Prudential standard

CPS 190 Recovery and Exit Planning

  • Cross-industry
  • Current
    1 January 2024
Prudential framework pillars
Recovery and Resolution
Recovery
Core

About this standard

This standard requires an entity to maintain a credible recovery and exit plan. Entities must also maintain the capabilities to respond to periods of stress.

This is a core standard in the Recovery and Resolution Pillar. It applies to most entities. It does not apply to purchased payment facility providers. APRA may determine this standard applies to a foreign ADI.

Objectives and key requirements of this Prudential Standard

The objective of this Prudential Standard is to ensure that all APRA-regulated entities are adequately prepared for scenarios that may impact the financial viability of their business, including, in the case of an RSE licensee, its ability to act in the best financial interests of beneficiaries on an ongoing basis.
This Prudential Standard requires APRA-regulated entities to develop and maintain a recovery and exit plan, and capabilities to be able to anticipate, manage and respond to periods of stress. The plan must be appropriate to the size, business mix and complexity of the entity, and be approved by the Board.
The key requirements of this Prudential Standard are that an APRA-regulated entity must maintain a credible plan that includes:
  • actions that could be taken to restore the financial resilience of the entity during or following stress;
  • actions that could effect an orderly exit from the industry, if recovery actions are not effective; and
  • indicators of potential stress to achieve timely and effective execution of recovery or exit actions if needed.
Preamble

Banking, Insurance, Life Insurance, Health Insurance and Superannuation (prudential standard) determination No. 1 of 2023

Prudential Standard CPS 190 Recovery and Exit Planning

Banking Act 1959
Insurance Act 1973
Life Insurance Act 1995
Private Health Insurance (Prudential Supervision) Act 2015
Superannuation Industry (Supervision) Act 1993
I, Clare Gibney, a delegate of APRA:
under subsection 11AF(1) of the Banking Act 1959 DETERMINE the prudential standard, which applies to all ADIs, excluding ADIs referred to in paragraph 2 and 3 of the prudential standard, and authorised banking NOHCs;
under subsection 32(1) of the Insurance Act 1973 DETERMINE the prudential standard, which applies to all general insurers and authorised insurance NOHCs, and subsidiaries of general insurers or authorised insurance NOHCs where those subsidiaries are parent entities of Level 2 insurance groups;
under subsection 230A(1) of the Life Insurance Act 1995 DETERMINE the prudential standard, which applies to all life companies, including friendly societies, and registered life NOHCs;
under subsection 92(1) of the Private Health Insurance (Prudential Supervision) Act 2015 DETERMINE the prudential standard, which applies to all private health insurers; and
under subsection 34C(1) of the Superannuation Industry (Supervision) Act 1993 DETERMINE the prudential standard, which applies to all RSE licensees.
This instrument commences on 1 January 2024.
Dated: 10 October 2023
Clare Gibney
Executive Director, Policy and Advice Division
APRA

Interpretation

In this Determination:
ADI has the meaning given in section 5 of the Banking Act 1959.
APRA means the Australian Prudential Regulation Authority.
authorised banking NOHC has the meaning given to the expression authorised NOHC in section 5 of the Banking Act 1959.
authorised insurance NOHC has the meaning given to the expression authorised NOHC in subsection 3(1) of the Insurance Act 1973.
friendly society has the meaning given in section 16C of the Life Insurance Act 1995.
general insurer has the meaning given in section 11 of the Insurance Act 1973.
Level 2 insurance group has the meaning given in Prudential Standard GPS 001 Definitions.
life company has the meaning given in the Schedule to the Life Insurance Act 1995.
parent entity has the meaning given in Prudential Standard GPS 001 Definitions.
private health insurer has the meaning given in section 4 of the Private Health Insurance (Prudential Supervision) Act 2015.
registered life NOHC has the meaning given to the expression registered NOHC in the Schedule to the Life Insurance Act 1995.
RSE licensee has the meaning given in section 10 of the Superannuation Industry (Supervision) Act 1993.
subsidiary has the meaning given in Prudential Standard GPS 001 Definitions.
the prudential standard means Prudential Standard CPS 190 Recovery and Exit Planning.

