Featured Product

    APRA Finalizes CPS 234 to Help Combat Threat of Cyber Attacks

    November 07, 2018

    APRA has released the final version of its prudential standard focused on information security management. The new Prudential Standard CPS 234 Information Security will shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Following extensive consultation with the industry, APRA also published a Response to Submissions paper outlining the final form of the standard. This Prudential Standard commences on July 01, 2019.

    Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or July 01, 2020. This prudential standard will apply to APRA-regulated entities, including authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. CPS 234 requires APRA-regulated entities to:

    • Clearly define information-security related roles and responsibilities
    • Maintain an information security capability commensurate with the size and extent of threats to their information assets
    • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls
    • Promptly notify APRA of material information security incidents

    APRA first released a discussion paper in March outlining the intended requirements of the new prudential standard. Industry was supportive of the intent and direction of CPS 234. APRA agreed to make several amendments, including clarifying requirements for information assets managed by third parties and modifying the timeframes for notifying APRA of information security incidents and material information security control weaknesses. To help entities fulfill their requirements, APRA will shortly update the Prudential Practice Guide CPG 234 on Management of Information and Information Technology. 

     

    Related Links

    Effective Date: July 01, 2019/July 01, 2020

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Regtech, Prudential Standard, APRA

    Related Articles
    News

    EBA Analyzes Impact of Unwind Mechanism of Liquidity Coverage Ratio

    EBA published a report analyzing the impact of the unwind mechanism of the liquidity coverage ratio (LCR) for a sample of European banks over a three-year period, from the end of 2016 to the first quarter of 2020.

    November 19, 2020 WebPage Regulatory News
    News

    ECB Outlines Views on Possible Changes to AnaCredit Rule and TLTROs

    In response to questions from a member of the European Parliament, the ECB President Christine Lagarde issued a letter clarifying the possibility of amending the AnaCredit Regulation and making targeted longer-term refinancing operations (TLTROs) dependent on the climate-related impact of bank loans.

    November 19, 2020 WebPage Regulatory News
    News

    IASB Begins First Phase of Post-Implementation Review of IFRS 9

    IASB started the post-implementation review of the classification and measurement requirements in IFRS 9 on financial instruments and added the review as a project to its work plan.

    November 18, 2020 WebPage Regulatory News
    News

    FSB Report Examines Progress in Resolvability of Systemic Institutions

    FSB published a report that examines progress in implementing policy measures to enhance the resolvability of systemically important financial institutions.

    November 18, 2020 WebPage Regulatory News
    News

    EBA Benchmarks National Insolvency Frameworks Across EU

    EBA published a report on the benchmarking of national loan enforcement frameworks across 27 EU member states, in response to the call for advice from EC.

    November 18, 2020 WebPage Regulatory News
    News

    FSB Reports Assess Impact of Pandemic on Financial Stability

    FSB published a letter from its Chair Randal K. Quarles, along with two reports exploring various aspects of the market turmoil resulting from the COVID-19 event.

    November 17, 2020 WebPage Regulatory News
    News

    RBNZ Consults on Implementation of Capital Review Changes

    RBNZ launched a consultation on the details for implementing the final Capital Review decisions announced in December 2019.

    November 17, 2020 WebPage Regulatory News
    News

    IASB Announces Andreas Barckow as the New Chair from July 2021

    The Trustees of the IFRS Foundation, which are responsible for the governance and oversight of IASB, have announced the appointment of Dr. Andreas Barckow as the IASB Chair, effective July 2021.

    November 17, 2020 WebPage Regulatory News
    News

    HKMA Consults on Capital Rules for Bank Equity Investments in Funds

    HKMA issued a letter to consult the banking industry on a full set of proposed draft amendments to the Banking (Capital) Rules for implementing the Basel standard on capital requirements for banks’ equity investments in funds in Hong Kong.

    November 17, 2020 WebPage Regulatory News
    News

    ESRB Supports Extension of Macro-Prudential Measure by Swedish FSA

    ESRB published an opinion assessing the decision of Swedish Financial Supervisory Authority (FSA) to extend the application period of a stricter measure for residential mortgage lending, in accordance with Article 458 of the Capital Requirements Regulation (CRR).

    November 17, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 6153