General Information & Client Service
  • Americas: +1.212.553.1653
  • Asia: +852.3551.3077
  • China: +86.10.6319.6580
  • EMEA: +44.20.7772.5454
  • Japan: +81.3.5408.4100
Media Relations
  • New York: +1.212.553.0376
  • London: +44.20.7772.5456
  • Hong Kong: +852.3758.1350
  • Tokyo: +813.5408.4110
  • Sydney: +61.2.9270.8141
  • Mexico City: +001.888.779.5833
  • Buenos Aires: +0800.666.3506
  • São Paulo: +0800.891.2518
March 07, 2018

APRA has responded to the growing threat of cyber attacks by proposing its first prudential standard on information security, known as CPS 234. APRA released a package of measures, titled “Information Security Management: A new cross-industry prudential standard,” for industry consultation. The package is aimed at shoring up the ability of APRA-regulated entities to repel cyber adversaries, or respond swiftly and effectively in the event of a breach. Comment period is open until June 07, 2018.

Key areas where APRA is hoping to lift standards include assurance over the cyber capabilities of third parties such as service providers and enhancing entities’ ability to respond to, and recover from, cyber incidents. APRA proposes to apply this standard authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. APRA intends to finalize the proposed standard toward the end of the year, with a view to implementing CPS 234 from July 01 next year. The proposed new standard, CPS 234, would require regulated entities to:

  • Clearly define the information security-related roles and responsibilities of the board, senior management, governing bodies, and individuals
  • Maintain information security capability commensurate with the size and extent of threats to information assets and which enables the continued sound operation of the entity
  • Implement information security controls to protect its information assets and undertake systematic testing and assurance regarding the effectiveness of those controls
  • Have robust mechanisms in place to detect and respond to information security incidents in a timely manner
  • Notify APRA of material information security incidents

 

Related Links

Comment Due Date: June 07, 2018

Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Prudential Standard, APRA

Related Articles
News

FDIC Consults on Approach to Resolution Planning for IDIs

FDIC approved an Advance Notice of Proposed Rulemaking (ANPR) and is seeking comment on ways to tailor and improve its rule requiring certain insured depository institutions (IDIs) to submit resolution plans.

April 22, 2019 WebPage Regulatory News
News

US Agencies Propose to Amend Rule on Supplementary Leverage Ratio

US Agencies (FDIC, FED, and OCC) are proposing to revise the capital requirements for supplementary leverage ratio, as required by the Economic Growth, Regulatory Relief, and Consumer Protection (EGRRCP) Act.

April 18, 2019 WebPage Regulatory News
News

EP Resolution on Proposal for Sovereign Bond Backed Securities

The European Parliament (EP) published adopted text on the proposal for a regulation of the European Parliament and of the Council on sovereign bond-backed securities (SBBS).

April 16, 2019 WebPage Regulatory News
News

HKMA Decides to Maintain Countercyclical Capital Buffer at 2.5%

HKMA announced that, in accordance with the Banking (Capital) Rules, the countercyclical capital buffer (CCyB) ratio for Hong Kong remains at 2.5%.

April 16, 2019 WebPage Regulatory News
News

EP Approves Agreement on Package of CRD 5, CRR 2, BRRD 2, and SRMR 2

The European Parliament (EP) approved the final agreement on a package of reforms proposed by EC to strengthen the resilience and resolvability of European banks.

April 16, 2019 WebPage Regulatory News
News

PRA Finalizes Policy on Approach to Managing Climate Change Risks

PRA published the policy statement PS11/19, which contains final supervisory statement (SS3/19) on enhancing banks’ and insurers’ approaches to managing the financial risks from climate change (Appendix).

April 15, 2019 WebPage Regulatory News
News

PRA Seeks Input and Issues Specifications for Insurance Stress Tests

PRA announced that it will conduct an insurance stress test for the largest regulated life and general insurers from July to September 2019.

April 15, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: First Update for April 2019

EBA published answers to nine questions under the Single Rulebook question and answer (Q&A) updates for this week.

April 12, 2019 WebPage Regulatory News
News

FED Updates Form and Supplemental Instructions for FR Y-9C Reporting

FED updated the form and supplemental instructions for FR Y-9C reporting. FR Y-9C is used to collect data from domestic bank holding companies, savings and loan holding companies, U.S intermediate holding companies, and securities holding companies with total consolidated assets of USD 3 billion or more.

April 11, 2019 WebPage Regulatory News
News

EIOPA Statement on Application of Proportionality in SCR Supervision

EIOPA published a supervisory statement on the application of proportionality principle in the supervision of the Solvency Capital Requirement (SCR) calculated in accordance with the standard formula.

April 11, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 2932