Private health insurers to face proposed new risk management prudential standard

In December 2016, APRA released a Discussion Paper on a proposed “Risk management prudential standard for private health insurers”.

APRA is proposing to issue a new Prudential Standard CPS 220 Risk Management (CPS 220), which will apply to private health insurers.

The discussion paper invites submissions on the extent to which features of the private health insurance (PHI) industry warrant different prudential requirements to those mandated for other APRA-regulated institutions under CPS 220.

Amongst other things, CPS 220 provides that the board of an APRA-regulated institution is ultimately responsible for the institution’s risk management framework and oversight of its operations by management.

If CPS 220 is implemented in its current form, APRA will expect the board of a private health insurer to provide direction and leadership on the institution’s approach to risk management, in particular:

  • to set a clearly articulated risk appetite so that the boundaries within which management may operate are clear
  • to oversee the implementation and ongoing operation of a robust and effective risk management strategy
  • to approve a business plan that sets out the approach for the implementation of the strategic objectives of the private health insurer.

Other prudential risk requirements may include:

  • establishing an independent board risk committee, separate from the board audit committee, to provide the board with objective non-executive oversight of the risk management framework
  • appointment of a Chief Risk Officer who is to be independent from business lines, other revenue-generating responsibilities and the finance function of the private health insurer, and who has a direct reporting line to the Chief Executive Officer and unfettered access to the Board and its sub-committees
  • two types of periodic review of the risk management framework – an annual review of the risk management framework, by internal and/or external audit and three-yearly comprehensive review of the appropriateness, effectiveness and adequacy of the framework, by an operationally independent expert
  • an annual risk management declaration by the Board concerning the adequacy of, and compliance with the risk management framework.

APRA’s current intention is to finalise any revisions to CPS 220 during 2017, so that the requirements for private health insurers will come into effect from 1 January 2018.

Private health insurers who require assistance in preparing a submission to APRA or understanding the impact and requirements of the proposed CPS 220 should contact our financial services and private health regulatory expert Michael Bracken.


  • Sydney

    Level 16, MLC Centre
    19 Martin Place
    Sydney, NSW 2000
    +61 2 9018 9999
    +61 2 9018 9900
  • Melbourne

    Level 12, 357 Collins Street
    Melbourne VIC 3000
    +61 3 9810 6777
    +61 3 9810 6770
  • Newcastle

    Level 6, 45 Watt Street
    Newcastle NSW 2300
    +61 2 4047 2600
    +61 2 4047 2699
  • Brisbane

    Level 8, 60 Edward Street
    Brisbane QLD 4000
    +61 7 3220 9333
    +61 7 3220 9399
  • Perth

    Level 3, 225 St Georges Terrace
    Perth WA 6000
    +61 8 6319 0470
    +61 8 6319 0499