APRA Finalizes Changes to Capital Framework, Issues Other Updates

APRA released the final prudential standards and guidance with consequential amendments from the updated capital adequacy and credit risk capital requirements for authorized deposit-taking institutions. Also released was a letter to the industry, along with a non-confidential submission. The letter outlines the response of APRA to submissions on these consequential amendments and summarizes other minor consequential amendments, mainly related to cross-referencing in the authorized deposit-taking institution prudential framework. This package follows the November 2021 publication of the new bank capital framework, which is designed to embed “unquestionably strong” levels of capital and align Australian standards with the internationally agreed Basel III requirement. The 11 prudential standards and 2 prudential practice guides that have been amended are:

• Prudential Standard APS 110 Capital Adequacy
• Prudential Standard APS 111 Capital Adequacy: Measurement of Capital 
• Prudential Standard APS 116 Capital Adequacy: Market Risk 
• Prudential Standard APS 120 Securitization 
• Prudential Standard APS 121 Covered Bonds 
• Prudential Standard APS 180 Capital Adequacy: Counterparty Credit Risk 
• Prudential Standard APS 210 Liquidity 
• Prudential Standard APS 220 Credit Risk Management 
• Prudential Standard APS 221 Large Exposures 
• Prudential Standard CPS 226 Margining and risk mitigation for non-centrally cleared derivatives 
• Prudential Standard APS 310 Audit and Related Matters
• Prudential Practice Guide APG 112 Capital Adequacy: Standardized Approach to Credit Risk
• Prudential Practice Guide APG 223 Residential Mortgage Lending

The consequential amendments relate mainly to cross-referencing in the authorized deposit-taking institution prudential framework and ensure consistency of the broader prudential framework with the capital reforms. The changes included in this letter will take effect from January 01, 2023, in line with the effective date of the broader capital reforms. APRA will continue to engage with the authorized deposit-taking institutions on implementation of the capital framework in the lead-up to this date, bilaterally and through relevant industry associations. As part of this release, APRA also amended the six relevant reporting standards to reflect the consequential amendments:

• Reporting Standard ARS 110.0 Capital Adequacy
• Reporting Standard ARS 113.0 Capital Adequacy: Internal Ratings-based Approach to Credit Risk 
• Reporting Standard ARS 120.1 Securitization – Regulatory Capital
• Reporting Standard ARS 120.2 Securitization – Supplementary Items
• Reporting Standard ARS 180.0 Counterparty Credit Risk 
• Reporting Standard ARS 210.0 Liquidity

Below are the key highlights of the additional recent announcements from APRA:

• APRA issued a letter to all APRA-regulated entities setting out a roadmap for a review of the prudential framework for groups. The aim of the review is to ensure that the prudential framework is fit for purpose to cater to an increasing array of new groups and is consistently applied to the existing structures to ensure a level playing field. The review will focus on rationalizing requirements for the management of risks presented by group structures, such as contagion risk generated by intra-group exposures and arrangements; promoting consistency in prudential requirements that apply to groups; and providing clarity on group capital requirements as well as on the approach of APRA to regulating and supervising different group structures. The letter lists the key prudential standards within the scope of the review. The review will commence with a Discussion Paper in the first half of 2023 while APRA expects to consult on any revisions to the relevant standards over 2023-2024, with any changes effective from 2025.
• APRA released a letter to the authorized deposit-taking institutions, general insurers and life insurers to reinforce the existing prudential requirements for additional Tier 1 capital or Tier 2 capital instruments. The letter sets out the APRA expectations for authorized deposit-taking institutions and insurers seeking approval to call and replace an outstanding Additional Tier 1 Capital or Tier 2 Capital instrument with one that has a higher credit spread or that is otherwise more expensive. Where an institution has satisfied APRA and replaces an instrument with one that has a higher credit spread or is otherwise more expensive, the regulated entity is to ensure that a public announcement relating to the call clearly indicates that this action does not imply that other outstanding instruments with call dates will be called in the future.
• During a prudential review undertaken this year, APRA identified significant weakness in the risk governance of RACQ Insurance Limited and RACQ Bank (collectively RACQ). Thus, the regulator will required RACQ to develop and implement a comprehensive, APRA-approved, risk transformation program. Areas of concern include RACQ’s risk and compliance framework and practices, capability and capacity challenges within the risk functions, unclear accountabilities, and an immature risk culture. RACQ is also required to engage a third party to provide independent assurance over the delivery of the risk transformation program and provide periodic reporting to APRA as well as to assign accountability under the Banking Executive Accountability Regime for successful delivery of the risk transformation program to an appropriate, named executive.
• APRA has removed the remaining $500 million capital add-on applied to the Commonwealth Bank Australia (CBA) to address previous weaknesses in its governance, accountability, and risk culture frameworks and practices. APRA had initially imposed the $1 billion capital add-on on CBA in May 2018 as part of its response to the Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia. The Inquiry, which followed a series of incidents that damaged public standing of the bank, concluded that “CBA’s continued financial success dulled the senses of the institution," particularly in relation to the management of non-financial risks. An extensive remediation plan was established to address the identified shortcomings. The capital add-on was reduced to $500 million in November 2020 in recognition of the progress of CBA in addressing these issues. At that time, APRA had indicated that the remainder of capital add-on would stay in place until CBA completed its full program of remediation, including addressing all recommendations from the Final Report. Since APRA is now satisfied that the remediation has been completed, APRA has removed the remaining capital add-on, effective September 30, 2022.
• In line with a restructuring of the BNP Paribas Group and on request of the entity BNP Paribas Securities Services, APRA has revoked BNP Paribas Securities Services' authorized deposit-taking institution license under the Banking Act 1959. BNP Paribas will continue to remain an authorized deposit-taking institution in Australia.
• Medibank reported a cyber-attack resulting in a data breach, on October 13, 2022. The incident and resulting impacts are still under investigation; however, it is anticipated that some personal identification information of Medibank customers has been compromised. This incident follows quickly in the wake of the Optus incident and the regulated community must ensure that information security controls are in place and operating to safeguard the entity, along with the requirements and obligations of Prudential Standard CPS234 on Information Security. These circumstances serve as a reminder that cyber activity continues to escalate. Regulated entities are urged to review incident response plans and to ensure the regular testing of these plans. Of related interest is the recently issued APRA discussion paper as part of which APRA is consulting on ways to strengthen the management of operational risk in financial services.
• APRA granted International Bank of Australia Pty Limited a license to operate as a restricted authorized deposit-taking institution and IBOA Group Holdings Pty Limited as a non-operating holding company, under the Banking Act 1959.

Related Links

• Review of Prudential Framework
• Amendments to Capital Framework
• Requirements for Additional Tier 1 and Tier 2 Capital Instruments
• Enforcement Action on RACQ Bank
• Remediation of Weaknesses of CBA
• Banking License of BNP Entity
• Medibank Data Breach
• License for Bank of Australia

Keywords: Asia Pacific, Australia, Banking, Reporting, Liquidity Risk, Basel, CBA, Medibank, RACQ Bank, Cyber Risk, Operational Resilience, Credit Risk, Regulatory Capital, BNP Paribas, APRA