GPG 520 Fit and Proper

The Fit and Proper Policy of a regulated institution assists it in prudently managing the risk that responsible persons are not fit and proper. It will form a part of the institution’s broader risk management system.

A Fit and Proper Policy may be developed and implemented as a group policy provided the regulated institution meets the requirements of GPS 520, including paragraph 6 of GPS 520.

A regulated institution may consider extending its assessment process for fitness and propriety to a wider range of persons than is required under GPS 520. The assessment process under the Fit and Proper Policy could be adapted for this purpose.

The responsible persons of a regulated institution are those persons whose conduct is most likely to have a significant impact on its sound and prudent management. For a locally-incorporated insurer or an authorised NOHC these persons generally comprise directors, senior managers, auditors, actuaries and persons who perform certain functions in relation to subsidiaries. For a Category C insurer the persons generally comprise senior managers of the Australian operations who are ordinarily resident in Australia, auditors, actuaries, and persons ordinarily resident in Australia who perform certain functions in relation to subsidiaries.

Under GPS 520, consideration of whether a particular individual is a responsible person takes into account the person’s functions and duties and not simply their position title. In the case of a regulated institution with subsidiaries, consideration also takes into account whether the conduct of persons in the subsidiaries could materially damage the regulated institution.

APRA envisages that, for regulated institutions that are not Category C insurers, senior managers will include managers reporting directly to the Chief Executive Officer and those responsible for key aspects of risk management. Ordinarily, persons other than these would be unlikely to meet the definition of senior manager.

For Category C insurers, senior managers will include the key people resident in Australia. The number of senior managers within a Category C insurer will depend on the scale of its operations.

The application of certain provisions of GPS 520 is limited to people who are ordinarily resident in Australia. As a guide, a person might be considered ordinarily resident if they are likely to be in Australia for a majority of days in any 12-month period.

APRA envisages that only a limited number of the most senior people within a subsidiary would perform activities that have the ability to materially impact on the business or financial standing of the regulated institution for the purposes of paragraph 10(f) or 11(g) of GPS 520. It may be the case that no person in a given subsidiary meets this criterion.

A regulated institution may seek guidance from APRA if it is unsure of whether a particular person meets the definition of a responsible person.

Under paragraph 14 of GPS 520 APRA has the power to determine that additional persons are responsible persons. APRA does not expect that it would routinely use this power or use it to substantially increase the scope of the Prudential Standard. APRA will consult with a regulated institution before making a determination.

Under GPS 520 the skills and experience required by each responsible person depends on the person’s role. This will, in turn, be affected by the role undertaken by other responsible persons. For example, a director is generally expected to understand the role and responsibilities of a director and have a general knowledge of the institution, its business and its regulatory environment. However, each director is not generally expected to have all the competencies that the Board collectively needs if other directors have those competencies or they are obtained from external consultants or experts.

GPS 520 requires that, under its Fit and Proper Policy, a regulated institution will consider the nature and extent of a number of matters in conducting fit and proper assessments. Such matters ordinarily include, when relevant:

the person’s character, competence and experience relative to the duties involved, including whether the person:

possesses the necessary skills, knowledge, expertise, diligence and soundness of judgement to undertake and fulfil the particular duties and responsibilities of the role in question; and

has demonstrated the appropriate competence and integrity in fulfilling occupational, managerial or professional responsibilities previously and/or in the conduct of his or her current duties; and

whether the person:

has demonstrated a lack of willingness to comply with legal obligations, regulatory requirements or professional standards, or been obstructive, misleading or untruthful in dealing with regulatory bodies or a court;

has breached a fiduciary obligation;

has perpetrated or participated in negligent, deceitful, or otherwise discreditable business or professional practices;

has been reprimanded, or disqualified, or removed, by a professional or regulatory body in relation to matters relating to the person’s honesty, integrity or business conduct;

has seriously or persistently failed to manage personal debts or financial affairs satisfactorily in circumstances where such failure caused loss to others;

has been substantially involved in the management of a business or company which has failed, where that failure has been occasioned in part by deficiencies in that management;

is of bad repute in any business or financial community or any market; or

was the subject of civil or criminal proceedings or enforcement action, in relation to the management of an entity, or commercial or professional activities, which were determined adversely to the person (including by the person consenting to an order or direction, or giving an undertaking, not to engage in unlawful or improper conduct) and which reflected adversely on the person’s competence, diligence, judgement, honesty or integrity.

Conduct and events that took place overseas may also be relevant to the assessment.

When documenting the competencies required for each responsible person position, a regulated institution might consider documenting any training or induction processes required for each position, on appointment to the position and on an ongoing basis.

