In brief - in its statement of assurance earlier this week, the Council of Financial Regulators confirmed that Australia's financial institutions, market participants and market infrastructure providers have undertaken substantial investments in their operational capability to deal with the effects of the COVID virus

At this time of uncertainty we anticipate that it may assist financial market participants, counterparties and businesses to understand how the response by financial institutions may unfold by analysing the prudential framework under APRA’s Prudential Guideline CPG 233 - Pandemic Planning, which applies to regulated financial institutions and may provide insight into the factors and priorities which may drive regulatory response.

APRA acknowledges that a prudentially regulated institution (banks, insurers, superannuation funds) will need to prioritise resources to enable it to continue to provide those essential functions that are most important to its continued operation and to meeting its core obligations to customers, policyholders, beneficiaries and counterparties. 

This is an ongoing dynamic assessment as these priorities may shift as customers, competitors and counterparties may also be affected to varying degrees by the pandemic by factors such as infection rates as well as overall staff absenteeism rates.

In APRA’s view, effective pandemic plans need to ‘tie in’ to existing Business Continuity Plans, crisis management plans and communication plans, as well as other plans, such as liquidity management plans. 

The prudential standard on pandemic planning focusses on the preservation of a financial institution, managing the impact of the pandemic on assets, liabilities and capital, employing strategies to ensure liquidity, stabilising the critical functions and APRA’s expectations in maintaining public confidence and financial stability.

Preservation of current functions and viability

First, the prudential standard emphasises steps to preserve the continuing functions of the financial institution by undertaking measures to maintain its infrastructure and governance framework to support its ongoing viability and delivery of functions to customers, beneficiaries, policyholders and counterparties such as:

Staff health and welfare measures

  • human resources and hygiene policies, staff training and communication, tracking of employees as to health status and location, travel restrictions, distribution of medical supplies and measures to address building contamination

Alternative work arrangements 

  • in response to government-imposed social distancing measures and closure of public facilities, consideration of options for alternative working and transport arrangements for critical staff

Alternative processing arrangements 

  • assuming an electronic transactions framework is in place, consider alternatives for paper-based transactions such as cheques and vouchers

Resource priorities

  • prioritising resources (including staffing, facilities, systems) so they can be directed at the most critical functions, according to the pandemic phases or trigger points

Succession and decision planning 

  • delegations for various types of decisions, as well as explicit staff succession planning and cross-training for key operational roles that would be needed to ensure continuity of critical operations

Controls and compliance 

  • consider the length of time that a large percentage of staff could effectively process transactions or conduct other operations away from normal work locations, or perform workarounds to maintain critical business functions

Technology options 

  • assess the practical range of alternative technology strategies for their business to implement remote working arrangements including in consultation with telecommunications providers

Communications plans 

  • identify clear trigger points for releasing and updating this information for staff, and in some cases, customers

Prioritise critical business functions

The 'lynch pin' of the Business Continuity Plan is to identify core and critical business functions and operations to ensure the highest priority is given to critical business functions and operations and allocation of appropriate resources. 

Critical functions and operations are activities which, if not performed or maintained for more than a very short period, would cause the financial institution to be in default on its obligations or otherwise threaten its financial soundness. 

Risk management generally (including financial services licensing obligations) applies across financial, technological, plant and equipment and human resources for a business. Prudentially regulated businesses will need to assess the functioning of critical resources in these areas to assess a threat to the financial soundness of the business.

Stabilising and ensuring critical functions 

Examples of critical functions are:

  • focusing on servicing existing customers and completing transactions already in progress, and closing or minimising risk positions 
  • deferring or suspending activities such as new business development, opening new accounts, undertaking special or new projects 
  • progressively scaling back any internal non-essential systems changes within the organisation to address changing resourcing demands

APRA cites the following business functions of regulated financial institutions as a critical function and likely to be consistent with governmental priorities for public confidence, however Institutions need to consider their own critical functions based on their size and scope, customer base and role in the financial system. 

For all regulated financial institutions

  • core risk management functions - particularly market, operational, credit and liquidity risk monitoring 
  • general ledger/finance capabilities to allow monitoring of the overall financial (including capital) position of the institution
  • call centres handling customer transactions and enquiries (excluding, for example, outbound or sales calls); and 
  • data centres, recovery sites and critical third- party suppliers supporting critical functions.

