News Regulations20 Jul 2021

Australia:Insurers directed to self-assess BI risk management framework

| 20 Jul 2021

The Australian Prudential Regulation Authority (APRA) will require a number of general insurers to review the soundness of their risk management frameworks in light of recent issues with business interruption (BI) insurance.

Lockdowns and other restrictions associated with COVID-19 have triggered a spate of potential BI claims, with many insurers exposed through policy wordings that had not kept up-to-date with changing legislation. The resultant legal uncertainty, and significant financial exposure for insurers, has raised concerns about the strength of insurers’ risk management frameworks, APRA says in a statement.


 APRA has written to a number of insurers asking them to undertake a self-assessment of their risk management frameworks in the context of BI, so as to prevent similar problems from occurring in the future. The review will also focus on cyber risk. However, APRA expects insurers to ensure their risk frameworks are robust across all product areas and potential exposures.

APRA Deputy Chair Helen Rowell said, “The impact of the pandemic has raised clear concerns about how well some insurers are doing this. Although the legal disputes around BI cover for some COVID-19 claims have yet to be fully resolved, the fact that so many insurers were selling policies with outdated wording exposes clear deficiencies in risk management.

“As well as examining the root causes of the BI problems, we are keen to identify whether similar hidden issues exist in other insurance products. The growing threat posed by cyber adversaries makes this a prudent place to probe.

“Where the self-assessments identify material concerns, APRA will consider whether further supervisory action is warranted. The consolidated findings will also be published to send clear messages to all insurers around observed weaknesses, better practice, and the importance of maintaining robust insurance risk management frameworks.”

APRA also urges non-participating insurers to consider whether a similar self-assessment would enhance their own risk management practices.

Self-assessments are due to be completed and submitted to APRA by 30 November.

There are three parts to the self-assessment.

Part A – The insurer is asked to review the robustness of certain elements of its insurance risk management framework, assess whether these were effective in the context of BI, and identify areas for improvement.

Part B – The insurer is then required to assess the extent to which the insurance risk management framework, including any improvements determined in Part A, would be effective in mitigating similar issues emerging within other product lines to those experienced with BI.

In this assessment, insurers are to focus on:

(a) silent cyber exposure across their product lines; and 

(b) cyber products (where written).

Part C – To provide an appropriate level of assurance on the self-assessment, the insurer’s internal audit function is to review and attest as to the adequacy and robustness of the process undertaken to arrive at the findings of the assessment.

In addition, the board is to endorse the self-assessment and provide information as to the basis of this endorsement and how it assured itself that the exercise was comprehensive and performed to a high degree of probity and accountability.


| Print | Share

Note that your comment may be edited or removed in the future, and that your comment may appear alongside the original article on websites other than this one.


Recent Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

Other News

Follow Asia Insurance Review