Report Overview | APRA Capability Review 2019

Key takeouts

  • The Review makes 24 recommendations (19 directed at APRA and 5 directed to the government) to better position the regulator to deal effectively with post-Hayne environment as well as emerging risks
  • The main conclusion in the review is that APRA's regulatory approach and culture need to change.  In addition, the review is critical of APRA's leadership and flags the need for the regulator to build internal capacity/capability including in the areas of culture, accountability and governance risk (GCA risk) and cyber risk.
  • Among the key recommendations are: a) a proposed veto power for APRA over the appointment/reappointment of directors and senior executives; b) a new requirement for regulated entities to undertake biennial self-assessments; c) for APRA to embed CBA-style prudential inquiries into its toolkit; d) for APRA to adopt a more forceful and transparent approach to enforcement (including an end to APRA's preferred 'behind closed doors' approach); e) consideration of introducing stronger penalties; e) a stronger focus on superannuation (and on member outcomes in superannuation); and f) the restructure of the regulator along industry lines and the creation of a separate superannuation division within APRA.
  • All recommendations have been publicly supported by both APRA and the government and both have said that they will action them.  APRA has flagged it will require additional resourcing in order to be able to execute its expanded remit.

The Review into the capability of the Australian Prudential Regulation Authority (APRA) was released publicly on 17 July.

The report found that though APRA is an 'impressive and forceful regulator' in matters of traditional financial risk, the regulator's approach to non-financial risks is less well developed. In addition, it found that 'APRA appears to have developed a culture that is unwilling to challenge itself, slow to respond and tentative in addressing issues that do not entail traditional financial risks'. This, in combination with APRA’s regulatory approach, organisational structure, and the 'variability' in the quality of APRA's leadership were identified (among other factors) as limiting APRA's ability to 'deliver on the breadth of its mandate and adapt to new challenges'. The reviewer's main conclusion is that 'APRA’s internal culture and regulatory approach need to change.

Accordingly the report makes 24 recommendations (19 directed at APRA and 5 directed at the government) to address these issues and to ensure APRA is well positioned to respond to an environment of growing complexity and emerging risks. Both the government and APRA have said that they support and will action all review recommendations.

A high level overview of the findings in the report and an overview of some key recommendations is below.

[Note: A full list of the Review recommendations is included in the APRA Capability Review report at page XX. A list of the recommendations, accompanied by APRA and the government's response to each, will be summarised in the (forthcoming) 24 July edition of Governance News.]

Scope of the Review

The Review forms part of the government’s response to the Hayne Royal Commission (Recommendation 6.13), and also actions a previous Productivity Commission recommendation (Recommendation 26) arising out of its final report into the Superannuation sector.

The objectives of the review were to: 1) assess APRA’s capability to deliver upon its statutory mandate under the Australian Prudential Regulation Authority Act 1998 (Cth) (APRA Act) and relevant industry acts; 2) undertake a forward-looking assessment of APRA’s ability to respond to an environment of growing complexity and emerging risks for APRA’s regulated sectors; and 3) identify recommendations to enhance APRA’s future capability, having regard to the changing operating environment and any relevant organisational initiatives which are already underway.

