Risk culture: required by APRA but how do you measure it?

In a recent speech, Ian Laughlin, Deputy Chairman, Australian Prudential Regulation Authority (APRA) described “risk culture” as “soft stuff” which “includes things that are not so easy to measure, such as qualitative assessments, culture, values and behaviours.”

His speech coincides with APRA’s release of the final version of Prudential Standard CPS 220 Risk Management (CPS 220) and Prudential Practice Guide CPG 220 Risk Management (CPG 220).

The new requirements are applicable to authorised deposit-taking institutions (ADIs), general insurers and life companies, and authorised non-operating holding companies (authorised NOHCs), and take effect from 1 January 2015. Background.

Under the new prudential standard, CPS 220, the board must ensure that “it forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identifies any desirable changes to the risk culture and ensures the institution takes steps to address those changes.”

Mr Laughlin made it clear that how the Board forms the view of how the organisation manages risk is a Board responsibility separate from the operational management of the organisation.

In APRA’s letter of 4 December 2014 to all CEOs of authorised deposit-taking institutions, general insurers and life companies APRA’s chairman said:

“APRA is firmly of the view that an appropriate risk culture is fundamental to the effectiveness of the risk management framework, and it is therefore appropriate that the board has a key role to play in monitoring and influencing the organisation’s risk culture. …APRA recognises that it can be difficult to clearly articulate the risk culture of an institution and that thinking on risk culture is evolving. For that reason, APRA removed the previously-proposed requirement that the board articulate the risk culture. Nevertheless, it is important that the board continually considers, and forms a view on, the organisation’s risk culture and whether any changes might be needed to support improvements to the effectiveness of risk management within the organisation…

APRA confirms that where the prudential standards assign specific responsibility for certain matters to the board, the board is not able to delegate its responsibility for ensuring the matter is adequately addressed. The process followed, and the advice, input and support needed by the board to meet these responsibilities, remain a matter for the board to determine.”

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.