In assessing the fitness and propriety of a person to be the Appointed Actuary, a regulated institution would ordinarily consider whether there is a risk that the independent professional judgement of the Appointed Actuary may be unduly influenced.

There are additional criteria for the appointment of Appointed Auditors and Appointed Actuaries. There are also additional criteria for the appointment of responsible auditors of NOHCs.[1] These requirements reflect the importance of these positions and the need to ensure independence, including avoiding potential conflicts of interest.

The additional criteria require certain levels of experience. This may include experience with insurance businesses outside Australia. In such cases, the regulated institution will need to consider the extent to which the person can demonstrate competency that relates specifically to Australian conditions, including Australia’s prudential and regulatory requirements.

The fit and proper criteria in GPS 520 require the regulated institution to assess whether responsible persons meet certain requirements. If insufficient information is available to enable the regulated institution to prudently conclude that those requirements are met, particularly as a result of lack of cooperation by the person, the criteria are not met.

APRA does not require a regulated institution to necessarily bar or remove a person from a responsible person position solely on the basis that one of the matters listed at paragraph 13 has occurred. Depending on the circumstances, a listed matter may not be relevant to that assessment. Where a matter is relevant, the regulated institution may consider it in conjunction with other relevant matters such as materiality, elapsed time since the event, and repetition or duration of the behaviour. GPS 520 requires a regulated institution to apply prudent judgement in determining whether the person could be considered fit and proper for the responsible person position.

A person may be assessed as unfit for a particular responsible person position because of a lack of competence for that position or because of a conflict of interest that applies to the duties of that position. However, the person may still be fit and proper for another responsible person position because the competencies or conflicts were specific to the position. However, where a person is found to be not fit and proper due to a lack of character, diligence, honesty, integrity or judgement, that person will normally not be suitable for any responsible person position.

When assessing a person’s fitness and propriety, a regulated institution need not make enquiries about a matter that is unlikely to be material.A regulated institution will need to weigh the burden of documenting information and the risk of unnecessary disclosure of personal information with the possibility that this information might be material.

An annual performance review will typically be the appropriate time for the annual assessment of a responsible person’s fitness and propriety. However, if material information adverse to the assessment becomes known to a regulated institution during the year, GPS 520 requires that steps be taken without waiting for the annual performance review.

The Fit and Proper Policy may require persons to provide attestations relating to some or all of the matters required to be considered as part of a fit and proper assessment and specified at paragraph 13.

For a new appointment to a responsible person position, attestations or representations may assist in satisfying the requirement to make reasonable enquiries under paragraph 38 of GPS 520. However, APRA does not envisage that attestations and representations would be sufficient for a regulated institution to fully satisfy itself of a responsible person’s fitness and propriety on initial assessment. An initial assessment is likely to at least include Australian criminal record checks, as well as evidence of material qualifications.

Attestations or representations may be appropriate for interim appointments. If an attestation is later discovered to have been given in the knowledge that it was false, this will very likely indicate that the person should be removed. If a regulated institution appoints a person to a responsible position without an assessment and it is later discovered that the person was disqualified under the Insurance Act 1973 (Insurance Act) from holding the position, both the person and the regulated institution may commit an offence under the Insurance Act.

Attestations and representations covering the matters in paragraph 13 generally would be sufficient for an annual review of a responsible person’s fitness and propriety. However, these representations may not be conclusive e.g. if a person responsible for making the assessment becomes aware of any material matter not previously identified or considered. For the Appointed Auditor or Appointed Actuary, representations from a firm of which the auditor or actuary is a member may assist in assessing fitness and propriety.

In making an assessment under its Fit and Proper Policy, a regulated institution may consider, where prudent, taking into account other assessments of fitness and propriety or information collected for such assessments. In determining the weight to be given to other assessments, the regulated institution will ordinarily have regard to the time elapsed since the assessment was made and whether the criteria applied were comparable and relevant. In considering whether it would be prudent to take into account previously collected information, a regulated institution will ordinarily consider whether the information remains current. It is likely that such information would substitute for some, but not all, of the enquiries necessary for the institution’s fit and proper assessment.

For example, for those responsible persons who are responsible officers of the holder of an Australian financial services licence[2], relevant information may have been gathered during the licensing process and this information may be taken into account if the regulated institution believes that the information remains current.

Information gathered in support of an application for registration as a company auditor may assist a regulated institution in determining fitness and propriety of an Appointed Auditor. The assessment by the Australian Securities & Investments Commission of the fitness and propriety of a company auditor may be taken into account in a regulated institution’s own assessment of the Appointed Auditor’s fitness and propriety.

