General Information & Client Service
  • Americas: +1.212.553.1653
  • Asia: +852.3551.3077
  • China: +86.10.6319.6580
  • EMEA: +44.20.7772.5454
  • Japan: +81.3.5408.4100
Media Relations
  • New York: +1.212.553.0376
  • London: +44.20.7772.5456
  • Hong Kong: +852.3758.1350
  • Tokyo: +813.5408.4110
  • Sydney: +61.2.9270.8141
  • Mexico City: +001.888.779.5833
  • Buenos Aires: +0800.666.3506
  • São Paulo: +0800.891.2518
March 07, 2018

APRA has responded to the growing threat of cyber attacks by proposing its first prudential standard on information security, known as CPS 234. APRA released a package of measures, titled “Information Security Management: A new cross-industry prudential standard,” for industry consultation. The package is aimed at shoring up the ability of APRA-regulated entities to repel cyber adversaries, or respond swiftly and effectively in the event of a breach. Comment period is open until June 07, 2018.

Key areas where APRA is hoping to lift standards include assurance over the cyber capabilities of third parties such as service providers and enhancing entities’ ability to respond to, and recover from, cyber incidents. APRA proposes to apply this standard authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. APRA intends to finalize the proposed standard toward the end of the year, with a view to implementing CPS 234 from July 01 next year. The proposed new standard, CPS 234, would require regulated entities to:

  • Clearly define the information security-related roles and responsibilities of the board, senior management, governing bodies, and individuals
  • Maintain information security capability commensurate with the size and extent of threats to information assets and which enables the continued sound operation of the entity
  • Implement information security controls to protect its information assets and undertake systematic testing and assurance regarding the effectiveness of those controls
  • Have robust mechanisms in place to detect and respond to information security incidents in a timely manner
  • Notify APRA of material information security incidents

 

Related Links

Comment Due Date: June 07, 2018

Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Prudential Standard, APRA

Related Insights
News

US Agencies Propose Revisions to FFIEC Reports 031, 041, 051, and 101

US Agencies (FDIC, FED, and OCC) propose to extend for three years, with revision, FFIEC 031, FFIEC 041, FFIEC 051, and FFIEC 101.

February 21, 2019 WebPage Regulatory News
News

OFR Adopts Data Collection Rule on Centrally Cleared Repo Transactions

OFR adopted a final rule to establish a data collection covering centrally cleared funding transactions in the U.S. repurchase agreement (repo) market.

February 20, 2019 WebPage Regulatory News
News

FHFA Finalizes Rule on Federal Home Loan Bank Capital Requirements

FHFA published, in Federal Register, the final rule to adopt, as its own, portions of the regulations of the Federal Housing Finance Board pertaining to the capital requirements for the Federal Home Loan Banks.

February 20, 2019 WebPage Regulatory News
News

PRA Publishes PS4/19 on Loss-Absorbency Mechanism Under Solvency II

PRA published a policy statement (PS4/19) that provides feedback on responses to the consultation paper (CP27/18) on adjusting for the reduction of loss absorbency where own fund instruments are taxed on write down under Solvency II.

February 20, 2019 WebPage Regulatory News
News

SRB Publishes Framework for Performing Valuations in Resolution

The framework provides independent valuers and the general public with an indication of the expectations of SRB on the principles and methodologies for valuation reports, as set out in the legal framework.

February 19, 2019 WebPage Regulatory News
News

BIS Paper on Effect of Securities Lending on OTC Market Liquidity

BIS published a working paper that studies how securities lending affects over-the-counter market (OTC) liquidity.

February 19, 2019 WebPage Regulatory News
News

US Agencies Extend Consultation Period for the Proposed SA-CCR

US Agencies (FDIC, FED, and OCC) extended the comment period for a proposed rule to update their standards for how firms measure counterparty credit risk posed by derivative contracts.

February 18, 2019 WebPage Regulatory News
News

FED Extends Consultation Period for Stress Testing Rule

FED has published in the Federal Register a notice proposing amendments to the company run and supervisory stress test rules.

February 15, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for February 2019

EBA published answers to two questions under the Single Rulebook question and answer (Q&A) updates for this week.

February 15, 2019 WebPage Regulatory News
News

SEC Proposes Rule on Risk Mitigation Techniques for Uncleared SBS

SEC proposed a rule that would require the application of specific risk-mitigation techniques to portfolios of security-based swaps (SBS) that are not submitted for clearing.

February 15, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 2623