APRA accepts rare court enforceable undertaking to improve risk and compliance weaknesses from major insurer
The Australian Prudential Regulation Authority (APRA) has accepted a court enforceable undertaking (CEU) from Allianz Australia Insurance Limited (Allianz), acknowledging "past weaknesses" in Allianz's "risk culture, risk governance, and risk management".
The CEU, announced on 9 March 2021, was accepted following an extended period of engagement with APRA in respect of "longstanding" risk and compliance weaknesses, which resulted in an additional $250 million capital requirement being imposed on Allianz in August 2019. The weaknesses came to APRA's attention as a result of the governance, culture and accountability (GCA) self-reviews undertaken by 36 banking, insurance and superannuation entities following APRA's review of the Commonwealth Bank of Australia (CBA).
Whilst the additional capital requirement was reduced by $100 million in December 2020, APRA's public comments in relation to the reduction flagged that further improvements would be required before it would consider removing the residual $150 million.
The CEU commits Allianz to completing a series of actions relating to its risk maturity, compliance, conduct and culture in accordance with an agreed timetable. The CEU also requires a greater level of review and oversight both from APRA and independent third parties to ensure Allianz's transformation programs are complete and operationally effective, including:
- a Responsible Person(s) to be accountable for the successful completion of the transformation programs;
- written confirmation from the board of Allianz that all components of the transformation programs have been completed; and
- independent reviewers who will be appointed to provide written reports on the status of the transformation programs, whether they are operationally effective, and what further work may be required.
Enforcement action by APRA, and particularly the use of CEUs, is rare – the regulator's register of CEUs records only 8 undertakings accepted from entities since 2005 (in addition to the Allianz CEU), including to CBA in 2018 and Westpac Banking Corporation (Westpac) in December 2020. Once a favoured enforcement tool of the Australian Securities and Investments Commission (ASIC), CEUs have fallen out of favour as a result of ASIC's 'why not litigate' strategy – only three CEUs have been accepted by ASIC from entities since 2019 (one, to Vodafone Hutchison Australia Pty Ltd, via delegation to the Australian Competition and Consumer Commission), a significant decrease from previous years with 13 CEUs accepted from corporate entities in 2018 alone.
Each of the CEUs issued since 2018 has arisen from concerns identified by APRA as a result of the GCA review process, with Westpac's anti-money laundering failings also featuring prominently in its December 2020 CEU. It remains to be seen whether further enforcement action from APRA will result from that program, with many institutions yet to close out recommendations made to address identified shortcomings.
APRA is empowered to accept a CEU from Allianz under s126 of the Insurance Act 1973 (Cth) (the Act), in connection with matters in relation to which APRA may exercise a power or function under the Act, including the prudential regulation of insurers. Acceptance of a CEU does not impact APRA's ability to take other action as a result of the issues identified in the CEU (meaning it will not automatically result in the lifting of the additional capital requirement currently imposed on Allianz), and any breach of the CEU may result in further regulatory action.