Prudential standard

SPS 520 Fit and Proper

  • Superannuation
  • Current
    30 June 2024
Prudential framework pillars
Governance
Accountability
Supporting

About this standard

This standard requires an RSE licensee to determine whether individuals in positions of responsibility are fit to hold those positions. Entities must maintain appropriate policies and annually assess individuals' suitability.

This standard supports SPS 510 Governance, which is a core standard in the Governance Pillar. It applies to all RSE licensees.

Objectives and key requirements of this Prudential Standard

This Prudential Standard sets out minimum requirements for RSE licensees in determining the fitness and propriety of individuals to hold positions of responsibility. Its objective is to ensure that an RSE licensee prudently manages the risks posed to its business operations by having persons acting in responsible positions who are not fit and proper.
The ultimate responsibility for ensuring the fitness and propriety of the responsible persons of an RSE licensee rests with its Board of directors.
Persons who are responsible for the management and oversight of an RSE licensee’s business operations need to have appropriate skills, experience and knowledge, and act with honesty and integrity. These skills and qualities strengthen the protection afforded to beneficiaries and other stakeholders. To this end, RSE licensees need to prudently manage the risk that persons in positions of responsibility might not be fit and proper.
The key requirements of this Prudential Standard are:
  • an RSE licensee must have and implement a Fit and Proper Policy that meets the requirements of this Prudential Standard;
  • the fitness and propriety of a responsible person must generally be assessed prior to initial appointment and then re-assessed annually;
  • an RSE licensee must take all prudent steps to ensure that a person is not appointed to, or does not continue to hold, a responsible person position for which they are not fit and proper;
  • additional requirements must be met for RSE auditors and RSE actuaries; and
  • certain information must be provided to APRA regarding responsible persons and the RSE licensee’s assessment of their fitness and propriety.
Preamble

Superannuation (prudential standard) determination No. 4 of 2024

Prudential Standard SPS 520 Fit and Proper

Superannuation Industry (Supervision) Act 1993
I, Clare Gibney, a delegate of APRA:
(a) under subsection 34C(6) of the Superannuation Industry (Supervision) Act 1993 REVOKE Superannuation (prudential standard) determination No. 4 of 2013, including Prudential Standard SPS 520 Fit and Proper; and
(b) under subsection 34C(1) of the Act, DETERMINE Prudential Standard SPS 520 Fit and Proper in the form set out in the Schedule, which applies to all RSE licensees.
This instrument commences on 30 June 2024.
Dated: 3 June 2024
Clare Gibney
Executive Director
Policy and Advice Division

Interpretation

In this instrument:
APRA means the Australian Prudential Regulation Authority.
RSE licensee has the meaning given in section 10(1) of the Act.

Prudential Standard SPS 520 Fit and Proper

Authority

This Prudential Standard is made under section 34C of the Superannuation Industry (Supervision) Act 1993 (SIS Act).

Application and commencement

This Prudential Standard applies to all registrable superannuation entity (RSE) licensees (RSE licensees) under the SIS Act.
All RSE licensees must comply with this Prudential Standard in its entirety, unless otherwise expressly indicated.
This Prudential Standard specifies:
the fitness and propriety criteria for the purposes of certain provisions of the SIS Act; and
the eligibility criteria for RSE auditors and RSE actuaries for the purposes of the SIS Act.
This Prudential Standard commences on 30 June 2024.

Interpretation

Where this Prudential Standard provides for APRA to exercise a power or discretion, the power or discretion is to be exercised in writing.
[1]
‘RSE licensee’ has the meaning given in section 10(1) of the SIS Act.
[2]
Paragraph 19 sets out criteria for fitness and propriety for the purposes of sections 107(2)(a)(ii)(DA), 108(2)(a)(iia), 126H(6A), 130D(5A), 131AA(2A), 131A(1A) and 134(5) of the SIS Act. Paragraph 21 sets out additional criteria for fitness and propriety for RSE auditors for the purposes of sections 130D(5A), 130EA(2)(c), 131AA(2A) and 131A(1A) of the SIS Act. Paragraph 24 sets out additional criteria for fitness and propriety for RSE actuaries for the purposes of sections 130D(5A), 131AA(2A) and 131A(1A) of the SIS Act.
[3]
Paragraphs 19 and 21 set out the eligibility criteria for auditors for the purposes of sections 35AC(2)(a), 35AC(2A)(a)(i), 35AC(6)(a), 35AC(7)(a)(i), 130D(4)(aa), 130D(4)(ab), 130EA(2)(b), 131AA(2)(ba) and 131A(1)(aa) of the SIS Act. Paragraphs 19 and 24 set out the eligibility criteria for actuaries for the purposes of paragraphs 35AD(2)(a), 35AD(6)(a), 130D(4)(aa), 131AA(2)(ba) and 131A(1)(aa) of the SIS Act.

