Insurance (prudential standard) determination No. 12 of 2008 Prudential Standard GPS 510 Governance (Cth)
Insurance (prudential standard) determination No. 12 of 2008
Prudential Standard GPS 510 Governance
Insurance Act 1973
I, John Roy Trowbridge, Member of APRA, delegate of APRA:
(a)under subsection 32(4) of the Insurance Act 1973 (the Act), REVOKE: Prudential Standard GPS 510 Governance made by Insurance (prudential standard) No.5 of 2006; and
(b)under subsection 32(1) of the Act, DETERMINE Prudential Standard GPS 510 Governance in the form set out in the Schedule, which applies to all general insurers.
This determination takes effect on 1 July 2008.
Dated 23 June 2008
[Signed]
John Trowbridge
Member
Interpretation
In this instrument:
APRA means the Australian Prudential Regulation Authority.
Authorised NOHC has the meaning given in section 3 of the Act.
general insurer has the meaning given in section 11 of the Act.
Schedule
Prudential Standard GPS 510 Governance comprising of 14 pages.
Prudential Standard GPS 510
Governance
| Objectives and key requirements of this Prudential Standard The ultimate responsibility for the sound and prudent management of general insurers and authorised non-operating holding companies rests with their Board of directors. It is essential that regulated institutions have a sound governance framework and conduct their affairs with a high degree of integrity. A culture that promotes good governance is of benefit to all stakeholders of a regulated institution and helps to maintain public confidence in the institution. This Prudential Standard sets out minimum foundations for good governance of regulated institutions. It aims to ensure that regulated institutions are managed in a sound and prudent manner by a competent Board of directors, which is capable of making reasonable and impartial business judgements in the best interests of the regulated institution and which gives due consideration to the impact of its decisions on policyholders. The governance arrangements of regulated institutions build on these foundations in ways that take account of the size, complexity and risk profile of the institution. The key requirements of this Prudential Standard include: · specific requirements with respect to Board size and composition; · the chairperson of the Board must be an independent director; · a Board Audit Committee must be established; · regulated institutions must have a dedicated internal audit function; · certain provisions dealing with independence requirements for auditors consistent with those in the Corporations Act 2001; and · the Board must have a policy on Board renewal and procedures for assessing Board performance. A number of requirements also apply to Category C insurers (as defined in Prudential Standard GPS 001 Definitions). |
Authority
This Prudential Standard is made under section 32 of the Insurance Act 1973 (the Act).
Application and commencement
This Prudential Standard applies to all insurers and authorised NOHCs under the Act. Insurers and authorised NOHCs are collectively referred to as regulated institutions in this Prudential Standard. This Prudential Standard applies from 1 July 2008 (effective date).
Subject to paragraphs 64 and 65, all insurers (except Category C insurers), have to comply with this Prudential Standard in its entirety. Category C insurers have to comply with only those provisions of this Prudential Standard which specifically indicate that they apply to Category C insurers. The obligations imposed by this Prudential Standard, on or in relation to a Category C insurer, apply only in relation to its Australian business.
Interpretation
Unless otherwise defined in this Prudential Standard, expressions in bold are defined in Prudential Standard GPS 001 Definitions.
The Board and senior management
The Board of directors (the Board) of a regulated institution is ultimately responsible for the sound and prudent management of the regulated institution. This Prudential Standard sets out the minimum requirements that a regulated institution must meet in the interests of promoting strong and effective governance.
The Board of a regulated institution must have a formal charter that sets out the roles and responsibilities of the Board.
The Board, in fulfilling its functions, may delegate authority to management to act on behalf of the Board with respect to certain matters, as decided by the Board. This delegation of authority must be clearly set out and documented. The Board must have mechanisms in place for monitoring the exercise of delegated authority. The Board cannot abrogate its responsibility for functions delegated to management.
