New Governance Standards for Boards of Local and Foreign Australian General Insurers

On 5 May 2006, the Australian Prudential Regulation Authority (“APRA”)[1] released new prudential standards for, amongst other things, governance in respect of local and foreign general insurers operating Australian businesses (“regulated institutions”).  Prudential Standard GPS 510 (“Standard”) imposes prescriptive minimum governance requirements that regulated institutions must satisfy from 1 October 2006.  The release of the Standard follows APRA’s release in May 2005 of a draft standard for general insurer governance requirements (“Draft Release”).  The new Standard contains a number of material variations from the Draft Release.

The objective of the new Standard is to ensure sound and prudent management of regulated institutions by boards that have the capacity to make reasonable and impartial business judgments that are in the best interests of the institution, and which give due consideration to the impact of their decisions on policyholders.

The Standard is accompanied by a prudential practice guide (“Practice Guide”), which sets out relevant practices in respect of governance that APRA believes regulated institutions should consider adopting in addition to the requirements of the Standard. 

Impact of the New Standard

Except for foreign insurers, the new Standard applies in its entirety to all general insurers and authorised non-operating companies under the Insurance Act 1973.  Only specific parts of the Standard apply to foreign insurers[2]operating general insurance businesses in Australia. 

The new Standard impacts upon the composition, functions and responsibilities of the boards of directors and audit committees of regulated institutions operating in Australia.  The Standard also imposes new obligations upon regulated institutions to ensure that a majority of directors are independent, and to limit the appointment of directors who are “associates” of substantial shareholders to the board.  The Practice Guide which accompanies the Standard examines the philosophies that underlie APRA’s general approach to governance but also touches on new areas not covered by the Standard, such as a modified application of the conflict-of-interest rules in Australia’s Corporations Act to general insurers.[3]

A number of the requirements in the Standard are not conceptually new to general insurers listed on the Australian Stock Exchange (“ASX”) that are already required to report against any non-compliance with governance requirements in the ASX Corporate Governance Council’s Principles of Corporate Governance and Best Practice Recommendations (“ASX Best Practice Recommendations”).  An important difference is that, subject to obtaining a transitional extension[4] or specific exemption from APRA for certain matters, compliance with the new Standard is mandatory for all regulated institutions from 1 October 2006.  This is a distinct departure from the “if you don’t comply, disclose why” approach that underpins the governance principles for listed companies in the ASX Best Practice Recommendations.

From the perspective of non-insurers, the new Standard is of interest because it shows the degree to which the ASX Best Practice Recommendations are beginning to take on a mandatory status in some Australian industry sectors.

This Commentary examines the prescriptive requirements of the Standard, and the proposals in the Practice Guide, so far as they relate to board composition (including the new independence requirements); the role, functions and policies of the board; the establishment of audit committees and internal audit functions; and roles and duties of executives.[5]   The Commentary also compares the primary requirements of the Standard with relevant equivalent principles of corporate governance in the ASX Best Practice Recommendations and notes changes that have been made by APRA since the release of the Draft Standard in May 2005.

Board Composition

Number. The Standard requires boards of regulated institutions to have a minimum of five directors at all times.  This is in contrast to the requirements under Australia’s Corporations Act   that a public company must have at least three directors.

Residency.   For regulated institutions that are either locally owned or incorporated, the Standard requires there to be a majority of directors who are ordinarily resident in Australia.  For regulated institutions that are foreign owned but locally incorporated, at least two directors must be ordinarily resident in Australia.[6]   Persons will be considered to be “ordinarily resident” for the purposes of the Standard if they are in Australia for more than half of any 12-month period.