Fit and Proper Policy

An must prudently manage the risks that persons acting in responsible person positions who are not fit and proper pose to the interests, or reasonable expectations, of beneficiaries, the financial position of the RSE licensee, any of its RSEs or connected entities, or in relation to any other relevant prudential matter. To this end, an RSE licensee must have a documented policy relating to the fitness and propriety of its responsible persons that meets the requirements of this Prudential Standard (Fit and Proper Policy).
RSE licensee
RSE licensee has the meaning given in section 10(1) of the Act.
[4]
Refer to paragraph 16 for the definition of responsible person position.
[5]
For the purposes of this Prudential Standard, a reference to ‘beneficiaries’ is a reference to ‘beneficiaries of an RSE within the RSE licensee’s business operations’, an ‘RSE licensee’s business operations’ includes all activities as an RSE licensee (including the activities of each RSE of which it is the licensee), and all other activities of the RSE licensee to the extent that they are relevant to, or may impact on, its activities as an RSE licensee and ‘connected entity’ has the meaning given in section 10(1) of the SIS Act. Refer also to Part 3A of the SIS Act.
The Fit and Proper Policy must be approved by the Board of an RSE licensee (the Board).
[6]
For the purposes of this Prudential Standard, a reference to ‘the Board’ is a reference to the Board of directors or group of individual trustees of an RSE licensee and ‘group of individual trustees’ has the meaning given in section 10(1) of the SIS Act.
An RSE licensee must take all reasonable steps to ensure that each responsible person is aware of, and understands, the provisions of its Fit and Proper Policy.
The Fit and Proper Policy must form part of an RSE licensee’s risk management framework.
[7]
  As required by Prudential Standard SPS 220 Risk Management.
Nothing in this Prudential Standard prevents an RSE licensee from adopting and applying a group Fit and Proper Policy used by a connected entity, provided that the policy has been approved by the Board in accordance with paragraph 8 and meets the requirements of this Prudential Standard.

Responsible persons

A responsible person of an RSE licensee is:
a director of the RSE licensee;
[8]
  For the purposes of this Prudential Standard, a reference to ‘a director’ is a reference to a director of an RSE licensee which has a Board of directors or, in the case of a group of individual trustees, an individual trustee.
a secretary of the RSE licensee;
a senior manager of the RSE licensee;
an individual RSE auditor or a lead auditor, appointed to conduct an audit of an RSE for which the RSE licensee is trustee, or of any connected entity of the RSE licensee;
[9]
  ‘RSE auditor’ has the meaning given in section 10(1) of the SIS Act. ‘Lead auditor’ has the meaning given in section 11F of the SIS Act.
an RSE actuary who is appointed to perform an actuarial function under RSE licensee law; and
[10]
  ‘RSE actuary’ and ‘RSE licensee law’ have the meaning given in section 10(1) of the SIS Act.
a person who performs activities for a connected entity of the RSE licensee where those activities could materially affect the whole, or a substantial part, of the RSE licensee’s business operations, or its financial standing, either directly or indirectly.
A person need not be an employee of an RSE licensee to be a responsible person if they are within one of the definitions in paragraph 12. In some circumstances a consultant, contractor or employee of another entity may be a responsible person.
In addition to persons who meet the definition of a responsible person, may determine that a person is a responsible person if APRA is satisfied that the person plays a significant role in the management or control of the RSE licensee, or that the person’s activities may materially impact on the interests, or reasonable expectations, of beneficiaries, or the financial position of the RSE licensee, any of its RSEs or connected entities, or any other relevant prudential matter.
APRA
APRA means the Australian Prudential Regulation Authority.
APRA may determine that a person is not a responsible person in relation to a particular position, responsibility or activity if APRA is satisfied that the person does not play a significant role in the management or control of the RSE licensee or that the person’s activities may not materially impact on the interests, or reasonable expectations, of beneficiaries, or the financial position of the RSE licensee, any of its RSEs or connected entities, or any other relevant prudential matter.
‘Responsible person position’ means the responsibilities or activities of a responsible person that would lead to the person being a responsible person within one of the definitions in paragraph 12.

