Prudential Standards, Practice Guides and associated guidance are now available on APRA's new digital Prudential Handbook. The Handbook is designed to make it easier for you to find and interact with APRA's prudential framework, and includes powerful search and cross-referencing functionality.
This Prudential Standard requires a Level 3 Head to ensure that APRA has access to independent advice from an auditor relating to the operations, internal controls and information provided to APRA in respect of the Level 3 group. In addition, the standard sets out requirements for the roles and responsibilities of the appointed auditor.
This Prudential Standard sets out the roles and responsibilities of a general insurer’s and Level 2 insurance group’s Appointed Auditor and Group Auditor (Auditor). It also sets out the obligations of a general insurer or Level 2 insurance group to make arrangements to enable its Auditor to fulfil their responsibilities. The ultimate responsibility for providing impartial advice in relation to the operations, financial condition and internal controls of a general insurer or Level 2 insurance group rests with the Auditor. This advice is designed to assist the Board and senior management in carrying out their responsibility for the sound and prudent management of the general insurer or Level 2 insurance group.
Status: Upcoming 1 October 2024 GPS 310 Audit and Related MattersThis Prudential Standard sets out the roles and responsibilities of a general insurer’s and Level 2 insurance group’s Appointed Auditor and Group Auditor (Auditor). It also sets out the obligations of a general insurer or Level 2 insurance group to make arrangements to enable its Auditor to fulfil their responsibilities. The ultimate responsibility for providing impartial advice in relation to the operations, financial condition and internal controls of a general insurer or Level 2 insurance group rests with the Auditor. This advice is designed to assist the Board and senior management in carrying out their responsibility for the sound and prudent management of the general insurer or Level 2 insurance group.
This Prudential Standard aims to ensure that a general insurer, life company or private health insurer has access to appropriate actuarial advice to assist in the sound and prudent operation of its business. It sets out the requirements for insurers to appoint an Appointed Actuary and to establish a framework for the provision of actuarial advice. It also sets out the functions of the Appointed Actuary role.
Guidance (1) Status: Current In effect from 1 July 2019 CPG 320 Actuarial and Related MattersThis prudential practice guide was developed to support insurers and actuaries in fulfilling their responsibilities to comply with the requirements contained in CPS 320. Not all practices outlined in this guide will be relevant for every insurer, and some aspects may vary depending upon the size, business mix and complexity of the insurer’s business operations. | File type: PDF | File size: 503.62 KB
Role of the Appointed Actuary - frequently asked questions General Insurers OnlyThis Prudential Standard sets out minimum foundations for good governance of an APRA-regulated institution in the deposit-taking, general insurance, life insurance and private health insurance industries, and of a Head of a group. Its objective is to ensure that an institution and group is managed soundly and prudently by a competent Board (or equivalent), which can make reasonable and impartial business judgements in the best interests of the institution and group and which duly considers the impact of its decisions on depositors and/or policyholders.
Related resources (2) Information paper - Authorised deposit-taking institutions: guide for directorsThis information paper assists directors of authorised deposit-taking institutions (ADIs) in understanding their obligations under APRA’s prudential framework. It brings together, in one place, material requirements and guidance for ADI boards from APRA’s prudential standards and prudential practice guides (PPGs).
The objective of this Prudential Standard is to ensure that APRA-regulated entities maintain remuneration arrangements which appropriately incentivise individuals to prudently manage the risks they are responsible for, and that there are appropriate consequences for poor risk outcomes.
Guidance (1) Status: Current 18 October 2021 CPG 511 RemunerationThis PPG sets out guidance for all APRA-regulated entities on remuneration practices, to support Prudential Standard CPS 511 Remuneration (CPS 511). CPS 511 sets out requirements to ensure entities maintain remuneration arrangements which appropriately incentivise individuals to prudently manage the risks they are responsible for, and apply consequences for poor risk outcomes. | File type: PDF | File size: 735.25 KB
This Prudential Standard sets out minimum requirements for APRA-regulated institutions in determining the fitness and propriety of individuals to hold positions of responsibility. Its objective is to ensure that an institution prudently manages the risks that persons acting in responsible person positions who are not fit and proper pose to the institution’s business and financial standing.
Guidance (0)The following guidance assists with Responsible Persons reporting in D2A for: ADIs, General Insurers, Life Insurance & Friendly Societies on RF520.0; and RSE Licensees on SRF 520.0.
Reporting Forms (1) Status: In force CRF 520 Instruction guide RF 520.0 Responsible persons under CPS 520 Fit and ProperIn order to assist entities in complying with the requirement to ensure that information provided to APRA remains correct for all responsible persons, the form can be submitted at any time, however it will be provided on an annual basis to all entities submitting annual returns via D2A. Entities can use the annual form to correct and update the information they have provided to APRA throughout the year. | File type: PDF | File size: 130.35 KB
Prudential Standard GPS 520 Fit and Proper (GPS 520) sets out APRA’s requirements in relation to assessing the fitness and propriety of responsible persons of insurers and authorised NOHCs (collectively referred to as regulated institutions). This prudential practice guide aims to assist regulated institutions in complying with those requirements and, more generally, to outline prudent practices in relation to fitness and propriety. | File type: PDF | File size: 83.94 KB
Risk managementThis Prudential Standard requires an APRA-regulated institution and a Head of a group to have systems for identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks that may affect its ability, or the ability of the group it heads, to meet its obligations to depositors and/or policyholders. These systems, together with the structures, policies, processes and people supporting them, comprise an institution’s or group’s risk management framework.
