On 10 June 2015, the Australian Prudential Regulation Authority (APRA) released the final version of its Superannuation Prudential Practice Guide SPG 223 – Fraud Risk Management (SPG 223) following consultation with industry conducted in October 2014.

As with other prudential practice guides released by APRA, SPG 223 is a non-binding document which sets out APRA’s view of sound practice in the area of fraud risk management. In particular, SPG 223 provides insight into the steps APRA expects registrable superannuation entities to take when complying with Prudential Standard SPS 220 – Risk Management.

The key risk APRA is targeting through the release of SPG 223 is the loss of member’s entitlements. As set out in schedule A to PPG 223, common examples of potential fraud associated with superannuation include:

  1. fraud during the unit pricing process;
  2. member identity fraud to unlawfully access benefits;
  3. fraudulent benefit payments;
  4. accounts payable fraud;
  5. investment fraud, including the use of opaque structures to conceal the ultimate destination of investment funds;
  6. improper use of confidential or commercially sensitive information to provide a benefit to a member or employee of the RSE licensee or outsourced service provider;
  7. fraud during an RSE’s wind up; and
  8. unauthorised access to information systems leading to theft of data and/or fraud.

In terms of specific guidance offered in SPG 223, the document picks up on several aspects of Australian Standard AS8001-2008 – Fraud Corruption and Control including the implementation of a fraud control plan and proactive and reactive fraud controls. In SPG 223, APRA also expresses its view that prudent registrable superannuation entity licensees should have in place procedures to govern the investigation of suspected fraud which raises important issues for licensees including claims for legal professional privilege over documents created in the course of an investigation.

In response to a draft version of SPG 223 released in October 2014, APRA received four submissions from industry which were incorporated into the final version.