GPG 232 Custody Arrangements

This prudential practice guide supersedes CrossIndustry Circular No.1 — Custodian Requirements for APRA Supervised Entities issued in November 2000 in so far as it applies to ‘general insurance companies’ as described in that Circular. That Circular ceases to apply to general insurers (insurers) with effect from the date of release of this prudential practice guide.

Prudential Standard GPS 220 Risk Management (GPS 220) and Prudential Standard GPS 231 Outsourcing (GPS 231) set out APRA’s requirements of insurers in relation to risk management and outsourcing respectively. Those Prudential Standards set out concepts that are applicable across all of an insurer’s operations, including external custody arrangements.[1] This prudential practice guide aims to assist insurers in complying with those requirements and, more generally, to outline prudent practices specifically in relation to external custody arrangements.

Subject to the requirements of GPS 220 and GPS 231, insurers have the flexibility to manage their external custody arrangements in the way most suited to achieving their business objectives.

Not all the practices outlined in this prudential practice guide will be relevant for every insurer and some aspects may vary depending upon the size, complexity and risk profile of the insurer.

There are requirements relating to custodians and external custody agreements in Prudential Standard GPS 120 Assets in Australia (GPS 120). Non-compliance with those requirements results in any interest in assets held by a custodian being excluded as an asset in Australia.[2]

This prudential practice guide applies to external custody arrangements (where an insurer engages an external party to act as its custodian[3]), including arrangements with a related entity (or entities) in the same corporate group.[4]

This prudential practice guide does not apply to arrangements that either insurers or their custodians have with securities depositories, whether in Australia or overseas.

Where an insurer has entered into an external custody arrangement, one of the risks that will in most circumstances be identified by the insurer in its RMS is the risk of the custodian failing to adequately safeguard the insurer’s assets.

For the purposes of GPS 231, an external custody arrangement is typically considered to be a material outsourcing arrangement if the assets held under that arrangement are material in value. Prudential Practice Guide PPG 231 Outsourcing provides further guidance as to materiality.

To ensure appropriate levels of policyholder protection, it is critical that the assets supporting the financial soundness of an insurer are safely and accurately maintained across all jurisdictions. It is good practice for an insurer to:

have a clear understanding of the external custody arrangements in place to hold its assets;

be satisfied that these arrangements are safe and transparent;

be satisfied that a complete assessment of risks associated with these arrangements has been carried out; and

monitor service levels under an external custody arrangement on an ongoing basis.

In respect of external custody arrangements, an insurer would typically conduct regular reviews by seeking information to satisfy itself that:

the custodian’s audited internal controls are adequate and continue to operate effectively;

the custodian’s resources are sufficient; and

the custodian is financially sound.

An insurer would typically consider whether:

the custodian’s controls ensure that the insurer’s assets are secure; and

the custodian has appropriate procedures for the acceptance, execution and settlement of authorised instructions.

An insurer would typically seek periodic information from the custodian in respect of the adequacy and effectiveness of such controls and actions taken or planned to address any concerns.

APRA envisages that an insurer would consider whether the custodian has, and continues to have, the appropriate organisational structure, staffing capabilities, business continuity management procedures, administrative resources and arrangements for holding the insurer’s assets.

In assessing the custodian’s financial soundness, APRA envisages that an insurer would consider the adequacy of the custodian’s capital and its insurance or guarantee arrangements.

An insurer would typically satisfy itself as to the continued effectiveness of the custodian’s process of selecting, monitoring and reviewing its sub-custodians, including the testing and auditing of their operations.

APRA envisages that an external custody agreement would provide for it to be subject to the laws of a state or territory of Australia. However, this does not apply where:

the assets held under that agreement are foreign assets; and

there are foreign laws that prevent the agreement from being subject to the laws of a state or territory of Australia.[5]

In addition to the issues that are required to be dealt with in an external custody agreement in order for interests in the assets held under the external custody agreement not to be excluded as assets in Australia under GPS 120, the following issues would typically be addressed in a contract with a custodian:

that the custodian is prohibited from taking a charge, mortgage, lien or other encumbrance over, or in relation to, assets of the insurer. The custodian may, however, do this for expenses and outlays made within the terms of the agreement (but not including unpaid custodian or sub-custodian fees);

that the custodian accepts responsibility for liability arising from its failure, or failure of its agents and/or its sub-custodians, to exercise reasonable care based on the standards applicable to the custodian in the relevant market (refer paragraphs 25 to 26 of this prudential practice guide);

that, in the event that the insurer suffers loss due to those acts or omissions for which the custodian is liable, or for which it accepts liability, the right of the insurer to recover from the custodian is not dependent upon the right of the custodian to recover against any of its agents or subcustodians;

that the custodian will, prior to arranging for assets of the insurer to be held by a subcustodian, provide the insurer with written notice of the identity of each sub-custodian with which the assets of the insurer are intended to be placed; and

that the custodian will notify the insurer in writing of any subsequent appointments of new or replacement sub-custodians, at the earliest practicable time but in any event, no later than 10 business days after the appointment has been made.

