Featured Product

    APRA Updates Guidance on Managing Information Security Risks

    June 25, 2019

    APRA released an updated Prudential Practice Guide CPG 234 on managing information security risks, including cyber-crime. APRA also published its response to submissions on the draft CPG 234 Information Security, the consultation for which was launched in March 2019. The updated CPG 234 will assist APRA-regulated entities to embed and comply with the requirements of the new cross-industry prudential standard CPS 234 Information Security, which was release in November 2018 and applies to all APRA-regulated entities from July 01, 2019.

    APRA, in March 2019, had proposed to update the cross-industry Prudential Practice Guide CPG 234 Management of Security Risk in Information and Information Technology, which is being renamed as the Prudential Practice Guide CPG 234 Information Security. APRA made a number of minor changes to CPG 234 as part of the final review process. The guide is aimed at boards and senior management as well as risk and information technology experts in regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimize their resilience when aspects of their information security are managed by third parties. The guide also sets out key information a board could consider in relation to its responsibilities under CPS 234. 

    CPS 234 is expected to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. The APRA letter states that, with the July 01 start date for CPS 234 imminent, it is important that all APRA-regulated entities have assessed their level of compliance with the standard and taken appropriate steps to address any gaps. APRA recognizes that the new information security requirements materially raise the bar across the industry and will take time to be fully effective. If an entity assesses that it will not be able to fully comply with the new standard from July 01, it should immediately contact its APRA supervisor.

     

    Related Links

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPG 234, CPS 234, Information Security, Prudential Practice Guide, Cyber Risk, Operational Risk, APRA

    Related Articles
    News

    APRA Updates Validation and Derivation Rules in September 2020

    APRA updated the lists of the Direct to APRA (D2A) validation and derivation rules for authorized deposit-taking institutions, insurers, and superannuation entities.

    September 24, 2020 WebPage Regulatory News
    News

    EC Proposes Frameworks for Crypto-Assets and Operational Resilience

    EC adopted a package that includes the digital finance and retail payments strategies and the legislative proposals for regulatory frameworks on crypto-assets and digital operational resilience.

    September 24, 2020 WebPage Regulatory News
    News

    ECB Publishes Opinion on Proposals to Amend Securitization Framework

    ECB published an opinion (CON/2020/22) on proposals for regulations amending the securitization framework of EU, in response to the COVID-19 pandemic.

    September 24, 2020 WebPage Regulatory News
    News

    FCA Consults on Regulation of International Firms in UK

    FCA is consulting on its approach to the authorization and supervision of international firms operating in UK.

    September 23, 2020 WebPage Regulatory News
    News

    MAS Amends Notice on Capital Adequacy Requirements of Banks

    MAS published amendments to Notice 637 on the risk-based capital adequacy requirements for reporting banks incorporated in Singapore.

    September 23, 2020 WebPage Regulatory News
    News

    FCA to Begin to Move Firms to New Data Collection Platform RegData

    FCA announced that it will move firms to RegData from Gabriel in the coming months in stages, based on the reporting requirements of firms.

    September 23, 2020 WebPage Regulatory News
    News

    ISDA Expects IBOR Fallbacks to be Effective by End of January 2021

    ISDA issued a letter to regulators to flag that it now expects the supplement to the 2006 ISDA Definitions and the Interbank Offered Rate (IBOR) Fallbacks Protocol to be effective around mid- to late-January 2021.

    September 23, 2020 WebPage Regulatory News
    News

    APRA Reviews Repayment Deferral Plans, Identifies Best Practices

    APRA has concluded its review of the comprehensive plans of authorized deposit-taking institutions for the assessment and management of loans with repayment deferrals.

    September 22, 2020 WebPage Regulatory News
    News

    ESAs Assess Risks to Financial Sector After COVID-19 Outbreak

    ESAs (EBA, EIOPA, and ESMA) published the first joint report that assesses risks in the financial sector since the outbreak of the COVID-19 pandemic.

    September 22, 2020 WebPage Regulatory News
    News

    BoE Confirms Withdrawal of COVID Corporate Financing Facility

    BoE and HM Treasury confirmed that the COVID Corporate Financing Facility (CCFF) will close for new purchases of commercial paper, with effect from March 23, 2021.

    September 22, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5836