APRA reveals ‘constructively tough’ enforcement approach

The Australian Prudential Regulation Authority (APRA) has published the details of its new plan for mitigating and addressing prudential risks and holding regulated entities and individuals to account, following an independent review of its enforcement strategy.

APRA deputy chair John Lonsdale said the review, which was commissioned in November, found that the regulator had overall performed well in its primary role of protecting the “soundness and stability” of regulated entities, but admitted that better outcomes could be achieved by “taking stronger action earlier where entities were not cooperative or open, and by being more willing to set public examples”.

“Formal enforcement is an important weapon in our armoury when non-formal approaches are not delivering prudential outcomes. Particularly as our powers have recently been strengthened in a number of areas, the new enforcement approach will ensure we make use of those powers as the Parliament intended,” APRA chair Wayne Byres said.

“That means that in future, APRA will be less patient with the time taken by uncooperative entities to remediate issues, more forceful in expressing specific expectations, and prepared to set examples using public enforcement to achieve general deterrence.”  

The regulator’s new enforcement approach incorporates the seven recommendations that emerged from the enforcement review, including:

• adopting a constructively tough appetite to enforcement and setting it out in a board-endorsed enforcement strategy document
• ensuring APRA supervisors are supported and empowered to hold institutions and individuals to account, and strengthening governance of enforcement-related decisions
• combining APRA’s enforcement, investigation and legal experts in one strengthened support team, and ensuring resources are available to support the pursuit of enforcement action where appropriate
• strengthening cooperation on enforcement matters with the Australian Securities and Investments Commission (ASIC)

“The recommendations of the review will still mean that APRA, as a safety regulator, remains focused on preventing harm with the use of non-formal supervisory tools,” Mr Lonsdale said.

“However, APRA will be more willing to use the full range of its formal powers – such as direction powers and licence conditions – to achieve prudential outcomes and deter unacceptable practices.”

According to the regulator’s new plan, released on Tuesday (16 April), it will consider enforcement action in instances where an entity or individual has failed to “adequately” prevent or address prudential risks; conduct business with “honesty and integrity, or with due skill, care and diligence”; or deal with APRA in an “open, cooperative and constructive” way.

APRA would consider taking action in these instances if the conduct of an entity or individual has had a negative impact on “financial soundness, stability or, in the case of superannuation, the interests of members” or on the regulator’s ability to make an “accurate and timely assessment of an entity’s prudential risk profile”.

The prudential regulator noted, however, that meeting these criteria won’t immediately trigger enforcement action. Rather, in deciding what action to take, APRA will take into account four categories of principles: “risk-based”, “forward-looking”, “outcomes-based”, and “deterrence”.

One risk-based principle includes the prioritisation of issues and entities that pose the most serious prudential risks. The regulator would assess risk based on the nature of any provision engaged (i.e. criminal, civil or administrative); the actual or potential prudential impact of the matter (e.g. the value or number of people involved); duration and frequency of the matter; and history and behaviour of entities or individuals, among other considerations.

Another risk-based principle is not limiting the use of enforcement to financial risks.

“Where there are operational or behavioural risks that could have a material prudential impact, APRA will be equally prepared to use enforcement powers,” APRA’s Enforcement Approach report states.

Forward-looking principles include focusing on “preventing harm, mitigating risks and achieving ex ante remedial actions”, while outcomes-based principles include taking enforcement action based on the prudential outcomes APRA is trying to achieve.

“There will be circumstances where non-formal supervisory approaches are a more appropriate response to a serious prudential risk. This could include, for example, where non-formal approaches can result in timelier and more comprehensive remediation of risks,” the report states.

Deterrence principles include actively considering the need to “deter a recurrence of serious prudential risks both at the entity concerned and also more widely across the industry”.

“Taking enforcement action to hold entities and individuals to account when they do not meet their prudential obligations can have significant deterrent impacts, through demonstrating clear consequences for poor prudential outcomes. This includes both in respect of the specific entity or individual concerned and, where the action is made public, by the message it sends to other industry participants,” the report states.

However, APRA would need to “balance the benefits of public action against any immediate risks to financial stability”.

“Through making its enforcement actions public, APRA can influence industry behaviours far beyond the immediate targets of the actions. However, in some cases, financial stability could be harmed by making APRA’s enforcement actions public,” the report states.

APRA’s new enforcement plan reiterates that it will be working closely with other domestic and international regulators on matters of common interest, including with ASIC in relation to entities regulated by both.

Commissioner Kenneth Hayne had stressed in his final royal commission report the importance of information-sharing between the corporate and prudential regulators, warning that not doing so could result in further enforcement failings.

The commissioner had also recommended that APRA and ASIC co-regulate the Banking Executive Accountability Regime, as it has “both a conduct and prudential outlook” in that it requires authorised deposit-taking institutions (ADIs) and “accountable persons” to act with “honesty and integrity, and with due skill, care and diligence”, while also requiring them to take “reasonable steps to prevent matters from arising that would adversely affect the ADI’s prudential standing or prudential reputation and their actions”.

While ASIC will be moving forward with a greater focus on taking wrongdoers to court to ensure strong public denunciation of financial sector misconduct, Mr Byres noted that the regulator’s focus will always be on resolving issues before they cause harm largely through “non-formal tools”. 

APRA’s capabilities are also at the centre of another ongoing review, which is currently assessing the regulator’s decision-making processes, culture, internal governance arrangements, resources, staff expertise, information-sharing practices and statutory powers.

APRA said the capabilities review will take into account the regulator’s new enforcement approach.

[Related: APRA revises ADI credit risk management standard]