For Authorised deposit-taking institutions 

  • cash supply and currency distribution, including the operation of automated teller machines (ATMs)
  • retail payments and banking systems that provide existing customers with access to funds, including EFTPOS, bill payments, credit cards, telephone banking and Internet banking
  • automated direct entry payment processing for existing customers, including government payments and payroll processing for corporate customers, as well as payments to suppliers and staff
  • credit functions, in particular, those processing functions necessary for managing retail, corporate and institutional access to credit, particularly for pandemic-affected borrowers
  • for larger institutions, wholesale payments clearing and settlement activities, including interbank settlements, securities settlements and custody, particularly where these functions are provided to other financial institutions
  • limited trading functions for institutions active in markets operated by exchanges as well as over-the-counter - in particular, those functions necessary for completing transactions for existing customers and managing liquidity of the institution

Key factors to assess:

  • the potential impact of a pandemic on impaired assets and loan arrears by industry and sector and the associated impact on provisions, reserves and earnings
  • the potential liquidity and operational implications of increased demand for cash and credit. 

For insurance companies, fund managers and RSE licensees 

  • Claims processing and payment
  • Payment of benefits, including where appropriate early release of benefits
  • Liquidation of assets held in managed investments, RSEs or other investment funds, within reasonable limits based on available liquidity 

Key factors to assess:

  • the gross exposure from pandemic-related claims by product type
  • the portion of those exposures covered by reinsurance
  • timing over which reinsurance recoveries may be paid 
  • the overall impact on solvency
  • the liquidity of the investment portfolio to allow net exposures to be met in a timely fashion

APRA’s role in a pandemic 

APRA expects regulated financial institutions to keep APRA regularly informed of any significant impacts on their operations, customers and financial condition including critical information such as: 

  • closure of any sites 
  • the number of ill or absent staff
  • the impact on critical functions, if any
  • the financial impact, if any
  • any known or potential regulatory breaches

APRA’s expectation

APRA has indicated that in the event of pandemic stress its expectation in relation to maintaining public confidence and financial stability for each sector is:

I. For authorised deposit-taking institutions

Banks and other lenders to exercise some degree of forbearance for pandemic-affected customers, including for example:

  • deferring loan repayments
  • capitalising interest 
  • waiving late charges for a reasonable period of time

These initiatives are subject to viability considerations and institutions will need to monitor the extent and financial impact on the institution of any forbearance. 

II. For insurers

Where appropriate insurers need to review exclusions and limitations on underwriting standards and policies written and ensure insurance beneficiaries are aware of the extent of coverage for pandemic-related losses. 

III. RSE licensees

RSE licensees and other management investments should assess matters such as the potential liquidity and operational implications of early withdrawals or liquidation of assets. 

Anticipated market dynamics

We anticipate the following changes will emerge during the COVID-19 pandemic:


i. policy and decision making directed to critical operations, including economic and financial market stability 

ii. overall assessment of factors underpinning public confidence in financial institutions including steps to buoy market confidence and protect customers, beneficiaries, investors, policyholders and counterparties (a regulator focus as well)

iii. international trade and travel policy focus


iv. increased liaison and monitoring of regulated financial institutions to keep APRA regularly informed of any significant impacts on critical functions, operations, customers and financial condition

v. redirection of regulatory resources to be directed to ensuring financial stability and critical functions of regulated financial institutions and responding to the impact of COVID-19 on the financial system.

vi. ongoing assessment of the impact on regulated institution and customer liquidity requirements

Regulated Entities and Licensees

vii. significant pressure to meet licensing and regulatory obligations (resources and governance). 

viii. exercise of potential regulatory options available to APRA (other regulator) to waive prudential requirements if appropriate or in exceptional circumstances

ix. ongoing assessment of investments and asset prices and other macroeconomic parameters

x. ongoing assessment of demand for credit and borrower ability to repay by sector and industry

xi. enforcement or renegotiation of debt and security arrangements

xii. increased implementation of new and available technology to support business continuity

xiii. involvement in discussions on business continuity plans

xiv. APRA is likely to focus on the adequacy of an insurer's reinsurance arrangements and its adequacy to satisfy claims and protect policyholders.


xv. heightened consumer engagement, including reporting and access to investments

xvi. critical review of rights and obligations for services and products

xvii. a need to understand restructure events

xviii. increased technology focus for services and products across the supply chain

xix. frequent discussions and communications with service providers including financiers


xx. continuous disclosure and periodic disclosure

xxi  discharging statutory obligations and regulatory standards under alternative business arrangements, including positive assurance for financial reports and compliance audits, breach reporting, consumer and customer disclosure and shareholder/member meetings.

This is commentary published by Colin Biggers & Paisley for general information purposes only. This should not be relied on as specific advice. You should seek your own legal and other advice for any question, or for any specific situation or proposal, before making any final decision. The content also is subject to change. A person listed may not be admitted as a lawyer in all States and Territories. © Colin Biggers & Paisley, Australia 2024.

Related Articles