The Board must ensure that directors, and senior management of the regulated institution, collectively, have the full range of skills needed for the effective and prudent operation of the regulated institution, and that each director has skills that allow them to make an effective contribution to Board deliberations and processes. This includes the requirement for directors, collectively, to have the necessary skills, knowledge and experience to understand the risks of the regulated institution, including its legal and prudential obligations, and to ensure that the regulated institution is managed in an appropriate way taking into account these risks. This does not preclude the Board from supplementing its skills and knowledge through the use of external consultants and experts.
Senior management of the regulated institution (and senior management of a Category C insurer), with responsibilities relating to the business in Australia, must be ordinarily resident in Australia.
Members of the Board and senior management (and senior management of a Category C insurer) must be available to meet with APRA on request.
The Board (or, in the case of a Category C insurer, the senior officer outside Australia with delegated authority from the Board (senior officer outside Australia)[1]) must provide the Appointed Auditor and the Appointed Actuary[2] of the insurer (including a Category C insurer), and the external auditor of an authorised NOHC, with the opportunity to raise matters directly with the Board (or, in the case of a Category C insurer, the senior officer outside Australia).
[1] Refer paragraph 15 for the definition of senior officer outside Australia with delegated authority from the Board.
[2] The Appointed Auditor and Appointed Actuary are appointed in accordance with section 39 of the Act. Refer also to Prudential Standard GPS 520 Fit and Proper for eligibility criteria.
Independence
For the purposes of this Prudential Standard, an independent director is a non-executive director who is free from any business or other association – including those arising out of a substantial shareholding, involvement in past management or as a supplier, customer or adviser – that could materially interfere with the exercise of their independent judgement. The circumstances that will not meet this test of independence include, but are not limited to, those set out in Attachment A.
If the Board of a regulated institution is in doubt regarding a director’s independence, the regulated institution may refer the matter to APRA for guidance.
Definition of non-executive director
For the purposes of this Prudential Standard a reference to non-executive director is to be interpreted as meaning a director who is not a member of management.
Senior officer outside Australia (Category C insurers)
As in the case of locally-incorporated insurers, the ultimate responsibility for the safety and soundness of a Category C insurer resides with its Board. Category C insurers must nominate a senior officer (whether a director or senior executive) outside Australia with delegated authority from the Board who will be responsible for overseeing the Australian branch operation.
Board composition
The Board of a regulated institution must have a minimum of five directors at all times.
The Board must have a majority of independent directors at all times. For regulated institutions that are subsidiaries of other APRA-regulated institutions or overseas equivalents,[3] exceptions may apply as set out at paragraphs 28 to 30. For regulated institutions that are subsidiaries of a parent company that is not prudentially regulated, exceptions may apply as set out at paragraph 31.
[3] An ‘overseas equivalent’ is one which is not authorised in Australia but is authorised and subject to prudential regulation in a foreign country.
The chairperson of the Board must be an independent director of the regulated institution.
A majority of directors present and eligible to vote at all Board meetings must be non-executives.
The chairperson of the Board cannot have been the Chief Executive Officer (CEO) of the regulated institution at any time during the previous three years. If the position of the CEO is unexpectedly vacated, the chairperson may serve as an interim CEO. After a period of 90 days, approval must be sought from APRA to allow this arrangement to continue.
The chairperson must be available to meet with APRA on request.
For locally-owned and incorporated regulated institutions, a majority of directors must be ordinarily resident in Australia.
For foreign-owned locally incorporated regulated institutions, at least two of the directors must be ordinarily resident in Australia, at least one of whom must also be independent.
For Category C insurers, in addition to the requirement to have a senior officer outside Australia with delegated authority from the Board who is responsible for overseeing the Australian branch operation, there must be a senior manager[4] of the insurer in Australia responsible for the insurer’s local operation who is ordinarily resident in Australia.
[4] As defined in the Act read with Prudential Standard GPS 520 Fit and Proper Requirements. Note, the person who performs this role may be the same as the agent in Australia (where the agent is an individual) or a director or senior manager of the agent in Australia (where the agent is a corporate agent) as required under section 118 of the Act.
