Prudential practice guide

HPG 520 Fit and Proper

  • Private health insurance
  • Current
    1 July 2019
Prudential framework pillars
Governance
Accountability
Supporting

About this guide

Prudential Practice Guides (PPGs) provide guidance on the Australian Prudential Regulation Authority’s (APRA) view of sound practice in particular areas. PPGs frequently discuss legal requirements from legislation, regulations, or APRA’s prudential standards, but do not themselves create enforceable requirements.
Prudential Standard CPS 520 Fit and Proper (CPS 520) sets out APRA’s requirements in relation to assessing the fitness and propriety of responsible persons of authorised deposit taking institutions, general insurers, life companies and private health insurers, collectively referred to as APRA-regulated institutions. This PPG aims to assist private health insurers in complying with those requirements and, more generally, to outline prudent practices in relation to fitness and propriety.
Subject to the requirements of CPS 520, private health insurers have the flexibility to configure their Fit and Proper Policy in the way most suited to achieving their business objectives. Not all of the practices outlined in this PPG will be relevant for every private health insurer and some aspects may vary depending upon the size, complexity and risk profile of the institution.
Disclaimer and copyright
This prudential practice guide is not legal advice and users are encouraged to obtain professional advice about the application of any legislation or prudential standard relevant to their particular circumstances and to exercise their own skill and care in relation to any material contained in this guide.
APRA disclaims any liability for any loss or damage arising out of any use of this prudential practice guide.
© Australian Prudential Regulation Authority (APRA)
This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that APRA endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/ 

Introduction

The information in this guide supports compliance with Prudential Standard CPS 520 Fit and Proper (CPS 520).

Fit and Proper Policy

The Fit and Proper Policy of a private health insurer assists it in prudently managing the risk that responsible persons are not fit and proper. It will form a part of the private health insurer’s broader risk management system.
A Fit and Proper Policy may be developed and implemented as a group policy provided the private health insurer meets the requirements of CPS 520, including paragraph 16 of that Standard.
A private health insurer may consider extending its assessment process for fitness and propriety to a wider range of persons than is required under CPS 520. The assessment process for responsible persons under the Fit and Proper Policy could be adapted for this purpose.

Responsible persons

The responsible persons of a regulated institution are those persons whose conduct is most likely to have a significant impact on its sound and prudent management. For private health insurers these persons generally comprise directors, persons with senior management responsibilities, auditors, actuaries and persons who perform certain functions in relation to subsidiaries.
Under CPS 520, consideration of whether a particular individual is a responsible person takes into account the person’s functions and duties and not simply their position title. In the case of a private health insurer with subsidiaries, consideration also takes into account whether the conduct of persons in the subsidiaries could materially damage the private health insurer.
APRA envisages that persons with senior management responsibilities will include managers reporting directly to the Chief Executive Officer and those responsible for key aspects of risk management. Ordinarily, persons other than these would be unlikely to be classified as having senior management responsibilities.
The application of certain provisions of CPS 520 is limited to people who are ordinarily resident in Australia. As a guide, a person might be considered ordinarily resident if they are likely to be in Australia for a majority of days in any 12-month period.
APRA envisages that only a limited number of the most senior people within a subsidiary would perform activities that have the ability to materially impact on the business or financial standing of the private health insurer. It may be the case that no person in a given subsidiary meets this criterion.
A private health insurer may seek guidance from APRA if it is unsure whether a particular person meets the definition of a responsible person.
Under paragraph 22 of CPS 520, APRA has the power to determine that additional persons are responsible persons. APRA does not expect that it would routinely use this power or use it to substantially increase the scope of the prudential standard. APRA will consult with a private health insurer before making a determination.

