New and novel risks are constantly emerging for the financial industry

Wayne Byres, Chairman APRA discusses how financial promises made by the institutions that APRA supervises are met within a stable, efficient, and competitive financial system to Parliament.

As the prudential supervisor of the financial services industry, APRA currently supervises around 2000 institutions across authorised deposit-taking institutions (banks, credit unions and building societies), general insurers, life insurers, private health insurers, friendly societies, and most trustees of the superannuation industry.

In total, these institutions hold about $US8 trillion in assets for Australian depositors, policyholders, and superannuation fund members. That amount is up by around one-third from just five years ago, highlighting that, notwithstanding the financial and economic ups and downs in recent years, the financial system has continued to grow strongly.

This hearing is formally to discuss APRA’s Annual Report for the 2020/21 year. That Report detailed how APRA and the Australian financial system responded to the significant health and economic impact of the COVID-19 pandemic that dominated the year. In that report, we noted that the Australian financial system remained financially and operationally resilient during a period of immense disruption, and regulated institutions – banks, insurers, and superannuation funds – all played important roles in supporting the broader Australian community through an extremely difficult time.

However, given we are about to publish our Annual Report for 2021/22, I thought I would focus my opening remarks on a few more contemporary issues. In doing so, I want to start by emphasising that the Australian financial system remains in sound shape, with financial institutions that are, in aggregate, well capitalised, liquid, profitable and operationally resilient, and well-positioned to continue to deliver services and support the Australian economy.

That is important, because we are obviously not the first to note that the economic outlook and operating environment in Australia is rapidly evolving. More broadly, frequent natural disasters, elevated geopolitical tensions, and cyber threats – most recently evidenced by the Optus data breach – and the lingering impact of COVID-19 are creating volatility in financial markets, increasing cost pressures for all industries and heightening risks in the financial system. These pressures are occurring alongside developments in technology and digital innovation which are rapidly changing business models and the operating landscape.

Against that backdrop, I wanted to briefly outline for the Committee some of the key critical work streams underway at APRA to ensure the ongoing stability and resilience of the Australian financial system.

As we repeat often, a strong financial system is not just dictated by traditional metrics of financial strength. New and novel risks are constantly emerging. This means APRA is devoting increasing share of its efforts to a range of industry-wide themes:

  • deepening our understanding of how technological change and digital innovation will transform the financial system.
  • materially enhancing the cyber and operational resilience of the financial institutions.
  • ensuring institutions take well-informed approaches to managing climate-related financial risks.
  • establishing plans for institutions’ recovery from financial stress or, if they are no longer viable, arranging their resolution without the need for taxpayer support; and
  • strengthening institutions’ governance, risk culture, remuneration and accountability.

On this last point, I note that the Financial Accountability Regime (FAR) legislation is currently before the parliament. APRA and the Australian Securities and Investment Commission (ASIC) have been working extensively in recent months to be ready to jointly administer this regime, including developing joint administration frameworks and systems to support entities with the implementation and ongoing compliance with the FAR. We will be ready to go if parliament passes the legislation.

We also have two major initiatives underway that will materially benefit APRA-regulated institutions, and other stakeholders. These are to:

  • modernise APRA’s prudential architecture and approach to regulation in the face of new technology and an evolving financial system; and
  • enhance our collection, use and publication of data to support better decision-making.

Both are substantial, multi-year projects that will bring major efficiencies for APRA and the regulated institutions that must comply with our requirements and meet our data obligations.

And then, within each sector of the financial system, we have several industry-specific priorities.

In banking, we are devoting considerable attention to analysing the impact of a large and relatively rapid increase in interest rates. The banking industry remains well capitalised and prudentially sound, underpinned by the implementation of the Basel III and “unquestionably strong” capital reforms over the past few years. However, banks and other deposit-takers face funding cost pressures and heightened risks in credit portfolios from an environment of higher interest rates.

A particular focus of many is the housing market. While developments in this market are unlikely to create stability issues, there will inevitably be pockets of stress from borrowers who find themselves over-extended. This will be exacerbated as property prices fall.

