing systems & processes of reporting to not only withstand audits but also minimize the potential of reporting errors. APRA has also released ARF-722, the derivatives reporting requirement for complying entities with the target date of implementation being 31 March 2020.
The Royal Commission Recommendations & Risk Management
APRA has been pursuing the recommendations of the commission and as a result, is planning to introduce/enhance multitude of regulatory mandates to bring about the much needed reform in the industry’s lending practice.
One of the major reforms that APRA plans to implement in credit risk management regime is the overhauling of Prudential Standard APS-220 Credit Quality. The agency is also undergoing consultation on Prudential Standard CPS 220 Credit Risk Management that will come into effect from 01 July 2019. Together, both the standards will not only incorporate the royal commission recommendations but also help bring uniformity towards assessment and classification of delinquent accounts by employing expected loss approach to provisions. While CPS-220 unequivocally puts onus on the board to set and operate within the risk appetite of the entity, the banking exclusive, credit quality standard APS-220 will supplement it by setting prudential expectations of credit underwriting standards. APRA has also iterated that it also views CPS-220 as a tool to keep track of regulated entity’s responses towards climate change risks.
Some of the other regimes to come into force as a result of royal commission recommendations is the full coverage of Banking Executives Accountability Regime (BEAR) and CPS-520 that sets out minimum requirements for banks in determining the fitness and propriety of individuals to hold positions of responsibility. BEAR shall be implemented for small and medium ADIs from 01 July 2019 whereas the four major banks have already been compliant since July 2018. Since the passage of the BEAR legislation, APRA has been handed down the authority & power to impose monetary penalties and take appropriate actions in the event of accountability obligation breach.
APRA is replacing D2A (Direct to APRA) with a modern data collection system that is more efficient and flexible from supervisory point of view. In view of the 31st March 2020 go-live date for new system, the agency in April 2019 released its very first implementation plan for regulated entities. Note that there will be no parallel reporting available on existing D2A therefore, it is imperative for the reporting banks to have built capability in time to remit reports on new system after the implementation deadline. APRA has also ruled out the possibility of exception or extension to entities that are not prepared for the transition.
ASIC Collects Recurrent Data
ASIC as part of a pilot program, has begun collecting Mortgage as well as Managed Funds’ transaction level data on a recurring basis. Currently, the scope of the program has been ring-fenced to the volunteering market participants.
The initiative is aimed at assisting ASIC in:
· supporting its decision making on the basis of data-derived facts & evidences
· staying ahead of the curve in understanding changing dynamics within financial industry
· spotting the emerging trends, risks as well as opportunities to regulate the market participants
· protecting interests of financial industry consumers
It is also likely that the program be extended across a broader base of participants as part of ASIC led mandate.
To learn more or to find out how RegCentric can help in meeting your firm’s regulatory and compliance obligations, contact us here.