Schedule

Prudential Standard CPS 190 Recovery and Exit Planning comprises the document commencing on the following page.
Commonwealth Coat of Arms

Prudential Standard CPS 190

Recovery and Exit Planning

Authority

This Prudential Standard is made under:
section 11AF of the Banking Act 1959 (Banking Act);
section 32 of the Insurance Act 1973 (Insurance Act);
section 230A of the Life Insurance Act 1995 (Life Insurance Act);
section 92 of the Private Health Insurance (Prudential Supervision) Act 2015 (PHIPS Act); and
section 34C of the Superannuation Industry (Supervision) Act 1993 (SIS Act).

Application, definitions and commencement

Subject to paragraphs 3 and 4, this Prudential Standard applies to all -regulated entities, defined as:
APRA
APRA means the Australian Prudential Regulation Authority.
authorised deposit-taking institutions (ADIs) and non-operating holding companies authorised under the Banking Act (authorised banking NOHCs), but excluding purchased payment facility providers;
general insurers, including Category C insurers, non-operating holding companies authorised under the Insurance Act (authorised insurance NOHCs), and parent entities of Level 2 insurance groups;
life companies, including friendly societies and eligible foreign life insurance companies (EFLICs), and registered NOHCs;
private health insurers; and
RSE licensees under the SIS Act in respect of their business operations.
[1]
For the purposes of this Prudential Standard, an RSE licensee has the meaning given in subsection 10(1) of the SIS Act. An RSE licensee’s business operations includes all activities of an RSE licensee (including the activities of each RSE of which it is the licensee), and all other activities of the RSE licensee to the extent that they are relevant to, or may impact on, its activities as an RSE licensee.
The obligations imposed by this Prudential Standard on, or in relation to, a Category C insurer or an EFLIC apply only in relation to the Australian branch operations of that entity. This Prudential Standard does not apply to a foreign unless APRA determines that all or part of this Prudential Standard applies to the Australian branch operations of the foreign ADI.
ADI
ADI has the meaning given in section 5 of the Banking Act 1959.
[2]
This power is to be exercised under s11AF (1)(d) or (e) of the Banking Act.
For the purposes of this Prudential Standard, an APRA-regulated entity is either a significant financial institution (SFI) or a non-significant financial institution (non-SFI). Unless APRA determines otherwise in a particular case, the requirements of this Prudential Standard apply to SFIs and non-SFIs as indicated.
[3]
This power is to be exercised under paragraph 12 of this Prudential Standard.
For the purposes of this Prudential Standard, an SFI means, in relation to RSE licensees, an that either:
RSE licensee
RSE licensee has the meaning given in section 10 of the Superannuation Industry (Supervision) Act 1993.
has total assets in excess of AUD $30 billion in the case of a single RSE operated by an RSE licensee, or if the RSE licensee operates more than one RSE, where the combined total assets of all RSEs exceed this amount; or
is determined as such by APRA, having regard to matters such as complexity in its operations or its membership of a group.
A non-SFI means, in relation to RSE licensees, an RSE licensee that is not an SFI.
[4]
APS 001, GPS 001, LPS 001 and HPS 001 define the terms SFI and non-SFI in relation to other APRA-regulated entities.
Where an APRA-regulated entity is the Head of a group, it must comply with an applicable requirement of this Prudential Standard:
[5]
Head of a group means a Level 2 Head or a Level 3 Head as relevant. Level 2 Head means: where an ADI that is a member of a Level 2 group is not a subsidiary of an authorised banking NOHC or another ADI, that ADI; where an ADI that is a member of a Level 2 group is a subsidiary of an authorised banking NOHC, that authorised banking NOHC; or the parent entity of a Level 2 insurance group. For life companies, Head of a group includes: where a relevant group of bodies corporate is headed by a life company that is not a subsidiary of a registered NOHC, that life company; or where a relevant group of bodies corporate is headed by a registered NOHC, that registered NOHC. Where a Level 2 group operates within a Level 3 group, a requirement expressed as applying to a Head of a group is to be read as applying to the Level 3 Head. For the avoidance of doubt, the reference to Head of a group does not apply to an RSE licensee or a private health insurer.
in its capacity as an APRA-regulated entity;
by ensuring that the requirement is applied appropriately throughout the group, including in relation to entities that are not APRA-regulated; and
[6]
Group means a Level 2 group, Level 3 group or a group comprising the RSE licensee and all connected entities (as defined in subsection 10(1) of the SIS Act) and all related bodies corporate (with the meaning given in section 50 of the Corporations Act 2001) of the RSE licensee, as relevant. Level 2 group means the entities that comprise Level 2 (for ADIs) or Level 2 insurance groups (for general insurers). For the avoidance of doubt, group includes a group as defined in APS 001 and, for an RSE licensee, where the RSE licensee is part of a corporate group.
on a group basis.
In applying the requirements of this Prudential Standard on a group basis, references to an ‘APRA-regulated entity’ must be read as ‘Head of a group’ and references to ‘entity’ must be read as ‘group’.
This Prudential Standard applies to:
an APRA-regulated entity, other than an RSE licensee, on 1 January 2024; and
an RSE licensee on 1 January 2025.

