Insurance (prudential standard) determination No. 13 of 2008 Prudential Standard GPS 520 Fit and Proper (Cth)

Case

Insurance (prudential standard) determination No. 13 of 2008

Prudential Standard GPS 520 Fit and Proper

Insurance Act 1973

I, John Roy Trowbridge, Member of APRA, delegate of APRA:

(a)under subsection 32(4) of the Insurance Act 1973 (the Act), REVOKE: Prudential Standard GPS 520 Fit and Proper made by Insurance (prudential standard) No.4 of 2006; and

(b)under subsection 32(1) of the Act, DETERMINE Prudential Standard GPS 520 Fit and Proper in the form set out in the Schedule, which applies to all general insurers.

This determination takes effect on 1 July 2008.

Dated 23 June 2008

[Signed]

John Trowbridge

Member

Interpretation

In this instrument:

APRA means the Australian Prudential Regulation Authority.

Authorised NOHC has the meaning given in section 3 of the Act.

general insurer has the meaning given in section 11 of the Act.

Schedule

Prudential Standard GPS 520 Fit and Proper comprises the 13 pages attached.

Prudential Standard GPS 520

Fit and Proper

Objective and key requirements of this Prudential Standard

Persons who are responsible for the management and oversight of a general insurer need to have appropriate skills, experience and knowledge and act with honesty and integrity.  This strengthens the protection afforded to policyholders and other stakeholders.  To this end, institutions need to prudently manage the risk that persons in positions of responsibility may not be fit and proper.

The prime responsibility for ensuring that an institution’s responsible persons are fit and proper remains with the Board of directors or, in the case of a Category C insurer (as defined in Prudential Standard GPS 001 Definitions), with the senior officer outside Australia with delegated authority from the Board. 

This Prudential Standard applies to general insurers and authorised non-operating holding companies under the Insurance Act 1973.  It sets out minimum requirements for these institutions in determining the fitness and propriety of individuals to hold positions of responsibility.

The key requirements of this Prudential Standard are that:

·        an institution must have and implement a written fit and proper policy that meets the requirements of this Prudential Standard;

·        the fitness and propriety of a responsible person must generally be assessed prior to initial appointment and then re-assessed annually (or as close to annually as practicable);

·        an institution must take all prudent steps to ensure that a person is not appointed to, or does not continue to hold, a responsible person position for which they are not fit and proper;

·        additional requirements must be met for certain auditors and actuaries; and

·        information must be provided to APRA regarding responsible persons and the institution’s assessment of their fitness and propriety.

Authority

  1. This Prudential Standard is made under section 32 of the Insurance Act 1973 (the Act).

Application and commencement

  1. This Prudential Standard applies to all insurers and authorised NOHCs under the Act. Insurers and authorised NOHCs are collectively referred to as regulated institutions.  This Prudential Standard applies from 1 July 2008 (effective date).

  1. This Prudential Standard specifies:

(a)the senior management responsibilities for the purposes of the definition of senior manager in subsection 3(1) of the Act;

(b)the eligibility criteria for Appointed Auditors and Appointed Actuaries for the purposes of paragraphs 39(3)(a) and 43(2)(c), and subparagraph 44(1)(a)(iii), of the Act; and

(c)the fitness and propriety criteria for certain responsible persons for the purposes of paragraphs 25A(3)(b), 27(2)(b), 43(2)(b), 44(3)(b) and 49R(3)(b), and subparagraph 44(1)(a)(ii), of the Act.

Interpretation

  1. Unless otherwise defined in this Prudential Standard, expressions in bold are defined in Prudential Standard GPS 001 Definitions.

Fit and Proper Policy

  1. A regulated institution must prudently manage the risk to its business or financial standing that persons acting in responsible person positions are not fit and proper.  To this end, the institution must have a written policy relating to the fitness and propriety of its responsible persons that meets the requirements of this Prudential Standard (Fit and Proper Policy).

  1. The Fit and Proper Policy must have been approved by the Board of directors (Board) or, for a Category C insurer, by the senior officer outside Australia with delegated authority from the Board under Prudential Standard GPS 510 Governance (GPS 510) (senior officer outside Australia).

