PHIAC Logo About UsCircularsContact UsGap ProductsHealth Funds Forms

Search
Industry StatisticsNews and UpdatesPublications

Publications

Topics in this section

PHIAC Charters

PHIAC Corporate Plan

Industry Risk Management

Private Patients' Hospital Charter

Insure? Not Sure? (pdf format)

PHIAC Annual Report

Operations Of The Private Health Insurers Annual Report

Financial and Statistical tables of past Operations Annual Reports

Industry Statistics

Presentations

Discussion Papers

Publications

Private Health Insurance Administration Council

Report of Operations 2007-08

Corporate Governance and Risk Management

Corporate Governance in the Private Health Insurance Industry

PHIAC exists to protect consumers through the financial monitoring and regulation of the private health insurance industry. Its objective is a financially sound, innovative industry with professional management and strong governance.

The corporate governance values of professionalism, accountability, leadership and integrity are central to PHIAC’s relationships with the private health insurance industry. PHIAC strives to promote these values through:

  • partnership with the industry

  • clear reporting standards

  • accurate data collection and dissemination

  • improved capacity to identify and manage risk

  • fair dealing

  • cost-effective regulation

  • constant learning and improvement

  • the effective management of resources

Fund Review Program

The fund review program was designed in 2002 to enable PHIAC’s analytical team to gain a broader understanding of the operations of each PHI and to assist the early identification of issues which might trigger regulatory intervention. The program was also developed to improve industry awareness of the importance of sound governance practice, and to assist the Council in determining the most appropriate manner in which future regulation of the PHI could be conducted.

Within the parameters of the functions and powers set out in the PHI Act, each review seeks to assess:

  • compliance with the PHI Act

  • how well the fund is managed and governed, including an understanding of its strategy, key risks and risk management strategy

  • whether the financial and other information available to management is sufficient to enable it to make informed business decisions

  • whether the processes and procedures in place enable the business to be appropriately managed.

These reviews have identified areas of potential risk and provided the PHI with recommendations to address areas of greatest risk.

All but one of the 38 operating registered PHIs operating in the industry has now experienced a Round 1 review by PHIAC’s analytical team or an external consultant.

Each of the Round 1 reviews involved a detailed information gathering period preceding the review; a shorter period of on-site discussions with personnel and a formal, detailed report to the PHI after the review.

The reviews conducted in the future, part of the ongoing review process embedded in PHIAC’s regulatory process, will be exception based and will focus on:

  • assessing progress against Round 1 recommendations

  • risk management - with a focus on investment policy and capital management

  • corporate governance

  • compliance with the PHI Act and related rules

  • liability valuation methodology and forecasting.

As in the past, PHIAC may also utilise the specialist services of the Australian Prudential Regulation Authority (APRA). APRA’s involvement will depend on the scope of the review and the availability of APRA officers.

Development of a Prudential (Governance) Standard for Private Health Insurers

The PHI Act gave PHIAC the legislative power to develop prudential standards for the industry beyond the existing Capital Adequacy and Solvency Standards. Section 163–1(2) of the PHI Act provides that these standards address prudential matters relating to:

(a) the conduct by PHIs of any of their affairs in such a way as:

(i) to keep them in a sound financial position; or

(ii) not to cause or promote instability in the Australian private health insurance system; or

(b) the conduct by PHIs of any of their affairs with integrity, prudence and professional skill.

The governance standard will provide further clarity to the industry about PHIAC’s expectations, and encourage greater consistency between PHIs in their approaches to governance. The standard will encourage boards to benchmark their performance, and, through improved reporting and accountability lines, should assist boards to better evaluate whether a PHI is being managed prudently.

PHIAC’s experience in dealing with governance issues specific to the industry over the last decade will be taken into account in drafting the standard. Governance work conducted by other regulatory bodies has also been referenced to ensure those PHIs who are jointly regulated will find sufficient complementarity such that the new standard will not impose any significant additional regulatory compliance costs on them.

PHIAC remains committed to fostering a regulatory environment which encourages high standards of practice and ethics. Once implemented, PHIAC will commit to a formal review of the impact of the standards in 2014 to ensure they remain relevant and continue to take account of local and international developments, and that in the interim, PHIAC will conduct an ongoing, informal review of the standards through the fund review program.

Risk Management Practices in the Private Health Insurance Industry

The following documents available on the PHIAC website provide guidance to the private health insurance industry. They are:

  • Risk Management Practices in the Private Health Insurance Industry (risk management guidelines) (reviewed in March 2004)

  • Managing Supervision and Intervention (reviewed and updated in November 2007)

  • Conversion to for-profit status—practice notes

  • Merger and acquisition of health benefits funds—practice notes.

