The financial sector took a hit during the COVID-19 pandemic, pushing regulators and insurance companies to figure out what emerging risks need addressing as the country recovers. The Australian Prudential Regulation Authority (APRA) has identified three key issues critical to the sector's long-term strength and resilience.
In a speech to the Committee for the Economic Development of Australia, APRA chair Wayne Byres identified climate-related risks; governance, culture, remuneration, and accountability (GCRA); and cyber security risks as key issues that the sector must address in order to remain stable.
Since the Australian government joined the Paris Agreement in 2016, APRA has been raising awareness of climate-related risks to the financial sector.
Byres noted that the financial sector has been increasingly alert to the potential risks of climate change, particularly the general insurance sector, which is at the forefront of physical climate risks.
This month, APRA released a draft prudential practice guide to help financial institutions better understand and manage the financial risks caused by climate change. The guide emphasised that climate considerations must be a part of any decision-making process if financial institutions want to make well-informed decisions.
“Financial institutions need to understand where, how, and to what extent those risks will impact their business and consider how they should respond,” Byres said. “An improved understanding of the impacts of climate change should equip the financial sector to grasp the business opportunities that a changing climate will generate, as new investment is needed, new technologies emerge, and economies and new businesses grow.”
The second area that the financial sector must focus on is GCRA, as poorly structured incentives and lack of accountability for poor outcomes “created a recipe for excessive risk-taking that proved very costly for society,” according to the regulator.
APRA addressed GCRA issues by slowing down work in 2020, reallocating resources to more pressing issues, and releasing an updated prudential standard on remuneration (open for feedback). The regulator will also release a draft prudential practice guide to aid in its implementation.
“We remain of the view that systemic weaknesses in GCRA are often the root cause of problems that crystallise into significant, unexpected, and damaging financial losses. With that in mind, I'd like to mention two important initiatives that evidence our continued commitment to lifting standards of governance, culture, remuneration, and accountability across the financial system,” Byres said.
APRA also identified cyber security risks as a crucial issue that needs to be addressed by the sector, which Byres deemed the most difficult prudential threat.
He commented: “Unlike GCRA or climate risk, [cyber security risk] is driven by malicious and adaptive adversaries who are intent on causing damage. Cyclones and bushfires can be devastating, but they're not doing it on purpose.”
As part of a new strategy to address cyber security risks, APRA works closely with other arms of government – including the Council of Financial Regulators (CFR), the national security agencies, and the Department of Home Affairs – to share intelligence, pool resources, and respond quickly to plug gaps and fix weak links to keep adversaries at bay.
The regulator is also working on a more active cyber defence testing regime in conjunction with the CFR agencies.
“This involves enlisting specialist expertise to actively probe for gaps and weaknesses in an institution's cyber defences using tools and techniques employed by real-life adversaries,” Byres added. “We have a pilot exercise underway, which we hope will give us valuable insights into not just the cyber resilience of individual institutions that are part of the pilot program, but also any systemic weaknesses that may present a risk to the integrity of the Australian financial markets and financial system.”