In insurance, while adequately capitalised, each of the general, life and private health insurance industries face varying availability, affordability, and sustainability challenges. Factors creating these pressures differ across products and, in some lines of business, are becoming quite acute.

As a prudential supervisor, we cannot solve these issues ourselves. We are, though, actively collaborating with Treasury, ASIC, industry, and other stakeholders to help develop solutions that target the root cause of issues for specific insurance products. There is unfortunately no silver bullet: the drivers impacting affordability of home and commercial building insurance, such as a changing climate, differ from those impacting the availability of public liability or life insurance products. Solutions are likely to require coordinated action across all arms of government and with industry.

Finally, in superannuation our focus continues to be on identifying and addressing fund underperformance, and ensuring trustees have an unwavering focus on the interests of their members.

In August, APRA published the results of the 2022 MySuper performance test. While there were five failures, and four funds that have now been closed to new members, overall, the advent of the test, alongside the existing APRA heatmaps, has driven positive change. Trustees of underperforming funds can no longer hide from the spotlight, and we have seen a steady flow of trustees acknowledging that their members would be better placed in the hands of another, better performing trustee. This consolidation is driving costs down and seeing more members in better performing products.

As the committee would be aware, a review of the Your Future Your Super reforms is now underway. The review will give stakeholders the opportunity to have a say as to what enhancements could be made to the reforms, including the performance test. From APRA’s perspective, a review after two cycles of the test makes good sense.

Transparency on how businesses handle customers data

Cisco published its 2022 Consumer Privacy Survey, an annual global review of consumers’ perceptions and behaviours on data privacy. This year’s survey highlights the critical need for further transparency as consumers say their top priority is for organizations to be more transparent on how they use their personal data. The survey also showed that while, in theory, consumers are supportive of AI (with 54 per cent willing to share their anonymized data to improve AI products), many (65 per cent) have lost trust in organizations due to their use of AI. “Organizations need to explain their data practices in simple terms and make them readily available so that customers and users can understand what is going on with their data. It is not just legally required; trust depends on it,” says Harvey Jang, Cisco Vice President, Deputy General Counsel and Chief Privacy Officer.

This year, 81 per cent of respondents agreed that the way an organization treats personal data is indicative of how it views and respects its customers – the highest per centage since Cisco began tracking it in 2019.

Consumers Are Increasingly Acting

In response to the erosion of trust in organizations’ ability to protect data, many consumers are acting to better protect their data themselves including:

  • 76 per cent say they would not buy from a company who they do not trust with their data
  • 37 per cent indicated they had indeed switched providers over data privacy practices
  • 53 per cent say they manage their cookie settings from a website before accepting
  • 46 per cent of those with a home listening device say they turn it off regularly to protect their privacy

Disconnect Between Business and Consumers When It Comes to AI

Ever-evolving technologies make it difficult for consumers to trust companies with their data. Most respondents believe the potential benefits of AI outweigh the risk, provided proper de-identification is in place, with 54 per cent willing to share their anonymized personal data to help improve AI-based products and decision-making.

However, there is a disconnect between businesses and consumers: while 87 per cent of organizations believe they have processes in place to ensure automated decision-making is done in accordance with customer expectations, 60 per cent of respondents expressed concern about how organizations are using their personal data for AI. Powerful steps organizations can take to address this include giving consumers the opportunity to opt-out of the AI application and explain how their AI application works.

Desire for Government to Play a Primary Role

Finally, more than half said national or local government should play the primary role when it comes to protecting consumers data. Many consumers do not trust private companies to be responsible with personal data on their own accord.

As governments and organizations continue to demand protections on data transferred outside their national borders, more are putting in place data localization requirements, demanding data to be physically stored in the country or region where it was collected. Yet data localization comes at a price. The Cisco 2022 Data Privacy Benchmark Study reported that 88 per cent of surveyed organizations experience significant additional operational costs due to data localization. Consumers are evenly split on the value of data localization (41 per cent in favour, 41 per cent against) if it adds cost to the products and services they buy.

“We hope that the insights from this survey will motivate organizations to continue to prioritize their customers’ desire for security, privacy, and transparency,” said Brad Arkin, Cisco Senior Vice President, Chief Security and Trust Officer.


Leave a Comment

Related posts