Insurance (prudential standard) determination No. 5 of 2006 Prudential Standard GPS 510 Governance (Cth)
Insurance (prudential standard) determination No. 5 of 2006
Prudential Standard GPS 510 Governance
as amended
made under subsection 32(1) of the
Insurance Act 1973
This compilation was prepared on 3 September 2009
taking into account amendments up to Insurance (prudential standard) determination No. 11 of 2006 – Variation to Prudential Standard GPS 510 Governance
Prepared by the Office of Legislative Drafting and Publishing,
Attorney-General’s Department, Canberra
I, John Francis Laker, Chair of APRA under subsection 32(1) of the Insurance Act 1973 (‘the Act’), DETERMINE Prudential Standard GPS 510 Governance in the form set out in the Schedule, which shall apply to all general insurers and authorised non-operating holding companies (authorised NOHCs).
This instrument takes effect from 1 October 2006.
Dated 5 May 2006
[Signed]
John Francis Laker
Chair
Interpretation
In this Instrument
APRA means the Australian Prudential Regulation Authority.
authorised NOHC has the meaning given in section 3 of the Act and authorised non-operating holding company has the same meaning.
general insurer has the meaning given in section 11 of the Act.
Note A general insurer or authorised NOHC that does not comply with a standard may be issued with directions by APRA under paragraph 36(1)(a) of the Act. Non-compliance with a direction is an offence attracting a penalty of up to 300 penalty units (currently $33,000). Officers of the general insurer or authorised NOHC and other individuals may also be criminally liable (see section 37).
Schedule
Prudential Standard GPS 510 Governance comprises the 13 pages commencing on the following page.
Prudential Standard GPS 510
Governance
| Objectives and key requirements of this Prudential Standard The ultimate responsibility for the sound and prudent management of general insurers and authorised non-operating holding companies rests with their Board of directors. It is essential that regulated institutions have a sound governance framework and conduct their affairs with a high degree of integrity. A culture that promotes good governance is of benefit to all stakeholders of a regulated institution and helps to maintain public confidence in the institution. This Prudential Standard sets out minimum foundations for good governance of regulated institutions. It aims to ensure that regulated institutions are managed in a sound and prudent manner by a competent Board of directors, which is capable of making reasonable and impartial business judgements in the best interests of the regulated institution and which gives due consideration to the impact of its decisions on policyholders. The governance arrangements of regulated institutions build on these foundations in ways that take account of the size, complexity and risk profile of the institution. The key requirements of this Prudential Standard include: · specific requirements with respect to Board size and composition; · the chairperson of the Board must be an independent director; · a Board Audit Committee must be established; · regulated institutions must have a dedicated internal audit function; · certain provisions dealing with independence requirements for auditors consistent with those in the Corporations Act 2001; and · the Board must have a policy on Board renewal and procedures for assessing Board performance. A number of requirements also apply to foreign general insurers. |
Authority
This Prudential Standard, made under s32 of the Insurance Act 1973 (Insurance Act), applies to all general insurers (insurers) and authorised non-operating holding companies (authorised NOHCs) under the Insurance Act. Insurers and authorised NOHCs are collectively referred to as regulated institutions in this Prudential Standard.
Application
All insurers (except foreign general insurers[1]), have to comply with this Prudential Standard in its entirety.
[1] For the definition of “foreign general insurer” refer to section 3 of the Insurance Act 1973 (Insurance Act).
Foreign general insurers (foreign insurers) have to comply with only those provisions of this Prudential Standard which specifically indicate that they apply to foreign insurers. The obligations imposed by this Prudential Standard, on or in relation to foreign insurers, only apply in relation to its Australian business.
The Board and senior management
The Board of directors (the Board) of a regulated institution is ultimately responsible for the sound and prudent management of the regulated institution. This Prudential Standard sets out the minimum requirements that a regulated institution must meet in the interests of promoting strong and effective governance.
The Board of a regulated institution must have a formal charter that sets out the roles and responsibilities of the Board.
