Australian Prudential Regulation Authority urges private health insurer boards to lift risk governance ahead of CPS 230 and Financial Accountability Regime extension

In a speech to private health insurance directors, the Australian Prudential Regulation Authority (APRA) set out its view that the sector remains well capitalised but is entering a more challenging operating environment, and called on boards to strengthen governance and risk management as new prudential and accountability settings take effect. APRA highlighted improving fundamentals including almost 15 million people holding some form of private health insurance at end-September, net insurance margins around 5 per cent, and investment earnings rising to almost 4 per cent of premium revenue in the 2024 financial year. It also pointed to pressures from hospital and medical inflation of 6.7 per cent in the 2024 financial year versus headline inflation of 3.8 per cent, ageing demographics, consumer budget constraints and increasing cyber risk. On prudential oversight, APRA said it has been underwhelmed by the maturity of risk governance reflected in recent triennial comprehensive reviews under Prudential Standard CPS 220 Risk Management, and noted that CPS 220 underpins Prudential Standard CPS 230 Operational Risk Management, which comes into force mid-year and is intended to ensure entities can maintain critical operations through disruptions. APRA also referenced its CPS 234 information security reviews, and its assessment of Prudential Standard CPS 190 Recovery and Exit Planning submissions, which it said generally met requirements while encouraging deeper consideration of exit scenarios. Looking ahead, APRA said it will increase its supervisory focus on governance during the year, the Financial Accountability Regime will extend to insurers in March, and a discussion paper proposing changes to APRA’s core governance prudential standards across all APRA-regulated industries is due for release in the coming months.