The Board is ultimately responsible for the sound and prudent management of an RSE licensee’s business operations.[4] 

The Board, in fulfilling its functions, may delegate authority to management to act on behalf of the Board with respect to certain matters, as decided by the Board. This delegation of authority must be clearly set out and documented. The Board must have mechanisms in place for monitoring the exercise of delegated authority. The Board cannot abrogate its responsibility for functions delegated to management.

The Board must ensure that the directors and the senior management of the RSE licensee, collectively, have the full range of skills needed for the effective and prudent operation of the RSE licensee’s business operations, and that each director has skills that allow them to make an effective contribution to Board deliberations and processes. This includes the requirement for directors, collectively, to have the necessary skills, knowledge and experience to understand the risks of the RSE licensee’s business operations, including its legal and prudential obligations, and to ensure that the RSE licensee’s business operations are managed in an appropriate way taking into account these risks. This does not preclude the Board from supplementing its skills and knowledge by engaging external consultants and experts.

Where the Board establishes a board committee that has responsibility for activities that have the potential to have a material impact on the interests, or reasonable expectations, of beneficiaries[5], or to the long term financial soundness of the RSE licensee, any of its RSEs or connected entities[6], an RSE licensee must ensure that only a director of the RSE licensee holds the position of chairperson on that board committee.

Senior management of an RSE licensee must be ordinarily resident in Australia.

Directors and senior management of an RSE licensee must be available to meet with APRA on request.

The Board must provide the RSE auditor and the RSE actuary, as relevant, with the opportunity to raise matters directly with the Board.

Where an RSE licensee is part of a corporate group, and the RSE licensee utilises group policies or functions, the Board must approve the use of group policies and functions and must ensure that these policies and functions give appropriate regard to the RSE licensee’s business operations and its specific requirements.

An RSE licensee must at all times have a governance framework that sets out how the Board oversees and exercises its authority in relation to the business operations of the RSE licensee and which encompasses the totality of systems, structures, policies, processes and people within an RSE licensee’s business operations.[8] 

The Board is ultimately responsible for the establishment, implementation and oversight of the governance framework.

An RSE licensee’s governance framework must, at a minimum, include:

a formal charter that sets out the roles, responsibilities and objectives of the Board;

the Board’s policy in relation to voting rights and procedures for the decisions of the Board;

the Board’s policies on:

the size and composition of the Board and any Board committees[9];

Board renewal;

the nomination, appointment and removal of directors, including defined director terms in office and maximum tenure periods[10];

the RSE licensee’s policies and processes:

to manage risks relating to fitness and propriety of responsible persons[11]; and

relating to the management of conflicts[12]; and

a review process to ensure that the governance framework remains effective.

The chairperson of the Board must be a director of the RSE licensee.

A majority of directors of an RSE licensee must be ordinarily resident in Australia.

The Board must have procedures for assessing, at least annually, the Board’s performance relative to its objectives. It must also have in place a procedure for assessing, at least annually, the performance of individual directors.

The Board must have in place a formal policy on Board renewal. This policy must provide details of how the Board intends to renew itself in order to ensure it remains open to new ideas and independent thinking, while retaining adequate expertise.

The Board must establish and implement policies and processes for the nomination, appointment and removal of directors. These policies and processes must, at a minimum, address:

the length of the term for which a director is appointed to the Board;

the maximum tenure limit for an individual director;

how vacancies will be managed, including, where applicable, how the RSE licensee will comply with the vacancy requirements in Part 9 of the SIS Act;

the process by which a candidate will be nominated for a vacant Board position;

the factors that will be considered when assessing the suitability of a nominated candidate, including how the RSE licensee assesses the independence of the candidate where relevant and the Board’s process for determining whether a particular candidate is appointed;

the process by which a director will be appointed to the Board;

the factors that will determine when an existing director will be re-appointed, including whether the director has served on the Board for a period that could, or could reasonably be perceived to, materially interfere with their ability to act in the best interests of beneficiaries;

the process by which the Board will resolve disputes about nominations, appointment, re-appointment or removal of directors;

when and how a director will be removed from the Board; and

the Board’s policy on voting rights and procedures in relation to nomination, appointment, reappointment and removal of a director.

An RSE licensee must have a Board Audit Committee, which assists the Board by providing an objective non-executive review of the effectiveness of the RSE licensee’s financial reporting and risk management framework unless, with respect to risk management, there is another Board Committee which carries out this function.

The Board Audit Committee must have sufficient powers to enable it to obtain all information necessary for the performance of its functions.

The Board Audit Committee must have at least three members. All members of the Committee must be non-executive directors.[13] 

The chairperson of the Board may sit on the Board Audit Committee, but may not chair the Committee except where the chairperson of the Board is the only independent director (within the definition of section 10 of the SIS Act) on the Board.

The Board Audit Committee must have a charter that includes a reference to the fact that the Committee is responsible for the oversight of:

all APRA statutory reporting requirements;

other financial reporting requirements;

professional accounting requirements;

internal and external audit; and

the appointment of both the RSE auditor and internal audit function.

The Board Audit Committee must review the engagement of the RSE auditor at least annually, including making an assessment of whether the RSE auditor meets the Audit Independence tests set out in APES 110 Code of Ethics for Professional Accountants[14], as well as the additional auditor independence requirements set out in the Corporations Act 2001 (Corporations Act) (if applicable) and in this Prudential Standard.

The Board Audit Committee must regularly review the internal and external audit plans, ensuring that they cover all material risks and financial reporting requirements of the RSE licensee. It must also regularly review the findings of audits, and ensure that issues are being managed and rectified in an appropriate and timely manner.