Some key areas for improvement

  • 'APRA’s culture and regulatory approach needs a reset': APRA's culture and regulatory approach are identified by the reviewers as a barrier both to delivering on the 'breadth of its mandate' and in adapting to new and emerging challenges. 'APRA appears to have developed a culture that is unwilling to challenge itself, slow to respond and tentative in addressing issues that do not entail traditional financial risks' the reviewers state. APRA's approach to enforcement and supervision was also found to be insufficiently forceful/effective. As such, 'the main conclusion of this Review is that APRA’s internal culture and regulatory approach need to change’.
  • APRA's ability to regulate non-financial risk: APRA's capability to regulate and supervise CGA risks (corporate, governance and accountability risks) is at an early stage according to the report. The reviewers consider these risks to be 'core to prudential supervision' and observe that 'an ex-ante regulator like APRA' risks of this kind should already have 'more prominence in its work'. As such, the reviewers are of the view that APRA should prioritise 'embedding new resources and developing a culture that supervises GCA risks as rigorously as traditional financial risks'.
  • 'Variability' in APRA’s leadership capability: The reviewers consider that despite the fact that APRA staff and regulated entities perceive APRA managers to have strong technical skills, there ‘are gaps in other areas of managerial expertise.’ These include: a) lack of adaptability and openness to change which the reviewers identify as a 'recurring theme'; b) a lack of contestability of decisions (a 'tendency towards conformity'); and c) a lack of accountability and trust (eg the reviewers found that APRA does not consistently set expectations (including behavioural expectations) and hold leaders to account against them). These leadership issues were found to have contributed to a number of issues including (among other things) the slow pace of decision making, the slow pace at which APRA has developed capability in key areas (eg governance, culture and accountability risk); APRA's 'struggles with execution' of strategy, and to the lack of challenge/speak up culture within the regulator.
  • APRA's 'aversion to transparency': The reviewers observe that 'APRA has a strong preference to do things behind the scenes with regulated entities' which, in their assessment can limit 'its impact and authority'. The reviewers conclude that 'APRA needs to shift the dial towards a more strategic and forceful use of communication' in the context of its communication. For example, the reviewers are of the view that APRA's failure to publish the recent self-assessments was a 'missed opportunity and a reminder of the need for more cultural change'. The reviewers also observe that APRA's current approach is out of step with public expectations following the Financial Services Royal Commission.
  • Lack of external and internal accountability: The reviewers found that 'APRA’s current external governance arrangements are not effective in holding it to account against its mandate' and suggest that these should be reviewed in line with the creation of a new financial regulator oversight authority. In addition, a number of issues were identified with respect to internal accountability mechanisms.

[Note: Recommendation 6.14 of the Financial Services Royal Commission's Final Report, recommended the establishment of a new oversight authority for APRA and ASIC. On release of the report, the government confirmed its intention to action the recommendation.]

  • Insufficient focus on superannuation: The reviewers found that 'superannuation needs more priority and concrete action' and more particularly, that there should be a stronger focus on member outcomes. More particularly, the reviewers found that 'APRA has regulated the superannuation system predominantly from a prudential perspective, focussing on the financial stability of funds and any limited systemic risks' and that 'APRA has not sufficiently acknowledged that differences in the superannuation industry require a different approach to supervision'. The reviewers conclude that APRA should refocus its attention to regulating trustees to deliver good retirement outcomes, while still ensuring that trustees carefully and diligently manage member funds and consider that this can best be achieved through structural change. The report the creation of a superannuation-specific division in APRA and more cross-industry analysis.
  • APRA’s current organisational structure: The reviewers observe that though the object of the review recommendations could be achieved within APRA’s existing organisational structure, it considers that the existing structure is ‘not conducive to them having their full effect’ and as such recommends an organisational restructure to 'reinforce the required behavioural changes'.

APRA is on the right track but more is needed

The reviewers observe that while some elements of APRA's corporate plan and the strategic initiatives under it are consistent with the conclusions in the report, they emphasise that the issues outlined above — 'issues around culture, variability in leadership capability and capacity to implement change' — need to be addressed in the own right.

Likewise, the reviewers observe that though approving of the direction of APRA's new enforcement approach, cultural change is required in order for it to achieve its objective.

Some Key Recommendations

The report includes 24 recommendations (5 directed at the government and 19 directed at APRA). The government and APRA have both indicated their support for the review recommendations. The government has said it will consider the need for any additional funding as part of the 2020-21 Budget process. Below is a high level overview of some key recommendations in the report.

Biennial self-assessments

Recommendation 4.1 sets out five measures to enhance APRA's supervision of governance, culture and accountability risks including that APRA should 'embed' the recent entity self-assessment process into its more intense supervision, by making it a 'biennial requirement'. It's suggested that boards and trustees should be required to prepare a progress assessment in the interim years.

The reviewers further recommend that the self-assessments should be a) more prescriptive than APRA's recent program (include coverage of specific questions as set out in Appendix 2 to the Review); b) that APRA should establish an external reviewers of experts to assist it in undertaking more in-depth assessments of individual entities; c) that the self-assessments, APRA's analysis, APRA's thematic reviews and any rectification requirements be published; and d) APRA and explore ways to collaborate with regtech specialists and other experts to develop more efficient and effective tools to identify GCA risks.

[Note: Recommendation 5.6 of the Financial Services Royal Commission's final report recommended that all financial service entities should 'as often as reasonably possible' take steps to assess their culture and governance, identify and address any issues and determine the effectiveness of any changes made.]

