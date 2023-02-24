At the annual Association of Superannuation Funds of Australia conference, financial services regulators detailed their top priorities, including cybersecurity threats and fraud in the super industry.

APRA general manager Katrina Ellis said APRA is concerned about the increasing risk to the super industry from cyber breaches and fraud.

"Luckily there hasn't been a material cyber incident in super so far; but our work highlights the need for a broad uplift in cyber risk management," Ellis says.

To address these concerns, APRA is conducting independent assessments of entities across all industries under Prudential Standard CPS 234 Information Security.

"Our intention is that all APRA regulated super funds will be assessed in 2023," Ellis says.

Additionally, APRA is chairing a working group on fraud risk within the super industry stewardship group that's overseen by the ATO.

Cyber and fraud aside, APRA is pushing for improvements in member outcomes and has been consulting on enhancements to its prudential standard on strategic planning.

As economic conditions worsen, APRA is also focused on ensuring the industry remains strong and resilient. Accordingly, the regulator has implemented enhancements to investment governance prudential standards, which include evaluations of stress testing and liquidity management practices, Ellis says.

Further, the regulator is monitoring fund underperformance. While most of the focus has been on MySuper products, following the Your Future, Your Super review, APRA will be prepared for an iteration of the performance test for choice products in 2023, Ellis adds.

Meanwhile, ASIC commissioner Danielle Press similarly emphasised the need for stronger cybersecurity measures in the financial services sector.

"The area we're most focused on over the next 12 months from a superannuation perspective is about how trustees are dealing with their members; our work is a very strong focus on those interactions members have with a fund," Press said.

"It's critically important that you can balance access to information and ease of use, while ensuring members are protected. That's a hard balance, particularly when you think about access to funds paying out death benefits; we're seeing a lot of noise starting to come up about how quickly or not quickly we're paying out death benefits, and rollovers in this industry."

During a review of internal dispute resolution data, APRA found 20% of funds are not meeting their statutory obligations, this needs improvement, Press said. Additionally, APRA noted that many funds are not conducting a root cause analysis of complaints to identify systemic issues and improve member treatment in the future.

Press went on to say that APRA's message is clear: how funds treat their members matters. The credibility of the system is essential, and the regulator is working with funds to improve standards and provide better service to members, she added.