Featured Product

    APRA Updates Guidance on Managing Information Security Risks

    June 25, 2019

    APRA released an updated Prudential Practice Guide CPG 234 on managing information security risks, including cyber-crime. APRA also published its response to submissions on the draft CPG 234 Information Security, the consultation for which was launched in March 2019. The updated CPG 234 will assist APRA-regulated entities to embed and comply with the requirements of the new cross-industry prudential standard CPS 234 Information Security, which was release in November 2018 and applies to all APRA-regulated entities from July 01, 2019.

    APRA, in March 2019, had proposed to update the cross-industry Prudential Practice Guide CPG 234 Management of Security Risk in Information and Information Technology, which is being renamed as the Prudential Practice Guide CPG 234 Information Security. APRA made a number of minor changes to CPG 234 as part of the final review process. The guide is aimed at boards and senior management as well as risk and information technology experts in regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimize their resilience when aspects of their information security are managed by third parties. The guide also sets out key information a board could consider in relation to its responsibilities under CPS 234. 

    CPS 234 is expected to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. The APRA letter states that, with the July 01 start date for CPS 234 imminent, it is important that all APRA-regulated entities have assessed their level of compliance with the standard and taken appropriate steps to address any gaps. APRA recognizes that the new information security requirements materially raise the bar across the industry and will take time to be fully effective. If an entity assesses that it will not be able to fully comply with the new standard from July 01, it should immediately contact its APRA supervisor.

     

    Related Links

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPG 234, CPS 234, Information Security, Prudential Practice Guide, Cyber Risk, Operational Risk, APRA

    Related Articles
    News

    FED Adopts Proposal to Implement Reporting Form for SCCL

    FED adopted a proposal to implement the Single-Counterparty Credit Limits (SCCL) reporting form (FR 2590; OMB No. 7100-NEW).

    November 20, 2019 WebPage Regulatory News
    News

    FED Proposes to Extend Initial Compliance Dates Under SCCL Rule

    FED published a proposal to extend, by 18 months, the initial compliance dates for foreign banks subject to the single-counterparty credit limit (SCCL) rule.

    November 20, 2019 WebPage Regulatory News
    News

    CBIRC to Strengthen Supervisory and Policy Support for SME Services

    CBIRC released a notification on strengthening supervision and guidance to enhance the quality and efficiency of financial services for "small and micro-enterprises" (SMEs).

    November 20, 2019 WebPage Regulatory News
    News

    APRA Publishes Approach to Regulating and Supervising GCRA Risks

    APRA published an information paper that sets out a more intensive regulatory approach to transform governance, culture, remuneration, and accountability (GCRA) practices across the prudentially regulated financial sector.

    November 19, 2019 WebPage Regulatory News
    News

    US Agencies Update Rule on Derivative Contracts Exposure Calculation

    US Agencies (FDIC, FED, and OCC) announced a final rule updating the way certain banking organizations are required to measure counterparty credit risk for derivative contracts under their regulatory capital rules.

    November 19, 2019 WebPage Regulatory News
    News

    US Agencies Finalize Rule to Amend Treatment of HVCRE Exposures

    US Agencies (FDIC, FED, and OCC) finalized a rule to modify the treatment of high volatility commercial real estate (HVCRE) exposures, as required by the Economic Growth, Regulatory Relief, and Consumer Protection (EGRRCP) Act.

    November 19, 2019 WebPage Regulatory News
    News

    US Agencies Finalize Changes to Rule on Supplementary Leverage Ratio

    US Agencies (FDIC, FED, and OCC) finalized changes to the capital requirement for banking organizations predominantly engaged in custodial activities, as required by the Economic Growth, Regulatory Relief, and Consumer Protection (EGRRCP) Act.

    November 19, 2019 WebPage Regulatory News
    News

    IAIS Consults on Guidance on Liquidity Risk Management for Insurers

    IAIS is seeking feedback on the draft application paper on liquidity risk management for insurers.

    November 19, 2019 WebPage Regulatory News
    News

    IAIS Publishes Application Paper on Recovery Planning

    IAIS published the final application paper on recovery planning, along with the resolution of comments on the draft application paper.

    November 18, 2019 WebPage Regulatory News
    News

    FSB Publishes Summary of November Meeting of RCG for MENA Region

    FSB published a summary of the November meeting of the Regional Consultative Group (RCG) for Middle East and North Africa (MENA).

    November 17, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 4174