3. Risk Management Plans



The Government welcomes comments on whether compliance plans should be required for superannuation funds.

A compliance plan is a document that sets out the measures an entity will apply to ensure that it complies with the law and its constitution.

Views from the consultation process

A majority of submissions supported the introduction of compliance plans. There was a general (but not universal) consensus that the benefits would far outweigh the costs. Furthermore, submissions agreed that compliance plans strengthen monitoring and help ensure that risks are adequately identified, considered and addressed. Different views were expressed on whether, where functions were outsourced, the compliance plan should be limited to functions undertaken by trustees. CPA Australia suggested requiring regular audit sign-off.

Some submissions drew an explicit link between this proposal and licensing. While supporting a compliance plan requirement, one submission cautioned that by requiring trustees to focus on the details of their compliance arrangements, trustees may lose sight of the 'big picture'.

The Corporate Superannuation Association opposed the proposal on the grounds that it would add little, if any, value to the existing requirements of the SIS Act. A small number of other submissions also opposed it because it is already best practice and appropriate for larger funds; because required plan content would need to be specified; or because any additional benefits were expected to be outweighed by the costs.

Participants at both focus group sessions emphasised that the compliance plan requirements for managed investment schemes may not be appropriate for the superannuation industry and suggested that, to avoid confusion, it would be better to use new terminology, such as a 'risk management plan'. It was agreed that the concept of a risk management plan captures more effectively the aims of the proposal than a compliance plan, particularly as it is envisaged that the plan would require the trustee board to focus broadly on particular risk areas rather than necessarily on detailed compliance with legislative requirements. However, it was noted that compliance is a subset of risk management, and that preparation and audit of a full risk management plan may be costly.

Participants queried the need to submit a fully developed plan at the time of registration of a new fund, and suggested it may be more appropriate to provide an interim plan at registration, with a full plan to be submitted within a specified period of time. Participants raised concerns about APRA's administrative role in receiving and storing new or amended plans. Participants also queried whether it would be acceptable to use and submit a 'generic' plan for a particular class of funds. It was noted that this would depend upon the level of variation in the class of funds, but that master trust subfunds would be able to incorporate information by reference from other risk management plans.

Participants sought clarification of the ability to 'buy in' expertise, particularly for small funds. Participants also discussed other mechanisms for independent oversight of compliance with the plan.

Consideration of the proposal

Compliance plans codify risk management processes and practices that a well-run trustee would go through as a matter of course. ASIC has indicated that they are an essential piece of the regulatory framework for managed investment schemes, and one of its most useful tools in enabling early detection of problems.

The SWG agrees with submissions that there is considerable merit in requiring trustees of superannuation funds to prepare and lodge with the regulator a document which articulates the risk management processes and practices that the trustee proposes to follow in respect of the fund. Further, the SWG agrees that it is important to reduce compliance costs associated with this requirement to the maximum extent possible, while maintaining the effectiveness of the compliance plan regime which exists under the Corporations Act.

The compliance plan requirements for managed investment schemes under the Corporations Act only apply to managed investment schemes with 20 or more members. They are acknowledged as being world class, but they also come at a significant cost. The impact of compliance costs on the end benefit of members in superannuation funds is an important consideration to be taken into account in determining the scope and content of any such requirements for superannuation funds. Given the long term nature of superannuation, the fact that it is compulsory and at present many members do not have a choice of fund, there may be merit in considering reducing some of the requirements that currently apply in relation to managed investment schemes, to reduce the costs that will ultimately be borne by fund members.

As the funds of particular regulatory concern to APRA are some of the smaller funds, the SWG does not consider it appropriate to exempt smaller funds from the requirements. However, it believes that it is a further reason for considering whether all of the MIA requirements in relation to compliance plans are necessary for superannuation funds.

Under the Corporations Act, responsible entities are required to prepare a compliance plan covering all aspects of compliance with the law and their governing rules. For trustees of superannuation funds, the SWG believes that the regulatory aim can be achieved by requiring the plan to address a number of specific issues only, including investment, outsourcing, governance and risk management. This list could be expanded if necessary through regulations. This would be in addition to the more general requirement for a compliance audit as part of the audit of the fund's financial position under section 113 of the SIS Act.

Given that compliance is a subset of risk management, the SWG agrees with the views expressed during the focus group discussions that a risk management plan would be more appropriate for the superannuation industry, and that this terminology would avoid confusion with the MIA requirements. The modified terminology reflects the SWG's view that the plan need not deal only with compliance with the law, but rather with the measures that the trustee is taking to address specific risks, including compliance with particular provisions in the law.

Recommendation 9

The SWG recommends that superannuation trustees, as a condition of their APRA licence, be required to prepare and maintain a risk management plan in respect of each fund that they operate. The plan would need to be submitted as a part of the fund registration process. Trustees would be required to demonstrate in the plan how they intend to deal with specific risk areas relevant to superannuation funds, including compliance with particular provisions in the SIS Act. The Government should consult with relevant stakeholders on the risk areas that would need to be addressed in the risk management plan.

The Corporations Act also requires that compliance with the managed investment scheme compliance plan be audited annually. The SWG considers that a similar requirement should be imposed on the risk management plan proposals for superannuation funds. The SWG does not envisage that this would be a separate audit requirement, but rather that it would form part of existing auditing requirements. This should assist in reducing the costs of the auditing process.

Recommendation 10

The SWG recommends that compliance with the risk management plan be audited each financial year, as a component of the fund's existing audit procedures.

Further, under the Corporations Act where less than half of the directors of the responsible entity are independent, the responsible entity is required to establish a compliance committee. That committee is charged with monitoring the extent to which the responsible entity is complying with the plan, repor
ting breaches to the trustee and to the regulator where appropriate steps have not been taken to remedy the breach. The SWG recognises the diversity of trustee structures that exists in the superannuation industry, and considers that the Government should consider, in consultation with relevant stakeholders, mechanisms to provide independent oversight of compliance with the plan and to report on breaches to the regulator.

Recommendation 11

The SWG recognises the diversity of trustee structures that exists in the superannuation industry, and recommends that the Government consider, in consultation with relevant stakeholders, mechanisms for independent oversight of the trustee's compliance with the risk management plan, and for reporting breaches to the regulator.

Recommendation 12

The SWG recommends that appropriate enforcement measures be put in place to address non-compliance with the risk management plan. For example, a significant breach could be required to be reported both to APRA and to members, regardless of whether steps had been taken to remedy the breach. In addition, the SWG recommends trustees be required to notify members that they may seek a copy of their fund's risk management plan from the trustee.