In the wake of the 2023 US banking turmoil, the Australian Prudential Regulation Authority (APRA) has taken decisive action to fortify the country's financial sector against the threat of interest rate risk. Recognizing the critical importance of effectively managing this risk, APRA has recently unveiled revisions to the Prudential Standard APS 117 Capital Adequacy: Interest Rate Risk in the Banking Book (IRRBB).
APRA strengthens standards for banks on interest rate risk in banking book
APRA intends to broaden the scope of the regulation to encompass all authorized deposit-taking institutions (ADIs). The APRA proposal emphasizes the necessity for all banks, based on their nature and scale, to manage material risks, including IRRBB. Failure to do so may lead APRA to mandate additional regulatory capital under APS 117.
- Significant financial institutions (SFI)
- Reducing interest rate risk in the banking book (IRRBB capital) charge volatility, improving incentives for banks to manage their IRRBB risk, and simplifying the IRRBB framework.
- The changes particularly address concerns related to embedded gains and losses and the observation period for capital charge methodology in larger banks, aiming to decrease volatility.
- Non-significant financial institutions (non-SFI)
- APRA initiated a short consultation on APS 117 aspects relevant to smaller banks to capture the repricing gap using six Basel-defined interest rate shock scenarios.
- Changes to Regulatory Reporting
- APRA is moving away from form-based reporting to table-based reporting using APRA Connect effective October 01, 2025.
- Introducing a common set of reporting for all ADIs, with revised reporting for IRRBB-model approved ADIs.
Expanded scope and deadlines of APS 117
ADIs may not be surprised to learn that APRA has made APS 117 more comprehensive in nature. Under APS 117, the rules apply to only SFIs in Australia. However, with the proposed changes, the net has been cast wider to ensure non-SFIs also comply with the regulation. More surprising to those non-SFIs could be how much – or how little – time they will have to meet the deadlines.
While the updated APS 117 comes into effect from October 01, 2025, ADIs are required to conduct parallel runs for reporting periods ending June 2025 and September 2025. This means ADIs will need to have a framework in place to manage, measure, and monitor IRRBB four months before the official start date.
A financial system that is protected today and prepared for tomorrow
Australian ADIs have much to prepare for the first parallel run including significant changes to processes and procedures. To assist ADIs in preparing for the revised framework, APRA has published a comprehensive Practice Guide. The guide outlines prudent practices for managing and measuring IRRBB and the holding of regulatory capital against interest rate risk. It covers what an IRRBB measurement system should consist of, including expectations around stress testing, and guidance on internal reporting of IRRBB exposures amongst others.
While useful, particularly for firms who need to create and manage interest rate risk to this level of scrutiny for the first time, the guide’s purpose is to focus on IRRBB as the end goal only. What is clear is that the general direction of travel for regulators around the world – and especially for self-proclaimed ‘tougher’ regulators like APRA – is that more scrutiny is on its way for ADIs of all sizes. In its Corporate Plan 2023-24, APRA has outlined how it is conducting risk-based reviews of financial risk and targeted changes not just to IRRBB but also to liquidity and capital requirements. Specifically, the regulator is currently consulting on changes that will be reflected in Prudential Standard APS 210 Liquidity (APS 210) and Prudential Standard APS 111 Capital Adequacy: Measurement of Capital (APS 111).
Considering the proposed revisions to the Prudential Standard APS 117, ADIs face a crucial decision – to tackle each standard individually or to adopt a more comprehensive and integrated approach to risk management. The answer becomes clear when considering the benefits of implementing an event-based contract-centric integrated solution. By collecting data once and utilizing it to assess all financial risks, ADIs gain a holistic understanding of their risk exposure. This approach empowers them to accurately forecast both expected and unforeseen cash flows, factoring in anticipated events throughout the lifespan of contracts. Moreover, it equips ADIs with the ability to calculate and compute their balance sheet value, income, capital, liquidity, leverage, and provisioning levels not only in the present but also at any future point in time. By embracing such a holistic approach, ADIs can navigate the complex landscape of regulatory compliance while optimizing their risk management strategies for long-term success.
Changes to data delivery
As well as changes to financial risk management regulation, the way information and data are delivered to supervisors also needs to be considered. APRA Connect, the regulator's new data collection solution, will replace Direct to APRA (D2A) by 2027. ADIs must ensure their systems are compatible with APRA Connect. This means whichever way ADIs choose to tackle the upcoming requirements around managing IRRBB, liquidity, capital, etc. – their systems must be compatible with this new data collection solution.
But again, the bigger picture reveals that APRA Connect is just one part of a wider directional move from the Australian regulator. Not just the way data is delivered, the type of data it will be demanding from ADIs is also expected to change in the not-too-distant future.
Key considerations when preparing for IRRBB
How and where to start? Here are six considerations that ADIs must factor in as they prepare not just for IRRBB changes but also for broader risk regulations proposed by APRA:
- Interest rate risk calculations: ADIs need to develop robust calculations for interest rate risk, including gap risk, base risk, option risk and liquidity risk. These calculations should be tailored to the specific risk associated with the bank's business model and activities.
- Back testing and parameterization: The risk measurement methods used for interest rate risk should be back tested or parameterized to ensure their accuracy and effectiveness. This will involve evaluating the models against historical data to validate their performance.
- Capital charge computation: If a bank fails to meet the criteria for internal model approach approval, it will need to determine the IRRBB capital charge using a method specified by APRA. Partial use of an internal model may be approved by APRA on a case-to-case basis on a commitment and plan specifying the extent and timing of such extension.
- Adoption of simplified framework: All non-SFIs are eligible to use the simplified requirements under the assumption that they don’t have any trading book activities, offshore businesses, or international funding sources. There are no explicit IRRBB requirements in APS 117 for non-SFIs and instead must follow the risk management requirements set out in CPS 220 and provide a balance sheet repricing profile based on contractual and behavioural cashflows and six Basel-defined interest rate shock scenarios used to perform the outlier test. In the future, this might get aligned with a standardized approach (SA) or a simplified standardized approach (S-SA) similar to the EBA.
- Align methodology: Banks should stay updated on any forthcoming consultations or recommendations from regulatory authorities regarding the exact methodology for capturing interest rate risk. This will provide clarity on cash flow modelling, projection, and estimation, allowing banks to align their practices accordingly.
- Establish a data governance framework: To ensure the availability of appropriate granular data for risk calculations, banks need to establish a robust data governance framework. This framework should ensure data availability and cooperation between risk reporting, risk control, and finance departments. It will help avoid demanding situations where the business needs to redefine the model approach due to data unavailability.
Events of last year have triggered fast action from regulators around the world, with APRA enforcing changes in multiple areas of ADIs’ operations to hold the Australian banking system in good stead. Now is the time for ADIs to look at the various regulatory changes holistically rather than as individual deadline-led sequential events, and work with a technology partner who can address their immediate compliance challenges, and also provide the regulatory expertise to be future-ready for forthcoming changes.