APRA's response: APRA has said that 'issues of governance, culture, remuneration and accountability are priority areas' and that it is already reviewing its program of work to enhance its regulatory and supervisory approach following the government’s announcement of additional funding as part of the 2019-20 Commonwealth Budget. The capability review will now inform this work. APRA adds that 'developing an enhanced regulatory and supervisory framework is a multi-year program of work and APRA will publish its strategy by end 2019'.

CBA-style prudential inquiries

Recommendation 4.2 recommends that the APRA should embed 'CBA-style prudential inquiries as an ongoing part of its supervisory toolkit'. The reviewers' expectation is that several prudential inquiries would be undertaken in the first few years to reinforce the need for rigorous self-assessments and that in time, the inquiries should involve retail and industry superannuation, insurance and ADI entities.

APRA's response: APRA will consider as part of its broader response to Recommendation 4.1 how similar reviews can be incorporated into its work plan. APRA adds that 'given the significant cost of such reviews, the precise number of reviews will be dependent on overall resourcing'.

New 'veto' power over the appointment/reappointment of directors and senior executives

Recommendation 4.3 recommends that the government consider providing APRA with a 'non-objections power to veto the appointment or reappointment of directors and senior executives of regulated entities'.

The Reviewers consider that providing APRA with a non-objections power would ‘build on and strengthen the registration arrangements provided for under the BEAR’ and complement APRA’s existing removal and disqualification powers. The power should be framed as a non-objections power rather than as a ‘positive vetting power’, the reviewer explain, to underline that entities (and not APRA) are ‘ultimately responsible for the quality of individuals appointed’. The reviewers also suggest that the power should be available to APRA ‘only where the risks associated with the entity, including but not limited to member outcomes for superannuation funds, warrant it’.

Government response: The government has said that it will ‘ensure that APRA has sufficient powers and flexibility to prevent inappropriate directors and senior executives from being appointed or re-appointed to regulated entities, as part of extending the Banking Executive Accountability Regime’ (BEAR).

APRA’s response: In a statement, APRA expressed support for the ‘objective of a strong regime for the fitness and propriety of directors and senior executives’, but noted that ultimately it is a ‘matter for government’. The regulator said that it would ‘engage with the Government on how the objectives identified by the Capability Review can best be achieved, noting the potential for moral hazard and administrative burden’.

Push back? The AFR quotes APRA Chair Wayne Byres as raising concerns about the workability of the recommendation on the basis that it would create a 'huge bureaucratic machine' if implemented. 'I don't know where we're going to end up, but maybe we end up 10,000 people. If those people are turning over, you know, 10 per cent a year, that's a thousand appointments, that's four a day. That's a pretty big process to have to work through…You need a huge bureaucratic machine to be managing that' he reportedly said.

Reportedly, Australian Institute of Company Directors' head Angus Armour also raised concerns on the basis that APRA's power to pre-register individuals applying for board and executive roles and its power to disqualify individuals is sufficient and on the basis that shareholders have a 'fundamental right' to approve director appointments.

Stronger penalties?

Though the Reviewers consider APRA's regulatory tools to be generally fit for purpose, Recommendation 6.2 recommends that the government consider: a) reviewing the adequacy of penalties across APRA's legislative framework; b) providing APRA with the power to appoint a skilled person to undertake a review of a regulated entity; and c) enhancing its private health insurance licensing powers.

Response: The government has agreed to review the areas identified and APRA has welcomed the government's commitment to do so.

More timely decisions

Recommendation 2.2 recommends that APRA should set transparent standards to hold staff and itself accountable for the timeliness of approvals and other commercially important decisions for regulated institutions and that the regulator should publicly disclose adherence rates to these performance standards in its external accountability assessment.

APRA's response: In response, APRA said it will review its decision-making processes and current Service Charter to address this recommendation. APRA will include information on its performance in key areas as part of its enhanced communication approach.

Embedding APRA's new enforcement approach

The reviewers comment that 'discretion and cooperation have their limits' and that they are unpersuaded by the argument that more transparency on the part of APRA will limit cooperation and openness with the regulator. Further, though the reviewers support the direction of APRA's new enforcement strategy, the report recommends changes to 'embed' the new approach.

