APRA finalises risk management standard
The Australian Prudential Regulation Authority (APRA) has issued an amended prudential standard on risk management, but has rejected many of the industry’s concerns about responsibility falling onto boards.
CPS 220 and its accompanying practice guide CPG 220 will take effect on January 1, a year after APRA finalised the standard and asked for feedback on the guide, which led to it amending the standard.
APRA received five submissions to a consultation on the amendments, and says they were broadly supportive.
Some submissions argue using the term “ultimate responsibility” for boards’ obligations on risk management frameworks could have unintended consequences for directors’ liability.
APRA says it has considered this at length, but the term is commonly used elsewhere so it has not changed CPS 220.
Some submissions also argue that stating boards must “form a view of the risk culture” is opaque.
But APRA says risk culture is fundamental to an effective risk management framework, and it is appropriate for a board to have a key role in monitoring and influencing this culture.
“APRA recognises it can be difficult to clearly articulate the risk culture of an institution and that thinking on risk culture is evolving,” it says.
The regulator has not amended CPS 220 but will monitor how risk culture changes over time.
It has made some minor clarifications in the practice guide.