Senior managers

‘Senior manager’, in relation to an RSE licensee, means a person (other than a director of the RSE licensee) who:
makes, or participates in making, decisions that affect the whole, or a substantial part, of the RSE licensee’s business operations;
has the capacity to affect significantly the RSE licensee’s business operations or its financial standing;
[11]
Paragraphs 17(a) and (b) are intended to be interpreted consistently with the definition of ‘senior manager’ (in relation to a corporation) in section 9 of the Corporations Act 2001 (Corporations Act).
may materially affect the whole, or a substantial part, of the RSE licensee’s business operations or its financial standing through their responsibility for:
enforcing policies and implementing strategies approved by the Board;
the development and implementation of systems used to identify, assess, manage or monitor risks in relation to the RSE licensee’s business operations; or
monitoring the appropriateness, adequacy and effectiveness of risk management frameworks; or
is otherwise an executive officer of the RSE licensee.
[12]
‘Executive officer’ has the meaning given in section 10(1) of the SIS Act. Where the RSE licensee is a group of individual trustees, an executive officer is a person, by whatever name called, who is concerned or takes part in the management of the body.

Criteria to determine if a responsible person is fit and proper

An RSE licensee must clearly define and document the competencies required for each responsible person position.
For the purposes of the SIS Act and for the purposes of determining whether a person is fit and proper to hold a responsible person position, the criteria are whether:
[13]
Refer to section 126H(6A) of the SIS Act.
it would be prudent for an RSE licensee to conclude that the person possesses the competence, character, diligence, experience, honesty, integrity and judgement to perform properly the duties of the responsible person position;
it would be prudent for an RSE licensee to conclude that the person possesses the education or technical qualifications, knowledge and skills relevant to the duties and responsibilities of an RSE licensee;
the person is not disqualified under the SIS Act from holding the position; and
the person either:
has no conflict in performing the duties of the responsible person position; or
if the person has a conflict, it would be prudent for an RSE licensee to conclude that the conflict will not create a material risk that the person will fail to perform properly the duties of the position.

Additional criteria applying to RSE auditors 

[15]
Refer to SPS 510 for the requirement for auditors to be independent.
The criteria for fitness and propriety of an individual RSE auditor and a lead auditor, for the purposes of the SIS Act are those contained in paragraphs 19 and 21. 
[16]
Refer to section 35AC(2)(a) of the SIS Act.
The additional criteria which must be met for an individual RSE auditor and a lead auditor to be fit and proper are that the person:
is registered as an auditor under the Corporations Act 2001 (Corporations Act) or is the Auditor-General (or a delegate of the Auditor-General) of the Commonwealth, a State or Territory;
is not the Chief Executive Officer (CEO) or a director or employee of (i) the RSE licensee or (ii) a connected entity;
has a minimum of five years’ relevant experience in the audit of the business operations of RSE licensees;
has experience relating to the business operations of RSE licensees that is sufficiently relevant and recent to provide reasonable assurance that the person is familiar with current issues in the audit of the business operations of RSE licensees;
is not:
the RSE actuary of an RSE within the RSE licensee’s business operations;
an employee or director of a body corporate, statutory body, partnership, trust, or commercial or professional enterprise of any kind of which the RSE actuary is an employee or director; or
[17]
Refer to SPS 510 for a similar restriction on the RSE auditor and RSE actuary being from the same entity.
a partner of the RSE actuary;
is a member of a recognised professional body; and
is ordinarily resident in Australia.
A criterion in paragraph 21 does not apply if the following conditions are met:
the RSE licensee reasonably considers that there are exceptional circumstances;
the RSE licensee has promptly notified APRA that the criterion is not satisfied and of the exceptional circumstances as to why it should not apply; and
APRA has notified the RSE licensee that APRA has no objections to the person holding the position in question.

