APRA - new standard for consultation

By Michael Faber

In July 2022, APRA released a new standard for consultation - any similarity to Operational Resilience?

The Australian Prudential Regulation Authority (APRA) released on 28th July a discussion paper for a new prudential standard in Operational Risk Management – CPS 230. The aim is to set minimum standards for managing operational risk management, including updates for business continuity and service provider management.

Similar to work conducted in the UK for financial services on Operational Resilience, the focus is very much on maintaining critical operations for customers, including a credible business continuity plan and setting tolerance levels associated with the maximum level of disruption.

The Board needs to demonstrate accountability for this area, and must oversee operational risk management, approve BCP’s, tolerance levels and service provider management.

The proposal for tolerance levels includes:
- Maximum period of time for tolerating a disruption
- Maximum extent of data loss to accept as a result of disruption, and
- Minimum service levels to maintain while operating under alternative arrangements during disruption

Dates to be aware of are:
- Consultation opened July 2022
- Consultation closes October 2022
- CPS 230 finalised early 2023
- Full compliance January 2024

There are many similarities between the UK regulation and the proposed additions in this paper. While it may seem a while away, given the experiences of other regulations covering this area, there will be much to do towards full compliance, and firms should commence work as soon as possible.

Those firms with offices in the UK should be able to leverage the experiences already conducted in the UK when looking at compliance in Australia for this initiative.

Previous
Previous

External help: what good is it anyway?

Next
Next

What does ongoing monitoring or periodic reviews of a customer involve and why are they so important?