In May 2013 the prudential regulator of the financial services industry - the Australian Prudential Regulatory Authority (APRA) - released a discussion paper Harmonising Cross-industry Risk Management Requirements, as well as new cross-industry prudential standards on risk management and governance.

The proposal would harmonise risk management requirements for authorised deposit-taking institutions (ADIs), general insurers, life insurers, single industry groups (Level 2 groups) and conglomerate groups (Level 3 groups).

APRA intends that its proposed package of reforms would ensure the consistent application of its risk management requirements across its regulated industries and reflects its heightened expectations in this area. In particular, APRA believes that its approach is consistent with the enhanced focus and improvements in risk management practices following on from the global financial crisis.

A notable feature of APRA’s proposed enhancements to Prudential Standard CPS 510 Governance, is a requirement that boards of regulated institutions establish a Board Risk Committee, to which a designated Chief Risk Officer would be accountable.

The proposed cross-industry Prudential Standard CPS 220 Risk Management (CPS 220) consolidates existing risk management standards for insurers and includes some risk management requirements for ADIs that are currently spread across a number of ADI prudential standards.

Submissions on the proposal closed in early July and it is anticipated that the proposals will take effect from 1 January 2014.

More information about the proposals can be accessed here.

APRA’s proposal coincides with the release of KPMG’s Global Audit Committee Survey which revealed that almost half of the respondents felt that their risk management programs required 『substantial work’. The survey also noted that many audit committees also have oversight of the company’s risk management process as well as other major risks facing the company including financial, operational, cyber security and IT, and legal/regulatory compliance risks.

Survey respondents generally gave low ratings to their audit committee’s oversight of risk including 『understanding the committee’s risk oversight responsibilities’.

A copy of the survey can be accessed here.