APRA Finalizes Changes to Capital Framework, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) finalized amendments to the capital framework, announced a review of the prudential framework for groups, issued a statement to reinforce the existing prudential requirements for additional Tier 1 capital or Tier 2 capital instruments, announced a cyber data breach at Medibank, addressed enforcement actions for weaknesses found in the governance frameworks of RACQ Bank and the Commonwealth Bank Australia, and revoked banking license of a BNP Paribas entity owing to the restructuring of the parent group.
APRA released the final prudential standards and guidance with consequential amendments from the updated capital adequacy and credit risk capital requirements for authorized deposit-taking institutions. Also released was a letter to the industry, along with a non-confidential submission. The letter outlines the response of APRA to submissions on these consequential amendments and summarizes other minor consequential amendments, mainly related to cross-referencing in the authorized deposit-taking institution prudential framework. This package follows the November 2021 publication of the new bank capital framework, which is designed to embed “unquestionably strong” levels of capital and align Australian standards with the internationally agreed Basel III requirement. The 11 prudential standards and 2 prudential practice guides that have been amended are:
- Prudential Standard APS 110 Capital Adequacy
- Prudential Standard APS 111 Capital Adequacy: Measurement of Capital
- Prudential Standard APS 116 Capital Adequacy: Market Risk
- Prudential Standard APS 120 Securitization
- Prudential Standard APS 121 Covered Bonds
- Prudential Standard APS 180 Capital Adequacy: Counterparty Credit Risk
- Prudential Standard APS 210 Liquidity
- Prudential Standard APS 220 Credit Risk Management
- Prudential Standard APS 221 Large Exposures
- Prudential Standard CPS 226 Margining and risk mitigation for non-centrally cleared derivatives
- Prudential Standard APS 310 Audit and Related Matters
- Prudential Practice Guide APG 112 Capital Adequacy: Standardized Approach to Credit Risk
- Prudential Practice Guide APG 223 Residential Mortgage Lending
The consequential amendments relate mainly to cross-referencing in the authorized deposit-taking institution prudential framework and ensure consistency of the broader prudential framework with the capital reforms. The changes included in this letter will take effect from January 01, 2023, in line with the effective date of the broader capital reforms. APRA will continue to engage with the authorized deposit-taking institutions on implementation of the capital framework in the lead-up to this date, bilaterally and through relevant industry associations. As part of this release, APRA also amended the six relevant reporting standards to reflect the consequential amendments:
- Reporting Standard ARS 110.0 Capital Adequacy
- Reporting Standard ARS 113.0 Capital Adequacy: Internal Ratings-based Approach to Credit Risk
- Reporting Standard ARS 120.1 Securitization – Regulatory Capital
- Reporting Standard ARS 120.2 Securitization – Supplementary Items
- Reporting Standard ARS 180.0 Counterparty Credit Risk
- Reporting Standard ARS 210.0 Liquidity
Below are the key highlights of the additional recent announcements from APRA:
- APRA issued a letter to all APRA-regulated entities setting out a roadmap for a review of the prudential framework for groups. The aim of the review is to ensure that the prudential framework is fit for purpose to cater to an increasing array of new groups and is consistently applied to the existing structures to ensure a level playing field. The review will focus on rationalizing requirements for the management of risks presented by group structures, such as contagion risk generated by intra-group exposures and arrangements; promoting consistency in prudential requirements that apply to groups; and providing clarity on group capital requirements as well as on the approach of APRA to regulating and supervising different group structures. The letter lists the key prudential standards within the scope of the review. The review will commence with a Discussion Paper in the first half of 2023 while APRA expects to consult on any revisions to the relevant standards over 2023-2024, with any changes effective from 2025.
- APRA released a letter to the authorized deposit-taking institutions, general insurers and life insurers to reinforce the existing prudential requirements for additional Tier 1 capital or Tier 2 capital instruments. The letter sets out the APRA expectations for authorized deposit-taking institutions and insurers seeking approval to call and replace an outstanding Additional Tier 1 Capital or Tier 2 Capital instrument with one that has a higher credit spread or that is otherwise more expensive. Where an institution has satisfied APRA and replaces an instrument with one that has a higher credit spread or is otherwise more expensive, the regulated entity is to ensure that a public announcement relating to the call clearly indicates that this action does not imply that other outstanding instruments with call dates will be called in the future.