  1. A regulated institution must take all reasonable steps to ensure that each of its responsible persons is aware of, and understands, the provisions of its Fit and Proper Policy.

  1. The Fit and Proper Policy must form part of an insurer’s Risk Management Strategy required under Prudential Standard GPS 220 Risk Management

  1. Nothing in this Prudential Standard prevents a regulated institution from applying a Fit and Proper Policy that is also used in a related company, provided that the policy has been approved by the regulated institution in accordance with paragraph 6 and meets the requirements of this Prudential Standard.

Responsible persons

  1. A responsible person of a locally incorporated insurer[1] or authorised NOHC is:

    [1]           As defined in Prudential Standard GPS 120 Assets in Australia.

(a)a director of the regulated institution;[2]

[2] ‘Director’ as defined under section 9 of the Corporations Act 2001 (Corporations Act).

(b)a senior manager of the regulated institution;[3]

[3]           ‘Senior manager’ as defined in paragraph 17 of this Prudential Standard.

(c)for an insurer, the Appointed Auditor;

(d)for an insurer, the Appointed Actuary and the Reviewing Actuary;

(e)for an authorised NOHC, an auditor who provides any report that is required to be prepared by an auditor under the Act (including prudential standards) or reporting standards under the Financial Sector (Collection of Data) Act 2001 (responsible auditor); and

(f)a person who performs activities for a subsidiary of the regulated institution where those activities may materially affect the whole, or a substantial part, of the business of the regulated institution or its financial standing, either directly or indirectly.

  1. A responsible person of a Category C insurer is:

(a)a senior manager of the Category C insurer who is, except in the case of the senior officer outside Australia referred to in paragraph 17(d), ordinarily resident in Australia;

(b)the Category C insurer’s agent in Australia where the agent in Australia is an individual;[4]

[4]           Note that ‘agent in Australia’ in this Prudential Standard includes a person appointed under subsection 118(2), (3) or (3A) to act as agent on a temporary basis.

(c)a director of the Category C insurer’s agent in Australia where the agent in Australia is a corporate agent;

(d)a senior manager of the Category C insurer’s agent in Australia where the agent in Australia is a corporate agent;

(e)the Appointed Auditor of the Category C insurer;

(f)the Appointed Actuary and the Reviewing Actuary of the Category C insurer; and

(g)a person who performs activities for a subsidiary of the Category C insurer that the Category C insurer controls as part of its Australian operations, where:

(i)      those activities may materially affect the whole, or a substantial part, of the business of the Category C insurer or its financial standing, either directly or indirectly; and

(ii)      where the person is ordinarily resident in Australia.

  1. References to a subsidiary in subparagraph 10(f) and 11(g) do not apply to a subsidiary that holds an RSE licence under the Superannuation Industry (Supervision) Act 1993.[5]

    [5] ‘RSE licence’ has the meaning given in subsection 10(1) of the Superannuation Industry (Supervision) Act 1993.

  1. A person need not be an employee of the regulated institution to be a responsible person if they are within the definition at paragraph 10 or 11.  In some circumstances, a consultant, contractor or employee of a subsidiary or otherwise related company may be a responsible person.

  1. APRA may determine that any person is a responsible person if APRA is satisfied that the person plays a significant role in the management or control of the regulated institution, or that the person’s activities may materially impact on prudential matters.  The determination will be notified in writing to the regulated institution.

  1. APRA may determine that a person is not a responsible person in relation to a particular position, responsibility or activity if APRA is satisfied that the person does not play a significant role in the management or control of the regulated institution or that the person’s activities may not materially impact on prudential matters.  The determination will be notified in writing to the regulated institution and may be subject to such conditions as APRA believes are appropriate.

  1. Responsible person position means the responsibilities or activities of a responsible person that would lead to the person being a responsible person under paragraph 10 or 11.

Senior managers

  1. Senior manager, in relation to a regulated institution, means a person (other than a director of that regulated institution) who: [6]

    [6]           In relation to a Category C insurer, references to regulated institution in this paragraph refer only to the Australian operations of that Category C insurer.