Skills, Experience and Knowledge.   The Standard imposes a general benchmark that directors must meet in terms of skills, experience and knowledge.  The Standard requires directors of the regulated institution to collectively have the “full range of skills needed for the effective and prudent operation of the regulated institution”, and on an individual basis, sufficient skills to ensure that they can make an effective contribution to board deliberations and processes.  APRA’s view is that this means the directors, on a collective basis, must have the necessary skills, knowledge and experience to understand the risks of the regulated institution, and to ensure that the regulated institution is managed in an appropriate way to take these risks into account.  Relevant risks include those that arise from the regulated institution’s legal and prudential obligations.  In one regard, this is a less prescriptive approach to director expertise than that which was proposed by APRA under the Draft Standard.  The Draft Standard required boards to appoint at least one independent non-executive director who had financial expertise as a result of being a qualified accountant or other finance professional with financial and accounting experience.

The Standard makes it clear that notwithstanding the “skill and experience” requirements, boards can, of course, supplement the skills and knowledge of their own directors by engaging external consultants and experts for assistance.

The prescriptive nature of the Standard’s requirements in respect of the skills, experience and knowledge of directors stands in contrast to the ASX Best Practice Recommendations, which only lightly touch upon the skills that directors should bring to the board table.  The Recommendations suggest that one of the roles of the board or its nomination committee should be to assess the range of skills, experience and expertise that a board has before a new prospective director is identified, thereby allowing the nomination committee to best identify the particular skills, experience and expertise that will complement board effectiveness.[7]

Independence Requirement for Local Regulated Institutions.   Subject to exceptions that apply to subsidiaries of other APRA-regulated institutions or their overseas equivalents, regulated-institution boards must have a majority of independent directors at all times.  The Standard adopts the same test for independence as the ASX Best Practice Recommendations and requires boards of regulated institutions to adopt this test in determining whether their directors are independent.  While the ASX Best Practice Recommendations require a majority of the board to be independent directors,[8] there are a number of Australian listed companies that do not currently satisfy this requirement.

In contrast to the position adopted by APRA under the Draft Standard, regulated institutions that are in doubt about a director’s independence may—but are not obliged to—refer any questions about the independence of individual directors to APRA for guidance. 

Independence Requirement for Foreign Regulated Institutions.   The Standard imposes a lesser threshold on regulated institutions that are subsidiaries of another APRA-regulated institution or an overseas equivalent (“foreign regulated institutions”).  Boards of foreign regulated institutions must have a majority of non-executive directors, but there is no requirement that all of the non-executive directors be independent. 

To be defined as “non-executive” for this purpose, directors must not be executives or management members of the regulated institution or its subsidiaries.[9]   Directors of the regulated institution’s parent company’s board or its subsidiaries will be “non-executive” directors if they are appointed to the regulated institution’s board.  The board of a foreign regulated institution that consists of up to seven members must also have a minimum of two independent directors (in addition to an independent chairperson).  Where the board of a foreign regulated institution has more than seven members, the regulated institution will be required to have at least three independent directors (in addition to an independent chairperson).

Board Composition for Subsidiaries With a Parent That Is Not Prudentially Regulated.    The Standard requires boards of regulated institutions that are subsidiaries of another entity which is not an APRA-regulated institution or an overseas equivalent to have a majority of independent directors.  These directors can also sit as independent directors on the board of the regulated institution’s parent company or its subsidiaries.

Chairperson.   The Standard requires the chairperson of the board to be an independent director of the regulated institution.  This requirement is consistent with the ASX Best Practice Recommendations, which also recommend that a chairperson be an independent director.[10]   The Standard expressly prohibits any person who was a chief executive officer of the regulated institution at any time during the prior three years from being appointed the chairperson or (unless APRA approval is obtained) a chairperson from filling the role of CEO for a period exceeding 90 days if the CEO unexpectedly resigns. 

The outright ban on directors transitioning from the office of CEO to chairperson is more stringent than the principles underlying this aspect of independence in the ASX Best Practice Recommendations, which merely state that the roles of chairperson and chief executive officer should not be exercised by the same individual.[11]

Shareholder Representative Directors.   The Standard imposes some interesting restrictions that relate to the capacity of regulated-institution shareholders to appoint “associates” or multiple representative directors to the board.[12]   While this is unlikely to be an issue for widely held or publicly listed general insurers, it may raise issues for closely held regulated institutions or regulated institutions that have one or more cornerstone investors.  It is difficult to see what the restrictions on appointing directors who are “associates” of shareholders adds to governance best practice when there are already stringent requirements in the Standard regarding the appointment of a minimum number of independent directors to a regulated-institution board.