Additional criteria applying to RSE actuaries

The criteria for fitness and propriety of an RSE actuary for the purposes of the SIS Act are those contained in paragraphs 19 and 24. 
[18]
Refer to section 35AD(2)(a) of the SIS Act.
The additional criteria that must be met for a person to be fit and proper to act as an RSE actuary are that the person:
has appropriate formal qualifications;
is not the CEO or a director or employee of (i) the RSE licensee or (ii) a connected entity;
is not:
the auditor of the RSE licensee;
the RSE auditor of an RSE within the RSE licensee’s business operations;
an employee or director of an entity of which the RSE auditor is an employee or director; or
a partner of the RSE auditor;
has a minimum of five years’ relevant experience in the provision of actuarial services to RSE licensees and RSEs or in superannuation more generally, that is sufficiently relevant and recent to provide reasonable assurance that the person is familiar with current issues in the provision of actuarial services to the business operations of RSE licensees;
is a Fellow or Accredited Member (however described) of the Institute of Actuaries of Australia; and
[19]
A reference to ‘Fellow’ and ‘Accredited Member’ is to be read as defined by the Institute of Actuaries of Australia.
is ordinarily resident in Australia.
A criterion in paragraph 24 does not apply if the following conditions are met:
the RSE licensee reasonably considers that there are exceptional circumstances;
the RSE licensee has promptly notified APRA that the criterion is not satisfied and of the exceptional circumstances as to why it should not apply; and
APRA has notified the RSE licensee that APRA has no objections to the person holding the position.

Process for assessment of fitness and propriety

The Fit and Proper Policy must include the processes to be undertaken in assessing whether a person is fit and proper for a responsible person position (fit and proper assessment). The processes must include details of:
a statement of who will conduct fit and proper assessments on behalf of the RSE licensee;
what information will be obtained and how it will be obtained;
the matters that will be considered before determining if a person is fit and proper for a responsible person position; and
the decision-making processes that will be followed.
The Fit and Proper Policy must specify the actions to be taken where a person is assessed as being not fit and proper.
The Fit and Proper Policy must provide that a copy of the Policy is to be given to:
any candidate for election or appointment as a director of the RSE licensee as soon as possible after the candidate is nominated; and
any other person before an assessment of their fitness and propriety is conducted.
The Fit and Proper Policy must require a fit and proper assessment to be completed before a person becomes the holder of a responsible person position unless they hold the position because APRA has determined that the person is a responsible person under paragraph 14. In such cases, the Fit and Proper Policy must require an assessment to be completed within 28 days of the person becoming the holder of the responsible person position or 28 days after APRA makes the determination under paragraph 14.
Interim appointment to a responsible person position may be made without a full fit and proper assessment for a period of up to 90 days (or longer with APRA’s written agreement) including any prior period of interim appointment. Prior to making such an appointment, reasonable steps must be taken, as specified in the Fit and Proper Policy, to assess the fitness and propriety of the person. The RSE licensee must complete a full fit and proper assessment prior to appointing the person to the responsible person position on a permanent basis.
The Fit and Proper Policy must require annual fit and proper assessments (or as close to annual as is practicable) for each responsible person position.
When a fit and proper assessment is conducted, an RSE licensee must make all reasonable enquiries to obtain information, including collecting sensitive information as defined in the Privacy Act 1988, that it believes may be relevant to an assessment of whether the person is fit and proper to hold a responsible person position.
[20]
Including following the processes described in the Fit and Proper Policy under paragraph 26(b).
Where a responsible person has been assessed as fit and proper, but an RSE licensee subsequently becomes aware of information that may result in the person being assessed as not fit and proper, the RSE licensee must take all reasonable steps, including collecting sensitive information as defined in the Privacy Act 1988 if relevant, to ensure that it can prudently conclude that no material fitness and propriety concern exists. Where a concern exists, a full fit and proper assessment must be conducted.
The Fit and Proper Policy must contain adequate provisions:
to encourage any person to disclose information that may be relevant to a fit and proper assessment to the RSE licensee or to APRA;
to enable the disclosure to APRA of any information the RSE licensee is required to provide under this Prudential Standard; and
for giving or obtaining any consents required for the collection and use of any information:
by the RSE licensee to comply with the Fit and Proper Policy or this Prudential Standard; and
by APRA for its powers and functions under the SIS Act.
The Fit and Proper Policy must require that sufficient documentation for each fit and proper assessment is retained to demonstrate the fitness and propriety of the RSE licensee’s current, and recently past, responsible persons.