- During a prudential review undertaken this year, APRA identified significant weakness in the risk governance of RACQ Insurance Limited and RACQ Bank (collectively RACQ). Thus, the regulator will required RACQ to develop and implement a comprehensive, APRA-approved, risk transformation program. Areas of concern include RACQ’s risk and compliance framework and practices, capability and capacity challenges within the risk functions, unclear accountabilities, and an immature risk culture. RACQ is also required to engage a third party to provide independent assurance over the delivery of the risk transformation program and provide periodic reporting to APRA as well as to assign accountability under the Banking Executive Accountability Regime for successful delivery of the risk transformation program to an appropriate, named executive.
- APRA has removed the remaining $500 million capital add-on applied to the Commonwealth Bank Australia (CBA) to address previous weaknesses in its governance, accountability, and risk culture frameworks and practices. APRA had initially imposed the $1 billion capital add-on on CBA in May 2018 as part of its response to the Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia. The Inquiry, which followed a series of incidents that damaged public standing of the bank, concluded that “CBA’s continued financial success dulled the senses of the institution," particularly in relation to the management of non-financial risks. An extensive remediation plan was established to address the identified shortcomings. The capital add-on was reduced to $500 million in November 2020 in recognition of the progress of CBA in addressing these issues. At that time, APRA had indicated that the remainder of capital add-on would stay in place until CBA completed its full program of remediation, including addressing all recommendations from the Final Report. Since APRA is now satisfied that the remediation has been completed, APRA has removed the remaining capital add-on, effective September 30, 2022.
- In line with a restructuring of the BNP Paribas Group and on request of the entity BNP Paribas Securities Services, APRA has revoked BNP Paribas Securities Services' authorized deposit-taking institution license under the Banking Act 1959. BNP Paribas will continue to remain an authorized deposit-taking institution in Australia.
- Medibank reported a cyber-attack resulting in a data breach, on October 13, 2022. The incident and resulting impacts are still under investigation; however, it is anticipated that some personal identification information of Medibank customers has been compromised. This incident follows quickly in the wake of the Optus incident and the regulated community must ensure that information security controls are in place and operating to safeguard the entity, along with the requirements and obligations of Prudential Standard CPS234 on Information Security. These circumstances serve as a reminder that cyber activity continues to escalate. Regulated entities are urged to review incident response plans and to ensure the regular testing of these plans. Of related interest is the recently issued APRA discussion paper as part of which APRA is consulting on ways to strengthen the management of operational risk in financial services.
- APRA granted International Bank of Australia Pty Limited a license to operate as a restricted authorized deposit-taking institution and IBOA Group Holdings Pty Limited as a non-operating holding company, under the Banking Act 1959.
Related Links
- Review of Prudential Framework
- Amendments to Capital Framework
- Requirements for Additional Tier 1 and Tier 2 Capital Instruments
- Enforcement Action on RACQ Bank
- Remediation of Weaknesses of CBA
- Banking License of BNP Entity
- Medibank Data Breach
- License for Bank of Australia
Keywords: Asia Pacific, Australia, Banking, Reporting, Liquidity Risk, Basel, CBA, Medibank, RACQ Bank, Cyber Risk, Operational Resilience, Credit Risk, Regulatory Capital, BNP Paribas, APRA
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Patrycja Oleksza
Applies proficiency and knowledge to regulatory capital and reporting analysis and coordinates business and product strategies in the banking technology area
Previous Article
FSC Taiwan Revises Measures on Bank Capital Adequacy for D-SIBsRelated Articles
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.
BIS Bulletin Examines Cognitive Limits of Large Language Models
The use cases of generative AI in the banking sector are evolving fast, with many institutions adopting the technology to enhance customer service and operational efficiency.
ECB is Conducting First Cyber Risk Stress Test for Banks
As part of the increasing regulatory focus on operational resilience, cyber risk stress testing is also becoming a crucial aspect of ensuring bank resilience in the face of cyber threats.
EBA Continues Momentum Toward Strengthening Prudential Rules for Banks
A few years down the road from the last global financial crisis, regulators are still issuing rules and monitoring banks to ensure that they comply with the regulations.
EU and UK Agencies Issue Updates on Final Basel III Rules
The European Commission (EC) recently issued an update informing that the European Council and the Parliament have endorsed the Banking Package implementing the final elements of Basel III standards