Featured Product

    APRA Updates Guidance on Managing Information Security Risks

    June 25, 2019

    APRA released an updated Prudential Practice Guide CPG 234 on managing information security risks, including cyber-crime. APRA also published its response to submissions on the draft CPG 234 Information Security, the consultation for which was launched in March 2019. The updated CPG 234 will assist APRA-regulated entities to embed and comply with the requirements of the new cross-industry prudential standard CPS 234 Information Security, which was release in November 2018 and applies to all APRA-regulated entities from July 01, 2019.

    APRA, in March 2019, had proposed to update the cross-industry Prudential Practice Guide CPG 234 Management of Security Risk in Information and Information Technology, which is being renamed as the Prudential Practice Guide CPG 234 Information Security. APRA made a number of minor changes to CPG 234 as part of the final review process. The guide is aimed at boards and senior management as well as risk and information technology experts in regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimize their resilience when aspects of their information security are managed by third parties. The guide also sets out key information a board could consider in relation to its responsibilities under CPS 234. 

    CPS 234 is expected to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. The APRA letter states that, with the July 01 start date for CPS 234 imminent, it is important that all APRA-regulated entities have assessed their level of compliance with the standard and taken appropriate steps to address any gaps. APRA recognizes that the new information security requirements materially raise the bar across the industry and will take time to be fully effective. If an entity assesses that it will not be able to fully comply with the new standard from July 01, it should immediately contact its APRA supervisor.

     

    Related Links

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPG 234, CPS 234, Information Security, Prudential Practice Guide, Cyber Risk, Operational Risk, APRA

    Related Articles
    News

    BCBS Amends Guidelines on Sound Management of AML/CFT Risks

    BCBS amended the guidelines on sound management of risks related to money laundering and financing of terrorism (ML/FT).

    July 02, 2020 WebPage Regulatory News
    News

    EBA Guidelines on Treatment of Structural Foreign Exchange Under CRR

    EBA finalized the guidelines on treatment of structural foreign-exchange (FX) positions under Article 352(2) of the Capital Requirements Regulation (CRR).

    July 01, 2020 WebPage Regulatory News
    News

    FSB Issues Statement on Impact of COVID-19 Crisis on Benchmark Reform

    FSB published a statement on the impact of COVID-19 pandemic on global benchmark transition.

    July 01, 2020 WebPage Regulatory News
    News

    IAIS Publishes List of Internationally Active Insurance Groups

    IAIS published the list of Internationally Active Insurance Groups (IAIGs) publicly disclosed by group-wide supervisors.

    July 01, 2020 WebPage Regulatory News
    News

    FED Temporarily Revises FR Y-9C With Respect to PPPLF and CARES Act

    FED has temporarily revised the reporting form on consolidated financial statements for holding companies (FR Y-9C; OMB No. 7100-0128).

    July 01, 2020 WebPage Regulatory News
    News

    EC Launches Consultation on Review of Solvency II Directive

    EC launched a consultation on the review of the key elements of Solvency II Directive, with the comment period ending on October 21, 2020.

    July 01, 2020 WebPage Regulatory News
    News

    ECB Consults on Supervisory Approach to Consolidation in Banking

    ECB launched a consultation on the guide that sets out supervisory approach to consolidation projects in the banking sector.

    July 01, 2020 WebPage Regulatory News
    News

    PRA Letter Sets Expectations on Approach to Managing Climate Risks

    PRA published a letter that builds on the expectations set out in the supervisory statement (SS3/19) on enhancing banks' and insurers' approaches to managing the financial risks from climate change.

    July 01, 2020 WebPage Regulatory News
    News

    US Agencies Finalize Amendments to Swap Margin Rule

    US Agencies (Farm Credit Administration, FDIC, FED, FHFA, and OCC) finalized changes to the swap margin rule to facilitate implementation of prudent risk management strategies at banks and other entities with significant swap activities.

    July 01, 2020 WebPage Regulatory News
    News

    IAIS on Package for 2020 Data Collection on ICS and Aggregation Method

    IAIS published technical specifications, questionnaires, and templates for 2020 Insurance Capital Standard (ICS) and Aggregation Method data collections.

    June 30, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5425