Whistleblowing

[21]
Also refer to the provisions in SPS 510 for not constraining persons from providing information.
The Fit and Proper Policy must include adequate provisions to allow whistleblowing if a person has information that a responsible person does not meet the RSE licensee’s fit and proper criteria. The Fit and Proper Policy must ensure that the RSE licensee and its connected entities consent to the person providing that information to either the person responsible for conducting fit and proper assessments or APRA.
The Fit and Proper Policy must include adequate provisions to allow any person who has information that the RSE licensee has not complied with this Prudential Standard to provide that information to APRA.
The Fit and Proper Policy must provide that the RSE licensee and its connected entities consent to any person who held a responsible person position disclosing information or providing documents to APRA relating to their reasons for resignation, retirement or removal.
An RSE licensee must not, and must ensure that its connected entities do not, constrain, impede, restrict or discourage, whether by confidentiality clauses, policies or other means, any person from disclosing information or providing documents to APRA about matters referred to in paragraphs 36 to 38 inclusive.
The Fit and Proper Policy must require that all provisions of the Policy encouraging whistleblowing, and the procedures relating to whistleblowing, are adequately explained to directors and employees of the RSE licensee and its connected entities who are likely to have information relevant to fit and proper assessments.
APRA does not require that an RSE licensee impose an obligation on any person to make the disclosures under paragraphs 36 to 38 inclusive. However, the Fit and Proper Policy must require that all reasonable steps be taken to ensure that no person making such disclosures in good faith is subject to, or threatened with, a detriment because of any notification in purported compliance with the requirements of the Fit and Proper Policy.

When a responsible person is not fit and proper

Where an RSE licensee has assessed that a person is not fit and proper, or a reasonable person in the RSE licensee’s position would make that assessment, the RSE licensee must take all steps it reasonably can to ensure that the person:
[22]
Including the actions outlined in the Fit and Proper Policy in accordance with paragraph 34.
is not appointed to; or
for an existing responsible person, does not continue to hold,
the responsible person position.

Informing APRA

An RSE licensee must notify APRA of the following information for each responsible person:
the title of the responsible person position;
the person’s full name;
the person’s date of birth (for identification purposes only);
the person’s position and main responsibilities; and
a statement of whether the person has been assessed under the Fit and Proper Policy.
An RSE licensee must ensure that the information provided under paragraph 43 remains correct for all of its responsible persons.
[23]
Under Reporting Standard SRS 520.0 Responsible Persons Information (SRS 520.0), an RSE licensee must provide revised information to APRA within 14 days of any change or new appointment.
If a person remains in a responsible person position, despite the RSE licensee’s assessment that the person is not fit and proper, the RSE licensee must promptly notify APRA in writing of the reason for this and the action that is being taken. 
[24]
Under SRS 520.0, an RSE licensee must notify APRA within 14 days if it assesses that a responsible person is not fit and proper. If the responsible person is an auditor, refer to section 331AK of the Corporations Act for requirements relating to the removal and resignation of RSE auditors.
The information or notifications required by this Prudential Standard must be given in such form, if any, and by such procedures, if any, as APRA publishes on its website from time to time.
An RSE licensee must take reasonable steps to:
obtain any information and documentation that APRA asks of it; and
provide that information to APRA,
to assist APRA in assessing the fitness and propriety of a person. This could include providing the Fit and Proper Policy to APRA on request.
An RSE licensee must take reasonable steps to satisfy itself that a person holding, or proposed to hold, a responsible person position is not a disqualified person within the meaning of section 120 of the SIS Act. To this end, the RSE licensee must satisfy itself that the person has never been convicted of any offence of dishonesty in any jurisdiction, whether in Australia of overseas. Other than for this purpose, APRA does not and will not require disclosure of spent convictions where precluded under Part VIIC of the Crimes Act 1914.

Adjustments and exclusions

APRA may adjust or exclude a specific prudential requirement in this Prudential Standard in relation to:
a particular RSE licensee of an RSE; or
specified RSE licensees of RSEs.
[25]
Refer to section 34C(5) of the SIS Act.

Previous exercise of discretion

An RSE licensee must contact APRA if it seeks to place reliance, for the purposes of complying with this Prudential Standard, on an exercise of discretion made by APRA under a previous version of this Prudential Standard.