The Standard’s restrictions in respect of the appointment of directors who are “associates” of shareholders depend upon whether shareholdings are less or greater than 15 percent of the regulated institution’s voting shares, and the number of directors on the board.  Where a board has up to six directors and a shareholding in the regulated institution consists of not more than 15 percent of the institution’s voting shares, there cannot be more than one director who is an associate of the shareholder.  Where a board has seven or more directors, and a shareholding in the regulated institution consists of less than 15 percent of a regulated institution’s voting shares, there cannot be more than two directors who are associates of the shareholder.  Where an approved shareholding in a regulated institution is greater than 15 percent, the Standard states that the board representation can be greater than the limits that apply to regulated institutions with shareholders under the 15 percent limit, although they must be “broadly representative” to the relevant shareholding.

The Standard states that a director will be taken to be an associate of the shareholder or vice versa if he or she is an “associate” under the definition given to that term in the Financial Sector (Shareholdings) Act 1998 (“Financial Sector Act”).[13]   The definition of “associate” in the Financial Sector Act is complex, and its incorporation by reference into the Standard is bound to lead to confusion for regulated institutions.  This is partly because the definition fails to work when it is given a literal reading in the context of determining whether a director (being a natural person) is an associate of a shareholder of the regulated institution (which in all likelihood will be a corporate entity).  The definition appears to have been written into the Financial Sector Act − which predates the new Standard by eight years − on the premise that in most cases, the relevant test will be determining whether a person was an associate of a natural person rather than a corporate shareholder.  There is little doubt that closely held regulated institutions that have appointed or wish to appoint directors to their boards who are (for example) related parties of a shareholder will need to carefully consider whether they are “associates” for the purposes of determining their ongoing compliance with the new Standard.

Board Role, Functions and Policies

Role.   The Practice Guide states that the board has ultimate responsibility for the sound and prudent management of a regulated institution, including reviewing and approving the institution’s business strategies and significant policies, and satisfying itself that an effective system of risk management and internal control is established and maintained, and that the effectiveness of this framework is monitored by senior management.

Charter.   The Standard requires the board of a regulated institution to have a formal charter that sets out the roles and responsibilities of the board.  This is consistent with the ASX Best Practice Recommendations,   which require a company to formalise and disclose the functions reserved to the board and those delegated to management.[14] 

Delegation. The Standard makes it clear that in fulfilling its functions, a regulated institution’s board may delegate the authority to deal with certain matters to management.[15]   However, any delegated authority must be clearly set out and documented, and the exercise of that authority must be monitored according to an appropriate mechanism by the board.

Performance.   One of the more controversial requirements of the Standard is that boards must have procedures in place for annually assessing both the board’s performance (as measured against its objectives) and the performance of individual directors.  In the Practice Guide that accompanies the new Standard, APRA suggests that objectives for the board could include establishing general and risk management strategies; assessing financial performance against forecasts; and assessing senior management performance against agreed criteria, including the effectiveness of risk controls.  Objectives against which individual directors could be assessed include attendance and participation in board meetings, and a director’s contribution to board deliberations.

While there has been some criticism of this element of the Standard, the requirement to have in place assessment arrangements for the board generally mirrors the requirements of the ASX Best Practice Recommendations in this regard, which require disclosure of the process for performance evaluation of the board and individual directors.[16]

Board Renewal.   The Standard requires boards to have a formal policy on what is referred to as “board renewal”.  The Standard states that the policy must set out details of how the board “intends to renew itself in order to ensure it remains open to new ideas and independent thinking while retaining adequate expertise”.  There is no further explanation in the Standard as to what such a renewal mechanism entails.

