Industry loses fight for combined CRO role
The Australian Prudential Regulation Authority (APRA) has rejected industry calls for the role of chief risk officer to be undertaken by insurers’ chief actuaries.
“An appointed actuary has to provide an opinion on the financial position and value of liabilities of the institution and has other responsibilities that are considered part of the first line of defence,” the regulator says in its response to industry submissions.
“These responsibilities include an assessment of the suitability and adequacy of the risk management framework.”
APRA says if an appointed actuary also became a CRO, the two roles could be compromised, so its standard on risk harmonisation will ban actuaries from taking on such duties.
But it has given smaller insurers some hope, ruling it will accept requests for exemptions to this rule.
“Where an institution seeks an alternative arrangement under the standard, the board is expected to demonstrate… it has undertaken a process to identify conflicts [and] has established structural oversight and controls to mitigate the additional risk.
“APRA will assess the appropriateness of alternative arrangements on a case-by-case basis.”
Industry submissions also questioned the requirement for CROs to have direct access to boards, arguing it is up to companies to decide their reporting structures.
APRA maintains the CRO role is important and should feature in the senior reporting team.
“To reflect this importance, the CRO needs to have a seat at the executive management table, members of which report directly to the CEO. Accordingly, APRA has not changed its position on the CRO reporting to the CEO.”
The regulator has also rejected calls for the standard to allow boards to “take reasonable steps” to ensure risk management responsibilities are met.
It says insurers’ boards must play an active role in risk management frameworks.
“A board can delegate to its committees and senior management the implementation of elements of the risk management framework.
“However, delegation of authority will not absolve the board of accountability for overseeing the adequacy and appropriateness of the risk management framework and its implementation.”
The standard will take effect next January 1.