The Board, in fulfilling its functions, may delegate authority to management to act on behalf of the Board with respect to certain matters, as decided by the Board. This delegation of authority must be clearly set out and documented. The Board must have mechanisms in place for monitoring the exercise of delegated authority. The Board cannot abrogate its responsibility for functions delegated to management.
The Board must ensure that directors, and senior management of the regulated institution, collectively, have the full range of skills needed for the effective and prudent operation of the regulated institution, and that each director has skills that allow them to make an effective contribution to Board deliberations and processes. This includes the requirement for directors, collectively, to have the necessary skills, knowledge and experience to understand the risks of the regulated institution, including its legal and prudential obligations, and to ensure that the regulated institution is managed in an appropriate way taking into account these risks. This does not preclude the Board from supplementing its skills and knowledge through the use of external consultants and experts.
Senior management of the regulated institution (and senior management of a foreign insurer), with responsibilities relating to the business in Australia, must be ordinarily resident in Australia.
Members of the Board and senior management (and senior management of a foreign insurer) must be available to meet with APRA on request.
The Board (or, in the case of a foreign insurer, the senior officer outside Australia with delegated authority from the Board (senior officer outside Australia)[2]) must provide the Approved Auditor[3] and the Approved Actuary[4] of the regulated institution (including a foreign insurer), and the external auditor of an authorised NOHC, with the opportunity to raise matters directly with the Board (or, in the case of a foreign insurer, the senior officer outside Australia).
[2] Refer paragraph 14 for the definition of senior officer outside Australia with delegated authority from the Board.
[3] The Approved Auditor is one approved under section 40 of the Insurance Act.
[4] The Approved Actuary is one approved under section 40 of the Insurance Act.
Independence
For the purposes of this Prudential Standard, an independent director is a non-executive director who is free from any business or other association – including those arising out of a substantial shareholding, involvement in past management or as a supplier, customer or adviser – that could materially interfere with the exercise of their independent judgement. In assessing whether a director is independent, the Board must apply the definition of independence set out in the ASX Corporate Governance Council’s Principles of Good Corporate Governance and Best Practice Recommendations (Attachment A).
If the Board of a regulated institution is in doubt regarding a director’s independence, the regulated institution may refer the matter to APRA for guidance.
Definition of non-executive director
For the purposes of this Prudential Standard a reference to “non-executive” director is to be interpreted as meaning a director who is not a member of management.
Senior officer outside Australia (foreign insurers)
As in the case of locally-incorporated insurers, the ultimate responsibility for the safety and soundness of a foreign insurer resides with its Board. Foreign insurers must nominate a senior officer (whether a director or senior executive) outside Australia with delegated authority from the Board who will be responsible for overseeing the Australian branch operation.
Board composition
The Board of a regulated institution must have a minimum of five directors at all times.
The Board must have a majority of independent directors at all times. For regulated institutions that are subsidiaries[5] of other APRA-regulated institutions or overseas equivalents,[6] exceptions may apply as set out at paragraphs 26 to 28. For regulated institutions that are subsidiaries of a parent company that is not prudentially regulated exceptions may apply as set out at paragraph 29.
[5] “Subsidiary” means a subsidiary within the meaning of the Corporations Act 2001 (Corporations Act).
[6] An overseas equivalent is one which is not authorised in Australia but is authorised and subject to prudential regulation in a foreign country.
The chairperson of the Board must be an independent director of the regulated institution.
A majority of directors present and eligible to vote at all Board meetings must be non-executives.
The chairperson of the Board cannot have been the Chief Executive Officer (CEO) of the regulated institution at any time during the previous three years. If the position of the CEO is unexpectedly vacated, the chairperson may serve as an interim CEO. After a period of 90 days, approval must be sought from APRA to allow this arrangement to continue.
The chairperson must be available to meet with APRA on request.
For locally-owned and incorporated regulated institutions, a majority of directors must be ordinarily resident in Australia.
For foreign-owned locally incorporated regulated institutions, at least two of the directors must be ordinarily resident in Australia, at least one of whom must also be independent.
For foreign insurers, in addition to the requirement to have a senior officer outside Australia with delegated authority from the Board who is responsible for overseeing the Australian branch operation, there must be a senior manager[7] in Australia responsible for the local operation who is ordinarily resident in Australia.
