In November 2021, the Australia Prudential Regulation Authority (APRA) released Prudential Practice Guide CPG 229 Climate Change Financial Risks (CPG 229).  CPG 229 aims to assist registrable superannuation entity licensees, life companies and other APRA-regulated institutions to comply with existing prudential standards relating to risk management and governance.  It sets out APRA’s expectations regarding management of financial risks of climate change.  On 2 March 2022, APRA announced that it would shortly commence a climate risk self-assessment survey using CPG 229 as a benchmark.

This article looks at the background to CPG 229, APRA’s expectations regarding governance of climate risk and climate risk management, the upcoming APRA survey and next steps. 

Background to CPG 229

Overseas, such as in the UK and New Zealand, regimes for mandatory climate-related financial disclosures have been enacted in line with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD).  The US Securities and Exchange Commission is also expected to release proposed climate change disclosure rules which would affect publicly listed companies.

In Australia, mandatory climate-related disclosure rules have not yet been introduced, although APRA considers that it is better practice for any disclosures to be produced in line with the TCFD framework.  

APRA released the final version of CPG 229 in November 2021 following a consultation period from April to July 2021.  CPG 229 is a direct response to industry requests for greater clarity of regulatory expectations and is designed to assist APRA-regulated institutions with managing climate-related risks and opportunities within their existing risk management and governance practices.  It reflects the framework for considering and managing climate risks developed by the TCFD and good practice observed by APRA. 

APRA’s view is that climate risks should be managed within an institution’s overall business strategy and risk appetite and a board should be able to evidence its ongoing oversight of these risks. 

What are APRA’s expectations around governance?

Prudential standards CPS 510 and SPS 510 set out the minimum governance requirements of an APRA-regulated institution.  In APRA’s view, board-level engagement is important to ensure that work on climate risks holds sufficient standing within an institution, and gives the board the requisite institution-wide insights to strategically respond to the risks. 

CPG 229 states that, in fulfilling its obligations under CPS 510 and SPS 510 in overseeing the management of climate risks, a prudent board is likely to:

  1. ensure the board and relevant sub-committees have an appropriate understanding of, and have the opportunity to discuss, the risks associated with climate change, which may include appropriate training for board members; 
  2. set clear roles and responsibilities of senior management in the management of climate risk, and hold senior management to account for these responsibilities; 
  3. re-evaluate the risks, opportunities and accountabilities arising from climate change on a periodic basis, and consider these risks and opportunities as part of approving the institution’s strategies and business plans; 
  4. take both a shorter-term view (consistent with an institution’s regular business planning cycle) and a longer-term view  when assessing the impact of climate risks and opportunities; and    
  5. ensure that, where climate risks are found to be material, the institution’s risk appetite framework incorporates the risk exposure limits and risk thresholds for the financial risks that the institution is willing to bear. 

CPG 229 states that, in light of the board responsibilities, an institution’s senior management would typically be responsible for:

  1. applying an institution’s risk management framework to assess and manage climate risk exposures on an ongoing basis, including developing and implementing appropriate policies;
  2. regularly reviewing the effectiveness of the framework, policies, tools, and metrics and targets, and making appropriate revisions;
  3. providing recommendations to the board on the institution’s objectives, plans, strategic options and policies as they relate to climate risks that are assessed to be material. This may include the establishment and use of relevant tools, models, and metrics and targets to monitor exposures to climate risks so as to enable the board to make informed decisions in a timely manner; and
  4. ensuring that adequate resources, skills and expertise are allocated to the management of climate risks, including thorough training and capacity building amongst relevant staff.

What are APRA’s expectations around risk management?

APRA considers it prudent for climate risks to be considered within an APRA-regulated institution’s existing framework, including the board-approved risk appetite statement, risk management strategy and business plan.  

CPG 229 states that APRA considers that prudent practice would be for an institution to evidence the management of climate risks within its written risk management policies, management information, and board risk reports. Where climate risks are material, this may require updating existing risk management policies and procedures.  

CPG 229 states that as a matter of good practice, the policies and procedures developed under the risk management framework would include a clear articulation of the respective roles and responsibilities of business lines and risk functions (i.e. Line 1 and Line 2 activities) in relation to managing climate risks.  

Regarding risk identification, CPG 229 states that a prudent institution would seek to understand climate risks and how they may affect its business model, including being able to identify material climate risks and assess their potential impact on the institution.  APRA identifies scenario analysis, with both a shorter- and longer-term time horizon, as a useful tool for informing the risk identification process.  APRA suggests that climate risks can be considered within the established risk categories in CPS 220 and SPS 220 and that a prudent institution would be able to demonstrate how it determines the materiality of climate risk within each of these categories.