Criteria to determine if a responsible person is fit and proper

Under CPS 520 the skills and experience required of each responsible person depends on the person’s role. This, in turn, is affected by the role undertaken by other responsible persons. For example, a director is generally expected to understand the role and responsibilities of a director and to have a general knowledge of the institution, its business and its regulatory environment. However, each director is not generally expected to have all the competencies that the Board collectively needs if other directors have those competencies or if they are obtained from external consultants or experts.
CPS 520 requires that, under a Fit and Proper Policy, a private health insurer will consider the nature and extent of a number of matters in conducting fit and proper assessments. Such matters ordinarily include, when relevant:
the person’s character, competence and experience relative to the duties involved, including whether the person:
possesses the necessary skills, knowledge, expertise, diligence and soundness of judgement to undertake and fulfil the particular duties and responsibilities of the role in question; and
has demonstrated the appropriate competence and integrity in fulfilling occupational, managerial or professional responsibilities previously and/or in the conduct of his or her current duties; and
whether the person:
has demonstrated a lack of willingness to comply with legal obligations, regulatory requirements or professional standards, or has been obstructive, misleading or untruthful in dealing with regulatory bodies or a court;
has breached a fiduciary obligation;
has perpetrated or participated in negligent, deceitful, or otherwise discreditable business or professional practices;
has been reprimanded, or disqualified, or removed, by a professional or regulatory body in relation to matters relating to the person’s honesty, integrity or business conduct;
has seriously or persistently failed to manage personal debts or financial affairs satisfactorily in circumstances where such failure caused loss to others;
has been substantially involved in the management of a business or company which has failed, where that failure has been occasioned in part by deficiencies in that management;
is of bad repute in any business or financial community or any market; or
was the subject of civil or criminal proceedings or enforcement action, in relation to the management of an entity, or commercial or professional activities, which were determined adversely to the person (including by the person consenting to an order or direction, or giving an undertaking, not to engage in unlawful or improper conduct) and which reflected adversely on the person’s competence, diligence, judgement, honesty or integrity.
Conduct and events that took place overseas may also be relevant to the assessment.
When documenting the competencies required for each responsible person position, a private health insurer might consider documenting any training or induction processes required for each position, on appointment to the position and on an ongoing basis.

Additional criteria for Auditors and Appointed Actuaries

In assessing the fitness and propriety of a person to be the Appointed Auditor or Appointed Actuary, a private health insurer would ordinarily consider whether there is a risk that the independent professional judgement of the Appointed Auditor or Appointed Actuary may be unduly influenced.
Additional criteria apply to Appointed Auditors and Appointed Actuaries under CPS 520. These requirements reflect the importance of these positions and the need to ensure independence, including avoiding potential conflicts of interest.
The additional criteria require certain levels of experience, which may include experience with private health insurance businesses outside Australia. In such cases, the private health insurer will need to consider the extent to which the person can demonstrate competency that relates specifically to Australian conditions, including Australia’s prudential and regulatory requirements.

Decision standards for fitness and propriety considerations

The fit and proper criteria in CPS 520 require the regulated institution to assess whether responsible persons meet certain requirements. If insufficient information is available to enable the private health insurer to prudently conclude that those requirements are met, particularly as a result of lack of cooperation by the person, the criteria are not met.
APRA does not require a private health insurer to necessarily bar or remove a person from a responsible person position solely on the basis that one of the matters listed at paragraph 13 of this guide has occurred. Depending on the circumstances, a listed matter may not be relevant to that assessment. Where a matter is relevant, the private health insurer may consider it in conjunction with other relevant matters such as materiality, elapsed time since the event, and repetition or duration of the behaviour. CPS 520 requires a private health insurer to apply prudent judgement in determining whether the person could be considered fit and proper for the responsible person position.
A person may be assessed as unfit for a particular responsible person position within the private health insurer because of a lack of competence for that position or because of a conflict of interest that applies to the duties of that position. However, the person may still be fit and proper for another responsible person position within the private health insurer because the competencies or conflicts were specific to the position. Where a person is found to be not fit and proper due to a lack of character, diligence, honesty, integrity or judgement, that person will normally not be suitable for any responsible person position.

Process for assessment of fitness and propriety

When assessing a person’s fitness and propriety, a private health insurer need not make enquiries about a matter that is unlikely to be material. A private health insurer will need to weigh the burden of documenting information and the risk of unnecessary disclosure of personal information with the possibility that this information might be material.
An annual performance review will typically be the appropriate time for the annual assessment of a responsible person’s fitness and propriety. If material information adverse to the assessment becomes known to an institution during the year, CPS 520 requires that steps be taken without waiting for the annual performance review.

Attestation and representation

The Fit and Proper Policy may require persons to provide attestations relating to some or all of the matters required to be considered as part of a fit and proper assessment and specified at paragraph 13 of this guide.
For a new appointment to a responsible person position, attestations or representations may assist in satisfying the requirement to make reasonable enquiries under paragraph 45 of CPS 520. However, APRA does not envisage that attestations and representations would be sufficient for a regulated institution to fully satisfy itself of a responsible person’s fitness and propriety on initial assessment. An initial assessment is likely to at least include Australian criminal record checks, as well as evidence of material qualifications.
Attestations or representations may be appropriate for interim appointments. If an attestation is later discovered to have been given in the knowledge that it was false, this
will very likely indicate that the person should be removed. If a private health insurer appoints a person to a responsible position without an assessment and it is later discovered that the person was disqualified under the Private Health Insurance (Prudential Supervision) Act 2015 (the Act) from holding the position, both the person and the private health insurer may have committed an offence under the Act.
Attestations and representations covering the matters in paragraph 13 of this guide would generally be sufficient for an annual review of a responsible person’s fitness and propriety. However, these representations may not be conclusive e.g. if a person responsible for making the assessment becomes aware of any material matter not previously identified or considered.
For the Appointed Auditor or Appointed Actuary, representations from a firm of which the Appointed Auditor or Appointed Actuary is a member, may assist in assessing fitness and propriety.