[7] “Senior manager” is defined in Prudential Standard GPS 520 Fit and Proper Requirements. Note, the person who performs this role must be the same as the “Agent in Australia” as required under s118 of the Insurance Act.
Board representation must be consistent with a regulated institution’s shareholding. Where a shareholding constitutes not more than 15% of a regulated institution’s voting shares there should not be more than one Board member who is an associate of the shareholder where the Board has up to six directors, and not more than two Board members who are associates of the shareholder where the Board has seven or more directors. A director is taken to be an associate of a shareholder for the purposes of this clause, if the director is an “associate” of the shareholder, or the shareholder is an “associate” of the director, according to the definition of “associate” in clause 4 of Schedule 1 of the Financial Sector (Shareholdings) Act 1998. That definition is to be applied for the purposes of this clause as if subparagraph (1)(l) of that definition were omitted.
Where an individual shareholding is greater than 15%, as approved under the Financial Sector (Shareholdings) Act 1998, the Board representation of that shareholding can be greater than allowed in paragraph 24, although it must still be broadly proportionate to the shareholding concerned.[8]
[8] Note, where the proportionate shareholding does not equate to a whole number, it can be rounded to the nearest whole number.
Regulated institutions that are subsidiaries of other APRA-regulated institutions or overseas equivalents
For a regulated institution that is a subsidiary of another APRA-regulated institution or an overseas equivalent, the Board of the regulated institution must have a majority of non-executive directors, but these non-executive directors need not all be independent. They can include Board members or senior management of the parent company or its subsidiaries, but not executives of the regulated institution or its subsidiaries.
A regulated institution to which paragraph 26 applies will be required to have, at a minimum, two independent directors, in addition to an independent chairperson, where the Board has up to seven members. Where the Board has more than seven members, the regulated institution will be required to have at least three independent directors, in addition to an independent chairperson.
For the purposes of meeting the requirements in paragraph 27, the independent directors on the Board of the parent company or its other subsidiaries can also sit as independent directors on the Board of the regulated institution.
Subsidiaries with a parent that is not prudentially regulated
For a regulated institution that is a subsidiary of another entity, not covered by the arrangements in paragraphs 26 to 28 of this Prudential Standard, the Board must have a majority of independent directors. However, independent directors on the Board of the parent company or its other subsidiaries can also sit as independent directors on the Board of the regulated institution.
Regulated institutions that are part of a corporate group
Where a regulated institution is part of a corporate group[9] (group) and the regulated institution utilises group policies or functions, the Board of the regulated institution must ensure that these policies and functions give appropriate regard to the regulated institution’s business and its specific requirements.
[9] A “corporate group” comprises more than one company that are related bodies corporate within the meaning of section 50 of the Corporations Act.
Joint ventures
For the purposes of this Prudential Standard, a regulated institution that operates as a joint venture can be considered as part of the group of each parent entity. Independent directors of a parent can sit as independent directors on the Board of the joint venture entity. However, the general concessions available to subsidiaries in paragraphs 26 to 28 will not be available to joint ventures.
Board Audit Committee
A regulated institution must have a Board Audit Committee, which assists the Board by providing an objective non-executive review of the effectiveness of the regulated institution’s financial reporting and risk management framework unless, with respect to risk management, there is another Board Committee which carries out this function.
The Board Audit Committee must have sufficient powers to enable it to obtain all information necessary for the performance of its functions.
The Board Audit Committee must have at least three members. All members of the Committee must be non-executive directors of the regulated institution. A majority of the members of the Committee must be independent.
The chairperson of the Board Audit Committee must be an independent director of the regulated institution.
The chairperson of the Board can sit on the Board Audit Committee, but cannot chair the Committee.
The Board Audit Committee must have a charter that includes a reference to the fact that the Committee is responsible for the oversight of APRA statutory reporting requirements, as well as other financial reporting requirements, professional accounting requirements, internal and external audit, and the appointment of the regulated institution’s auditor.