Utilisation of Group Policies.   Where a regulated institution that is part of a corporate group utilizes group policies or functions, the Standard requires that the regulated institution’s board must ensure that these policies and functions give appropriate regard to the regulated institution’s business and its specific requirements.  This suggests that a regulated institution’s board that merely adopts group policies without giving proper consideration to their application to the institution’s business will not be fulfilling its duties under the Standard.  In addition to the requirements relating to group policies in the Standard, the Practice Guide states that the board of a group-regulated institution should also consider the potential impact of the operations of other entities in the group on the regulated institution.[17]

Extension of Conflict-of-Interest Prohibitions.   Australia’s Corporations Act prohibits directors of public companies who have a “material personal interest” in a matter under consideration by a board from being present while the matter is considered at board level or from voting on the matter, unless the non-interested directors approve the presence and participation of the interested directors.[18]   In the Practice Guide, APRA has extended the application of this prohibition in two ways.  First, APRA expects that non-interested directors would approve of the presence and participation of an interested director only in “exceptional circumstances” and that their reasons for doing so would be fully minuted.  Second, APRA has stated that even though the Corporations Act prohibition does not apply to Australian proprietary companies or foreign insurers, both these classes of entities should conduct business at their board meetings as if the prohibition did apply.[19]

Audit and Other Committees

Determining Relevant Committees.   The Practice Guide states that APRA expects a regulated institution’s board will typically give consideration to whether board committees should be established to help it oversee critical functions and strengthen the overall governance of the regulated institution.  While the new Standard requires establishment of only an Audit Committee (see below), the Practice Guide notes APRA’s expectation that boards will have considered whether they should also establish a Risk Committee which is responsible for formulating a regulated institution’s risk strategy, determining policies that ensure the strategy is followed, and monitoring adherence to the policies.[20]

Establishment of an Audit Committee.   Regulated-institution boards must have an Audit Committee whose role is to assist the board by providing an objective non-executive review of the effectiveness of the regulated institution’s financial reporting and risk management framework.  Listed ASX general insurers that are part of the S&P/ASX All Ordinaries Index are already subject to a requirement under the ASX Listing Rules to have an Audit Committee.  The ASX Best Practice Recommendations state that all boards should, in general, establish an Audit Committee.[21]

Audit Committee Mandate.   The Audit Committee must have sufficient powers to enable it to obtain all information necessary for the performance of its functions.  The Standard requires the board to have a charter[22] that states the Audit Committee is responsible for the oversight of APRA statutory reporting requirements (together with other financial reporting requirements), professional accounting requirements, internal and external audit, and the appointment of the regulated institution’s auditor.[23]

Audit Committee Members. The Audit Committee must have at least three members.[24]

Audit Committee Independence Requirements.   Consistent with the requirements of the ASX Best Practice Recommendations,[25] the new Standard requires all members of the Audit Committee to be non-executive directors of the regulated institution, and a majority of Committee members to be independent.

Specific Tasks of the Audit Committee.   The Audit Committee of local regulated institutions is required to deal with certain prescribed matters relating to the adequacy and independence of the internal and external audit functions.  The Audit Committee of a local regulated institution is required to review the engagement of the regulated institution’s external auditor on an annual basis, including assessing whether the auditor meets audit independence standards.  In the case of a foreign insurer, the senior officer outside Australia must make this assessment.  The Audit Committee must also regularly review the internal and external audit plans, ensuring that they cover all material risks and financial reporting requirements of the regulated institution.  The findings of audits must also be regularly reviewed to ensure that any identified issues are managed and rectified in an appropriate and timely manner.  The Practice Guide also states that in addition to the requirements in the Standard, the Audit Committee will meet separately with the internal auditor and external auditor without other parties being present.

Policies.   The Standard requires Audit Committees to establish and maintain “whistleblower”-type policies and procedures under which regulated-institution employees may confidentially submit to the Committee concerns about any accounting, internal control, compliance or audit issues.  Audit Committees must also have a process for ensuring that employees are aware of these policies and for dealing with matters raised by employees under these policies.

