The Australian Prudential Regulation Authority (APRA) wants to make risk management in the financial services industry easier by having the same rules across general and life insurers and the banks.

It has put together a package of new standards to harmonise the regulations by consolidating some standards that apply to insurers with those of the banks. And vice-versa.

It’s a sensible move, as many financial institutions selling insurance are both banks and insurers.

But the regulator has managed to slip a few ideas into the new proposed standards that won’t please the companies they’re aimed at – and they’re also unlikely to be cheap to implement.

Probably the biggest concern for insurers is the requirement to appoint an independent chief risk officer (CRO).

In the draft proposed standard (CPS 220), APRA wants an insurer’s risk management functions to be overseen by a designed CRO.

“The CRO must be involved in, and have the authority to provide effective challenge to, activities and decisions that may materially affect the institution’s risk profile,” the draft standard says.

“The CRO must be independent from business lines, the finance function and other revenue-generating responsibilities.”

APRA has ruled out the CEO, CFO, appointed actuary or head of internal audit taking on the job.

“The CRO must have a direct reporting line to the CEO and have regular and unfettered access to the board and the board risk committee,” the standard proposes.

In most insurers, this will be a new role and will be seen as being on par with the CEO and CFO in an organisation’s management hierarchy.

According to Financial Recruitment Group MD Judith Beck, the CRO would command a salary of $250,000-$400,000, depending on the size of the organisation, with incentives added to the base salary.

Ms Beck says trying to recruit somebody of this calibre with the right expertise will be a long process as they do not move based purely on financial incentives.

“These people are more conservative, highly skilled and tend to be loyal to an organisation,” she told insuranceNEWS.com.au.

“To meet the requirements of the job means it is not a junior role as a CRO will have to hit the ground running.”

Ms Beck says the requirement for the CRO to deal with boards will means any appointments will favour people with legal backgrounds.

APRA has put a July 1 2014 deadline for the implementation of the new standard, but that might not leave enough time for an insurer to recruit somebody.

“A person who could fit the CRO role might be on a contract that requires six months notice,” Ms Beck says.

“It could also take a number of months to attract the right candidate as they would not make a decision over a cup of coffee.”

She says insurers should be thinking about the job selection criteria of the CRO at least 12 months before the implementation date if they want to attract the right person.

Under the new standard, insurers will have to create a risk management strategy, a written business plan setting out their operational implementation of the strategy and a board risk management committee.

The business plan must be reviewed annually and the results reported to the board.

Insurance company boards will also have to make annual declarations to APRA on their companies’ risk management.

The document will have to be signed by both the board and the risk committee chairman before being submitted to the regulator.

With all the regulation that has been imposed in the past year – unfair terms in contracts, Future of Financial Advice and super changes among them – the last thing insurers want is more regulation.

But APRA hasn’t just limited itself to risk management. Last week it also released draft Prudential Standard CPS 510, which covers governance.

This 27-page standard lays down the law on insurers’ board and senior management structures, joint ventures, remuneration, auditors and how people must be allowed to give information to APRA unimpeded.

The cost of meeting all these governance requirements isn’t known at present, but APRA does seem to be concerned about a backlash because it has asked for cost-analysis submissions from the industry.

In fairness, many insurers will already be meeting many of the requirements, but the appointment of a CRO and possible board changes to find an independent director for the risk management committee will add to the bottom line.

Governance has been a big cost in the financial year so far, and it looks like the next one is going to be no different.