Recommendation 6.1 recommends that APRA should change existing internal norms that create a low appetite for transparent supervisory challenge and enforcement by: a) departing from its behind closed doors approach with regulated entities; b) adopting a stronger approach towards recalcitrant institutions; c) building organisational confidence and improving management support; and increasing its risk appetite and use of the escalation toolkit.

Not recommending 'litigate first': In recommending the regulator adopt a tougher stance, the reviewers comment that they are not recommending APRA adopt a litigation focussed enforcement strategy. 'Where laws have been broken there is rightly an expectation that those responsible will be held to account. But for a prudential regulator a "litigation-first" or a litigation-focussed enforcement strategy will not help it achieve its ex-ante mandate, although APRA should not resile from legal remedies when they are needed' they write.

APRA's Response: In response, APRA said that it is implementing the revised enforcement approach and that this program of work will be included in APRA;'s 2019-23 Corporate Plan to be released in August 2019.

More strategic and forceful approach to communication

Recommendation 6.6 recommends that APRA should take a more strategic, active and forceful approach in its public communications. More particularly, APRA should: a) publish an interpretation of its mandate; b) clearly articulate its role and approach to macro-prudential policy; c) advise the Government of the current state of its resolution capability and crisis preparedness. Taking account of the impact on the market, part of this advice could be published; and d) be more transparent in relation to superannuation, including by publishing objective benchmarks for superannuation performance on member outcomes and a strategy to promote long-term industry performance.

APRA's response: APRA said that work is underway to enhance communications as a strategic priority from APRA’s 2018-2022 Corporate Plan and that existing initiatives will be strengthened in this year’s plan to address this recommendation. APRA will publish its updated Corporate Plan by end August 2019, and publish other material relevant to this recommendation as part of its enhanced strategic communication plan.


  • Recommendation 6.4 recommends that APRA should use its existing accountability framework more effectively, including a more assertive use of the Statement of Intent and it should publish a regular external accountability assessment.
    • APRA's response: APRA has said it will publish a review of its activities and performance at the end of 2019 and noted that this is part of the work underway in response to recommendation 6.6.
  • Recommendation 6.5 recommends that the government consider streamlining and improving the effectiveness of existing accountability arrangements when establishing the financial regulator oversight authority.
  • APRA's response: APRA welcomed the Government’s commitment to seek to streamline and improve the effectiveness of APRA’s accountability arrangements
  • Government Response: The government said that as part of establishing the financial regulator oversight authority, it will seek to streamline and improve the effectiveness of both APRA and ASIC’s accountability arrangements.

Organisational Changes (including the establishment of a new superannuation division)

  • Recommendation 2.3 recommends that APRA revise its organisations structure to reinforce the impact of the leadership and cultural changes recommended in the Review and APRA's own strategic plans. APRA should: a) restructure supervision divisions along industry lines — banking, insurance and superannuation; b) revise management structures and levels with a view to widening spans of control and enhancing efficiency, speed of decision making and empowerment; c) shift internal configuration to better support industry-focussed strategic activities and more agile ways of working; and d) create distinct people-leader and technical-specialist career pathways.
  • Recommendation 2.4 recommends that APRA's Chair should relinquish his ADI specific oversight role and adopt a broader organisation wide role. The remaining members should split their roles to include a mix of industry, policy and functional responsibilities.
  • Recommendation 5.1 recommends that APRA should create a new Superannuation Division, headed by an Executive General Manager. A key focus of the Division should be the overall performance of the superannuation system for members.

APRA's response: APRA has said that it is progressing implementation of changes to its organisational structure that address the areas highlighted in the review including reviewing the currently roles and responsibilities of APRA members (recommendation 2.4) and restructuring the supervisory divisions along industry lines.

APRA notes that some changes to management structures and levels are contingent on the Government accepting Recommendation 2.5 (removing APRA from the APS Workplace Bargaining Policy) and/or changes to APRA’s Employment Agreement.


In addition to creating a new superannuation division within APRA (see above), the Report includes two further superannuation specific recommendations.

