Table of contents
Prudential standard
3PS 221 Aggregate Risk Exposures
-
Current1 July 2017
Prudential framework pillars
About this standard
This standard requires a level 3 head to monitor and control risks from their group's aggregated external exposures. Level 3 heads must have appropriate policies and systems to manage these risks. To manage these risks, level 3 heads must meet minimum requirements set by APRA.
This standard supports CPS 220 Risk Management, which is a core standard in the Risk Management Pillar. It applies to each level 3 head.
Objectives and key requirements of this Prudential Standard
This Prudential Standard requires a Level 3 Head to ensure that an aggregate risk exposure external to the Level 3 group does not expose prudentially regulated institutions within the group to excessive risk.
The ultimate responsibility for the aggregate risk exposure policy of a Level 3 group rests with the Board of its Level 3 Head.
The key requirements of this Prudential Standard are that a Level 3 Head must:
- have a policy for the Level 3 group that deals with the measurement, management and monitoring of, and reporting on, aggregate risk exposures associated with all risk types within the group;
- develop and implement effective systems and processes to manage, monitor and report on aggregate risk exposures; and
- meet minimum requirements with respect to aggregate risk exposures and certain related matters.
The requirements in this Prudential Standard are in addition to the obligations imposed on prudentially regulated institutions under other Prudential Standards.
Preamble
Banking, Insurance and Life Insurance (prudential standard) determination No. 2 of 2016
Prudential Standard 3PS 221 Aggregate Risk Exposures
Banking Act 1959
Insurance Act 1973
Life Insurance Act 1995
I, Wayne Byres, delegate of :
under subsection 11AF(1) of the Banking Act 1959 DETERMINE Prudential Standard 3PS 221 Aggregate Risk Exposures in the form set out in the Schedule, to the extent that it applies to all ADIs and authorised banking NOHCs;
under subsection 32(1) of the Insurance Act 1973 DETERMINE Prudential Standard 3PS 221 Aggregate Risk Exposures in the form set out in the Schedule, to the extent that it applies to all general insurers, authorised insurance NOHCs, and subsidiaries of general insurers and authorised insurance NOHCs; and
under subsection 230A(1) of the Life Insurance Act 1995 DETERMINE Prudential Standard 3PS 221 Aggregate Risk Exposures in the form set out in the Schedule, to the extent that it applies to all life companies, friendly societies, registered life NOHCs, and subsidiaries of life companies and registered life NOHCs.
This instrument commences on 1 July 2017.
Dated: 8 September 2016
[Signed]
Wayne Byres
Chairman
Interpretation
In this Determination:
ADI has the meaning given in section 5 of the Banking Act 1959.
APRA means the Australian Prudential Regulation Authority.
authorised banking NOHC has the meaning given to the expression authorised NOHC in section 5 of the Banking Act 1959.
authorised insurance NOHC has the meaning given to the expression authorised NOHC in subsection 3(1) of the Insurance Act 1973.
friendly society has the meaning given in section 16C of the Life Insurance Act 1995.
general insurer has the meaning given in section 11 of the Insurance Act 1973.
life company has the meaning given in the Schedule to the Life Insurance Act 1995.
registered life NOHC has the meaning given to the expression registered NOHC in the Schedule to the Life Insurance Act 1995.
Schedule
Prudential Standard 3PS 221 Aggregate Risk Exposures comprises the 6 pages commencing on the following page.
Prudential Standard 3PS 221
Aggregate Risk Exposures
Authority
This Prudential Standard is made under:
section 11AF of the Banking Act 1959 (Banking Act);
section 32 of the Insurance Act 1973 (Insurance Act); and
section 230A of the Life Insurance Act 1995 (Life Insurance Act).
Application
This Prudential Standard applies to each Level 3 Head.
This Prudential Standard commences on 1 July 2017.
Interpretation
Terms that are defined in Prudential Standard 3PS 001 Definitions appear in bold the first time they are used in this Prudential Standard.
Where this Prudential Standard provides for APRA to exercise a power or discretion, this power or discretion is to be exercised in writing.
APRA
APRA means the Australian Prudential Regulation Authority.
Aggregate risk exposures
For the purposes of this Prudential Standard, aggregate risk exposures arise from exposures to individual counterparties, a group of related individual counterparties, a group of counterparties with similar characteristics (e.g. in specific geographical locations or industry sectors) or to particular asset classes (e.g. property holdings or other investments) where the exposures have the potential to result in material losses for the Level 3 group or an individual prudentially regulated institution in the group. Aggregate risk exposures include both on- and off-balance sheet exposures. Unlimited exposures to any individual counterparty (e.g. a general guarantee of the obligations of a counterparty) are not permitted unless agreed with APRA.
For the purposes of this Prudential Standard, when determining aggregate risk exposures the Level 3 Head must ensure that exposures to the wider conglomerate group to which the Level 3 group belongs are taken into account.
For the purposes of this Prudential Standard, aggregate risk exposures exclude any exposures held, in accordance with written legal agreements, by the Level 3 group on behalf of entities external to the Level 3 group (e.g. custodian arrangements), even if the assets are held in the name of a Level 3 institution in the group.
