Is Your Responsible Persons Fit and Proper Process Fit for Purpose? What the Australian Prudential Regulation Authority (APRA) Governance Review Means for Financial Services Organisations

APRA’s draft governance standards are expected to be released for formal consultation this quarter. Since proposing eight reforms to its prudential governance framework in March 2025, APRA has engaged extensively with industry — 57 meetings and roundtables involving more than 150 stakeholder organisations, and almost 80 written submissions. In October 2025, APRA published a governance review update confirming it would proceed with the reforms, with targeted revisions to three proposals but no change to its core concerns around fitness and propriety. Draft standards and guidance are now due in Q2 2026, with the final framework targeted for commencement in 2028. For entities whose fit and proper processes still rely on self-assessments and light-touch checks, there is a narrowing window to review and strengthen those processes before the new standards define the minimum.

The proposed changes include [1]:

• Lifting requirements for boards to ensure they have the right mix of skills and experience to deliver the entity’s strategy
• Raising minimum standards around the fitness and propriety of responsible persons, and requiring significant financial institutions to engage with APRA on succession planning and potential appointments
• Extending existing requirements for superannuation trustees in relation to managing conflicts of interest to banking and insurance
• Strengthening board independence, especially in relation to entities that are part of a group
• Clarifying APRA’s expectations around the roles of boards, the chair and senior management
• Introducing a lifetime tenure limit of 10 years for non-executive directors at an APRA-regulated entity.

In this article, we focus on fitness and propriety, and what entities should be considering now to ensure their screening and ongoing assessment of responsible persons is robust before the draft standards are released for consultation.

Fitness and Propriety: What APRA Has Found

APRA’s Governance Review Discussion Paper was released in March 2025. Proposal 2, dedicated to fitness and propriety, describes the weaknesses APRA has observed across regulated entities in conducting fit and proper assessments:[1]

• Entities being focused on process compliance rather than outcomes
• Taking a narrow view of what constitutes fitness and propriety
• Inadequate consideration of a person’s fitness (skills, capabilities, experience and knowledge)
• Little consideration of the capacity of directors to balance multiple roles and professional obligations
• Limited verification, with excessive reliance on self-assessments and other ‘light touch’ checks
• Treating annual reviews of incumbent responsible persons as cursory exercises, rather than part of an enduring obligation

These findings indicate that many organisations have processes but lack substance; going through the motions of compliance without achieving the outcome the standard is designed to produce.

APRA is also drawing on the views of peer regulators internationally. In developing the proposals, overseas prudential regulators highlighted two priorities: the need for accountability regimes that hold individuals to their obligations, and the value of independent verification and assessment of board and director performance and suitability.[1]

Why This Matters Now

The formal consultation on updated standards is expected to begin in the first half of 2026, with the revised framework targeted to come into force in 2028.[1] While there is no immediate compliance deadline, now could be an optimal time.

What “Meaningful Outcomes” Actually Requires

APRA’s proposals give an indication of what the updated standard is expected to require. Specifically, regulated entities will likely need to incorporate the following matters into their fitness and propriety assessments:

• Actual, potential and perceived conflicts of interest and duties
• Criminal and conduct records, for example contraventions arising out of civil, criminal or regulatory matters that may give rise to concerns
• Character or regulatory references to evaluate performance in other roles, including the financial and reputational performance of previous organisations
• The ability to commit sufficient time to their role, including consideration of specific roles on other boards, for example chair or committee chair
• Reputational risk

And to clarify triggers for reassessment, including:[1]

• Adverse findings in criminal, civil or professional proceedings
• Changes in personal circumstances posing potential reputational risk
• Material misconduct or behaviour inconsistent with an entity’s code of conduct

In APRA’s own words, entities have treated their fit and proper obligations as “a cursory ‘tick-a-box’ exercise that does not reflect the intent of the provisions.”[1], with the updated requirements expected to address and change that.

The Role of Independent Verification

The current prudential standards, CPS 520 and SPS 520, require regulated entities to assess the fitness and propriety of responsible persons, but do not explicitly mandate specific third-party checks as the mechanism for doing so. Entities have discretion in how they satisfy the obligation. As APRA’s own findings make clear, that discretion has frequently resulted in processes that rely heavily on self-assessments and light-touch checks, which is precisely the problem the proposed strengthening of Proposal 2 is designed to address.