The guidelines introduced new reporting requirements for PHIs to allow PHIAC to monitor and regulate corporate governance and risk management processes with greater accuracy and effect, thus enhancing the continuation of a viable private health insurance industry.

The guidelines require PHIs to have adequate systems in place to mitigate and manage risk. While the guidelines do not specify procedures for managing risk, they set out general policy requirements to be adhered to by PHIs. The guidelines categorise risk within the two main types of financial and operational risk, and give examples of particular risks relevant to the private health insurance industry. They then discuss the roles of management and the board in ensuring appropriate risk management practices, and general matters to be addressed by these practices. Ultimately, it is expected that the risk management practices will be replaced by a prudential standard on risk management.

Top of Page

Directors of PHIs are required to annually certify:

  • the fund has referred to the Australian Standard for Risk Management: AS/NZS 4360:2004 as an accepted measure of appropriate risk management processes

  • the system in place includes comprehensive written policies and procedures and adequate control systems to measure, monitor and manage risk

  • the risk management system in place has been formulated from a framework for establishing the context, identification, analysis, evaluation, treatment, monitoring and communication of risk

  • the board has approved the risk management system in place and understands its content

  • the board reviews the policies and procedures, at least annually, to assess their implementation, effectiveness and to endorse them

  • the board receives regular reports on the operation of the risk management system and is satisfied with the level of adherence to the policies and procedures.

Directors are asked to certify that they carry Directors’ and Officers’ Liability Insurance and that they consider the coverage is adequate.

The giving of false or misleading information, documents or statements to PHIAC is a serious offence under the Criminal Code Act 1995. The Criminal Code Act imposes substantial penalties, including imprisonment, for committing these offences.

Managing Supervision and Intervention

The following principles underlie the managing supervision and intervention guidelines: the board of each PHI is accountable for the financial stability and effective operation of the fund, and for the management of risk.

PHIAC’s role is to intervene where there is cause for concern about the affairs of a PHI, or where there has been a breach of the PHI Act. The guidelines set out PHIAC’s general approach to regulation:

  • a ‘no-surprises’ approach to the management of risk and financial stability: PHIAC will be active and will work closely with industry

  • self–regulation: each PHI is responsible for ensuring that it meets regulatory requirements

  • efficiency: PHIAC will operate efficiently to ensure regulatory requirements are not imposed in an unnecessarily onerous manner

  • regulatory actions will be undertaken in a timely manner.

Top of Page

 
Appointed Actuary

Within the increasingly complex environment of private health insurance, PHIAC considers that an appointed actuary provides independent expert analysis and adds value to the management and boards of PHIs and to PHIAC as regulator.

Section 160–1 of the PHI Act requires PHIs to have an appointed actuary. Actuaries taking on the appointed actuary role for private health insurance must ensure that they meet the Institute of Actuaries of Australia’s professional requirements and code of conduct.

The appointed actuary must be involved in:

  • pricing

  • new product development and pricing

  • monitoring and adhering to financial standards

  • application of AEIFRS

  • preparation of the annual financial condition report.

PHIAC also requires actuarial assessment of the reasonableness of the discretionary margin in relation to the capital adequacy standards.

Merger and Acquisition of Health Benefits Funds

The PHI Act prohibits a PHI from transferring its health insurance policies to another fund (section 137–25(1) except in accordance with Division 146 of the PHI Act. PHIAC’s approval for the transfer must be obtained.

Section 146–5 of the PHI Act deals with a PHI transferring policies, assets and liabilities of a health benefits fund/s to another PHI so that the PHI to which the assets and liabilities are transferred assumes the legal responsibilities for the transferred assets and liabilities.

PHIAC has provided practice notes, an example deed plus a compliance checklist on its website to provide information, and to assist funds with this process.

Audit Programs and Guidance

Guidance notes for completing the PHIAC 1 and PHIAC 2 statutory returns, updates to the audit program and an example audit certificate are provided on the PHIAC website. PHIAC has also made available a data dictionary which explains the terms used in these forms.

These documents have been published on PHIAC’s web site.

Top of Page

PHIAC Reporting Requirements

Information to be given to the Council annually is stipulated in Division 169–5 of the PHI Act:

(1) A private health insurer must, within 3 months after the end of each financial year, or within such further time as the Council allows, give to the Council:

(a) such financial accounts and statements in respect of that year as the Council requires to be given for use in preparing the report referred to in section 264–15; and

(b) such other statements in respect of that year as are required by the Private Health Insurance (Insurer Obligations) Rules.

(2) Any such accounts or statements must be certified on behalf of the insurer, in accordance with the Private Health Insurance (Insurer Obligations) Rules, to be true and correct.

(3) A private health insurer commits an offence if the insurer fails to comply with this section.