  • Recommendation 5.2 recommends that APRA should embed and reinforce its increasing focus on member outcomes, and continue to ensure that trustees prudently manage member funds. Consistent with this change of approach, APRA should: a) publish objective benchmarks on product performance and publicly take action to demonstrate its expectations for member outcomes; b) develop a superannuation performance tool that replaces PAIRS by the end of 2019. The tool should be focussed on member outcomes; c) update its superannuation reporting standards and collect product level data that facilitates accurate assessments of outcomes and comparability across funds; and c) increase the resourcing dedicated to the superannuation industry.
    • APRA's response: In response, APRA said that it will build on its work in recent years which was provided further impetus with the passing of the Treasury Laws Amendment (Improving Accountability and Member Outcomes in Superannuation) Act 2019. APRA said that its work on performance benchmarking and data collection will be a priority, and should be aligned with other initiatives that require legislation (such as choice product dashboards). APRA added that its program of work to review its supervisory model, initiated under APRA’s 2018- 22 Corporate Plan, includes a revised PAIRS model by mid-2020. APRA said that it will consult with government on the additional resources needed.
  • Recommendation 5.3: In accordance with recommendation 23 of the Productivity Commission’s Superannuation Inquiry, the Government should legislate to make APRA’s member outcomes mandate more explicit. The Government should clearly outline its expectations for APRA on superannuation in its next Statement of Expectations.
    • APRA's response: APRA said that it supports its member outcomes mandate being clear and that this was recently achieved through the Treasury Laws Amendment (Improving Accountability and member Outcomes in Superannuation) Act 2019. APRA adds that it supports the government further clarifying its expectations through the Statement of Expectations.
    • Government response: The government said that it will outline its expectations for APRA on superannuation in its next Statement of Expectations


The Reviewers found that 'APRA could be said to have a ‘do no harm’ approach to competition: support competition when it can, but not at the expense of any perceived risk to financial stability' and that APRA could do more in this context, including: a) publishing a clearer interpretation of its mandate; b) establishing a strategic position on competition; and c) being held to account.

Recommendation 3.7 recommends that APRA should a) create a competition champion within APRA, preferably at Member level to ensure that issues of competition are embedded effectively across all areas of APRA; b) ensure that there is sufficient tension in the internal debate and analysis of competition. It should test how policies are developed and applied by supervisors. This could be done in the Quality Assurance function and reported to the competition champion; and c) report regularly on competition developments in its external accountability assessment.

APRA's response: APRA has expressed support for the objectives of the recommendation. APRA said 'All APRA Members have overarching responsibility for achieving APRA’s mandate, including consideration of competition, efficiency, contestability and competitive neutrality'. APRA will review and enhance its decision-making processes to more actively champion the consideration of all elements of APRA’s mandate, strengthen its engagement and collaboration with the ACCC, as part of its strategic initiative in the 2018-2022 Corporate Plan. APRA adds that it will include information on its performance in this regard as part of its enhanced communication approach.

Leadership, people, capability and culture

  • Address the variability in leadership quality: Recommendation 2.1 recommends that APRA should address variation in leadership capability for all management levels including giving priority focus to leading change, effective execution and accountability. APRA should also develop a cultural change program that fosters internal debate and contestability.
    • APRA's response: APRA has said it will build on its existing leadership, people and culture strategic initiatives to address these areas as part of its review of the Corporate Plan, to be published in August 2019
  • Cyber resilience and capacity: Recommendation 3.5 recommends that APRA should seek to build strong allegiances with public and private sector experts, other regulators and financial firms to augment its internal capacity and to collaborate on ways to strengthen the cyber resilience of APRA’s regulated sectors.
  • APRA's response: APRA has said it is developing a cyber and technology strategy that includes building strong allegiances with public and private sector experts.
  • Attracting and retaining talented staff: Recommendation 2.5: To help facilitate a number of recommendations in the Review, the Government should remove APRA from the application of the APS Workplace Bargaining Policy. APRA should engage with the Government to consider ways to enable greater variation in remuneration levels.
  • Government response: Though the government expressed support for the recommendation it stopped short of committing to remove the application of the APS Workplace Bargaining Policy to APRA staff. Instead the government said that it 'will work with APRA and the Australian Public Service Commission (APSC) to better understand and address any restrictions within the current APS Bargaining Framework in order to ensure that APRA can attract and retain high skilled staff, particularly in niche areas subject to high market demand'.
  • APRA's response: APRA expressed support for this recommendation and welcomed the government’s commitment to understand and address restrictions to ensure APRA can attract and retain the staff it needs to deliver its mandate.

[Sources: APRA Capability Review 2019; Government Response; APRA media release 17/07/2019; Treasurer Josh Frydenberg media release 17/07/2019; [registration required] The AFR 17/07/2019]