This is where background screening becomes not just a useful tool, but a substantive response to the specific weaknesses APRA has identified, both under the current standard and the more explicit expectations that are coming.

An accredited criminal history check provides independent, objective information about a responsible person’s conduct history, information that cannot be self-reported. A bankruptcy and insolvency check provides verified data about a candidate’s financial history in a way that a self-declaration cannot replicate. Reference checks that go beyond the standard candidate – nominated referees to seek character and performance information from previous regulated roles address the ‘regulatory references’ component APRA is proposing to include in the standard.[1]

While these checks don’t replace the entity’s own judgement about fitness and propriety, they provide the factual foundation on which that judgement can be properly exercised, and they demonstrate to APRA that the entity’s assessment was based on verified information.

For entities currently running fit and proper processes that are heavy on self-declarations, it may be pertinent to examine the role of third-party verification before the new standards are finalised.

What Entities Should Be Doing Now

APRA has observed instances where entities have been unwilling to initiate a reassessment of a responsible person’s fitness and propriety “even where they created reputational or prudential risk to the entity.”[1] That observation reflects a tendency to treat annual reviews as a renewal of an existing view, rather than a genuine re-examination.

For regulated entities, a practical review of current fit and proper processes might ask:

On initial appointments: Does our process for assessing new responsible persons include independent verification: criminal history, bankruptcy, and reference checks from prior regulated roles, or does it rely primarily on the candidate’s own disclosures?

On annual reviews of incumbents: Are these genuine reassessments, or are they largely a confirmation that nothing has changed? Are they informed by any independent information, or solely by the individual’s own declarations?

On triggers for reassessment: Do our policies clearly define the circumstances that require a full reassessment: adverse proceedings, conduct concerns, material changes in personal circumstances, or does reassessment only happen when a problem is already serious?

On documentation: Can we demonstrate to APRA, in a supervisory review, that our assessments were based on verified information and genuine analysis, not just a completed checklist?

How Kinatico CVCheck Can Help

Kinatico CVCheck provides the accredited criminal history checks and bankruptcy checks that sit at the foundation of a robust, independently verified fit and proper assessment process for responsible persons across the financial services sector.

For entities looking to align their fit and proper processes with the direction APRA has clearly signalled, before formal consultation on draft standards begins in the first half of 2026, Kinatico CVCheck provides the verification layer that transforms a self-assessment exercise into a genuinely defensible process.

How Kinatico Compliance Can Help

Running the checks is one part of a defensible fit and proper process, managing them over time is another. APRA’s concern with cursory annual reviews and inadequate reassessment triggers points to an ongoing compliance obligation, not just a point-in-time assessment at appointment.

For the purposes of APRA’s fitness and propriety requirements, Kinatico Compliance enables organisations to track and manage responsible person assessments across their entire population of directors and senior managers, maintain audit trails that can be produced for APRA in any regulatory review, manage renewal cycles and expiry notifications to ensure assessments remain current, and support workflow management for fit and proper policies so that reassessment triggers, adverse findings, conduct concerns, changes in personal circumstances, are acted on in a timely and documented way. For banks, insurers and superannuation trustees, Kinatico Compliance provides the infrastructure to manage fit and proper obligations on an ongoing basis – not just at the point of appointment.

For banks, insurers and superannuation trustees, Kinatico Compliance provides the infrastructure to manage fit and proper obligations on an ongoing basis – not just at the point of appointment.

Beyond responsible persons, Kinatico Compliance extends to manage compliance requirements across an organisation’s entire workforce; permanent employees, contractors and pre-employment candidates, across every department. Whether it’s tracking qualifications, licences, certifications, screening renewals, or any internally required activity, Kinatico Compliance provides a single system for maintaining visibility over workforce compliance obligations, with automated renewal cycles, expiry notifications, detailed reporting and full audit trails at every level of the organisation.

Sources

1. APRA, Governance Review — Discussion Paper, March 2025. Available at: https://www.apra.gov.au/governance-review-discussion-paper
2. APRA, Media Release: APRA proposes changes to strengthen and streamline governance and fit and proper requirements, March 2025. Available at: https://www.apra.gov.au/news-and-publications/apra-proposes-changes-to-strengthen-and-streamline-governance-and-fit-and