Policies and Information Notes


The Institute is concerned that many business models in the financial services sector have not been stress tested, and many of those enterprises are not accessing expert, professional risk management advice at an enterprise level. The key concern is when: Enterprises take risks that are not consistent with the potential rewards, are not understood, are underestimated or are not controlled effectively; and Enterprise-level risks that are unnecessary or uneconomic risks that translates into systemic risks.

Principles of Financial Services Regulation

The Institute has previously articulated the following three principles for prudential regulation of financial services:

a consistent approach to the regulation and supervision of financial services providers, through the application of an holistic risk-based approach, aiming to consistently apply the intensity, breadth and depth of supervision across the industry; continuing and extending the current successful use of qualified risk professionals appointed by regulated entities to Board and senior management positions, and to maximise opportunities to influence the evolution of international regulatory regimes, and co-ordinate the development of domestic approaches aligned with international frameworks as far as possible.


  1. The Institute considers Enterprise Risk Management tools and disciplines to be the optimal approach to managing the risks faced by organisations and should form the basis of risk management.
  2. The Institute supports the continued development of the regulatory environment to encourage companies to implement a robust risk management framework consistently across the financial services industry. This should be supported by periodic review of the financial condition of the company.
  3. The Institute considers that, as a matter of best practice, each APRA-regulated or PHIAC-regulated entity should have at least one relevantly qualified, skilled and experienced risk management professional on its Board.