Contact Us

Continuity Insights Management Conference

Beware of vendor risks: the “push down” of CPS 230 obligations to service providers of APRA regulated entities

The Australian Prudential Regulation Authority (APRA) has released a draft Prudential Standard CPS 230 (CPS 230) for consultation. All going well, CPS 230 will become effective by 1 January 2024. CPS 230 is APRA’s latest cross-industry standard aimed at strengthening the management of risk, in this case operational risk, across the banking, insurance and superannuation industries.

Two key aspects of CPS 230, currently felt by APRA not being adequately addressed, are the (i) proposed prescribed standards for managing the risks associated with material service providers and (ii) monitoring, testing and notification. That is, once CPS 230 is in force, APRA-regulated entities will have obligations to assess and address the operational risks of material services provided to them and, on an ongoing basis, monitor, assess and ensure the compliance of material service providers with the relevant agreement which is to include prescribed provisions and be subject to ongoing operational risk management, even though such service providers are not themselves APRA-regulated. APRA states that this is in a response to APRA-regulated entities placing greater and greater reliance on third parties to undertake critical operations on their behalf.

Continuity Insights

Similar Articles

ICYMI – Leadership in Crisis Management: 10 Effective Ways to Build Resilience

By Thomas Glare: The COVID-19 pandemic has presented businesses, companies, and communities with an unprecedented challenge. It has affected us not only emotionally and personally, but also financially. Many businesses …

Navigating Your First Crisis – 8 Tips

Develop your business plan, launch your company, maintain it, and execute your growth strategy. Sounds logical, not always simple, but it sets you on the right path. Now that your …

Cybersecurity Retail

Big Breaches Are A Cybersecurity Wake-Up Call For Retail 

Recent data breaches at VF Corporation and Clorox serve as a wake-up call for the retail industry to strengthen its cybersecurity resilience.

Leave a Comment

Share to...