(a)makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the regulated institution; or

(b)has the capacity to affect significantly the regulated institution’s financial standing; or[7]

[7] Paragraphs 17(a) and (b) are intended to be interpreted consistently with the definition of senior manager (in relation to a corporation) in section 9 of the Corporations Act.

(c)may materially affect the whole, or a substantial part, of the business of the regulated institution or its financial standing through their responsibility for:

(i)      enforcing policies and implementing strategies approved by the Board of the regulated institution; or

(ii)      the development and implementation of systems that identify, assess, manage or monitor risks in relation to the business of the regulated institution; or

(iii)     monitoring the appropriateness, adequacy and effectiveness of risk management systems; or

(d)for a Category C insurer, is nominated as the senior officer outside Australia, to the extent that the person meets the definition in paragraph (a), (b) or (c).

  1. For the purposes of the definition of senior manager in subsection 3(1) of the Act, the responsibilities set out in paragraphs 17(a), (b), (c) and (d), when exercised for a regulated institution, are senior management responsibilities (except when carried out by a director).

  1. Senior manager, in relation to a corporate agent, means a person (other than a director of the corporate agent) who, when acting for the corporate agent: [8]

    [8]           In relation to a Category C insurer, references to regulated institution in this paragraph refer only to the Australian operations of that Category C insurer.

(a)makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the Category C insurer represented by the corporate agent; or

(b)has the capacity to affect significantly the Category C insurer’s financial standing; or[9]

[9] Paragraphs 17(a) and (b) are intended to be interpreted consistently with the definition of senior manager (in relation to a corporation) in section 9 of the Corporations Act.

(c)may materially affect the whole, or a substantial part, of the business of the Category C insurer or its financial standing through:

(i)      enforcing policies and implementing strategies approved by the Board of the Category C insurer; or

(ii)      the development and implementation of systems that identify, assess, manage or monitor risks in relation to the business of the Category C insurer; or

(iii)     monitoring the appropriateness, adequacy and effectiveness of risk management systems.

  1. For the purposes of the definition of senior manager in subsection 3(1) of the Act, the responsibilities set out in paragraphs 19(a), (b) and (c), when exercised for a corporate agent in respect of a regulated institution, are senior management responsibilities (except when carried out by a director of the corporate agent).

Criteria to determine if a responsible person is fit and proper

  1. Each regulated institution must clearly define and document the competencies required for each responsible person position.

  1. For the purposes of paragraphs 25A(3)(b), 27(2)(b), 43(2)(b) and 44(3)(b), and subparagraph 44(1)(a)(ii), of the Act and for the purposes of determining whether a person is fit and proper to hold a responsible person position, the criteria are whether:

(a)it would be prudent for a regulated institution to conclude that the person possesses the competence, character, diligence, honesty, integrity and judgement to perform properly the duties of the responsible person position;

(b)the person is not disqualified under the Act from holding the position;

(c)the person either:

(i)      has no conflict of interest in performing the duties of the responsible person position; or

(ii)      if the person has a conflict of interest, it would be prudent for a regulated institution to conclude that the conflict will not create a material risk that the person will fail to perform properly the duties of the position; and

(d)for a senior manager of a corporate agent, the person is ordinarily resident in Australia.

Additional criteria for responsible auditors of authorised NOHCs

  1. The additional criteria that must be met for a person to be fit and proper to act as a responsible auditor of an authorised NOHC are whether the person:

(a)is a registered company auditor under the Corporations Act2001 (Corporations Act);

(b)is not:

(i)      the Appointed Actuary of an insurer that is a subsidiary of the authorised NOHC;

(ii)      an employee or director of a body corporate, statutory body, partnership, trust, or commercial or professional enterprise of any kind (entity) of which that Appointed Actuary is an employee or director; or

(iii)     a partner of that Appointed Actuary;

(c)is a member of a recognised professional body; and

(d)is ordinarily resident in Australia.

Additional criteria applying to Appointed Auditors of insurers

  1. The additional criteria that must be met for a person to be fit and proper to act as an Appointed Auditor are whether the person:[10]

    [10]         Also refer to GPS 510 for the requirement for an Appointed Auditor to be independent.