A Level 3 Head must have an ‘aggregate risk exposures policy’ that addresses all material risk exposures associated with the operations undertaken by Level 3 institutions in the Level 3 group. The policy must include systems and procedures to identify, measure, monitor, evaluate, report and control or mitigate all material risks arising from aggregate risk exposures.
A Level 3 Head must conduct forward-looking scenario analysis and stress testing of the Level 3 group’s material aggregate risk exposures. The analysis must assess the impact of changes in market conditions and key risk factors on these aggregate risk exposures, and how these changes impact on the group’s risk profile, capital strength and earnings.
The management of aggregate risk exposures must be a part of the Level 3 group’s risk management framework.
[1]
Refer to Prudential Standard CPS 220 Risk Management (CPS 220).
The role of the Board of a Level 3 Head
The Board of a Level 3 Head must:
approve the aggregate risk exposures policy for the Level 3 group;
ensure that adequate systems and controls are in place to identify, measure, aggregate, manage, monitor and report on material risk exposures in the Level 3 group in a timely manner and that those systems and controls are documented;
engage in oversight, which may be via a board committee, of the approach to the identification, measurement, management and monitoring of aggregate risk exposures and compliance with the aggregate risk exposures policy, which includes receiving regular reviews of material aggregate risk exposures of the Level 3 group; and
review the aggregate risk exposures policy at least annually to ensure that this policy remains adequate and appropriate for identifying, measuring, aggregating, managing and monitoring the Level 3 group’s risk exposures.
The aggregate risk exposures policy
The aggregate risk exposures policy for a Level 3 group must:
be conceptually sound, consistently implemented, transparent and be subject to independent review;
capture all material aggregate risk exposures;
include limits on acceptable levels of aggregate risk exposures for the Level 3 group;
include a description of the procedures for identifying, aggregating, reviewing, controlling and reporting material risk exposures within the Level 3 group. This must include:
a clear statement of the respective responsibilities and compliance obligations of the Board of the Level 3 Head, its board committees and senior management of the Level 3 group in relation to the monitoring and management of aggregate risk exposures;
escalation procedures for aggregate risk exposures that facilitate responses to identified policy breaches between formal reporting cycles;
the circumstances in which aggregate risk exposure limits may be exceeded and the authority required for approving such excesses;
thresholds and procedures for reporting material changes to the Board of the Level 3 Head, in both formal reporting cycles and outside formal reporting cycles;
consideration of the impact of material changes in macroeconomic conditions, including foreign exchange rates, interest rates and inflation; and
a timetable for a regular review of the reports by the Board of the Level 3 Head.
The aggregate risk exposure limits identified under paragraph 13(c) must take into account, where appropriate, matters such as:
on- and off-balance sheet exposures to:
various types of counterparties;
an individual counterparty or group of related counterparties;
individual industry sectors;
geographical locations;
financial products, including risk transfer products;
specific funding sources;
various asset classes such as equities, property holdings and other investments;
various market risks such as interest rate, foreign exchange and commodities; and
any other material risks,
that cover asset and liability exposures and that are commensurate with the Level 3 group’s risk appetite, risk profile and capital strength, and the size, business mix and complexity of the group; and
operational risk exposures to:
service providers;
outsourcing;
business continuity management; and
any other operational risks.
Internal reporting systems
A Level 3 Head’s management information systems must incorporate reporting systems in relation to aggregate risk exposures across the Level 3 group.
[2]
Refer to CPS 220.
Reports on material aggregate risk exposures must be provided to APRA on request.
Limits and approvals
Where, in APRA’s view, the Level 3 group is exposed to a significant level of aggregate risk exposure in specific risks, APRA may require a Level 3 Head to limit or reduce the Level 3 group’s level of aggregate risk exposure. APRA may also determine how a Level 3 Head must calculate an aggregate risk exposure. In determining any requirement to limit or reduce the Level 3 group’s level of aggregate risk exposure, or how a Level 3 Head must calculate an aggregate risk exposure, APRA may take account of the following factors:
whether the Level 3 group has been acting in a manner that is consistent with the aggregate risk exposures policy;
the characteristics of aggregate risk exposures, including their number, size and nature;
the characteristics of the Level 3 group, including the nature of its business and the experience of its management; and
other relevant factors to be considered on a case-by-case basis.
Notification requirements
A Level 3 Head must notify APRA as soon as practicable, and no more than 10 business days, after it becomes aware:
of a breach of the limits in the aggregate risk exposures policy;
of any significant breach of, or material deviation from, the aggregate risk exposures policy; or
that the aggregate risk exposures policy did not adequately address a material risk,
and advise of remedial actions taken, or planned to be taken, to deal with the issue.
A Level 3 Head must submit to APRA a copy of its aggregate risk exposures policy as soon as practicable, and no more than 10 business days, after Board approval.
Adjustments and exclusions
APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to the Level 3 Head.
[3]
Refer to subsection 11AF(2) of the Banking Act, subsection 32(3D) of the Insurance Act and subsection 230A(4) of the Life Insurance Act.