Relying on information gathered for other fitness and propriety assessments

In making an assessment under its Fit and Proper Policy, a private health insurer may consider, where prudent, taking into account other assessments of fitness and propriety or information collected for such assessments. In determining the weight to be given to other assessments, the private health insurer will ordinarily have regard to the time elapsed since the assessment was made and whether the criteria applied were comparable and relevant. In considering whether it would be prudent to take into account previously collected information, a private health insurer will ordinarily consider whether the information remains current. It is likely that such information would substitute for some, but not all, of the enquiries necessary for the private health insurer’s own fit and proper assessment.
Information gathered in support of an application for registration as a company auditor may assist a private health insurer in determining fitness and propriety of a responsible auditor. The Australian Securities and Investments Commission’s assessment of the fitness and propriety of a company auditor may be taken into account in a private health insurer’s own assessment of the responsible auditor’s fitness and propriety.

Some legal considerations

Where a private health insurer becomes aware of information that could lead to an assessment that a person is not fit and proper, taking reasonable steps as required under CPS 520 will generally include providing the person with a fair opportunity to put matters to the private health insurer.
Private health insurers have obligations under the Privacy Act 1988 (Privacy Act) relating to how they collect and use information about responsible persons. The obligations include informing responsible persons that information will be collected about them and the ways which the information may be used and disclosed. Private health insurers may need to take steps to ensure compliance with the Privacy Act.
In some instances, a private health insurer may have information about a person that has not been collected for assessing fitness and propriety. Where this information is relevant, CPS 520 may require the use of that information for assessing fitness and propriety. A private health insurer may consider seeking its own legal advice on these issues.
As a law of the Commonwealth, CPS 520 may override inconsistent State and Territory laws, if those laws are incapable of operating concurrently with CPS 520. For example, it may be necessary to read down a State law relating to employment where there is an apparent inconsistency with CPS 520. Where the position is unclear, legal advice should be obtained. The Fit and Proper Policy of a private health insurer needs to meet the requirements of, and be implemented in a way that complies with CPS 520 in all respects, even if it would breach a contract or apparently conflict with another law (other than a law of the Commonwealth). This applies regardless of whether the contractual relationships are in place, as envisaged by paragraph 35 of this guide.
To assist in complying with its Fit and Proper Policy, a private health insurer may consider putting in place appropriate contractual or other relationships. This may include responsible persons agreeing to:
provide any assistance that the private health insurer needs to obtain information for the implementation of its Fit and Proper Policy or CPS 520, including giving consent and taking steps to ensure that any person providing information in good faith will not be made liable for providing that information; and
not to seek damages or any other remedy from the private health insurer for implementing its Fit and Proper Policy, or seeking to do so in good faith.
It may be necessary to amend the constitution of a private health insurer to ensure directors take office under terms that enable the private health insurer to ensure compliance with its Fit and Proper Policy. APRA does not require a private health insurer to convene an extraordinary meeting of its members to only consider such an amendment. However, a private health insurer will still need to consider whether its constitution requires such a meeting.

When a responsible person is not fit and proper

The steps that a private health insurer takes to ensure that a person does not hold a responsible person position for which they are not fit and proper may include:
not appointing the person, or terminating their engagement;
redefining the person’s responsibilities pending further enquiries by the private health insurer, or until the person receives further training or experience; or
if there are no effective steps prudently available, taking steps to facilitate APRA independently considering the person’s fitness and propriety. This in itself would not satisfy the private health insurer’s obligations to notify APRA of information under CPS 520.