Internal Audit Functions

Establishment of an Internal Audit Function.   Unless APRA grants an exception for alternative internal arrangements which meet similar objectives, the Standard requires regulated institutions (including foreign insurers in respect of their Australian business) to have an independent[26] and adequately resourced internal audit function.  This requirement is generally consistent with the principle underlying the recommendations in the ASX Best Practice Recommendations regarding the establishment of sound systems of risk oversight and management and internal controls, which assume boards will establish and maintain an independent internal audit function.[27]

Objectives.    The Standard requires that the objectives of a regulated institution’s internal audit function include evaluation of the adequacy and effectiveness of the institution’s financial and risk management framework. 

Access.   The Standard requires a regulated institution to ensure that its internal audit team at all times has unfettered access to all the institution’s business lines and support functions.

Executives and Management

Role.   The Practice Guide states that senior management has responsibility for the regulated institution’s day-to-day management, including the implementation and monitoring of structures, processes, information and oversight arrangements used in managing the regulated institution.

Residency.   The Standard requires “senior management”[28]of a local or foreign regulated institution with responsibilities relating to the business in Australia to be “ordinarily resident” in Australia.

Foreign Insurers Must Nominate a Senior Manager in Australia.   The Standard requires foreign insurers to nominate a senior manager “ordinarily resident” in Australia who is responsible for the insurer’s local business. 

Foreign Insurers Must Nominate a “Senior Officer” Outside Australia.   The Standard requires foreign insurers to nominate a senior officer (whether a director or senior executive) outside Australia with delegated authority from the board to be responsible for overseeing the Australian branch operation.

Prohibition on Confidentiality Restraints.   The Standard expressly prohibits regulated institutions (including foreign insurers) from having internal policy and contractual arrangements that explicitly or implicitly restrict or discourage auditors or other parties from communicating with APRA.  No prospective, current or former officers, employees, contractors or external advisors can be constrained or impeded (including by way of confidentiality provisions in contracts) from disclosing or discussing information with APRA that may be relevant to the management and prudential supervision of the regulated institution.  This requirement will mean, for example, that employment agreements between general insurers and their employees will need express carve-outs that ensure any confidentiality clauses do not apply in the case of disclosure to APRA.

Lawyer Contact

For further information, please contact your principal Firm representative or the lawyer listed below.  General e-mail messages may be sent using our “Contact Us” form, which can be found at

Matthew Latham
612 8272 0515

Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our “Contact Us” form, which can be found on our web site at  The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the author and do not necessarily reflect those of the law firm with which he or she is associated.

[1]The Australian Prudential Regulatory Authority is the prudential regulator of the Australian financial services industry.  It oversees banks, credit unions, building societies and general insurance and reinsurance companies.

[2]Foreign insurers are foreign corporations (under Australia’s Constitution) that are authorised to carry on insurance business in a foreign country and are authorised under the Insurance Act 1973 to do so.

[3]The Practice Guide does not – as opposed to the new Standard – set out mandatory requirements.  APRA states in the Practice Guide that not all the suggested practices will be relevant to every regulated institution and that the applicability of the suggested practices will vary depending upon the size, complexity and risk profile of the regulated institution.

[4]There is capacity under the Standard to apply to APRA for an extension of time to comply with the Standard.  However, even where such an extension is granted by APRA, any exempt requirements in the Standard must still be complied with by 31 March 2007.  Regulated institutions can also seek APRA approval for the adjustment or exclusion of certain requirements that would otherwise apply under the Standard.

[5]The Standard also contains extensive provisions that relate to auditor independence for auditors of regulated institutions.  These requirements generally mirror those already contained in Australia’s Corporations Act and are not discussed in any detail in this Commentary.

[6]This is the same requirement that already exists for a public company under Australia’s Corporations Act.

[7]Best Practice Recommendations, “Commentary and Guidance” section, in relation to Recommendation 2.4 regarding the board’s establishment of a nomination committee.

[8]Recommendation 2.1.

[9]This is a more flexible position on who qualifies as a “non-executive director” than that which was adopted by APRA in the Draft Standard.  The Draft Standard provided that a “non-executive director” would be a director who was not employed or retained by the insurer or any of its related bodies corporate, either directly or indirectly, whether by normal employment means, contractual arrangement or otherwise, and had not been so for a prior period of three years.