The Board Audit Committee must review the Approved Auditor’s engagement at least annually, including making an assessment of whether the Approved Auditor meets the Audit Independence tests set out in Professional Statement F1 Professional Independence,[10] as well as the additional auditor independence requirements set out in this Prudential Standard. For a foreign insurer, it will be the responsibility of the senior officer outside Australia to undertake this assessment.
[10] Professional Statement F1 was jointly issued by CPA Australia and The Institute of Chartered Accountants in Australia in May 2002 and revised in December 2004.
The Board Audit Committee must regularly review the internal and external audit plans, ensuring that they cover all material risks and financial reporting requirements of the regulated institution. It must also regularly review the findings of audits, and ensure that issues are being managed and rectified in an appropriate and timely manner.
The Board Audit Committee must ensure the adequacy and independence of both the internal and external audit functions.
The members of the Board Audit Committee must, at all times, have free and unfettered access to senior management, the internal auditor, the heads of all risk management functions, the insurer’s Approved Auditor and Approved Actuary, and an authorised NOHCs external auditor, and vice versa.
The Board Audit Committee must establish and maintain policies and procedures for employees of the regulated institution to submit, confidentially, information about accounting, internal control, compliance, audit, and other matters about which the employee has concerns. The Committee should also have a process for ensuring employees are aware of these policies and for dealing with matters raised by employees under these policies.
Members of the Board Audit Committee must be available to meet with APRA on request.
The Board Audit Committee must invite the insurer’s Approved Auditor (external auditor for an authorised NOHC) and Approved Actuary to meetings of the Committee.
The internal auditor must have a reporting line and unfettered access to the Board Audit Committee. For foreign insurers, the auditor of the local operation must have direct access to the Head Office audit function.
Internal audit
A regulated institution (including a foreign insurer in relation to its Australian business) must have an independent and adequately resourced internal audit function. If a regulated institution does not believe it is necessary to have a dedicated internal audit function, it must apply to APRA, in writing, seeking an exemption from this requirement, and set out reasons why it should be exempt. APRA may approve alternative arrangements for a regulated institution where APRA is satisfied that they will achieve the same objectives.
The objectives of the internal audit function must include evaluation of the adequacy and effectiveness of the financial and risk management framework of the regulated institution (including a foreign insurer). To fulfil its functions, the internal auditor must, at all times, have unfettered access to all the regulated institution’s business lines and support functions.
Auditor independence
The Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 introduced a number of new requirements into the Corporations Act 2001 (Corporations Act) in relation to auditor independence. The auditor independence requirements in this Prudential Standard are substantially consistent with those requirements, and are intended to help ensure the independence of an auditor engaged to perform work of a prudential nature in relation to the Insurance Act, the Prudential Standards and the Reporting Standards.[11]
[11] Reporting Standards are those standards made under the Financial Sector (Collection of Data) Act 2001.
The Board of an insurer (and the senior officer outside Australia in the case of a foreign insurer) must, to the extent practical, undertake steps to satisfy themselves that the auditor, who undertakes work for the insurer (or foreign insurer) in relation to the Insurance Act, the Prudential Standards, or the Reporting Standards, is independent of the insurer (or foreign insurer),[12] and that there is no conflict of interest situation that could compromise, or be seen to compromise, the independence of the auditor.
[12] “Independent of the insurer (or foreign insurer)” means that the auditor has been assessed as independent in terms of paragraph 38 of this Prudential Standard.
As part of the process of ascertaining the independence of the auditor, an insurer (including a foreign insurer) must obtain a declaration from the auditor to the effect that the auditor is independent, both in appearance and in fact, and has no conflict of interest situation, and that there is nothing to the auditor’s knowledge (either in relation to the individual auditor or any audit firm or audit company of which the auditor is a member or director) that could compromise that independence.
