Skip to content
RiskLogic

Business Continuity Plans

Building APS910 compliance into Business Continuity Plans

Building APS910 compliance
  • Url copied to clipboard.

Following the Global Financial Crisis (GFC) in 2008, the Australian Government introduced the Financial Claims Scheme (FCS) to protect depositors. The Prudential Standards APS910 – Financial Claims Scheme released in 2013 required Authorised Deposit-Taking Institutions (banks, building societies and credit unions – referred to as ADIs in this article) and general insurance companies to implement measures to ensure it is adequately prepared, should it become a declared ADI for Financial Claims Scheme (FCS) purposes.

In recent years, APRA has conducted a range of activities designed to strenghten and facilitate improvement in ADI’s FCS operational preparedness levels. These activities comprised of prudential reviews, an FCS readiness survey and benchmarking exercises to review APS910 audit reports and CEO attestations. These observations highlighted gaps, leading APRA to make recommendations for improvement in APS210 to support further operational maturity.

What is APS910?

APRA Prudential Standards APS910 – Financial Claims Scheme (FCS) is an Australian Government initiative that protects depositors of authorised deposit-taking institutions and policyholders of general insurance companies, from potential loss in the unlikely event that one of these financial institutions fails. The scheme ensures that depositors do not lose their deposit, but rather be paid out by the Australian Government. Under the FCS, deposits are protected up to $250,000 per account holder at each ADI. For insurers, the Australian Government will cover up to $5000 of valid claims per policy holder. Claims above $5,000 are also covered under the FCS for eligible policyholders and certain third parties.

If the FCS is activated by the Australian Government, APRA will be responsible for administering it within 7 calendar days. For APRA to administer the FCS within this timeframe, ADIs need to provide APRA with key details of account holders within 48 hours.

Who does it affect?

APS910 applies to ADIs such as banks, building societies, credit unions and general insurance companies. A comprehensive list of Authorised Deposit-Taking institutions are available on the APRA website.

Who is ultimately responsible for APS910?

The Board and senior management of an ADI are ultimately responsible for ensuring that appropriate policies and procedures are in place to ensure the integrity of the operations, internal controls and information required under this Prudential Standard.

Why is it important now?

Whilst APS910 is not new to ADIs, compliance should be reviewed following an APRA recommendation that resulted from the Banking Royal Commission. The recommendation, supported by the government, introduces the Banking Executive Accountability Regime (BEAR). The BEAR is responsible for all steps in the design, delivery and maintenance of all products offered to customers by the ADI and any necessary remediation of customers in respect of any of their products. Furthermore, updated technical questions on the Financial Claims Scheme were published on the APRA website on September 2018, indicating a focus on ADIs and their compliance.

What do you need to do to comply*?

APRA emphasises five major areas that ADI’s need to address in order to ensure compliance with APS910.

  1. Financial Claims Scheme Framework – ADIs should review FCS governance procedures to improve Board and senior management awareness and oversight (accountability and responsibility) as well as including FCS related components in an appropriate risk management framework. ADIs should also review and update operational FCS plans and integrate them with other relevant crisis related plans where appropriate.
  2. FCS Testing – ADIs should ensure internal FCS testing occurs, at a minimum, in line with APRA’s testing schedule. Test results – including shortcomings with FCS-related systems, processes and reporting as well as respective causes – should be documented, along with remediation plans and timeframes.
  3. Data Integrity – ADIs should thoroughly investigate and analyse FCS reporting and testing results against clearly defined tolerance levels. Timely reconciliations and checks should be performed with the generation of each report with tracking of issues, and a remediation plan linked to the risk management framework. ADIs should work to reduce exception numbers and values to acceptable levels that are within the tolerance set by the ADI.
  4. Reporting – ADIs must take steps to ensure systems have the capability to be updated to reflect account holder balances post FCS payments.
  5. FCS Communication – ADIs should examine the FCS information currently contained on their website and in PDS documents to ensure it is accurate, up-to-date and easily accessible. ADIs could also consider the positive benefits that FCS protection offers account holders and help to facilitate this messaging.

APRA has clarified that systems capacity, communications and testing requirements are to be in line with business continuity planning arrangements. If you haven’t reviewed your compliance to APS910 and see how it can be integrated into existing Business Continuity Plans. Reach out to our experienced consultants today.

Sources

APRA Financial Claims Scheme
APRA APS910
Federal Register of Legislation
*This section is contributed by Amy Mallick, RiskLogic Resilience specialist

The Resilience Digest