The Board Audit Committee must ensure the adequacy and independence of both the internal and external audit functions.

The members of the Board Audit Committee must, at all times, have free and unfettered access to senior management, the internal audit function, the heads of all risk management functions, the RSE auditor and the RSE actuary, as applicable, and vice versa.

The Board Audit Committee must establish and maintain policies and procedures for employees of the RSE licensee to submit, confidentially, information about accounting, internal control, compliance, audit, and other matters about which the employee has concerns. The Committee must also have a process for ensuring employees are aware of these policies and for dealing with matters raised by employees under these policies.

Members of the Board Audit Committee must be available to meet with APRA on request.

The Board Audit Committee must invite the individual RSE auditor or lead auditor and the RSE actuary, as applicable, to meetings of the Committee.[15]

The internal auditor must have a reporting line, and unfettered access, to the Board Audit Committee.

An RSE licensee must have an independent and adequately resourced internal audit function. An RSE licensee may outsource this function where the outsourcing agreement meets the requirements of Prudential Standard SPS 231 Outsourcing. If an RSE licensee does not believe it is necessary to have a dedicated internal audit function, it must apply to APRA to seek an exemption from this requirement, setting out reasons why it believes it should be exempt. APRA may approve alternative arrangements in writing for an RSE licensee where APRA is satisfied that they will achieve the same objectives.

The objectives of the internal audit function must include evaluation of the adequacy and effectiveness of the financial and risk management framework of the RSE licensee.[16] To fulfil its functions, the internal auditor must, at all times, have unfettered access to all the RSE licensee’s business lines and support functions.

The Corporations Act contains a number of requirements in relation to auditor independence.[17] The auditor independence requirements in this Prudential Standard are substantially consistent with those requirements, and are intended to help ensure the independence of an RSE auditor engaged to perform work of a prudential nature in relation to RSE licensee law.

The Board must, to the extent practical, undertake steps to satisfy itself that the RSE auditor is independent of the RSE licensee and the RSE, and that there is no conflict of interest situation that could compromise, or be seen to compromise, the independence of the RSE auditor.[18] 

As part of the process of ascertaining the independence of the RSE auditor, an RSE licensee must obtain a declaration from the individual RSE auditor or the lead auditor to the effect that:

they are independent, both in appearance and in fact;

they have no conflict of interest situation; and

there is nothing to their knowledge (including in relation to any audit firm or audit company of which the auditor is a member or director) that could compromise that independence.

For the purposes of this Prudential Standard, a conflict of interest situation exists in relation to an RSE licensee at a particular time if, because of circumstances that exist at that time:

the individual RSE auditor or lead auditor is not capable of exercising objective and impartial judgement in relation to the conduct of the work that is undertaken for the RSE licensee in relation to RSE licensee law; or

a reasonable person, with full knowledge of all relevant facts and circumstances, would conclude that the individual RSE auditor or lead auditor is not capable of exercising objective and impartial judgement in relation to undertaking the work for the RSE licensee for the purposes of RSE licensee law.[19]

A person, who was a member of an audit firm or a director of an audit company or an individual auditor, and who served in a professional capacity in the audit of an RSE licensee in relation to RSE licensee law, cannot be appointed to the role of director or senior manager of that RSE licensee until at least two years have passed since they served in that professional capacity.

A person, who was an employee of an audit company or audit firm, other than a director of that company or member of that firm, and who acted as the lead auditor or review auditor[20] in the audit of an RSE licensee’s business operations in relation to RSE licensee law, cannot be appointed to the role of director or senior manager of that RSE licensee until at least two years have passed since they acted as the lead auditor or review auditor.

A person cannot be appointed as a director or senior manager of an RSE licensee if:

the person was, or is, a director of the audit company or a member of the audit firm that was, or is, responsible for the audit of the RSE licensee in relation to RSE licensee law; and

there is already another person appointed or employed as a director or senior manager of the RSE licensee who was a director of the audit company or a member of the audit firm, at a time when the audit company or audit firm undertook an audit of the RSE licensee at any time during the previous two years.

Until 1 July 2028, an individual who plays a significant role[21] in the audit of an RSE in relation to RSE licensee law, for five successive years, or for more than five years out of seven successive years, cannot continue to play a significant role in the audit until at least a further two years have passed, except with an exemption in writing from APRA. APRA may grant an exemption from this requirement if the individual provides specialist services that are otherwise not readily available or there are no other registered company auditors available to provide satisfactory services for the RSE licensee.[22]

For the purposes of maintaining their independence and objectivity, the RSE auditor and RSE actuary cannot both be employed by the same body corporate or related bodies corporate, or by the same firm or related firms.

No prospective, current, or former officer, employee or contractor (including professional service provider) of an RSE licensee may be constrained or impeded, whether by confidentiality clauses or other means, from disclosing information to APRA, from discussing issues with APRA of relevance to the management and prudential supervision of the RSE licensee, or from providing documents under their control to APRA, that may be relevant in the context of the management or prudential supervision of the RSE licensee. Such persons are not to be constrained or impeded from providing information to, as applicable, auditors, actuaries and others, who have statutory responsibilities in relation to the RSE licensee.

An RSE licensee must ensure that its internal policy and contractual arrangements do not explicitly or implicitly restrict or discourage auditors or other parties from communicating with APRA.

APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to:

a particular RSE licensee of an RSE; or

specified RSE licensees of RSEs.[24]

An RSE licensee must contact APRA if it seeks to place reliance, for the purposes of complying with this Prudential Standard, on an exercise of discretion by APRA made under a previous version of this Prudential Standard.