General Information & Client Service
  • Americas: +1.212.553.1653
  • Asia: +852.3551.3077
  • China: +86.10.6319.6580
  • EMEA: +44.20.7772.5454
  • Japan: +81.3.5408.4100
Media Relations
  • New York: +1.212.553.0376
  • London: +44.20.7772.5456
  • Hong Kong: +852.3758.1350
  • Tokyo: +813.5408.4110
  • Sydney: +61.2.9270.8141
  • Mexico City: +001.888.779.5833
  • Buenos Aires: +0800.666.3506
  • São Paulo: +0800.891.2518
March 07, 2018

APRA has responded to the growing threat of cyber attacks by proposing its first prudential standard on information security, known as CPS 234. APRA released a package of measures, titled “Information Security Management: A new cross-industry prudential standard,” for industry consultation. The package is aimed at shoring up the ability of APRA-regulated entities to repel cyber adversaries, or respond swiftly and effectively in the event of a breach. Comment period is open until June 07, 2018.

Key areas where APRA is hoping to lift standards include assurance over the cyber capabilities of third parties such as service providers and enhancing entities’ ability to respond to, and recover from, cyber incidents. APRA proposes to apply this standard authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. APRA intends to finalize the proposed standard toward the end of the year, with a view to implementing CPS 234 from July 01 next year. The proposed new standard, CPS 234, would require regulated entities to:

  • Clearly define the information security-related roles and responsibilities of the board, senior management, governing bodies, and individuals
  • Maintain information security capability commensurate with the size and extent of threats to information assets and which enables the continued sound operation of the entity
  • Implement information security controls to protect its information assets and undertake systematic testing and assurance regarding the effectiveness of those controls
  • Have robust mechanisms in place to detect and respond to information security incidents in a timely manner
  • Notify APRA of material information security incidents

 

Related Links

Comment Due Date: June 07, 2018

Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Prudential Standard, APRA

Related Insights
News

EBA Finalizes Guidelines on the STS Criteria in Securitization

EBA published the final guidelines that provide a harmonized interpretation of the criteria for a securitization to be eligible as simple, transparent, and standardized (STS) on a cross-sectoral basis throughout EU.

December 12, 2018 WebPage Regulatory News
News

OSFI Sets Domestic Stability Buffer for D-SIBs at 1.75%

OSFI set the level for the Domestic Stability Buffer at 1.75% of total risk-weighted assets, as calculated under the Capital Adequacy Requirements (CAR) Guideline.

December 12, 2018 WebPage Regulatory News
News

FSI Publishes Paper on Proportionality in Insurance Solvency Rules

FSI published a paper on proportionality in the application of insurance solvency requirements.

December 11, 2018 WebPage Regulatory News
News

BCBS Updates Framework for Pillar 3 Disclosure Requirements

BCBS published the updated framework for Pillar 3 disclosure requirements.

December 11, 2018 WebPage Regulatory News
News

EBA Issues Revised List of Validation Rules for Reporting

EBA revised the list of validation rules in its implementing technical standards on supervisory reporting.

December 11, 2018 WebPage Regulatory News
News

IMF Reports Assess the Stability of Financial System in Brazil

IMF published a report on the results of the Financial System Stability Assessment (FSSA) on Brazil.

December 11, 2018 WebPage Regulatory News
News

FED Governor Examines Pros of Imposing Capital Buffers on Large Banks

At the Peterson Institute for International Economics in Washington D.C., the FED Governor Lael Brainard summarized the financial stability outlook, highlighted areas where financial imbalances seem to be building, and touched on the related policy implications.

December 07, 2018 WebPage Regulatory News
News

US Agencies Propose Rule on Appraisals for Real Estate Transactions

US Agencies (FDIC, FED, and OCC) proposed a rule to increase the threshold level at or below which appraisals would not be required for the residential real estate transactions from USD 250,000 to USD 400,000. Comments will be accepted for 60 days from publication in the Federal Register.

December 07, 2018 WebPage Regulatory News
News

EBA Single Rulebook Q&A: First Update for December 2018

This week one answer was published as part of the Single Rulebook Questions and Answers (Q&A).

December 07, 2018 WebPage Regulatory News
News

FED Updates Reporting Form and Instructions for FR Y-14Q

FED published the updated reporting form FR Y-14Q for Capital Assessment and Stress Testing, along with the associated instructions.

December 06, 2018 WebPage Regulatory News
RESULTS 1 - 10 OF 2325