A Category C insurer that appoints a corporate agent as its agent in Australia must additionally ensure that:
(a)the board of the corporate agent has a minimum of three directors at all times; and
(b)a majority of the directors of the board of the corporate agent must be ordinarily resident in Australia.[5]
[5] Note that, by virtue of paragraph 118(6)(b) of the Act, an individual agent in Australia must be resident in Australia.
Board representation must be consistent with a regulated institution’s shareholding. Where a shareholding constitutes not more than 15 per cent of a regulated institution’s voting shares there should not be more than one Board member who is an associate of the shareholder where the Board has up to six directors, and not more than two Board members who are associates of the shareholder where the Board has seven or more directors. A director is taken to be an associate of a shareholder for the purposes of this clause, if the director is an associate of the shareholder, or the shareholder is an associate of the director, according to the definition of associate in clause 4 of Schedule 1 of the Financial Sector (Shareholdings) Act 1998. That definition is to be applied for the purposes of this clause as if subparagraph (1)(l) of that definition were omitted.
Where an individual shareholding is greater than 15 per cent, as approved under the Financial Sector (Shareholdings) Act 1998, the Board representation of that shareholding can be greater than allowed in paragraph 26, although it must still be broadly proportionate to the shareholding concerned.[6]
[6] Note, where the proportionate shareholding does not equate to a whole number, it can be rounded to the nearest whole number.
Regulated institutions that are subsidiaries of other APRA-regulated institutions or overseas equivalents
For a regulated institution that is a subsidiary of another APRA-regulated institution or an overseas equivalent, the Board of the regulated institution must have a majority of non-executive directors, but these non-executive directors need not all be independent. They can include Board members or senior management of the parent company or its subsidiaries, but not executives of the regulated institution or its subsidiaries.
A regulated institution to which paragraph 28 applies will be required to have, at a minimum, two independent directors, in addition to an independent chairperson, where the Board has up to seven members. Where the Board has more than seven members, the regulated institution will be required to have at least three independent directors, in addition to an independent chairperson.
For the purposes of meeting the requirements in paragraph 29, the independent directors on the Board of the parent company or its other subsidiaries can also sit as independent directors on the Board of the regulated institution.
Subsidiaries with a parent that is not prudentially regulated
For a regulated institution that is a subsidiary of another entity, not covered by the arrangements in paragraphs 28 to 30 of this Prudential Standard, the Board must have a majority of independent directors. However, independent directors on the Board of the parent company or its other subsidiaries can also sit as independent directors on the Board of the regulated institution.
Regulated institutions that are part of a corporate group
Where a regulated institution is part of a corporate group (group) and the regulated institution utilises group policies or functions, the Board of the regulated institution must ensure that these policies and functions give appropriate regard to the regulated institution’s business and its specific requirements.
Joint ventures
For the purposes of this Prudential Standard, a regulated institution that operates as a joint venture can be considered as part of the group of each parent entity. Independent directors of a parent can sit as independent directors on the Board of the joint venture entity. However, the general concessions available to subsidiaries in paragraphs 28 to 30 will not be available to joint ventures.
Board Audit Committee
A regulated institution must have a Board Audit Committee, which assists the Board by providing an objective non-executive review of the effectiveness of the regulated institution’s financial reporting and risk management framework unless, with respect to risk management, there is another Board Committee which carries out this function.
The Board Audit Committee must have sufficient powers to enable it to obtain all information necessary for the performance of its functions.
The Board Audit Committee must have at least three members. All members of the Committee must be non-executive directors of the regulated institution. A majority of the members of the Committee must be independent.
The chairperson of the Board Audit Committee must be an independent director of the regulated institution.
The chairperson of the Board can sit on the Board Audit Committee, but cannot chair the Committee.
The Board Audit Committee must have a charter that includes a reference to the fact that the Committee is responsible for the oversight of:
(a)APRA statutory reporting requirements;[7]
[7] Not limited to reporting of financial information.
(b)financial reporting requirements;
(c)professional accounting requirements;
(d)internal and external audit; and
(e)the appointment of the regulated institution’s auditor.
