The Australian Prudential Regulation Authority (APRA) released its suite of draft prudential standards and guidance for the life insurance industry on 3 October 2006, enshrining what APRA sees as essential minimum prudential requirements for the management of life companies, and bringing the life insurance industry in line with its recently reformed compatriots in general insurance and superannuation.
The draft standards place specific minimum standards upon a life insurer in respect of:
- Risk Management (LPS 220); and
- Business Continuity Management (LPS 232).
The Prudential Practice Guides (PPGs) provide life insurers with guidance in relation to:
- Risk Management (LPG 200);
- Operational Risk (LPG 230);
- Life Insurance Risk and Life Reinsurance Management (LPG 240);
- Asset and Liability Management Risk (LPG 250;
- Conflicts of Interest under Section 48 (LPG 260); and
- Business Continuity Management (LPG 232).
APRA will accept written submissions (via email) until 31 December 2006. Following this consultation period, the finalised prudential standards and PPGs will be issued in the first quarter of 2007, with an implementation date of 1 July 2007. There will be a 12 month transitional period applying to LPS 232, however APRA has not yet finalised any transitional arrangements for LPS 220. These will be provided once responses to the draft standards and guides have been assessed by APRA.
The requirements of LPS 220
LPS 220 provides that a life insurer must be satisfied that it has a risk management framework in place, which includes:
- A written Risk Management Strategy (RMS): the RMS is a high level document, which describes the strategies and framework for risk management adopted by the board
- Written policies, controls and procedures which identify, assess, monitor, report and mitigate all material risks: APRA notes that any such monitoring must be independent and regular, with Board involvement in the process. APRA requires that each life insurer keep a breach register to record all breaches. Any material breaches must be reported to APRA. APRA has not provided a materiality test but notes that both single incidents and numerous smaller breaches can potentially meet the materiality threshold.
- A written business plan (Business Plan), formally approved by the Board of the Life Insurer: the Business Plan sets out the broad strategy of the life company and its goals and objectives for a period of at least three years.
- Defined managerial responsibilities, controls and a review process which keeps its risk management effective: responsibilities, controls and review of any risk must be documented; and
- Capital management plan: APRA requires that a capital management plan (CMP) be drafted, which sets out the life insurer's strategy for allocating and monitoring capital resources. The CMP must include how reserves will be treated and how it intends to avert potential breaches of its actuarial and prudential standards. Where a breach has occurred, the CMP must document the processes for escalation and communication of the breach to the Board and APRA (if necessary).
Aspects of LPS 220 to note
Of particular note to life insurers is APRA's inclusive view of what is a 'material risk'. Aspects of the business, which can affect materiality include:
- conflict of interest (LPG 260)
- asset and liability risk management (LPG 240)
- operational risk (including outsourcing to service providers) (LPG 230)
- life insurance risk (including reinsurance) (LPG 240); and
- strategic and tactical risks arising from the Business Plan (LPG 200).
The requirements of LPS 232
LPS 232 requires a life insurer to have a Business Continuity Management Policy (BCMP) in place, ratified by its Board. APRA considers good Business Continuity Management to include (at a minimum):
- A BCMP: this document sets out the life insurer's approach to its Business Continuity Management.
- A Business Impact Analysis: this analysis identifies and quantifies the impact or loss from an event which disrupts business operations.
- Recovery objectives and strategies: this must document recovery levels, recovery times and implementation strategies for each critical business operation.
- A Business Continuity Plan: the Business Continuity Plan must document the procedures it will utilise to manage a business disruption and to recover its critical business operations; and
- Programs for review of the BCP and training of staff in Business Continuity Management: any program must include documentation of the frequency of reviews and the testing undertaken during those reviews.
In navigating the straits of these prudential standards and ultimately satisfying APRA's requirements, life companies can learn from the collective past experiences of general insurers and superannuation trusts. Minter Ellison has recently assisted these companies throughout the process of satisfying similar prudential standards. We can also assist you in preparing any submission that you wish to make prior to the end of the consultation period on 31 December 2006.
Minter Ellison will continue to analyse the revised suite and will update clients in due course.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.