Division 169–15 of the PHI Act stipulates that private health insurers notify the Department of Health and Ageing (DoHA) and Council about the current chief executive officer. (This requirement includes advising PHIAC and DoHA the name and contact details of an acting chief executive officer).

(1) An applicant for registration under Division 126 must, before starting to operate its health insurance business, notify the name and contact details of its chief executive officer to the Secretary of DoHA, and to the Council, in the approved form.

(2) A private health insurer must ensure that, if the name or contact details of its chief executive officer change, the change is notified, not more than 28 days after the change takes effect, to the Secretary of the Department, and to the Council, in the approved form.

(3) A private health insurer commits an offence if:

(a) the insurer is required under subsection (2) to ensure that a particular thing happens; and

(b) the thing does not happen.

Circular 08/14 issued by PHIAC on 25 June 2008 informed insurers of their annual reporting requirements. The circular contained:

  • risk equalisation audit arrangements

  • PHIAC 2 annual reporting requirements

  • a schedule of critical dates for reporting

The circular also provided the requirement that insurers’ external auditors adopt the audit program and guidance provided by PHIAC. Also outlined is the requirement to submit a financial condition report and a statement by directors in relation to capital adequacy margin, loss ratio and risk management procedures. PHIAC rules: Private Health Insurance (Insurer Obligations) Rules 2007 and the Private Health Insurance (Health Benefits Fund Administration) Rules 2007 give effect to these requirements.

Top of Page


Corporate Governance within PHIAC

PHIAC’s Corporate Plan

The corporate plan, for the period 2007–10, identifies PHIAC’s:

  • role

  • values and behaviours

  • vision

  • environment

  • risk management framework and key risks

  • key areas of improvement

  • strategic planning framework

  • structure


PHIAC’s corporate plan outlines seven key result areas (KRAs):

KRA 1

Business as usual-ensure core functions are managed and deadlines met
KRA 2

Planning for change-building capacity in staff skills and management
KRA 3

Governing PHIAC-managing leadership change
KRA 4

Building capacity-develop PHIAC's ability to deal with corporate activity
KRA 5

Investing in relationships-invest in key relationships and manage perceptions
KRA 6

Industry governance-formalise and strengthen PHIAC's approach to industry governance
KRA 7

Information-leverage PHIAC's information and knowledge base.

Outlined in the corporate plan are PHIAC’s core functions, values and behaviours; its vision statement; risk management framework and key risks; and how the agency will achieve the KRAs.

The business plan evolves from the corporate plan and identifies the strategies, actions and target dates to achieve the KRAs. The corporate plan is reviewed and updated annually at the strategy and planning workshop and progress reports against achieving the KRAs are provided at each Council meeting by the Chief Executive Officer and management.

Top of Page

PHIAC is a Commonwealth Statutory Authority which has aligned itself with the principles and values of the Australian Public Service:

  • executing its functions in an apolitical, impartial, effective and professional way with the highest ethical standards

  • accounting for its actions within the framework of ministerial responsibility to the Government, Parliament and the Australian public

  • being responsive to the Government in providing frank, honest, accurate and comprehensive advice

  • focusing on achieving results and managing performance

  • providing a fair, flexible, safe, non-discriminatory and rewarding workplace.

PHIAC’s corporate plan and its reporting of performance are closely related to the outcomes in the portfolio budget statements.

The annual report to Parliament on its operations is one of the key means by which PHIAC as a Commonwealth Authority discharges its accountability obligations, through reporting on its activities throughout the year, and the efficiency and effectiveness of its operations.

Review of the CAC Act 1997

The Commonwealth Authorities and Companies Amendment Act 2008, which received Royal Assent on 26 May 2008, amends the Commonwealth Authorities and Companies Act 1997 and is intended to:

  • overhaul the process by which relevant Commonwealth bodies may be notified that they must comply with specified Government policies

  • introduce new, and revise existing penalties relating to contraventions of various reporting and accountability obligations

  • bring various provisions into line with equivalent provisions in the Corporations Act 2001.

For a Commonwealth authority such as PHIAC, the main, relevant changes are as follows:

  • section 27F(1)—failure to make proper disclosure of material personal interests will carry a criminal sanction

  • section 27J—the provision dictating that directors should not vote on matters in which they have a material personal interest has been clarified

  • section 27D—now states that a director must make an ‘independent assessment’ having regard to their own understanding of the authority and the business at hand Where, having done so, the director can show that his/her reliance was based on advice from a reputable source (eg an agency employee, professional adviser, etc) and made in good faith, then their actions will be presumed to be reasonable unless the contrary is proved.