Interpretation

In this Prudential Standard, unless the contrary intention appears, a reference to an Act, Regulations or Prudential Standard is a reference to the Act, Regulations or Prudential Standard as in force from time to time.
Where this Prudential Standard provides for APRA to exercise a power or discretion, the power or discretion is to be exercised in writing.

Adjustments and exclusions

APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to an APRA-regulated entity.

Recovery and exit planning

An APRA-regulated entity must develop and maintain a recovery and exit plan that sets out how it would respond to a stress that threatens its viability. The recovery and exit plan must demonstrate how the APRA-regulated entity could:
take actions to recover its financial resilience; and
enable its orderly and solvent exit from regulated activity, if actions to recover financial resilience are not effective.
The recovery and exit plan must be appropriate to the size, business mix and complexity of the APRA-regulated entity and, for an RSE licensee, the RSE licensee’s business operations.
The recovery and exit plan must be integrated into the APRA-regulated entity’s:
risk management framework; 
capital management and liquidity management frameworks, as relevant for an APRA-regulated entity other than an RSE licensee; and
business plan and business performance review for an RSE licensee.
[8]
Refer to Prudential Standard SPS 515 Strategic Planning and Member Outcomes (SPS 515). Where an RSE licensee determines that changes to its business operations would likely improve outcomes for beneficiaries or the sound and prudent management of its business, the RSE licensee must reflect those changes in its business plan. This would include changes to its business operations arising from recovery and exit planning as required by this Prudential Standard.
An APRA-regulated entity must not assume extraordinary public sector support in its recovery and exit planning.

Role of the Board

The Board of an APRA-regulated entity is ultimately responsible for the oversight of the entity’s recovery and exit planning. The Board of an APRA-regulated entity must:
[9]
“Board” refers, in the case of a foreign ADI, to the senior officer outside Australia as referred to in Prudential Standard CPS 510 Governance (CPS 510) and as defined in APS 001. In the case of a Category C insurer or an EFLIC, “Board” refers to the senior officer outside Australia or Compliance Committee (as applicable), as referred to in CPS 510 and as defined in GPS 001, LPS 001 and HPS 001.
approve the recovery and exit plan;
oversee reviews of the recovery and exit plan and ensure any findings are addressed by management; and
oversee the execution of any recovery and exit actions.
The Board of an SFI must also form a view on the sufficiency of recovery capacity to restore financial resilience in periods of stress. Where the Board views recovery capacity to be insufficient, the SFI must improve its recovery and exit plan or take other actions to improve its financial resilience.