Guidance (1) Status: Current April 2018 CPG 220 Risk ManagementThis PPG aims to assist APRA-regulated institutions in complying with Prudential Standard CPS 220 Risk Management (CPS 220) and, more generally, to outline prudent practices in relation to risk management. | File type: PDF | File size: 675.49 KB
Prudential Standard GPS 220 Risk Management (GPS 220) sets out APRA’s requirements of insurers in relation to risk management. This prudential practice guide aims to assist insurers in complying with those requirements in relation to credit risk and, more generally, to outline prudent practices in relation to credit risk management. | File type: PDF | File size: 63.35 KB
This Prudential Standard requires a Level 3 Head to ensure that an aggregate risk exposure external to the Level 3 group does not expose prudentially regulated institutions within the group to excessive risk. The ultimate responsibility for the aggregate risk exposure policy of a Level 3 group rests with the Board of its Level 3 Head.
Guidance (1) Status: Current 3PG 221 Aggregate Risk ExposuresPrudential Standard 3PS 221 Aggregate Risk Exposures (3PS 221) sets out APRA’s requirements in relation to the aggregation of risks across a Level 3 group. This PPG aims to assist Level 3 Heads to comply with those requirements and, more generally, to outline prudent practices in relation to certain aggregation matters. | File type: PDF | File size: 503.56 KB
This Prudential Standard requires a Level 3 Head to ensure that associations and dealings within the Level 3 group do not expose prudentially regulated institutions within the group to excessive risk.
Guidance (1) Status: Current 3PG 222 Intra-group Transactions and ExposuresPrudential Standard 3PS 222 Intra-group Transactions and Exposures (3PS 222) sets out APRA’s requirements in relation to the associations and dealings between institutions in a Level 3 group. This PPG aims to assist Level 3 Heads to comply with those requirements and, more generally, to outline prudent practices in relation to certain intra-group matters. | File type: PDF | File size: 505.33 KB
This Prudential Standard requires an APRA covered entity to have appropriate margining practices in relation to non-centrally cleared derivatives. An APRA covered entity must exchange variation margin and post and collect initial margin with a covered counterparty, subject to certain criteria.
Related resources (2) Margining and Risk Mitigation for Non-centrally Cleared Derivatives - frequentl…These frequently asked questions (FAQs) provide information to assist regulated entities to interpret Prudential Standard CPS 226 Margining and Risk Mitigation for Non-centrally Cleared Derivatives.
Substituted compliance for margin requirements for non-centrally cleared deriva… Letter to all APRA-regulated institutions other than private health insurersThis PPG aims to assist an APRA-regulated institution in complying with Prudential Standards CPS 220 Risk Management (CPS 220), SPS 220 Risk Management (SPS 220), CPS 510 Governance(CPS 510), SPS 510 Governance (SPS 510) and, more generally, to outline prudent practices in relation to climate change financial risk management. | File type: PDF | File size: 1.38 MB
The aim of this Prudential Standard is to ensure that an APRA-regulated entity is resilient to operational risks and disruptions. An APRA-regulated entity must effectively manage its operational risks, maintain its critical operations through disruptions, and manage the risks arising from service providers.
Guidance (1) Status: Current CPG 230 Operational Risk ManagementThe aim of this Prudential Practice Guide is to assist regulated entities in the implementation of, and compliance with, Prudential Standard CPS 230 Operational Risk Management. CPS 230 requires a regulated entity to effectively manage its operational risks, maintain critical operations through disruptions and manage the risks arising from service providers. | File type: PDF | File size: 434.99 KB
This Prudential Standard requires a general insurer and a Level 2 insurance group to maintain, as part of its overall risk management framework, a specific reinsurance management framework to manage the risks arising from its reinsurance arrangements.
Guidance (1) Status: Current February 2006 GPG 230 Operational RiskPrudential Standard GPS 220 Risk Management (GPS 220) sets out APRA’s requirements of general insurers (insurers) in relation to risk management. This prudential practice guide aims to assist insurers in complying with those requirements in relation to operational risk and, more generally, to outline prudent practices in relation to operational risk management. | File type: PDF | File size: 63.84 KB
This Prudential Standard requires that all outsourcing arrangements involving material business activities entered into by an APRA-regulated institution and a Head of a group be subject to appropriate due diligence, approval and ongoing monitoring. All risks arising from outsourcing material business activities must be appropriately managed to ensure that the APRA-regulated institution, or the group it heads, is able to meet its financial and service obligations to its depositors and/or policyholders.
