No room for complacency as cyber, climate risks grow: APRA
The general insurance industry and wider financial services sector have been cautioned against slipping into complacency after the recent collapses of Silicon Valley Bank in the US and Swiss lender Credit Suisse.
Australian Prudential Regulation Authority (APRA) Deputy Chair Helen Rowell says the demise of the two banks are a “stark reminder” of the new digital age in which social media “significantly increases” the speed with which bank runs may now occur.
“These events raised fears of contagion risk undermining stability here and signalled that an organisation’s distress may have systemic consequences, even if it is not extremely large, highly connected to other financial counterparties or involved in critical financial services,” Ms Rowell said.
“While this most recent test is still playing out, APRA and peer regulators have already begun examining what happened, learning lessons, and considering whether regulatory settings or supervisory responses need to be adjusted.”
Ms Rowell, who will leave her role next month, says “there is no room for complacency when it comes to sound governance and risk management”.
Sound governance and risk management remain as crucial as ever, she says, pointing to “gathering clouds” like growing cyber threats and climate transition that potentially could “threaten the resilience of the financial sector”.
“APRA has a role to play in making sure industry is positioning itself well to meet these challenges,” Ms Rowell said in her final speech on behalf of the regulator.
“However, ultimately it is entity boards that need to effectively manage their risks and always run their institutions prudently.”
She says the general insurance industry is now “further advanced in its governance and risk management practices” than in 2001, when HIH Insurance collapsed due to poor governance and risk management.
But the business interruption (BI) legal fallout during the pandemic shows the work in governance is never over.
“As we saw during the pandemic in relation to business interruption insurance, and the insurance risk management reviews that APRA subsequently required, there is no room for complacency when it comes to sound governance and risk management,” Ms Rowell said.
“A key lesson for all boards – whether in the insurance industry or not – is the importance of embracing a culture of independent review and challenge, seeking different perspectives, and continuing to evolve and strengthen practices when it comes to managing core business risks.
“It is not a one-off, set and forget exercise but rather requires ongoing attention and enhancement.”