On the Council’s initiative, a compliance statement that is signed by both the PHIAC CEO and Chief Financial Officer (CFO) is presented annually to the Audit and Compliance Committee, stating that, for the preceding financial year, PHIAC has complied with the:

  • provisions and requirements of the Commonwealth Authorities and Companies Act 1997

  • provisions and requirements of the Commonwealth Authorities and Companies Regulations 1997 (CAC Regulations) and the Commonwealth Authorities and Companies (Report of Operations) Orders 2005 (CAC Orders). (1)

The Council also receives advice whether the costs of the agency are forecast to be within its estimated sources of revenue for the current financial year.

(1) As amended or replaced

Top of Page

Risk Management within PHIAC

Risk management remains an integral part of all PHIAC activities and operations. PHIAC has a risk management policy, a risk management action plan and a crisis management framework. A report against the risk management plan and the key strategic risks is a standing agenda item for meetings of the Audit and Compliance Committee. This plan covers not only the more common risks, but specific risks that would apply primarily to regulators and regulatory action. Staff manuals and policies approved by the Audit and Compliance Committee address specific risks as part of a multi-level approach to managing and mitigating risk. Compliance with PHIAC’s risk management policy is linked to staff performance appraisals.

PHIAC considers it good risk mitigation practice to commission an independent risk review every three years. PHIAC’s next external review is to be undertaken in 2009–10.

Top of Page

Intellectual Property Policy Statement

Portfolio agencies within DoHA covered by the Financial Management and Accountability Act 1997 (FMA Act) were required to develop an Intellectual Property Policy Statement by 1 July 2008. These statements were to be based on the Intellectual Property Principles (IPP) for Australian Government Agencies (Statement of IP Principles), which was adopted by the Government in May 2007.

PHIAC is a CAC Act Agency, and as such, is not required to develop an IP policy statement at this time. However, PHIAC has determined that the agency should develop an IP management framework that reflects its needs and objectives, as an expression of good practice in the management of IP.

PHIAC staff have commenced work on the policy statement and are developing an IP register to complement the statement.

Principal IP created within PHIAC is PHIAC data, computer programs, the industry model and publications such as Insure? Not Sure? The policy will also cover the use of third party and background intellectual property such as health fund information.

General Policy Orders

The Commonwealth Authorities and Companies Amendment Act 2008 which received Royal Assent on 26 May 2008, repealed the provisions permitting ministers to notify ‘general policies of the Commonwealth’, and established a new process whereby ministers can notify all or some agencies—or even just one agency—that a particular policy is a ‘general policy’ and must be complied with by that agency. As was the case under the now-repealed section 28, before a minister can issue a general policy order he/she is first required to consult with the agency in question.

PHIAC has received no general policy orders.

Top of Page

Directions by the Minister for Health and Ageing

Under section 264–25(1) of the PHI Act, the Minister for Health and Ageing may, by legislative instrument, give directions with respect to the performance of the Council’s functions or the exercise of its powers. The Minister has made no directions in relation to PHIAC.

Directions by the Minister for Finance and Deregulation

Finance Circular 2008/05 stipulates that CAC Act bodies must report on legislative compliance and financial sustainability, on an annual basis, to the Minister for Health and Ageing and the Minister for Finance and Deregulation (Finance Minister). The compliance report must be provided to the Finance Minister by 15 October, annually. Directors of a CAC Act body are to provide a compliance report indicating whether or not, in their opinion the:

(a) provisions and requirements of the CAC Act, the Commonwealth Authorities and Companies Regulations 1997 (CAC Regulations) and the Commonwealth Authorities and Companies (Report of Operations) Orders 2005 (CAC Orders), collectively ‘the CAC Act legislation’, have been complied with; and

(b) the costs of the body are forecast to be within estimated sources of external receipts for the current financial year, including, where appropriate, estimates of external receipts in the Australian Government’s central budget system.

The Finance Minister’s requirement under paragraph 16(1)(c) of the CAC Act to provide the compliance report is a Ministerial Direction to a Commonwealth Authority in the GGS that must be described in its annual report (for the purposes of paragraph 12(1)(a) of CAC Orders).

Judicial Decisions and Reviews by Outside Bodies

During the reporting period, PHIAC was not the subject of any judicial decisions or decisions of an administrative tribunal.

 

Top of Page

Go to next page

Go back to start

| Home | About Us | Circulars | Contact Us | Gap Products | Health Funds | Industry Statistics | News & Updates | Publications | Standards & Legislation | Forms

| Copyright | Privacy Statement | Disclaimer |
© Copyright Private Health Insurance Administration Council, 2001
Private Health Insurance Administration Council

Suite 16, Level 1, 71 Leichhardt Street, KINGSTON ACT 2604
Telephone 02 6215 7900 | Facsimile 02 6215 7977 | Email phiac@phiac.gov.au

 

Last modified: 16 October, 2008