Where a regulated institution becomes aware of information that could lead to an assessment that a person is not fit and proper, taking reasonable steps as required under GPS 520 will generally include providing the person with a fair opportunity to put matters to the institution.

Regulated institutions have obligations under the Privacy Act 1988 (Privacy Act) relating to how they collect and use information about responsible persons. The obligations include informing responsible persons that information will be collected about them and the ways which the information may be used and disclosed. Regulated institutions may need to take steps to ensure compliance with the Privacy Act such as with National Privacy Principles 1.3 and 1.5 in Schedule 3.

In some instances a regulated institution may have information about a person that has not been collected for assessing fitness and propriety. Where this information is relevant, GPS 520 may require the use of that information for assessing fitness and propriety. The Privacy Act includes exemptions from the National Privacy Principles for conduct required by law, such as the requirement under the Insurance Act to comply with Prudential Standards. Where relevant, a regulated institution may consider seeking its own legal advice on these issues.

As a law of the Commonwealth, GPS 520 may override inconsistent State and Territory laws, if those laws are incapable of operating concurrently with GPS 520. For example, it may be necessary to read down a State law relating to employment where there is apparent inconsistency with GPS 520, but where the position is unclear, legal advice should be obtained. Accordingly, the Fit and Proper Policy of a regulated institution needs to meet the requirements of, and be implemented in a way that complies with, GPS 520 in all respects, even if it would breach a contract or apparently conflict with another law (other than a law of the Commonwealth). This applies regardless of whether the contractual relationships are in place as envisaged by paragraph 35.

To assist in complying with its Fit and Proper Policy, a regulated institution may consider putting in place appropriate contractual or other relationships. This may include responsible persons agreeing:

to provide any assistance that the regulated institution needs to obtain information for the implementation of its Fit and Proper Policy or GPS 520, including giving consents and taking steps to ensure that any person providing information in good faith will not be made liable for providing that information; and

not to seek damages or any other remedy from the regulated institution for implementing its Fit and Proper Policy or seeking to do so in good faith.

It may be necessary to amend the constitution of a regulated institution to ensure directors take office under terms that enable the regulated institution to ensure compliance with its Fit and Proper Policy. APRA does not require a regulated institution to convene an extraordinary meeting of its members only to consider such an amendment. However, a regulated institution will still need to consider whether its constitution requires such a meeting.

The steps that a regulated institution takes to ensure that a person does not hold a responsible person position for which they are not fit and proper may include:

not appointing the person or terminating their engagement;

redefining the person’s responsibilities pending further enquiries by the regulated institution or until the person receives further training or experience; or

if there are no effective steps prudently available, taking steps to facilitate APRA independently considering the person’s fitness and propriety. This in itself would not satisfy the regulated institution’s obligations to notify APRA of information under GPS 520.

APRA has powers under the Insurance Act to:

direct a locally incorporated insurer or authorised NOHC to remove a director or senior manager;[3]

direct a Category C insurer to remove a senior manager or the agent in Australia (where the agent is an individual);[4]

direct a corporate agent to remove a director or senior manager of the corporate agent;[5]

direct an insurer or authorised NOHC to end the appointment of the Appointed Auditor or Appointed Actuary;[6]

for a locally incorporated insurer or authorised NOHC, to apply to the Federal Court of Australia to disqualify a person from being, or acting as, a director or senior manager and, for a locally incorporated insurer, being an Appointed Auditor or Appointed Actuary;[7]

for a Category C insurer, to apply to the Federal Court of Australia to disqualify a person from being, or acting as, a senior manager, Appointed Auditor, Appointed Actuary or the agent in Australia (where the agent is an individual);[8] and

for a corporate agent, to apply to the Federal Court of Australia to disqualify a person from being, or acting as, a director or senior manager.[9]

APRA may give a direction of the kind referred to at paragraphs 38(a) to (c) if APRA is satisfied that the person:

either:

is disqualified under section 25A of the Insurance Act from being or acting as a director or senior manager of an insurer, NOHC or corporate agent; or

is otherwise a disqualified person[10] under the Insurance Act;[11] or

does not meet one or more of the criteria for fitness and propriety set out, where relevant, in paragraph 22 of GPS 520.[12]

APRA may give a direction of the kind referred to at paragraph 38(d) if APRA is satisfied that the person:

is disqualified under section 44 of the Insurance Act from holding such an appointment; or

does not meet one or more of the criteria for fitness and propriety set out, where relevant, in paragraphs 22 to 30 of GPS 520.[13]