An insurer would typically ensure that an external custody agreement provides for each material or systemic breach of the agreement to be brought to the insurer’s attention for consideration. APRA envisages that the external custody agreement would provide for such reporting to be within a reasonable time of the custodian becoming aware of the breach.

The external custody agreement would typically provide for a right on the part of an insurer to terminate the agreement where the insurer has reasonable grounds to believe that the custodian is not complying with, or is unlikely to comply with, the requirements of GPS 120, the agreement, or other relevant legislation.

where the custodian is unable, or is about to become unable, to meet its liabilities; and

where there is a change in the effective control of the custodian. This may occur, for example, through an acquisition or merger.

APRA envisages that the external custody agreement would provide, upon termination:

for the assets to be transferred into the name of the insurer[6] (if not already held in the name of the insurer) or otherwise to be transferred as the insurer lawfully directs (including to another custodian);

for the insurer to specify the timeframe within which assets are to be transferred following termination.

Apart from the requirements in GPS 231, APRA envisages that an insurer would have appropriate mechanisms in place to ensure that any directions issued by APRA to the insurer in relation to assets held by the custodian are effectively relayed to the custodian on a timely basis. The insurer would typically be satisfied that the custodian has adequate processes in place to implement any relevant directions the insurer is issued by APRA.

APRA envisages that the external custody agreement would contain a provision to the effect that, if the insurer is issued a relevant direction by APRA, the custodian will undertake not to obstruct any action taken by the insurer to comply with the direction.

GPS 220 requires an insurer’s RMS to document the insurer’s systems for ensuring compliance with prudential requirements. The insurer would typically consider the custodian’s processes for handling the insurer’s assets as part of the insurer’s systems for ensuring compliance with prudential requirements.

An insurer would typically monitor relevant practices in the external custody market to gauge the standards of reasonable care that should apply in the context of the insurer’s obligations to its policyholders and in implementing subparagraph 17(b) in this prudential practice guide.

The insurer would typically have a clear understanding of the provisions of the agreement setting out the risks borne by each party to the agreement. In particular, the insurer would typically satisfy itself with respect to:

the types of risk it is carrying; and

the risks for which the custodian does not accept liability. For example, the custodian may not accept liability for losses arising from the insolvency of its sub-custodians or investment-related events, such as counterparty default.

For notification of external custody arrangements, APRA envisages that the following would be specified in the notification:

the insurer’s Board is aware, in relation to the services of the custodian, that it is responsible for the custody and control of the assets of the insurer and for compliance with the Insurance Act 1973, the Financial Sector (Collection of Data) Act 2001 and other laws and regulations relevant to the insurer;

the insurer has assessed the various risks that could arise from the use of a custodian, including risks arising from any limitation of the custodian’s liability under the external custody agreement, and has systems in place to monitor and manage those risks;

there are adequate systems in place to monitor the operation of the custody arrangements including the identification of, and action to be taken in response to, material and/or systemic breaches;

the insurer is satisfied with the procedures, processes and standard of care of the custodian to safeguard the interests of policyholders, including to ensure that only properly authorised transactions are accepted, executed and settled; and

the insurer is satisfied that the custodian’s administration and reporting systems are adequate to ensure that APRA’s prudential requirements and other relevant legislation are complied with and the risk control measures required by the insurer are implemented.

In making the Risk Management Declaration, the Board could consider whether:

it is satisfied that any external custody agreement entered into by the insurer has been complied with and that only properly authorised transactions have been accepted, executed and settled;

it is satisfied that, in using the services of a custodian, all relevant legal requirements have been complied with;

it is satisfied that the risk control measures it has in place are sufficient to properly manage any risks to the insurer’s assets that are being held with the custodian;

the use of the external custody arrangements (including the system of the custodian to select and monitor its subcustodians) continues to be in the best interests of the insurer’s policyholders;

all reported material and/or systemic breaches (if any) of the external custody agreement have been evaluated and the insurer has either initiated appropriate action or has determined that no action is appropriate; and

it is satisfied that during the period it has complied with the requirements of any prudential standards in relation to the use of custodians.