APRA’s powers

APRA has powers under the Act to:
direct a private health insurer to end the appointment of a person as the Appointed
Actuary of the company and to appoint another actuary to hold office for such term as APRA directs;
[1]
Refer to section 97(1)(e] of the Act.
direct a private health insurer to comply with CPS 520 as an enforceable obligation;
[2]
Refer section 97(1)(a)(1] of the Act.
direct a private health insurer to remove an officer from office; and
[3]
Refer section 97(1)(b) of the Act.
apply to the Federal Court of Australia to disqualify a person from being, or acting as an officer or Appointed Actuary of a private health insurer for a period that the Court considers appropriate.
[4]
Refer section 120(1) of the Act.
APRA may give a direction of the kind referred to in paragraph 38(a) of this guide if APRA is satisfied that the person:
either:
is disqualified from being or acting as an actuary of the private health insurer because of an order under section 120 of the Act; or
is otherwise a disqualified person; or
is not a fit and proper person to hold the appointment; or
has failed to perform adequately and properly the person’s statutory functions and duties as an actuary of the insurer.
A private health insurer is not excused from meeting its obligations under CPS 520 on the basis that APRA has powers to effect the removal or disqualification of certain responsible persons. APRA expects private health insurer to take the action needed so that only a person who is fit and proper acts in a responsible person position. For example, a private health insurer will need to assess promptly whether an Appointed Actuary is fit and proper if the insurer becomes aware of any non-performance by the person of duties or functions required by the Act or other legislative requirements.
APRA’s powers apply independently of a private health insurer’s powers and duties when a responsible person is not fit and proper. APRA is not required to wait until a private health insurer has considered whether a responsible person is fit and proper. However, APRA will generally consult with a private health insurer and will not normally act to remove a responsible person until the private health insurer has had sufficient time to complete its consideration.
If a person whom APRA considers is not fit and proper is not removed from holding a responsible person position by the private health insurer, APRA will exercise its powers as appropriate. For example, APRA may use its powers if a private health insurer faces difficulties in removing a director who is not fit and proper.
When assessing whether a person is fit and proper for a particular responsible person position or more generally, APRA will consider, among other matters, the matters listed at paragraph 13 of this guide, to the extent that they are relevant.
If a private health insurer considers that a responsible person is fit and proper for a responsible person position, but APRA considers otherwise, APRA may notify the private health insurer that, if certain requirements are not satisfied, APRA will exercise its powers. Examples of the requirements that may be applied are limits to the areas or activities in which the person can work, further training, or specific reporting or other requirements that APRA believes are appropriate. In exceptional circumstances, APRA may exercise its powers without notification.
It is not necessary for a person to be a past, current or immediately prospective responsible person for APRA to consider that person’s fitness and propriety. In some circumstances, APRA will need to identify persons who are not fit and proper in order to ensure they are not able to hold responsible person positions in the future.
A person affected by a decision made by APRA referred to in paragraph 38 (a) or (b) of this guide may request that APRA review that decision. If APRA confirms or varies the decision, or fails to revoke the decision within 21 days, the person affected by the decision may then make an application to the Administrative Appeals Tribunal. The process for reconsideration and review is provided under section 168 of the Act.

Appointment of Auditors and Actuaries

The Act requires that a private health insurer appoint an Actuary. Prudential Standard HPS 310 Audit and Related Matters requires that a private health insurer appoint an Auditor. Private health insurers may not appoint a person as an Appointed Auditor or Appointed Actuary unless reasonably satisfied that the individual meets the eligibility criteria specified in the Act, HPS 310 and CPS 520, and is not disqualified under the Act or other legislation from being an Appointed Auditor or Appointed Actuary.

Informing APRA

Private health insurers are required, under paragraphs 55 to 60 of CPS 520, to provide certain information to APRA and to ensure that this information remains current. Private health insurers are to use the approved form on the APRA website to ensure that the information provided to APRA is correct and up to date.
If a private health insurer believes that a person has information that is likely to be material to a fit and proper assessment that it has not been able to obtain, the private health insurer would be expected to discuss the matter with APRA.
The following are examples of information that APRA may require the private health insurer to obtain under paragraph 59 of CPS 520:
specified information and documentation on any criminal record or civil finding and any prospective criminal or civil proceedings to which the person may be subject (the requirement to provide this information will be in accordance with Part VIIC of the Crimes Act 1914 (Crimes Act));
[5]
Part VIIC of the Crimes Act places limits on the disclosure and use of information about ‘spent’ convictions. Part VIIC of the Crimes Act protects from disclosure not only convictions that are spent convictions under Part VIIC, but also convictions that are spent convictions under spent convictions legislation of a State or Territory.
specified information from law enforcement agencies, other regulators, current and former employers of the person, professional associations and others whom APRA believes may have relevant information; and
the reasons for the resignation, retirement or removal of a responsible person.
APRA may make other enquiries to enable it to assess the fitness and propriety of a responsible person.
If permitted by law, APRA may provide a private health insurer with information it obtains about the fitness and propriety of a responsible person. APRA does not expect that it would ordinarily provide information other than information that is publicly available, such as the disqualification register on the APRA web site.
In reference to paragraph 60 of CPS 520, APRA will consider applications that candidly disclose all information that the private health insurer has, or can obtain by reasonable enquiry, that may be relevant to APRA’s consideration of the application.