(a)is a registered company auditor under the Corporations Act;

(b)is not:

(i)      the Appointed Actuary of the insurer;

(ii)      an employee or director of an entity of which the Appointed Actuary is an employee or director;[11] or

[11]         Refer to GPS 510 for a similar restriction on the Appointed Auditor and Appointed Actuary being from the same entity.

(iii)     a partner of the Appointed Actuary;

(c)has a minimum of 5 years relevant experience in the audit of insurers and has experience relating to insurers that has been sufficiently relevant and recent to provide reasonable assurance that the person is familiar with current issues in the audit of insurers;

(d)is a member of a recognised professional body; and

(e)is ordinarily resident in Australia.

Additional criteria applying to Appointed Actuaries and Reviewing Actuaries of insurers

  1. The additional criteria that must be met for a person to be fit and proper to act as an Appointed Actuary or Reviewing Actuary of an insurer are whether the person:

(a)has appropriate formal qualifications;

(b)is not the Chief Executive nor a director of the insurer, or of a related body corporate (except when that related body corporate is a subsidiary of the insurer);

(c)is not:

(i)      the Appointed Auditor;

(ii)      for an Appointed Actuary, an employee or director of an entity of which the Appointed Auditor is an employee or director;[12] or

[12]         Refer to GPS 510 for a similar restriction on the Appointed Auditor and Appointed Actuary being from the same entity.

(iii)     for an Appointed Actuary, a partner of the Appointed Auditor; or

(d)has a minimum of five years relevant experience in the provision of actuarial services to entities carrying on insurance business and it would be prudent to conclude that the person is familiar with current issues in the provision of actuarial services to such entities;

(e)is a Fellow or Accredited Member[13] of the Institute of Actuaries of Australia; and

[13]         ‘Fellow’ and ‘Accredited Member’ as defined by the Institute of Actuaries of Australia.

(f)is ordinarily resident in Australia.

  1. In addition to the criteria specified in paragraph 25, a Reviewing Actuary of an insurer must not be an employee of the insurer. 

  1. In addition to the criteria specified in paragraph 25, where an insurer’s Appointed Actuary is not an employee of the insurer, the Reviewing Actuary must not be:

(a)an employee or director of the same firm or company as the Appointed Actuary, or from a related firm or related company;

(b)a partner of the same firm or related firm as the Appointed Actuary.

A Reviewing Actuary may, however, be from the same firm or company as the insurer’s Appointed Auditor or from a related firm or related company.

  1. The criterion in paragraph 25(f) does not apply to the Appointed Actuary of a Category B insurer and a Category C insurer if:

(a)the Appointed Actuary is responsible for providing actuarial services to the corporate group, as a whole, to which the insurer belongs; and

(b)the Appointed Actuary meets the criteria in paragraphs 25(a) to (e).[14]

[14]        Note that, by application of paragraphs 25 to 27, the Reviewing Actuary of the insurer must meet the criteria specified in those paragraphs, including that the Reviewing Actuary is a Fellow or Accredited Member of the Institute of Actuaries of Australia and ordinarily resident in Australia.

Other matters relating to auditors and actuaries

  1. The criteria in paragraphs 23 to 28 do not apply while:

(a)the regulated institution reasonably considers that there are exceptional circumstances;

(b)the regulated institution has promptly notified APRA of which of the eligibility criteria are not satisfied and of the exceptional circumstances; and

(c)APRA has notified the regulated institution in writing that APRA has no objections to the person holding the position.

  1. For the purposes of paragraphs 39(3)(a) and 43(2)(c), and subparagraph 44(1)(a)(iii), of the Act, the eligibility criteria that must be met before an insurer may appoint an auditor or actuary are the criteria listed at paragraphs 23 to 28 as applicable (other than a criterion that APRA has determined under paragraph 29 does not apply in relation to a particular case).

