Last week, APRA Deputy Chair John Lonsdale delivered a speech at the COBA CEO and Director Forum.

Reflecting on the history of the mutual sector, Lonsdale highlighted APRA’s recent review of mutuals exiting the industry and their performance 12 months prior to their exit. It brought to the fore several issues that could lead to potential future mutual exits, such as poor performance on cost management, lending growth and profitability.

APRA also considers good governance to be preconditioned to sustainable success, regardless of industry sector. Outdated practices employed mean that there are a number of areas where mutuals should continually evolve and be vigilant, particularly in relation to board tenure, composition and a mutual ADI’s Bond. Consistent with CPS 510, good governance practice would include:

  1. Fixed term tenures for directors and robust board renewal planning - there should be consideration for how the length of the director’s tenure will impact their performance. APRA have signified a preference for a maximum of 10 years tenure, due to concerns that long tenures impact the ability for a director to exercise independent judgement for reasons such as being too closely aligned to management or past decisions and less likely to challenge decisions.
  2. Board composition and capability - ensuring the board has the full breadth of skills and capability required by the board, for example having suitable banking experience. A skills matrix should be implemented to not only ensure the skills required, but that they are assessed against the matrix so that any gaps can be addressed.
  3. Assessing board performance, committees and individual directors - annual assessment by qualified independent experts with a suitable remediation plan to track and address recommendations.

APRA further highlighted three core priorities to “support a strong, stable mutual sector”, being:

  • Cyber risk
  • Risk culture
  • Contingency and continuity frameworks

Cyber risk

To increase regulated entities preparedness for cyber-attacks, APRA is conducting CPS 234 independent reviews. COBA members are the first to undertake these reviews, which are likely to conclude for this group by the end of 2022.

Prior to this week’s speech from APRA Deputy Chair John Lonsdale, APRA has emphasised the importance of board assurance and data recovery in relation to potential cyber attacks and the CPS 234 reviews.

Risk culture

APRA’s recent survey highlighted mutuals lagging behind other banks in their cohort when it comes to the effectiveness of risk management policies, and appropriate frameworks in place to mitigate risk.

Referring back to a recent article we published on there are six key steps to effectively measure and audit risk culture:

  1. Consider the changing role of Internal Audit and how you can better leverage it to support the provision of insights on culture and conduct to the Board of Financial Institutions.
  2. Define desired risk culture of the organisation.
  3. Establish/identify the current state.
  4. Bridging the gap between current and desired state: plan for future and development of an appropriate risk culture audit model.
  5. Establish appropriate tools to assess, measure and report on risk culture.
  6. Determine approach to ‘learnings’, knowledge sharing and ‘moments of truth’.

Contingency and continuity frameworks

Further to an ADI’s risk management framework, APRA has conveyed the necessity for a contingency plan when facing financial stress.

Read APRA Deputy Chair John Lonsdale’s full speech here.