In December 2023, the Australian Prudential Regulation Authority (APRA) introduced the draft Australian Prudential Standard (APS) 117 on Interest Rate Risk in Banking Book (IRRBB), slated to come into effect on 1 October 2025.

A significant aspect of this draft is the need for non-significant financial institutions (non-SFI) to embed IRRBB management in its risk management framework (RMF).

As part of an Authorised Deposit-taking Institution’s (ADI) risk management framework (as defined under CPS 220), an ADI needs to ensure that it has a framework in place to manage its exposure to IRRBB – considering the size and complexity of its operations.

Senior management is required to have at least semi-annual reporting of its exposure to IRRBB to those charged with governance (TCWG). APRA retains supervisory authority to enforce compliance with all or specific requirements of APS 117 and may even mandate additional capital to mitigate IRRBB risks.

Following a consultation process on non-SFI requirements and APG 117, which closed on 1 March 2024, APRA expects to issue the final APS 117 in mid-2024, leading up to the October 2025 implementation.

Next steps

The IRRBB requirements in APS 117 for non-SFI were built on the general risk management requirements set out under CPS 220. APRA does not expect these requirements to materially impact non-SFIs. However, non-SFIs need to conduct a detailed gap assessment on its readiness to comply with the requirements of APS 117. The detailed gap assessment must cover the following:

Appropriate inclusion of IRRBB in the Risk Management Framework

While IRRBB is one of the risks currently managed by most of the non-SFIs, clear articulation of the non-SFI’s strategy to manage interest rate risk will be required under APS 117. The Risk Appetite Statement (RAS) should also include appropriate triggers for IRRBB exposure to aid to TCWG and Senior Management.

Board of Directors, Senior Management, and Risk Management Capability

Ensuring the effectiveness of the IRRBB, risk management of a non-SFI needs an equipped Board, Senior Management, and Risk Function. Non-SFIs should understand which capabilities are required to ensure appropriate oversight on IRRBB risk exposures.

Capacity of existing technology to measure IRRBB exposures

While a dedicated Asset-Liability Management (ALM) Module is normally applicable to SFIs using IRRBB internal model, non-SFIs need to assess the capability of existing technology to serve as IRRBB Measurement System required under APS 117. Non-SFIs need to consider the capacity of existing technology to prepare internal reports and calculate stress tests based on the six interest rate shock scenarios (as prescribed in the draft prudential practice guide).

Quality of IRRBB data and reporting

Having quality IRRBB data is a critical component to measure and report on IRRBB exposures. While non-SFIs have existing data on IRRBB, careful assessment whether these data remain ‘fit-for-purpose’ to support the non-SFIs’ capability to manage IRRBB exposure.

Integration of IRRBB into day-to-day risk management

To integrate IRRBB into day-to-day risk management, non-SFIs need to closely integrate inputs and outputs from the selected IRRBB measurement system primarily on their decision making, corporate governance, risk management and capital allocation process. Creation of IRRBB dashboards to support daily, weekly, or monthly reporting is critical to support the non-SFI’s IRRBB integration.

We’re here to help

Organisations seeking further insights into how these changes affect their operations are encouraged to reach out for guidance to ensure compliance with the forthcoming standards.

Learn more about how our Financial Services services can help you
Learn more about how our Financial Services services can help you
Visit our Financial Services page