Insurers and other financial institutions must not be “caught unawares” by government policy changes in response to a warming climate, Australian Prudential Regulation Authority (APRA) Chairman Wayne Byres warns.

These responses are “changing the dynamics of economies and industries,” Mr Byres says.

The biggest risk from a climate perspective to insurers and lenders is “not just the physical risks from a changing climate itself” but the regulatory adjustments that are happening at pace across the world, Mr Byres says.

“The risks are increasingly very real, and immediate,” he says.

The scientific link between rising carbon emissions and warming temperatures is clear, but the tools and methods for risk analysis are still in their relative infancy. Not only are the direct impacts difficult to assess, but so are the potential technological and policy responses.

“Our work on climate risks reflects our preventative, prudential role,” Mr Byres told the Committee for the Economic Development of Australia during a speech delivered in Sydney last week.

Since 2016, APRA has been raising awareness of climate-related risks to the financial sector, and Mr Byres says that particularly in insurance, this “has been pushing on an open door” as the industry as a whole has been increasingly alert to the potential risks of a changing climate.

“The general insurance sector, which is at the forefront of many of the physical climate risks, needs no regulatory impetus to want to understand the issue better,” Mr Byres said.

Given the long-term and unprecedented nature of climate risks, understanding and managing them is “easier said than done,” he said.

“An improved understanding of the impacts of climate change should equip the financial sector to grasp the business opportunities that a changing climate will generate, as new investment is needed, new technologies emerge, and economies and new businesses grow.”

Mr Byres outlined how APRA is broadening its supervisory focus with a particular emphasis on the financial risks associated with climate change, cyber, and “GCRA” – governance, risk culture, remuneration and accountability.

Cyber presents “arguably the most difficult prudential threat” as it’s driven by malicious and adaptive adversaries who are intent on causing damage.

“Cyclones and bushfires can be devastating, but they’re not doing it on purpose,” he said. “We all need to move with speed.”

APRA is close to finishing independent cyber security reviews with nine pilot entities and this will be followed by a 12-month period where all APRA entities will be asked to conduct independent assessments against the CPS 234 code, providing “an important baseline level of assurance across the system”.

“We also want better information on an ongoing basis, so are piloting a new data collection exercise on technology and cyber risks, and we are working on a more active cyber defence testing regime,” Mr Byres says.

That will involve specialists “actively probing” for gaps and weaknesses in an institution’s cyber defences, using tools and techniques employed by criminals.

“We have a pilot exercise underway, which we hope will give us valuable insights into … any systemic weaknesses that may present a risk to the integrity of the Australian financial markets and financial system,” the speech says.