Process for assessment of fitness and propriety

  1. The Fit and Proper Policy must include the processes to be undertaken in assessing whether a person is fit and proper for a responsible person position (fit and proper assessment).  The processes must include:

(a)who will conduct fit and proper assessments on behalf of the regulated institution;

(b)what information will be obtained and how it will be obtained;

(c)the matters that will be considered before determining if a person is fit and proper for a responsible person position; and

(d)the decision-making processes that will be followed.

  1. The Fit and Proper Policy must specify the actions to be taken where a person is assessed as not fit and proper.

  1. The Fit and Proper Policy must provide that a copy of the Policy is given to:

(a)any candidate for election as a director as soon as possible after the candidate is nominated; and

(b)any other person before an assessment of their fitness and propriety is conducted.

  1. A fit and proper assessment must be completed for each responsible person within 28 days of this Prudential Standard applying to a regulated institution, if no assessment meeting the requirements of this Prudential Standard has been made within the previous year.

  1. The Fit and Proper Policy must require a fit and proper assessment to be completed before a person becomes the holder of a responsible person position unless they hold the position:

(a)because of a resolution of members of the regulated institution; or

(b)because APRA has determined that the person is a responsible person under paragraph 14.

In such cases, the Fit and Proper Policy must require an assessment to be completed within 28 days of the person becoming the holder of the responsible person position.

  1. Interim appointment to a responsible person position may be made without a full fit and proper assessment for a period of up to 90 days (or longer with APRA’s written agreement) including any prior period of interim appointment.  Prior to making such an appointment, reasonable steps must be taken, as specified in the Fit and Proper Policy, to assess the fitness and propriety of the person.  The regulated institution must complete a full fit and proper assessment prior to appointing the person to the responsible person position on a permanent basis.

  1. The Fit and Proper Policy must require annual fit and proper assessments (or as close to annual as is practicable) for each responsible person position. 

  1. When an assessment is conducted, a regulated institution must make all reasonable enquiries[15] to obtain information, including collecting sensitive information as defined in the Privacy Act 1988 if relevant, that it believes may be relevant to an assessment of whether the person is fit and proper to hold a responsible person position.

    [15]         Including following the processes described in the Fit and Proper Policy under paragraph 31(b).

  1. Where a responsible person has been assessed as fit and proper, but the regulated institution subsequently becomes aware of information that may result in the person being assessed as not fit and proper, the regulated institution must take all reasonable steps, including collecting sensitive information as defined in the Privacy Act 1988 if relevant, to ensure that it can prudently conclude that no material fitness and propriety concern exists.  Where a concern exists, a full fit and proper assessment must be conducted.

  1. The Fit and Proper Policy must contain adequate provisions:

(a)to encourage any person to disclose information that may be relevant to a fit and proper assessment to the regulated institution or APRA;

(b)to enable the disclosure to APRA of any information the regulated institution is required to provide under this Prudential Standard; and

(c)for giving or obtaining any consents required for the collection and use of any information:

(i)      by the regulated institution to comply with the Fit and Proper Policy or this Prudential Standard; and

(ii) by APRA for its powers and functions under the Act.

  1. The Fit and Proper Policy must require that sufficient documentation for each fit and proper assessment is retained to demonstrate the fitness and propriety of the regulated institution’s current, and recently past, responsible persons.

Whistleblowing[16]

[16] Also refer to the provisions for the protection of whistleblowers in Part IIIA of the Insurance Act and the provisions for not constraining persons from providing information in GPS 510.

  1. The Fit and Proper Policy must include adequate provisions to allow whistleblowing if a person believes that a responsible person does not meet the regulated institution’s fit and proper criteria.  The Fit and Proper Policy must ensure that the regulated institution and its subsidiaries consent to the person notifying either the person responsible for conducting fit and proper assessments or APRA of that belief and the reasons for it.

  1. The Fit and Proper Policy must include adequate provisions to allow persons who believe that the regulated institution has not complied with this Prudential Standard to notify APRA of that belief and the reasons for it. 

  1. The Fit and Proper Policy must provide that the regulated institution and its subsidiaries consent to any person who held a responsible person position disclosing information or providing documents to APRA relating to their reasons for resignation, retirement or removal.