Guidance (1) Status: Current October 2006 CPG 231 OutsourcingPrudential Standard APS 231 Outsourcing, Prudential Standard GPS 231 Outsourcing and Prudential Standard LPS 231 Outsourcing (Prudential Standards) set out the Australian Prudential Regulation Authority’s (APRA's) requirements in relation to outsourcing. This prudential practice guide aims to assist regulated institutions in complying with those requirements and, more generally, to outline prudent practices in relation to managing outsourcing arrangements. For the purposes of this guide, ‘regulated institution’ refers to an authorised deposit-taking institution (ADI) or a general insurer or a life company (including a friendly society) regulated by APRA. | File type: PDF | File size: 85.64 KB
Related resources (1)In July 2015, APRA published an information paper titled ’Outsourcing involving shared computing services (including cloud)’ which outlined prudential considerations and key principles to consider when adopting cloud computing services. This paper updates the July 2015 paper. The update is a response to APRA’s observation of the growing use of cloud computing services by APRA-regulated entities, an increasing
appetite for higher inherent risk activities, as well as areas of weakness identified as part of supervisory activities.
This Prudential Standard requires each APRA-regulated institution and Head of a group to implement a whole-of-business approach to business continuity management that is appropriate to the nature and scale of the operations. Business continuity management increases resilience to business disruption arising from internal and external events and may reduce the impact on the institution’s or group’s business operations, reputation, profitability, depositors, policyholders and other stakeholders.
This prudential practice guide applies to external custody arrangements (where an insurer engages an external party to act as its custodian), including arrangements with a related entity (or entities) in the same corporate group. This prudential practice guide does not apply to arrangements that either insurers or their custodians have with securities depositories, whether in Australia or overseas. | File type: PDF | File size: 87.99 KB
This PPG aims to assist regulated institutions in considering and prudently managing the risks posed by a potential influenza pandemic, or any other widespread outbreak of contagious disease that could affect their operations. The information in this guide supports compliance with Prudential Standards CPS 232 Business Continuity Management (CPS 232) and SPS 232 Business Continuity Management (SPS 232), which set out the Australian Prudential Regulation Authority’s (APRA) requirements in relation to business continuity management for authorised deposit-taking institutions (ADIs), general insurers, life companies and registrable superannuation entity (RSE) licensees (RSE licensees). This guide also supports compliance with risk management and other relevant prudential requirements. | File type: PDF | File size: 268.63 KB
Related resources (2)This 2006 Information Paper provides information on issues to consider when developing or updating a pandemic plan
This 2007 issue of APRA Insight shared the results of a pandemic stress test of the insurance industry
This Prudential Standard aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyber-attacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats.
Guidance (1) Status: Current CPG 234 Information SecurityThis PPG aims to assist regulated entities in maintaining information security. It is designed to provide guidance to Boards, senior management, risk management and information security specialists (management and operational). | File type: PDF | File size: 837.05 KB
Related resources (2) Information security incident notification Online notification to APRA about an information security incident. Material information security control weakness notification Online notification to APRA of a material information security control weakness.This PPG aims to assist regulated entities in managing data risk. It is designed to provide guidance to senior management, risk management and technical specialists (both management and operational). The PPG targets areas where APRA continues to identify weaknesses as part of its ongoing supervisory activities. The PPG does not seek to provide an allencompassing framework, or to replace or endorse existing industry standards and guidelines. | File type: PDF | File size: 328.44 KB
Prudential Standard GPS 220 Risk Management (GPS 220) sets out APRA’s requirements of general insurers (insurers) in relation to risk management. This prudential practice guide aims to assist insurers in complying with those requirements in relation to insurance risk and, more generally, to outline prudent practices in relation to insurance risk management. | File type: PDF | File size: 71.3 KB
Prudential Standard GPS 230 Reinsurance Management (GPS 230) sets out APRA’s requirements of insurers in relation to reinsurance management. This prudential practice guide aims to assist insurers in complying with those requirements and, more generally, to outline prudent practices in relation to reinsurance management. | File type: PDF | File size: 68.24 KB
Financial resilienceThis guide assists regulated institutions to develop their Internal Capital Adequacy Assessment Process, including required documents, and to understand APRA’s approach to the supervisory review process for setting supervisory adjustments to required capital. This information supports compliance with Prudential Standard APS 110 Capital Adequacy (APS 110), Prudential Standard GPS 110 Capital Adequacy (GPS 110), Prudential Standard HPS 110 Capital Adequacy (HPS 110) and Prudential Standard LPS 110 Capital Adequacy (LPS 110). These prudential standards set out requirements in relation to the capital adequacy of a regulated institution, including the need for a regulated institution to have an ICAAP, and establish a framework for supervisory review and adjustment of a regulated institution’s capital requirements.(APS 110), Prudential Standard GPS 110 Capital Adequacy (GPS 110) and Prudential Standard LPS 110 Capital Adequacy (LPS 110). These prudential standards set out requirements in relation to the capital adequacy of a regulated institution, including the need for a regulated institution to have an ICAAP, and establish a framework for supervisory review and adjustment of a regulated institution’s capital requirements. | File type: PDF | File size: 606.94 KB