The latest business continuity news from around the world

APRA consults on new operational risk standard: includes updated requirements for business continuity

Details
Published: Thursday, 28 July 2022 08:01

The Australian Prudential Regulation Authority (APRA) is consulting on a new Prudential Standard designed to strengthen the management of operational risk in Australia’s banking, insurance, and superannuation industries.

The definition of operational risk

APRA defines operational risk as the potential for financial loss or material disruption as a result of inadequate or failed internal processes or systems, the actions of people, or external drivers and events, such as a pandemic or natural disaster. 

The new Prudential Standard, CPS 230 Operational Risk Management

In a consultation package, APRA proposes to introduce a new cross-industry Prudential Standard, CPS 230 Operational Risk Management, which will set out minimum standards for managing operational risk, including updated requirements for business continuity and service provider management. 

The proposed new standard includes requirements for regulated entities to: 

  • Maintain effective internal controls for operational risk, commensurate with the size, business mix and complexity of the activities they undertake;
  • Be prepared and ready to ensure continued delivery of critical operations during periods of disruption; and 
  • Effectively manage the risks associated with the use of service providers.

The new standard will incorporate updated requirements for service provider management (currently outsourcing) and business continuity management that are currently contained in prudential standards CPS 231 Outsourcing and CPS 232 Business Continuity Management (and the corresponding superannuation standards SPS 231 and SPS 232 and private health insurance standard HPS 231). These five standards will be replaced by the new CPS 230.

After reviewing industry feedback in response to the consultation, APRA expects to release the final CPS 230 early next year, before the new standard comes into force from 1st January 2024.

The consultation package is available here.

The deadline for consultation submissions is 21st October 2022.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Cyber Response Guide
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.