[10]Recommendation 2.2.

[11]Recommendation 2.3.  The “Commentary and Guidance” discussion in the ASX Best Practice Recommendations that accompany this Recommendation does suggest that the CEO not go on to become the chairperson of the same company.

[12]In contrast to this aspect of the new Standard, the ASX Best Practice Recommendations are generally silent on the question of appointing a number of directors who are associates that represent a single shareholder, beyond stating in the “Commentary and Guidance” section in relation to the establishment of a nomination committee that the board be of a size and composition that is conducive to making decisions in the best interests of the company as a whole rather than of individual shareholders or interest groups.

[13]This is the statute which prohibits the acquisition of a shareholding in excess of 15 percent in a financial sector company unless the treasurer’s approval is obtained.

[14]Recommendation 1.1.

[15]This is also consistent with the ASX Best Practice Recommendation which assumes a board will, subject to the size, complexity and ownership of the company it governs, delegate certain functions to management (see the “Commentary and Guidance” section to Recommendation 1.1).

[16]Recommendation 8.1.

[17]Australia’s Corporations Act allows the director of a wholly owned subsidiary to act in the best interests of the subsidiary if the director is authorised to do so under the company’s constitution, the director is acting in good faith in the best interests of the holding company, and the subsidiary is not insolvent at the time or becomes insolvent because of the director’s acts.  The Draft Standard effectively sought to override this section of the Corporations Act by providing that a board could not act in the interests of another group member (even if permitted to do so under its constitution) if the board knew or had reasonable grounds to believe that in doing so it would be (among other things) inconsistent with the prudent management of the institution or would adversely affect the institution’s ability to meet its policyholder obligations.  The Standard backs down on this position, and there is now no express restriction on regulated-institution directors acting in the interests of the group of which they are a part.

[18]Section 195, Corporations Act.

[19]The Practice Guide position on conflicts of interest is more extensive than that which was adopted by APRA in the Draft Standard.  The Draft Standard generally recited a director’s fiduciary and statutory obligations only to avoid a conflict of interest and, where it arises, to disclose the conflict of interest to the board and remove himself or herself from any discussion or decision making about the subject matter of the conflict.  The Practice Guide goes further than this by proposing the modified application of s.195 to regulated institutions.

[20]APRA notes in the Practice Guide that typically it is the larger and more complex regulated institutions that would establish a separate Risk Committee.  This is a different position from that adopted by APRA in the Draft Standard, which proposed that establishment of a Risk Committee be mandatory for all regulated-institution boards.

[21]Recommendation 4.2.

[22]The requirement that the Audit Committee have a charter is consistent with Recommendation 4.4 of the ASX Best Practice Recommendations.

[23]This is generally consistent with the ASX Best Practice Recommendations, although a lot more prescriptive.  The “Commentary and Guidance” sections that accompany Recommendation 4.3 of the ASX Best Practice Recommendations suggest that the responsibilities of the Audit Committee should include reviewing the integrity of the company’s financial reporting and overseeing the independence of the external auditors.

[24]The ASX Best Practice Recommendations in the “Commentary and Guidance” section that accompanies Recommendation 4.3 also suggest that an Audit Committee have at least three members.

[25]Recommendation 4.3 of the ASX Best Practice Recommendations requires an Audit Committee to be structured so that it consists of non-executive directors only, a majority of whom are independent directors.

[26]Although not explained in the Standard, presumably the reference to an “independent” audit function means that the internal audit process operates independently of the regulated institution’s external audit.  This is the context in which an “independent” internal audit function is referred to in Principle 7 of the ASX Best Practice Recommendations.

[27]See Principle 7 of the ASX Best Practice Recommendations regarding the recognition and management of risk.

[28]The term “senior manager” is defined in the Corporations Act in relation to a company as being a person who makes or participates in making decisions that affect the whole, or a substantial part of, the company’s business.

We use cookies to deliver our online services. Details of the cookies and other tracking technologies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you consent to our use of cookies.