APRA offers tips on managing compliance risk

APRA offers tips on managing compliance risk


Managing compliance risk is tricky, as seen in high-profile compliance risk failures that have made headlines recently. As a result, the Australian Prudential Regulation Authority (APRA) has shared some tips on managing this type of risk.

According to APRA, compliance risk is an organisation’s ability to comply with the laws, rules, regulations, and standards – whether internal or external – that govern its operations, including voluntary industry standards and codes of conduct that it elects to comply with.

APRA warned organisations that lacking systems to property manage compliance risk could lead to significant fines and reputational damage. Examples of these failures include:


Failure to correctly treat customers, including charging deceased persons, double charging for products, and not applying package discounts;
Failure to meet anti-money laundering obligations; and
Privacy breaches.

In some instances, the organisations in question admitted to shortcomings in their processes, systems, and monitoring to avoid or provide early detection of breaches.

Read more: APRA releases 2021 Year in Review

APRA said organisations can maintain people’s trust in the Australian financial services industry by pushing senior management and boards to prioritise compliance risk management.

While other regulators supervise and enforce different elements of entities’ compliance management practice, APRA focuses on entities’ ability to demonstrate and monitor compliance with prudential standards, and to consider APRA’s guidance. It considers their ability to meet non-prudential obligations and laws as a way of gauging the adequacy of their risk frameworks, and their risk management processes and practices.

“When there’s a breach of a prudential standard, APRA focuses on the people, systems, and processes that have contributed to the incident to ensure the underlying cause has been identified and addressed,” APRA said.

See also  What do you do when your insurance company refuses to pay?

APRA advised entities to:


Have a clearly defined approach to managing compliance risk;
Have established processes to support compliance risk management practices; and
Specify clear accountability for managing compliance risk.

In addition, APRA asked regulated entities to give the same attention to compliance risk management that they give to cyber risk, operational risk management, and other risk classes.