For the purposes of this Prudential Standard, a conflict of interest situation exists in relation to an insurer (or foreign insurer) at a particular time, if because of circumstances that exist at that time:
(a) the auditor is not capable of exercising objective and impartial judgement in relation to the conduct of the work that is undertaken for the insurer (or foreign insurer) in relation to the Insurance Act, the Prudential Standards or the Reporting Standards; or
(b) a reasonable person, with full knowledge of all relevant facts and circumstances, would conclude that the auditor is not capable of exercising objective and impartial judgement in relation to undertaking the work for the insurer (or foreign insurer) for the purposes of the Insurance Act, the Prudential Standards, or the Reporting Standards.[13]
[13] This definition is based on that used in the Corporations Act to describe the circumstances under which a conflict of interest situation is considered to exist, and is intended to be interpreted in a similar manner. Without limiting the situations that may cause a conflict to arise for the purposes of this Prudential Standard, it is expected that any circumstances of the type that would lead to a breach of the Corporations Act requirements for audit independence, whether or not these provisions actually apply in relation to the audit of the insurer (including a foreign insurer), will also result in a breach of the provisions of this Prudential Standard.
A person, who was a member of an audit firm or a director of an audit company, and who served in a professional capacity in the audit of an insurer (including a foreign insurer) in relation to the Insurance Act, the Prudential Standards or the Reporting Standards, cannot be appointed to the role of director or senior manager of that insurer until at least two years have passed since they served in that professional capacity.
A person, who was an employee of an audit company, other than a director of that company, and who acted as the lead auditor[14] or review auditor[15] in the audit of an insurer (including a foreign insurer) in relation to the Insurance Act, the Prudential Standards or the Reporting Standards, cannot be appointed to the role of director or senior manager of that insurer until at least two years have passed since they acted as the lead auditor or review auditor.
[14] Lead auditor means the registered company auditor who is primarily responsible to the audit firm or the audit company for the conduct of audit work conducted in relation to the Insurance Act, the Prudential Standards or the Reporting Standards.
[15] Review auditor means the registered company auditor (if any) who is primarily responsible to the individual auditor, the audit firm or the audit company for reviewing audit work conducted in relation to the Insurance Act, the Prudential Standards or the Reporting Standards.
A person cannot be appointed as a director or senior manager of an insurer (or a senior manager in the case of a foreign insurer) if:
(a) the person was, or is, a director of the audit company or a member of the audit firm that was, or is, responsible for the audit of the insurer in relation to the Insurance Act, the Prudential Standards or the Reporting Standards; and
(b) there is already another person employed as a director or senior manager of the insurer who was a director of the audit company or a member of the audit firm at a time when the audit company or audit firm undertook an audit of the insurer at any time during the previous two years.
An individual who plays a significant role[16] in the audit of an insurer (including a foreign insurer) in relation to the Insurance Act, the Prudential Standards or the Reporting Standards, for five successive years, or for more than five years out of seven successive years, cannot continue to play a significant role in the audit until at least a further two years have passed, except with an exemption from APRA. APRA may grant an exemption from this requirement if the individual provides specialist services that are otherwise not readily available or there are no other registered company auditors available to provide satisfactory services for the insurer.
[16] For the purpose of this paragraph “an individual who plays a significant role” means an individual auditor who acts as the auditor in respect of any of the requirements of the Insurance Act, the Prudential Standards or the Reporting Standards, or the lead or review auditor where such audit work is performed by an audit company or audit firm.
For the purposes of maintaining their independence and objectivity, the Approved Auditor and Approved Actuary of an insurer (including a foreign insurer), cannot both be employed by the same body corporate or related bodies corporate, or by the same firm or related firms.[17]
[17] For the purposes of this Prudential Standard, related firms means either two or more firms, or a firm and a body corporate, that have common ownership or management, or where one has a substantial shareholding in the other.
Board performance
The Board of a regulated institution must have procedures for assessing, at least annually, the Board’s performance relative to its objectives. It must also have in place a procedure for assessing, at least annually, the performance of individual directors.
Board renewal
The Board of a regulated institution must have a formal policy on Board renewal. This policy must provide details of how the Board intends to renew itself in order to ensure it remains open to new ideas and independent thinking, while retaining adequate expertise.
