APRA’s supervision of conglomerate financial services groups

10 January 2013 | By Michael Chaaya (Partner)


On 14 December 2012 the Australian Prudential Regulation Authority (APRA) released for consultation proposed requirements for the supervision of conglomerate groups operating in the financial services industry. APRA categorises these as “Level 3 groups”, which are corporate groups with entities operating in more than one APRA regulated industry. 


APRA is currently responsible for the prudential supervision of what it refers to as “Level 1 institutions”, which are entities authorised to operate within a single APRA-regulated industry (ie ADIs, general insurers, life insurers, RSE licensees) and, where relevant, “Level 2 groups”, which are consolidated groups operating within a single APRA-regulated industry (headed by an APRA-regulated institution or a non-operating holding company, or NOHC). 

APRA proposes to extend prudential requirements to Level 3 groups whose operations span multiple APRA-regulated industries (or include material non-APRA-regulated operations). This is a further step in APRA’s desire to harmonise prudential standards across the financial services industry and to adequately supervise aggregate exposures across Level 3 groups as well as intra-group transactions and risks.


This consultation follows APRA’s discussion paper regarding the supervision of Level 3 groups, which was released in March 2010. The four pillars of the proposed supervisory frameworks for Level 3 groups are as follows:

  1. Governance – the Level 3 group must have a robust governance framework across the groups;
  2. Risk exposure – intra-group exposures must be transparent and prudently managed;
  3. Risk management – the Level 3 group must have an effective group-wide risk management framework;  and
  4. Capital adequacy – the Level 3 group must have sufficient capital.

The current consultation is in respect of the proposed Prudential Standards relating to governance and risk exposure matters. The consultation package released by APRA includes:

  • a response to submissions received in relation to the discussion paper;
  • four proposed new prudential standards for application to Level 3 groups:
    • 3PS 001 – Definitions,
    • 3PS 221 – Aggregate Risk Exposures,
    • 3PS 222 – Intra-group Transactions and Exposures (ITEs),
    • 3PS 310 – Audit and Related Matters; and
  • four draft amendments to existing Prudential Standards:

APRA is in the process of finalising its proposals on the Prudential Standards for risk management and capital adequacy, and will consult on those requirements in the first half of 2013. Although yet to be released, the outstanding Prudential Standards will referred to as follows:

  • 3PS 110 Capital Adequacy;
  • 3PS 111 Capital Adequacy: Measurement of Capital; and
  • CPS 220 Risk Management.


It is important to note that all the Level 3 group Prudential Standards are intended to take effect from 1 January 2014.


The basic premise for the amendments to existing Prudential Standards is that the behavioural requirements contained therein will be expanded to apply to Level 3 Heads (that is, the APRA-regulated institution that heads a Level 3 group) in respect of the group’s activities and, where appropriate, Level 3 groups generally. Responsibility for compliance will fall to the Level 3 Head.  Proposed amendments also include requirements for the heads of Level 2 groups to establish group-wide policies on governance and fitness and propriety (the standards currently apply to Level 1 institutions).

APRA’s objective in introducing the Level 3 group framework is to address the risks to which APRA-regulated institutions within a Level 3 group are exposed and which, because of the complexity of these group structures, may not be adequately catered for under existing prudential requirements at Level 1 or Level 2.


New draft Prudential Standard 3PS 001 – Definitions – sets out which corporate groups are likely to be considered Level 3 groups, as well as setting out some of the key terms, which will largely be familiar to industry participants. 

Draft 3PS 221 – Aggregate Risk Exposures – is similar to (but more extensive than) APS 221, which currently applies to ADIs.  Draft 3PS 310 – Audit and Related Matters – substantially replicates APS 310, which applies to ADIs.  Draft 3PS 222 – Intra-group Transactions and Exposures (ITEs) – sets out additional responsibilities for the Board of Directors of the Level 3 Head in respect of ITEs.

The proposed requirements of the new Prudential Standards for Level 3 Heads that have been released for consultation are summarised in the table below.



Summary of significant items

3PS 001


APRA may, in its discretion:

  • apply the Level 3 prudential framework to a conglomerate group meeting the definition of “Level 3 group”
  • include, or exclude, certain institutions within that consolidated entity;
  • nominate a “Level 3 Head” of the Level 3 group.

3PS 221

Aggregate Risk Exposures

  • Board of Directors of the Level 3 Head must ensure that adequate systems and controls are in place to identify and manage aggregate risk exposures
  • Level 3 Head must implement group-wide aggregate risk exposures policy and accompanying systems to manage risk exposure (including stress testing)
  • Aggregate risk exposures policy must articulate limits across a number of parameters such as counterparties industry sectors and geographical locations.  This should be aligned with the risk appetite of the board of the Level 3 Head. 
  • Level 3 Head must report to APRA on aggregate risk exposures
  • APRA may impose a supervisory adjustment or limits if it considers the Level 3 group is exposed to significant or excessive levels of aggregate risk exposure
  • APRA must be notified of any breaches, which includes remedial actions taken or planned to deal with the breach.

3PS 222

Intra-group Transactions and Exposures (ITEs)

  • Board of Directors of Level 3 Head must ensure adequate systems and controls to identify and manage ITEs
  • Level 3 Head must implement an ITE policy and the company systems that manage ITEs across the group (including stress testing) and establish policies and procedures that address operational risk
  • Level 3 Head must report to APRA on ITEs
  • APRA may impose supervisory adjustment or limits on ITEs (which may require an increase to the capital adequacy requirement)
  • Reports on material ITEs must be provided to APRA on request.
  • APRA must be notified of any breaches, which includes remedial actions taken or planned to deal with the breach

3PS 310

Audit and Related Matters

  • Level 3 Head must appoint a group auditor
  • Level 3 Heads must ensure the appointed auditor is fully informed of all prudential requirements
  • Appointed auditor must provide assurance on APRA data collections in relation to Level 3 information
  • Appointed auditor must provide assurance that the Level 3 Head has controls that are designed to ensure that they have complied with their credential requirements


Consultation on the proposals closes on 1 March 2013 and the outstanding proposals in respect of risk management and capital adequacy are expected to be released for consultation in the first half of 2013.

Corrs has a financial services team with the skills and expertise to help you assess the impact that these APRA proposals will have on your operations. For further information, please contact a member of the team.

The content of this publication is for reference purposes only. It is current at the date of publication. This content does not constitute legal advice and should not be relied upon as such. Legal advice about your specific circumstances should always be obtained before taking any action based on this publication.

Related Content


Michael Chaaya

Partner. Sydney
+61 2 9210 6627


Joanne Dwyer

Special Counsel. Brisbane
+61 7 3228 9375


Christine Maher

Consultant. Brisbane
+61 7 3228 9413