APRA has responded to the growing threat of cyber attacks by proposing its first prudential standard on information security, known as CPS 234. APRA released a package of measures, titled “Information Security Management: A new cross-industry prudential standard,” for industry consultation. The package is aimed at shoring up the ability of APRA-regulated entities to repel cyber adversaries, or respond swiftly and effectively in the event of a breach. Comment period is open until June 07, 2018.
Key areas where APRA is hoping to lift standards include assurance over the cyber capabilities of third parties such as service providers and enhancing entities’ ability to respond to, and recover from, cyber incidents. APRA proposes to apply this standard authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. APRA intends to finalize the proposed standard toward the end of the year, with a view to implementing CPS 234 from July 01 next year. The proposed new standard, CPS 234, would require regulated entities to:
- Clearly define the information security-related roles and responsibilities of the board, senior management, governing bodies, and individuals
- Maintain information security capability commensurate with the size and extent of threats to information assets and which enables the continued sound operation of the entity
- Implement information security controls to protect its information assets and undertake systematic testing and assurance regarding the effectiveness of those controls
- Have robust mechanisms in place to detect and respond to information security incidents in a timely manner
- Notify APRA of material information security incidents
Comment Due Date: June 07, 2018
Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Prudential Standard, APRA
BCBS amended the guidelines on sound management of risks related to money laundering and financing of terrorism (ML/FT).
US Agencies (Farm Credit Administration, FDIC, FED, FHFA, and OCC) finalized changes to the swap margin rule to facilitate implementation of prudent risk management strategies at banks and other entities with significant swap activities.
PRA published a letter that builds on the expectations set out in the supervisory statement (SS3/19) on enhancing banks' and insurers' approaches to managing the financial risks from climate change.
EBA finalized the guidelines on treatment of structural foreign-exchange (FX) positions under Article 352(2) of the Capital Requirements Regulation (CRR).
FSB published a statement on the impact of COVID-19 pandemic on global benchmark transition.
IAIS published the list of Internationally Active Insurance Groups (IAIGs) publicly disclosed by group-wide supervisors.
FED has temporarily revised the reporting form on consolidated financial statements for holding companies (FR Y-9C; OMB No. 7100-0128).
EC launched a consultation on the review of the key elements of Solvency II Directive, with the comment period ending on October 21, 2020.
ECB launched a consultation on the guide that sets out supervisory approach to consolidation projects in the banking sector.
IAIS published technical specifications, questionnaires, and templates for 2020 Insurance Capital Standard (ICS) and Aggregation Method data collections.