Persons not to be constrained from providing information to APRA
No prospective, current, or former officer,[18] employee, or contractor (including professional service provider) of a regulated institution (including a foreign insurer), may be constrained or impeded, whether by confidentiality clauses or other means, from disclosing information to APRA, from discussing issues with APRA of relevance to the management and prudential supervision of the regulated institution, or from providing documents under their control to APRA, that may be relevant in the context of the management or prudential supervision of the regulated institution. Such persons are not to be constrained from providing information to auditors, the Approved Actuary, and others, who have statutory responsibilities in relation to the regulated institution.
[18] “Officer” is defined in section 9 of the Corporations Act.
Regulated institutions (including foreign insurers) must ensure that their internal policy and contractual arrangements do not explicitly or implicitly restrict or discourage auditors or other parties from communicating with APRA.
Commencement and transitional arrangements
This Prudential Standard commences on 1 October 2006.
Upon commencement of this Prudential Standard, the existing governance requirements contained in Prudential Standard GPS 220 Risk Management will cease to have effect.
A regulated institution may be unable to comply immediately with particular requirements in this Prudential Standard upon commencement, due to the need to seek the approval of members to give effect to changes required by this Prudential Standard. If the regulated institution has notified APRA of this matter, in writing, prior to the commencement of this Prudential Standard, providing details of the next scheduled meeting of members that will allow the necessary approval to be sought, those particular requirements do not apply to that regulated institution on commencement of this Prudential Standard. In any event, those requirements will apply to the regulated institution not later than 31 March 2007.
Upon commencement of this Prudential Standard, the auditor rotation and independence requirements required by paragraph 55 will apply. However the auditor of an insurer (including a foreign insurer) not previously subject to the auditor rotation provisions in the Corporations Act can continue in this role even if they have already been the auditor for five successive years, or more than five out of seven successive years upon commencement of this Prudential Standard for a further period of not more than two years from the date of commencement of this Prudential Standard.
Adjustments and exclusions
APRA may by notice in writing to a regulated institution adjust or exclude a specific prudential requirement in this Prudential Standard in relation to that regulated institution.[19]
[19] Refer section 32(3D) of the Act.
Attachment A
Definition for the purpose of assessing independence[20]
[20] Reproduced from the ASX Corporate Governance Council’s Principles of Good Corporate Governance and Best Practice Recommendations as in force at March 2003.
An independent director is a non-executive director (i.e. is not a member of management) and:
is not a substantial shareholder[21] of the company or an officer of, or otherwise associated directly with, a substantial shareholder of the company
[21] It is stated that for the purpose of this definition a “substantial shareholder” is a person with a substantial holding as defined in section 9 of the Corporations Act.
within the last three years has not been employed in an executive capacity by the company or another group member, or been a director after ceasing to hold any such employment
within the last three years has not been a principal of a material professional adviser or a material consultant to the company or another group member, or an employee materially associated with the service provided
is not a material supplier or customer of the company or other group member, or an officer of or otherwise associated directly or indirectly with a material supplier or customer
has no material contractual relationship with the company or another group member other than as a director of the company
has not served on the board for a period which could, or could reasonably be perceived to, materially interfere with the director’s ability to act in the best interests of the company
is free from any interest and any business or other relationship which could, or could reasonably be perceived to, materially interfere with the director’s ability to act in the best interests of the company.
Notes to the Insurance (prudential standard) determination No. 5 of 2006
Prudential Standard GPS 510 Governance
Note 1
The Insurance (prudential standard) determination No. 5 of 2006 – Prudential Standard GPS 510 Governance (in force under subsection 32(1) of the Insurance Act 1959) as shown in this compilation is amended as indicated in the Tables below.
Table of Instruments
| Year and | Date of FRLI registration | Date of | Application, saving or |
| No. 5 of 2006 | 10 May 2006 (see F2006L01462) | 1 Oct 2006 | |
| No. 11 of 2006 | 4 Jan 2007 (see F2007L00042) | 4 Jan 2007 | — |
Table of Amendments
| ad. = added or inserted am. = amended rep. = repealed rs. = repealed and substituted | |
| Provision affected | How affected |
| Para. 32............................ | am. No. 11 of 2006 |
0
0
0