Featured Product

    APRA Finalizes CPS 234 to Help Combat Threat of Cyber Attacks

    November 07, 2018

    APRA has released the final version of its prudential standard focused on information security management. The new Prudential Standard CPS 234 Information Security will shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Following extensive consultation with the industry, APRA also published a Response to Submissions paper outlining the final form of the standard. This Prudential Standard commences on July 01, 2019.

    Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or July 01, 2020. This prudential standard will apply to APRA-regulated entities, including authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. CPS 234 requires APRA-regulated entities to:

    • Clearly define information-security related roles and responsibilities
    • Maintain an information security capability commensurate with the size and extent of threats to their information assets
    • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls
    • Promptly notify APRA of material information security incidents

    APRA first released a discussion paper in March outlining the intended requirements of the new prudential standard. Industry was supportive of the intent and direction of CPS 234. APRA agreed to make several amendments, including clarifying requirements for information assets managed by third parties and modifying the timeframes for notifying APRA of information security incidents and material information security control weaknesses. To help entities fulfill their requirements, APRA will shortly update the Prudential Practice Guide CPG 234 on Management of Information and Information Technology. 

     

    Related Links

    Effective Date: July 01, 2019/July 01, 2020

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Regtech, Prudential Standard, APRA

    Related Articles
    News

    OCC Revises Minimum Threshold for Banks to Conduct Stress Tests

    OCC issued the final rule that amends its company-run stress testing requirements under the 12 CFR 46 in Code of Federal Regulations.

    October 10, 2019 WebPage Regulatory News
    News

    US Agencies Update Management Interlock Rules Under DIMIA

    US Agencies (FDIC, FED, and OCC) issued a final rule that increases the thresholds in the major assets prohibition for management interlocks for purposes of the Depository Institution Management Interlocks Act (DIMIA).

    October 10, 2019 WebPage Regulatory News
    News

    US Agencies Finalize Rules to Closely Match Bank Risk Profiles

    US Agencies (OCC, FED, and FDIC) finalized rules that tailor the regulations for domestic and foreign banks to more closely match their risk profiles.

    October 10, 2019 WebPage Regulatory News
    News

    CPMI-IOSCO and FSB on Governance Arrangements for OTC Derivatives

    CPMI and IOSCO published a report that identifies key criteria, functions, and bodies for the governance arrangements.

    October 09, 2019 WebPage Regulatory News
    News

    EIOPA Launches Field Test on Templates Under 2020 Solvency II Review

    EIOPA, as part of the 2020 Solvency II reporting and disclosure review, launched a field test on the revised and newly proposed reporting templates.

    October 09, 2019 WebPage Regulatory News
    News

    US Agencies Adopt Rule on Appraisals for Real Estate Transactions

    US Agencies (FDIC, FED, and OCC) adopted the final rule to amend regulations requiring appraisals of real estate for certain transactions

    October 08, 2019 WebPage Regulatory News
    News

    US Agencies Finalize Amendments to Simplify Volcker Rule

    US Agencies (CFTC, FDIC, FED, OCC, and SEC) finalized amendments to the regulations implementing section 13 of the Bank Holding Company Act, also known as the Volcker Rule.

    October 08, 2019 WebPage Regulatory News
    News

    EC Report Explores Application and Challenges of Blockchain Technology

    The Joint Research Center of EC published a report exploring the challenges and impact of distributed ledger technologies.

    October 08, 2019 WebPage Regulatory News
    News

    BIS and SNB Sign Agreement on Innovation Hub Center in Switzerland

    BIS and SNB signed an operational agreement on the BIS Innovation Hub Center in Switzerland.

    October 08, 2019 WebPage Regulatory News
    News

    ECB Issues Results of Sensitivity Analysis of Liquidity Risk for Banks

    ECB published results of 2019 stress test on sensitivity analysis of liquidity risk.

    October 07, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3958