Recovery and exit plan

An APRA-regulated entity’s recovery and exit plan must include:
a concise summary that provides a standalone guide to use the recovery and exit plan;
a trigger framework for the early identification and monitoring of stress. The trigger framework must be relevant to the operating environment and risk profile of the APRA-regulated entity, and include a range of early warning indicators to support the effective activation and implementation of the recovery and exit plan; 
[10]
For an RSE licensee, the triggers must be relevant to the RSE licensee’s business operations and may be informed by the key performance indicators used by the RSE licensee to monitor performance against the business plan (refer to SPS 515).
governance arrangements for the monitoring of triggers and timely activation of the recovery and exit plan or specific actions within it. Governance arrangements must include clear roles and responsibilities at a senior executive level for the preparation, maintenance and execution of the recovery and exit plan;
credible recovery actions that could be taken to stabilise and restore financial resilience;
credible exit actions that could be taken to effect an orderly and solvent exit from regulated activity; and
a communication strategy to support the execution of recovery and exit actions.
An SFI must also include in its recovery and exit plan:
scenario analysis that assesses the effectiveness of the trigger framework, shows how recovery and exit actions could be implemented, and measures the impact and effectiveness of those actions. This analysis must include at least two scenarios that are severe enough to threaten the SFI’s viability, including a systemic and an idiosyncratic stress; and
an assessment of recovery capacity, which is the aggregate impact of plausible recovery actions under each scenario. Recovery capacity must be measured in quantitative terms by calculating the amount of capital and liquidity that can be rebuilt during or following stress, where relevant.
An SFI must include, for each recovery and exit action in the plan:
a timeline for the implementation of the action;
analysis of any barriers to implementation, execution risks and key dependencies;
a summary of the preparatory measures needed to support the timely and effective execution of the action; and
where relevant, an estimate of the impact of the action on the capital and liquidity position of the APRA-regulated entity, based on credible assumptions.
[11]
In the case of RSE licensees, for the avoidance of doubt, the reference to liquidity position does not refer to the liquidity and cash flow management requirements in Prudential Standard SPS 530 Investment Governance.
APRA may require of an APRA-regulated entity:
the inclusion or exclusion of a particular recovery or exit action within the recovery and exit plan;
the inclusion of an APRA-determined scenario in the recovery and exit plan; or
the use of particular assumptions when assessing recovery capacity.
For an APRA-regulated entity other than an RSE licensee, APRA may adjust prudential requirements for capital and liquidity where it assesses there to be material weaknesses in the recovery and exit plan.

Capabilities, monitoring and execution

An APRA-regulated entity must maintain the capabilities required to execute the recovery and exit plan.
[12]
These capabilities may be maintained within the APRA-regulated entity or via an appropriate agreement with an external party.
An APRA-regulated entity must take reasonable preparatory steps to support the timely and effective implementation of the recovery and exit plan, in advance of recovery or exit actions being required. This must take into consideration potential legal, financial, operational and structural requirements for executing recovery or exit actions.
An APRA-regulated entity must maintain access to sufficient financial resources to support the implementation of recovery and exit actions included in the recovery and exit plan.
An APRA-regulated entity must regularly monitor the indicators of stress that would be used to trigger activation of the recovery and exit plan or the specific actions within it.

Testing and review

Unless APRA determines otherwise, an APRA-regulated entity must review and update its recovery and exit plan:
for an SFI, at least annually; and
for a non-SFI, at least every three years.
An APRA-regulated entity must review and update its recovery and exit plan to reflect any significant changes in legal or organisational structure, business mix, strategy or risk profile.
An SFI must undertake a comprehensive review at least every three years of the effectiveness of the recovery and exit plan and its readiness and capabilities to execute it. The comprehensive review must be conducted by operationally independent, appropriately experienced and competent persons.
As part of the comprehensive review, an SFI must conduct operational testing to simulate the use of the recovery and exit plan. This must involve a test of the governance arrangements, communication plan, operational elements of key actions, and internal reporting.

Notification

An APRA-regulated entity must provide a copy of the recovery and exit plan to APRA following each review, within three months of the recovery and exit plan being approved by the Board.
An APRA-regulated entity must notify APRA if it has activated its recovery and exit plan.