The Board Audit Committee must review the Appointed Auditor’s engagement at least annually, including making an assessment of whether the Appointed Auditor meets the Audit Independence tests set out in APES 110 Code of Ethics for Professional Accountants[8], as well as the additional auditor independence requirements set out in this Prudential Standard. For a Category C insurer, it is the responsibility of the senior officer outside Australia to undertake this assessment.
[8] APES 110 Code of Ethics for Professional Accountants was issued by the Accounting Ethical Professional Standards Board with effect from 1 July 2006.
The Board Audit Committee must regularly review the internal and external audit plans, ensuring that they cover all material risks and financial reporting requirements of the regulated institution. It must also regularly review the findings of audits, and ensure that issues are being managed and rectified in an appropriate and timely manner.
The Board Audit Committee must ensure the adequacy and independence of both the internal and external audit functions.
The members of the Board Audit Committee must, at all times, have free and unfettered access to senior management, the internal auditor, the heads of all risk management functions, the insurer’s Appointed Auditor and Appointed Actuary, and an authorised NOHCs external auditor, and vice versa.
The Board Audit Committee must establish and maintain policies and procedures for employees of the regulated institution to submit, confidentially, information about accounting, internal control, compliance, audit, and other matters about which the employee has concerns. The Committee should also have a process for ensuring employees are aware of these policies and for dealing with matters raised by employees under these policies.
Members of the Board Audit Committee must be available to meet with APRA on request.
The Board Audit Committee must invite the insurer’s Appointed Auditor (external auditor for an authorised NOHC) and Appointed Actuary to meetings of the Committee.
The internal auditor must have a reporting line and unfettered access to the Board Audit Committee. For Category C insurers, the auditor of the local operation must have direct access to the Head Office audit function.
Internal audit
A regulated institution (including a Category C insurer in relation to its Australian business) must have an independent and adequately resourced internal audit function. If a regulated institution does not believe it is necessary to have a dedicated internal audit function, it must apply to APRA, in writing, seeking an exemption from this requirement, and set out reasons why it should be exempt. APRA may approve alternative arrangements for a regulated institution where APRA is satisfied that they will achieve the same objectives.
The objectives of the internal audit function must include evaluation of the adequacy and effectiveness of the financial and risk management framework of the regulated institution (including a Category C insurer).[9] To fulfil its functions, the internal auditor must, at all times, have unfettered access to all the regulated institution’s business lines and support functions.
[9] Also refer to Prudential Standard GPS 220 Risk Management for the requirement for a review of an insurer’s risk management framework. Such a review carried out by a role or function within the insurer other than internal audit does not relieve the internal audit function from carrying out a review of the risk management framework, though the internal audit function may rely on such other review in carrying out its own review.
Auditor independence
The Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 introduced a number of new requirements into the Corporations Act 2001 (Corporations Act) in relation to auditor independence. The auditor independence requirements in this Prudential Standard are substantially consistent with those requirements, and are intended to help ensure the independence of an auditor engaged to perform work of a prudential nature in relation to the Act, the prudential standards and the reporting standards.[10]
[10] Reporting standards are those standards made under the Financial Sector (Collection of Data) Act 2001.
The Board of an insurer (and the senior officer outside Australia in the case of a Category C insurer) must, to the extent practical, undertake steps to satisfy themselves that the auditor, who undertakes work for the insurer (or Category C insurer) in relation to the Act, the prudential standards, or the reporting standards, is independent of the insurer (or Category C insurer),[11] and that there is no conflict of interest situation that could compromise, or be seen to compromise, the independence of the auditor.
[11] ‘Independent of the insurer (or Category C insurer)’ means that the auditor has been assessed as independent in terms of paragraph 40 of this Prudential Standard.
As part of the process of ascertaining the independence of the auditor, an insurer (including a Category C insurer) must obtain a declaration from the auditor to the effect that:
(a) the auditor is independent, both in appearance and in fact;
(b) the auditor has no conflict of interest situation; and
(c) there is nothing to the auditor’s knowledge (either in relation to the individual auditor or any audit firm or audit company of which the auditor is a member or director) that could compromise that independence.
