APRA updates industry on operational resilience guidanceBY ELIZA BAVIN | FRIDAY, 14 JUN 2024 12:22PMThe Australian Prudential Regulation Authority (APRA) has released its finalised prudential practice guide to help superannuation trustees, banks and insurers strengthen their management of operational risk and improve business continuity planning. The new Prudential Practice Guide CPG 230 Operational Risk Management (CPG 230) is designed to assist in the implementation of Prudential Standard CPS 230 Operational Risk Management (CPS 230), which was finalised in July last year and takes effect from 1 July 2025. APRA reconfirmed its focus on the resilience of critical operations and uplift in third-party risk management, while also announcing a range of changes to the new guidance. As part of the changes, the guidance has been shortened and is more tightly focused on how to meet expectations set by the standard. In addition, entities that are classified as non-Significant Financial Institutions will have an additional 12 months to comply with certain requirements in CPS 230 relating to business continuity and scenario analysis. APRA has also included a "day one" checklist for entities to assist in their implementation of CPS 230; and the regulator has provided a three-year forward plan of its intended approach to supervising CPS 230 to assist industry with implementation and planning. The "day one" checklist sets out 10 requirements entities are expected to meet come 1 July 2025. These include:
"Disruptions to financial services can have a major impact on people who rely on them to save, spend, recover from financial loss or support themselves in retirement," he said. "CPS 230 is designed to ensure entities safeguard the resilience of their operations and are well prepared to respond to disruptions. By amending the accompanying guidance, we aim to keep industry standards high while also being mindful of the compliance burden on smaller entities so they can remain competitive." APRA said it expects entities to start with the identification of its critical operations. In doing so, it should identify its critical operations, set tolerance levels for disruption of these critical operations, and identify the processes and resources needed to deliver these critical operations, including material service providers. "A prudent entity would then use this information as the starting point for an assessment of its operational risk profile," APRA said. Related News |
Editor's Choice
Qualitas scores $550m mandate
ASIC alerts licensees to experienced pathway deadlines
Coller Capital hires former J.P. MAM executive
Partners Group launches private infra fund
Sponsored by | Know the facts about lifetime annuitiesSaving for a happy retirement is Australia's #1 financial goal. Learn how LifeIncome can deliver more income, certainty, & choice. |
Products
Expert Feed
Featured Profile
Phil Usher
FIRST NATIONS FOUNDATION