CPG 229 states that better practice in monitoring climate risks includes both a qualitative and quantitative approach, including developing metrics to measure and monitor climate risks appropriate to an institution’s size, business mix and complexity of business operations.  APRA’s view is that a prudent institution is likely to use data from both publicly available and proprietary sources, and potentially seek assistance from external experts where necessary (including academics, specialist consultants, and scientific bodies).

APRA considers that better practice in risk monitoring extends to monitoring the impacts that climate risks may have on outsourcing arrangements, service providers, supply chains and business continuity planning.

In relation to risk controls, APRA envisages that, in most cases, an institution would choose to work with customers, counterparties and organisations which face higher climate risks, to improve their risk profiles.  However, where an institution considers this engagement will not result in the climate risks being adequately addressed, then standard risk mitigation options should be considered such as:

  1. reflecting the cost of the additional risk through risk-based pricing measures;
  2. applying limits on its exposure to such an entity or sector; or
  3. where the risks cannot be adequately addressed through other measures, considering the institution’s ability to continue the relationship.

In relation to risk reporting, CPG 229 states that APRA’s expects that a prudent institution would establish procedures to routinely provide relevant information on its material climate risk exposures, including monitoring and mitigation actions, to the board and senior management.  This is in order to allow the board and senior management to understand and review the activities, and to make decisions consistent with the institution’s overall risk appetite and risk management approach.  The extent and frequency of reporting will be tailored to the nature and magnitude of the risks to which the institution is exposed.

Climate risk self-assessment survey

On 2 March 2022, APRA announced its intention to shortly commence a voluntary survey of medium-to-large APRA-regulated institutions.  The survey involves a self-assessment of current practices against APRA’s expectations as set out in CPG 229 guidance and the framework of the TCFD, and is intended to gather insights on how APRA-regulated institutions are currently managing these risks, using CPG 229 as a benchmark. 

The survey will also help to incorporate climate-related risks into APRA’s supervisory assessments.  APRA’s view, as expressed in CPG 229, is that climate risks can and should be managed within an institution’s overall business strategy and risk appetite, and a board of directors should be able to evidence its ongoing oversight of these risks.

Entities choosing to participate will have 6 weeks from receiving the questionnaire to provide responses.

Once the survey has closed, APRA will provide participating entities with de-identified peer-comparison results so as to enable them to understand how their approaches and practices compare to peers as well as publish information on industry-level insights and themes from the results.  APRA will also incorporate insights from the survey into its ongoing supervisory approaches to addressing the financial risks of climate change.

APRA has flagged that it will consider the benefit of repeating the survey in future years, and potentially expanding it to all APRA-regulated entities.

Next Steps

APRA has announced that its supervision priorities for 2022 include seeking to develop additional tools to evaluate climate-related financial risks and increasing its scrutiny of entities’ progress in addressing the impact of climate risk.  The climate risk self-assessment survey is a part of APRA increasing that scrutiny. 

An APRA-regulated institution should carefully consider the guidance provided in CPG 229 because it will assist it to meet its obligations under the applicable prudential standards regarding risk management (CPS 220 or SPS 220) and governance (CPS 510 or SPS 510).  CPG 229 suggests that best practice for an APRA-regulated institution would include it:

  • taking steps to understand the specific climate-related risks which may impact business operations;
  • reviewing existing governance and risk management procedures to determine whether these are appropriate for managing climate-related financial risks;
  • considering incorporating climate change scenario analysis and stress testing and determine an appropriate level of capital adequacy; and
  • disclosing climate risk information to interested stakeholders.

APRA-regulated institutions may face challenges in seeking to meet the guidance, including:

  • inherent difficulties in formulating acceptable guidelines which deal with modelling several decades into the future, given the uncertainties in climate modelling;
  • the lack of prescription in the scenario testing guidance sections of CPG 229; and
  • the lack of prescription over disclosure, including no requirement for disclosures to be made in line with actions taken by peer jurisdictions.  

During the consultation phase numerous submissions noted increased prescription would improve comparability between institutions.  However, APRA declined to prescribe key design features for scenario testing with a view that an overly prescriptive approach would make CPG 229 less flexible.

While APRA highlighted that best practice would be to make disclosures in line with the TCFD recommendations, APRA noted that requiring disclosure is beyond the scope of CPG 229.

Subject to meeting the requirements of the prudential standards, an APRA-regulated institution has flexibility to configure its approach to climate risk management in a way that best suits achieving its business objectives.

G+T has the knowledge and expertise required to assist with updating risk management documentation, to assist with providing training for directors and staff and to advise regarding compliance with the prudential standards.