For the purposes of this Prudential Standard, a conflict of interest situation exists in relation to an insurer (or Category C insurer) at a particular time, if because of circumstances that exist at that time:
(a) the auditor is not capable of exercising objective and impartial judgement in relation to the conduct of the work that is undertaken for the insurer (or Category C insurer) in relation to the Act, the prudential standards or the reporting standards; or
(b) a reasonable person, with full knowledge of all relevant facts and circumstances, would conclude that the auditor is not capable of exercising objective and impartial judgement in relation to undertaking the work for the insurer (or Category C insurer) for the purposes of the Act, the prudential standards, or the reporting standards.[12]
[12] This definition is based on that used in the Corporations Act to describe the circumstances under which a conflict of interest situation is considered to exist, and is intended to be interpreted in a similar manner. Without limiting the situations that may cause a conflict to arise for the purposes of this Prudential Standard, it is expected that any circumstances of the type that would lead to a breach of the Corporations Act requirements for audit independence, whether or not these provisions actually apply in relation to the audit of the insurer (including a Category C insurer), will also result in a breach of the provisions of this Prudential Standard.
A person, who was a member of an audit firm or a director of an audit company, and who served in a professional capacity in the audit of an insurer (including a Category C insurer) in relation to the Act, the prudential standards or the reporting standards, cannot be appointed to the role of director or senior manager of that insurer until at least two years have passed since they served in that professional capacity.
A person, who was an employee of an audit company, other than a director of that company, and who acted as the lead auditor[13] or review auditor[14] in the audit of an insurer (including a Category C insurer) in relation to the Act, the prudential standards or the reporting standards, cannot be appointed to the role of director or senior manager of that insurer until at least two years have passed since they acted as the lead auditor or review auditor.
[13] ‘Lead auditor’ means the registered company auditor who is primarily responsible to the audit firm or the audit company for the conduct of audit work conducted in relation to the Act, the prudential standards or the reporting standards.
[14] ‘Review auditor’ means the registered company auditor (if any) who is primarily responsible to the individual auditor, the audit firm or the audit company for reviewing audit work conducted in relation to the Act, the prudential standards or the reporting standards.
A person cannot be appointed as a director or senior manager of an insurer (or a senior manager in the case of a Category C insurer) if:
(a) the person was, or is, a director of the audit company or a member of the audit firm that was, or is, responsible for the audit of the insurer in relation to the Act, the prudential standards or the reporting standards; and
(b) there is already another person employed as a director or senior manager of the insurer who was a director of the audit company or a member of the audit firm at a time when the audit company or audit firm undertook an audit of the insurer at any time during the previous two years.
An individual who plays a significant role[15] in the audit of an insurer (including a Category C insurer) in relation to the Act, the prudential standards or the reporting standards, for five successive years, or for more than five years out of seven successive years, cannot continue to play a significant role in the audit until at least a further two years have passed, except with an exemption from APRA. APRA may grant an exemption from this requirement if the individual provides specialist services that are otherwise not readily available or there are no other registered company auditors available to provide satisfactory services for the insurer.
[15] For the purpose of this paragraph, ‘an individual who plays a significant role’ means an individual auditor who acts as the auditor in respect of any of the requirements of the Act, the prudential standards or the reporting standards, or the lead or review auditor where such audit work is performed by an audit company or audit firm.
For the purposes of maintaining their independence and objectivity, the Appointed Auditor and Appointed Actuary of an insurer (including a Category C insurer), cannot both be employed by the same body corporate or related bodies corporate, or by the same firm or related firms[16]
[16] Refer to Prudential Standard GPS 520 Fit and Proper for a similar restriction on the Appointed Auditor and Appointed Actuary being from the same entity.
Board performance assessment
The Board of a regulated institution must have procedures for assessing, at least annually, the Board’s performance relative to its objectives. It must also have in place a procedure for assessing, at least annually, the performance of individual directors.
