๐—–๐—ฎ๐—ป ๐˜†๐—ผ๐˜‚ ๐—บ๐—ฒ๐—ฎ๐˜€๐˜‚๐—ฟ๐—ฒ ๐˜๐—ต๐—ฒ ๐—ฐ๐—ผ๐—บ๐—ฝ๐—น๐—ถ๐—ฎ๐—ป๐—ฐ๐—ฒ ๐—ฟ๐—ถ๐˜€๐—ธ ๐—บ๐—ฎ๐˜๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ผ๐—ณ ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ผ๐—ฟ๐—ด๐—ฎ๐—ป๐—ถ๐˜€๐—ฎ๐˜๐—ถ๐—ผ๐—ป?

  • Compliance Advocacy Solutions
  • Bills
  • Family
  • News
  • ๐—–๐—ฎ๐—ป ๐˜†๐—ผ๐˜‚ ๐—บ๐—ฒ๐—ฎ๐˜€๐˜‚๐—ฟ๐—ฒ ๐˜๐—ต๐—ฒ ๐—ฐ๐—ผ๐—บ๐—ฝ๐—น๐—ถ๐—ฎ๐—ป๐—ฐ๐—ฒ ๐—ฟ๐—ถ๐˜€๐—ธ ๐—บ๐—ฎ๐˜๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ผ๐—ณ ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ผ๐—ฟ๐—ด๐—ฎ๐—ป๐—ถ๐˜€๐—ฎ๐˜๐—ถ๐—ผ๐—ป?

APRA has mandated an insurerย to undertake a risk remediation program & has increased its capital requirements in response to concerns about its risk governance.

APRAโ€™s decision follows a prudential review that identified significant weaknesses in the insurer’s risk governance, risk management & compliance practices. These included capability & capacity weaknesses in the risk function, ineffectiveness of the โ€œthree lines of defenceโ€ model, & weak risk reporting. The review also revealed unclear accountabilities and responsibilities across the business, & overall, an immature risk culture.

Given the heightened prudential risk arising from the identified weaknesses, APRA has also imposed an additional $50 million capital requirement in the form of an operational risk charge.

๐™ˆ๐™š๐™–๐™จ๐™ช๐™ง๐™ž๐™ฃ๐™œ ๐™˜๐™ค๐™ข๐™ฅ๐™ก๐™ž๐™–๐™ฃ๐™˜๐™š ๐™ง๐™ž๐™จ๐™  ๐™ข๐™–๐™ฉ๐™ช๐™ง๐™ž๐™ฉ๐™ฎ

There are many benefits in measuring compliance risk maturity:

  • Identification of gaps & weaknesses in your compliance arrangements;
  • A prioritised action plan to close out gaps by adopting a risk-based approach;
  • Enables the allocation of resources (including human, technology & financial) to those areas of strategic, customer or regulatory importance;
  • Provides transparent criteria to benchmark progress & facilitate board reporting; &
  • Enables different maturity levels to be set as targets for each of the 4 components.

๐™ƒ๐™ค๐™ฌ ๐™ฉ๐™ค ๐™˜๐™ค๐™ฃ๐™™๐™ช๐™˜๐™ฉ ๐™–๐™ฃ ๐™–๐™ฃ๐™–๐™ก๐™ฎ๐™จ๐™ž๐™จ ๐™ค๐™› ๐™˜๐™ค๐™ข๐™ฅ๐™ก๐™ž๐™–๐™ฃ๐™˜๐™š ๐™ง๐™ž๐™จ๐™  ๐™ข๐™–๐™ฉ๐™ช๐™ง๐™ž๐™ฉ๐™ฎ (๐™ž๐™ฃ ๐™ฉ๐™๐™š ๐™ž๐™ฃ๐™จ๐™ช๐™ง๐™–๐™ฃ๐™˜๐™š ๐™ž๐™ฃ๐™™๐™ช๐™จ๐™ฉ๐™ง๐™ฎ)

Step 1 –ย there are 4 components or categories that are assessed from a compliance risk perspective – (1) governance, (2) process & procedures, (3) people and (4) systems & reporting. A compliance review is conducted to determine the firm’s current state against each of these components;

Step 2 –ย the current state is assessed as either ‘basic, evolving, established, advanced or optimised’. Pre-agreed criteria is used to describe each phase of maturity enabling a robust conversation to take place so that a realistic current state is determined. The current state is plotted on the matrix for each category;

Step 3 –ย recognising the cost-benefit trade-off, the board sets the desired level of risk maturity to be achieved over a defined period for each component. For example, the Board may set a target that within 18 months: systems will be ‘Advanced’ while people will be ‘Optimised’. This enables a strategic allocation of resources & a plan that can be shared with key stakeholders;

Step 4 –ย actions are developed, cost & approved to achieve the target level of risk maturity for each of the 4 components;

Step 5 –ย Progress to plan is monitored & included in board reporting.

Please contact me if you would like to explore the compliance reviews & risk maturity assessments I provide.