The Australian Prudential Regulation Authority (APRA) has imposed additional license conditions on Mercer Superannuation (Australia) Limited (Mercer Super) to ensure it addresses the risk management and compliance management deficiencies identified by APRA.
Mercer Super is the manager of Mercer Super Trust and Mercer Portfolio Service Superannuation Plan, which have approximately 850,000 members and more than $70 billion in assets under management.
The risk management and compliance management deficiencies were identified as part of the APRA administrator’s ongoing due diligence, which included a due diligence review conducted in October 2023.
Mercer Super subsequently identified significant breaches of prudential standards SPS 220 Risk Management (SPS 220), SPS 231 Outsourcing (SPS 231) and SPS 232 Business Continuity Management (SPS 232).
Under the terms of the new license conditions, which came into effect on 27 May 2024, Mercer Super must:
- develop and implement a remediation plan in collaboration with an independent expert that addresses the deficiencies identified by APRA;
- appoint an independent third party to complete a review of the operational effectiveness of Mercer Super’s risk management and compliance frameworks following completion of the remedial plan; and
- develop a plan to remedy any deficiencies identified in the operational effectiveness review.
Upon completion of the operational effectiveness review, Mercer Super is required to provide APRA with an attestation from the Chair of the Commissioner that the remedial actions are complete and effective and that the entity complies with the prudential standard SPS 220, SPS 231 and SPS 232 .
APRA Deputy Chair Margaret Cole said:
“We have implemented these terms to promote meaningful governance and risk management improvements at Mercer Super and to protect the interests of its members.
APRA expects fiduciaries to have robust risk management frameworks and proactively manage systems and processes, including the critical areas of business continuity management and oversight of service providers. APRA is prepared to take strong steps, including taking enforcement action, where an administrator’s operational resilience management is substandard.”