Board renewal
The Board of a regulated institution must have in place a formal policy on Board renewal. This policy must provide details of how the Board intends to renew itself in order to ensure it remains open to new ideas and independent thinking, while retaining adequate expertise. The policy must give consideration to whether directors have served on the Board for a period which could, or could reasonably be perceived to, materially interfere with their ability to act in the best interests of the regulated institution.
Persons not to be constrained from providing information to APRA[17]
[17] Also refer to the provisions for the protection of whistleblowers under Part IIIA of the Act and the whistleblowing provisions in Prudential Standard GPS 520 Fit and Proper.
No prospective, current, or former officer,[18] employee, or contractor (including professional service provider) of a regulated institution (including a Category C insurer), may be constrained or impeded, whether by confidentiality clauses or other means, from disclosing information to APRA, from discussing issues with APRA of relevance to the management and prudential supervision of the regulated institution, or from providing documents under their control to APRA, that may be relevant in the context of the management or prudential supervision of the regulated institution. Such persons are not to be constrained from providing information to:
[18] ‘Officer’ is defined in section 9 of the Corporations Act.
(a)auditors, the Appointed Actuary, and others, who have statutory responsibilities in relation to the regulated institution; and
(b)the Reviewing Actuary.
Regulated institutions (including Category C insurers) must ensure that their internal policy and contractual arrangements do not explicitly or implicitly restrict or discourage auditors or other parties from communicating with APRA.
Transitional arrangements
The auditor rotation requirement in paragraph 57 does not apply to the auditor of an insurer (including a Category C insurer) until 1 October 2008 if the auditor was not, immediately prior to 1 October 2006, subject to the auditor rotation provisions in the Corporations Act.
Adjustments and exclusions
APRA may by notice in writing to a regulated institution adjust or exclude a specific prudential requirement in this Prudential Standard in relation to that regulated institution.[19]
[19] Refer to subsection 32(3D) of the Act.
Determinations made under previous GPS 510
A notice issued under paragraph 65 of Prudential Standard GPS 510 Governance made on 5 May 2006 adjusting or excluding a specific prudential requirement in any paragraph of that Prudential Standard is taken, on and from the effective date, to have been a notice issued under paragraph 64 of this Prudential Standard adjusting or excluding, as the case may be, the corresponding specific prudential requirement in an equivalent paragraph of this Prudential Standard.
An approval, determination, direction or requirement made by APRA under a provision specified in Column 1 of the following table that is in operation immediately prior to the commencement of this Prudential Standard is taken, on and from the effective date, to have been made under the provision of this Prudential Standard specified in the same row of Column 2 of the table.
| Column 1: Provision of Prudential Standard GPS 510 Governance made on 5 May 2006 | Column 2: Provision of this Prudential Standard |
| Paragraph 19: allow chairperson to serve as the interim CEO for more than 90 days. | Paragraph 20 |
| Paragraph 46: exempt an insurer from having a dedicated internal audit function and approve alternative arrangements. | Paragraph 48 |
| Paragraph 55: exempt an insurer from auditor rotation requirement. | Paragraph 57 |
Attachment A[20]
[20] The following circumstances are adapted from the guidance on “Relationships affecting independent status” to be considered by a Board when determining the independent status of a director set out in Box 2.1 of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations (2nd Edition).
A director is not independent if the director:
is a substantial shareholder[21] of the regulated institution or an officer of, or otherwise associated directly with, a substantial shareholder of the regulated institution;
[21] For the purpose of this Attachment, a ‘substantial shareholder’ is a person with a substantial holding as defined in section 9 of the Corporations Act.
is employed, or has previously been employed in an executive capacity by the regulated institution or another group member, and there has not been a period of at least three years between ceasing such employment and serving on the Board;
has within the last three years been a principal of a material professional adviser or a material consultant to the regulated institution or another group member, or an employee materially associated with the service provided;
is a material supplier or customer of the regulated institution or other group member, or an officer of or otherwise associated directly or indirectly with a material supplier or customer; or
has a material contractual relationship with the regulated institution or another group member other than as a director.
0
0
0