Featured Product

    APRA Updates Guidance on Managing Information Security Risks

    June 25, 2019

    APRA released an updated Prudential Practice Guide CPG 234 on managing information security risks, including cyber-crime. APRA also published its response to submissions on the draft CPG 234 Information Security, the consultation for which was launched in March 2019. The updated CPG 234 will assist APRA-regulated entities to embed and comply with the requirements of the new cross-industry prudential standard CPS 234 Information Security, which was release in November 2018 and applies to all APRA-regulated entities from July 01, 2019.

    APRA, in March 2019, had proposed to update the cross-industry Prudential Practice Guide CPG 234 Management of Security Risk in Information and Information Technology, which is being renamed as the Prudential Practice Guide CPG 234 Information Security. APRA made a number of minor changes to CPG 234 as part of the final review process. The guide is aimed at boards and senior management as well as risk and information technology experts in regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimize their resilience when aspects of their information security are managed by third parties. The guide also sets out key information a board could consider in relation to its responsibilities under CPS 234. 

    CPS 234 is expected to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. The APRA letter states that, with the July 01 start date for CPS 234 imminent, it is important that all APRA-regulated entities have assessed their level of compliance with the standard and taken appropriate steps to address any gaps. APRA recognizes that the new information security requirements materially raise the bar across the industry and will take time to be fully effective. If an entity assesses that it will not be able to fully comply with the new standard from July 01, it should immediately contact its APRA supervisor.

     

    Related Links

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPG 234, CPS 234, Information Security, Prudential Practice Guide, Cyber Risk, Operational Risk, APRA

    Related Articles
    News

    APRA Revises Standard on Margin Rules for Uncleared Derivatives

    APRA revised CPS 226, which is the prudential standard on margin and risk mitigation requirements for non-centrally cleared derivatives.

    September 19, 2019 WebPage Regulatory News
    News

    PRA Issues Consultation on Prudent Person Principle Under Solvency II

    PRA, via the consultation paper CP22/19, has set out its proposed expectations for investment by firms, in accordance with the Prudent Person Principle (PPP).

    September 18, 2019 WebPage Regulatory News
    News

    EIOPA Forms Consultative Expert Group on Digital Ethics in Insurance

    EIOPA established the Consultative Expert Group on Digital Ethics in Insurance to assist EIOPA in the development of digital responsibility principles in insurance.

    September 17, 2019 WebPage Regulatory News
    News

    FDIC Approves Proposal to Amend Swap Margin Rule

    FDIC approved what would be a joint proposal by the US Agencies (FCA, FDIC, FED, FHFA, and OCC) to amend regulations that require swap dealers and security-based swap dealers under the agencies’ respective jurisdictions to exchange margin with their counterparties for swaps that are not centrally cleared (Swap Margin Rule).

    September 17, 2019 WebPage Regulatory News
    News

    FASB Proposes Taxonomy Changes Related to Topics 848 and 470

    FASB proposed taxonomy improvements for the proposed Accounting Standards Update on topic 848 on facilitation of effects of reference rate reform on financial reporting.

    September 16, 2019 WebPage Regulatory News
    News

    BoE Statement on Recalculating Transitional Measures Under Solvency II

    BoE notified that it will be willing to accept applications from firms to recalculate transitional measure on technical provisions (TMTP) as at September 30, 2019.

    September 16, 2019 WebPage Regulatory News
    News

    BIS Hosts Conference to Discuss Issues from Emergence of Stablecoins

    BIS hosted a conference in Basel to discuss policy and regulatory issues posed by the emergence of stablecoin initiatives backed by financial institutions and large technology companies.

    September 16, 2019 WebPage Regulatory News
    News

    BIS Paper on Embedded Supervision of Blockchain-Based Financial Market

    BIS published a working paper that investigates ways to regulate and supervise blockchain-based financial markets.

    September 16, 2019 WebPage Regulatory News
    News

    BoE Paper on Market-Implied Systemic Risk and Shadow Capital Adequacy

    BoE published a working paper that presents a forward-looking approach to measure systemic solvency risk.

    September 13, 2019 WebPage Regulatory News
    News

    HKMA Consults on Policy Module on Pillar 2 Supervisory Review Process

    HKMA is consulting on the revised Supervisory Policy Manual module CA-G-5 that sets out the HKMA approach to conducting the supervisory review process under Pillar 2.

    September 13, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3830