On 27 July 2017, APRA released the final version of Prudential Standard CPS 220 Risk Management (CPS 220) for Private Health Insurers (PHI). This represents the most significant change to the regulatory regime since the transition from the Private Health Insurance Administration Council (PHIAC) to APRA, with risk being the first of three phases of APRA’s PHI Policy Roadmap.
The standard will apply to all PHIs from 1 April 2018.
CPS 220 is a key part of APRA’s overall approach to sound risk management and extending it to the PHI sector was the logical next step in the move from PHIAC to APRA’s regulatory environment.
The new standard forms the foundation of the Risk Management Framework (RMF) for all APRA-regulated financial services businesses, and therefore it is critical that PHIS fully embed the principles and practices into their operations, as there will be expectations that they are quickly up to speed and operating at the same level as other APRA regulated entities.
The Board has ultimate responsibility for having a RMF that is appropriate to the size, business mix and complexity of the organisation. At a minimum, the RMF must include the Risk Appetite Statement (RAS), Risk Management Strategy (RMS) and a business plan, all of which must consider the material risks of the organisation. This requires detailed policies and procedures.
CPS 220 also stipulates the need for an “operationally independent” risk management function, to be led by a CRO who must report directly to the CEO, and a compliance function. For some organisations, this will mean changes to current operational structures.
Underpinning all of these changes is a strong tone focused on risk culture. The CEO and the Board should model this tone, which should permeate the organisation and be continually monitored and measured for effectiveness.
Building a risk management ecosystem optimised for today’s challenges requires buy-in across the organisation. Four steps that can set your organisation on the right path are:
Tel: + 61 (2) 8266 6471
Director, Risk & Regulation
Tel: +61 (2) 8266 3303
Director, Culture & Behaviours
Tel: +61 (2) 8266 3119
Manager, Culture & Behaviours
Tel: +61 (2) 8266 4937
Partner, Risk & Regulation
Tel: +61 (2) 8266 2231