  1. A regulated institution must not, and must ensure that its subsidiaries do not, constrain, impede, restrict or discourage, whether by confidentiality clauses, policies or other means, any person from disclosing information or providing documents to APRA about matters referred to in paragraphs 42, 43, or 44.[17]

    [17] Also refer to section 38C of the Act.

  1. The Fit and Proper Policy must require that any provisions of the policy and the Act encouraging whistleblowing are adequately communicated to directors and employees of the regulated institution and its subsidiaries who are likely to have information relevant to fit and proper assessments.

  1. APRA does not require that a regulated institution impose an obligation on any person to make the disclosures under paragraph 42, 43 or 44.  However, the Fit and Proper Policy must require that all reasonable steps be taken to ensure that no person making such disclosures in good faith is subject to, or threatened with, a detriment because of any notification in purported compliance with the requirements of the Fit and Proper Policy.

When a responsible person is not fit and proper

  1. Where a regulated institution has assessed that a person is not fit and proper, or a reasonable person in the regulation institution’s position would make that assessment, the institution must take all steps it prudently can to ensure that the person:[18]

    [18]         Including the actions outlined in the Fit and Proper Policy in accordance with paragraph 32.

(a)is not appointed to; or

(b)for an existing responsible person, does not continue to hold

the responsible person position.

Informing APRA

  1. A regulated institution must, within 28 days of when this Prudential Standard applies to it, notify APRA of the following information for each responsible person:

(a)the person’s full name;

(b)the person’s date of birth (for identification purposes only);

(c)the person’s position and main responsibilities; and

(d)a statement of whether the person has been assessed under the Fit and Proper Policy.

  1. A regulated institution must ensure that the information provided under paragraph 49 remains correct for all of its responsible persons.  It must provide revised information to APRA within 28 days of any change or new appointment.

  1. A regulated institution must notify APRA within 10 business days if it assesses that a responsible person is not fit and proper.  If the person remains in the responsible person position, the notification must state the reason for this and the action that is being taken. 

  1. The information or notifications required by this Prudential Standard must be given in such form, if any, and by such procedures, if any, as APRA publishes on its website from time to time.

  1. A regulated institution must take reasonable steps to:

(a)obtain any information and documentation that APRA asks of it; and

(b)provide that information to APRA

to assist APRA in assessing the fitness and propriety of a person.  This may include providing the Fit and Proper Policy to APRA on request.

  1. APRA does not and will not require disclosure of spent convictions where precluded under Part VIIC of the Crimes Act 1914.

Adjustments and exclusions

  1. APRA may by notice in writing to a regulated institution adjust or exclude a specific prudential requirement in this Prudential Standard in relation to that regulated institution.[19]

    [19] Refer to subsection 32(3D) of the Act.

Determinations made under previous GPS 520

  1. A notice issued under paragraph 48 of Prudential Standard GPS 520 Fit and Proper made on 2 March 2006 adjusting or excluding a specific prudential requirement in any paragraph of that Prudential Standard is taken, on and from the effective date, to have been a notice issued under paragraph 55 of this Prudential Standard adjusting or excluding, as the case may be, the corresponding specific prudential requirement in an equivalent paragraph of this Prudential Standard.

  1. An approval, determination, direction or requirement made by APRA under a provision specified in Column 1 of the following table that is in operation immediately prior to the commencement of this Prudential Standard is taken, on and from the effective date, to have been made under the provision of this Prudential Standard specified in the same row of Column 2 of the table.

Column 1: Provision of Prudential Standard GPS 520 Fit and Proper made on 2 March 2006

Column 2: Provision of this Prudential Standard

Paragraph 12: determine that any person is a responsible person

Paragraph 14

Paragraph 13: determine that a person is not a responsible person in relation to a particular position.

Paragraph 15

Paragraph 22(c): notify an insurer that APRA has no objection to a person holding the position of auditor or actuary.

Paragraph 29(c)

Paragraph 29: approve a period of time longer than 90 days for the interim appointment to a responsible person without a full fit and proper assessment. 

Paragraph 36


Actions
Download as PDF Download as Word Document


Cases Citing This Decision

0

Cases Cited

0

Statutory Material Cited

0