The Federal Court of Australia may, on application from APRA, disqualify a person from holding an appointment as an Appointed Auditor or Appointed Actuary if it is satisfied that the person:

has failed to perform adequately and properly the functions and duties of such an appointment under the Insurance Act or the prudential standards; or

does not meet one or more of the criteria for fitness and propriety applicable to Appointed Auditors or Appointed Actuaries set out, where relevant, in paragraphs 22 to 30 of GPS 520; or

does not meet the eligibility criteria for such an appointment as applicable under paragraph 30 of GPS 520.[14]

The Federal Court of Australia may, on application from APRA, disqualify a person from being or acting as:

director or senior manager of a locally incorporated insurer or authorised NOHC;

an agent in Australia of a Category C insurer (where the agent is an individual); and

a director or senior manager of a corporate agent[15] if it is satisfied that the person is not a fit and proper person to be or act as such a person and the disqualification is justified.[16]

A person is also automatically disqualified in certain circumstances as set out under section 25 of the Insurance Act from being:

a Category C insurer’s agent in Australia; or

a senior manager of a regulated institution; or

for a regulated institution other than a Category C insurer, a director.

A regulated institution is not excused from meeting its obligations under GPS 520 on the basis that APRA has powers under the Insurance Act. APRA expects institutions to take the action needed so that only a person who is fit and proper acts in a responsible person position. For example, a regulated institution will need to assess promptly whether an Appointed Actuary is fit and proper if the regulated institution becomes aware of any non-performance by the person of duties or functions required by the Insurance Act or the Life Insurance Act 1995.

APRA’s powers apply independently of a regulated institution’s powers and duties when a responsible person is not fit and proper. APRA is not required to wait until a regulated institution has considered whether a responsible person is fit and proper. However, APRA will generally consult with a regulated institution and will not normally act to remove a responsible person until the regulated institution has had sufficient time to complete its consideration.

If a person whom APRA considers is not fit and proper is not removed from holding a responsible person position by the institution, APRA will exercise its powers as appropriate. For example, APRA may use its powers if a regulated institution faces difficulties in removing a director who is not fit and proper.

When assessing whether a person is fit and proper for a particular responsible person position or more generally, APRA will consider, among other matters, the matters listed at paragraph 13 to the extent that they are relevant.

If a regulated institution considers that a responsible person is fit and proper for a responsible person position but APRA considers otherwise, APRA may notify the institution that APRA will exercise its powers if certain requirements are not satisfied. Requirements that may be applied include limits to the areas or activities in which the person can work, further training, or specific reporting or other requirements that APRA believes are appropriate. In exceptional circumstances, APRA may exercise its powers without notification.

It is not necessary for a person to be a past, current or immediately prospective responsible person for APRA to consider that person’s fitness and propriety. In some circumstances, APRA will need to identify persons who are not fit and proper in order to ensure they are not able to hold responsible person positions in the future.

A person affected by a decision made by APRA referred to in paragraphs 38(a) to (d) may request that APRA review that decision. If APRA confirms or varies the decision, or fails to revoke the decision within 21 days, the person affected by the decision may then make an application to the Administrative Appeals Tribunal. The process for reconsideration and review is set out under Part VI of the Insurance Act.

The Insurance Act requires that an insurer appoints an auditor and an actuary. The insurer must not appoint a person as an auditor or actuary unless it is reasonably satisfied that the individual is fit and proper for the appointment with that insurer under the criteria (including eligibility criteria) specified in GPS 520.

Regulated institutions are required, under paragraphs 50 and 51 of GPS 520, to provide certain information to APRA and ensure that this information remains current. To assist regulated institutions in complying with this requirement, APRA provides an annual form containing the most recent information to be provided to APRA regarding those in responsible person positions. The regulated institution may use this form to correct and update the information provided to APRA. Information on this process, and a standard form, are available on APRA’s web site at http://www.apra.gov.au.

If a regulated institution believes that a person has information that is likely to be material to a fit and proper assessment that it has not been able to obtain, the regulated institution would be expected to discuss the matter with APRA.

The following are examples of information that APRA may require the regulated institution to obtain under paragraph 53 of GPS 520:

specified information and documentation on any criminal record or civil finding and any prospective criminal or civil proceedings to which the person may be subject (the requirement to provide this information will be in accordance with Part VIIC of the Crimes Act 1914 (Crimes Act));[17]

specified information from law enforcement agencies, other regulators, current and former employers of the person, professional associations and others whom APRA believes may have relevant information; and

the reasons for the resignation, retirement or removal of a responsible person.

APRA may make other enquiries to enable it to assess the fitness and propriety of a responsible person.

In reference to paragraph 55 of GPS 520, APRA will consider applications that candidly disclose all information that the regulated institution has, or can obtain by reasonable enquiry, that may be relevant to APRA’s consideration of the application.