Featured Product

    APRA Finalizes CPS 234 to Help Combat Threat of Cyber Attacks

    November 07, 2018

    APRA has released the final version of its prudential standard focused on information security management. The new Prudential Standard CPS 234 Information Security will shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Following extensive consultation with the industry, APRA also published a Response to Submissions paper outlining the final form of the standard. This Prudential Standard commences on July 01, 2019.

    Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or July 01, 2020. This prudential standard will apply to APRA-regulated entities, including authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. CPS 234 requires APRA-regulated entities to:

    • Clearly define information-security related roles and responsibilities
    • Maintain an information security capability commensurate with the size and extent of threats to their information assets
    • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls
    • Promptly notify APRA of material information security incidents

    APRA first released a discussion paper in March outlining the intended requirements of the new prudential standard. Industry was supportive of the intent and direction of CPS 234. APRA agreed to make several amendments, including clarifying requirements for information assets managed by third parties and modifying the timeframes for notifying APRA of information security incidents and material information security control weaknesses. To help entities fulfill their requirements, APRA will shortly update the Prudential Practice Guide CPG 234 on Management of Information and Information Technology. 

     

    Related Links

    Effective Date: July 01, 2019/July 01, 2020

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Regtech, Prudential Standard, APRA

    Related Articles
    News

    MAS Concludes Blockchain Payments Prototype Shows Commercial Potential

    MAS and Temasek jointly released a report to mark the successful conclusion of the fifth and final phase of Project Ubin, which focused on building a blockchain-based multi-currency payments network prototype.

    July 13, 2020 WebPage Regulatory News
    News

    EBA Publishes Phase 2 of Technical Package on Reporting Framework 2.10

    EBA published phase 2 of the technical package on the reporting framework 2.10, providing the technical tools and specifications for implementation of EBA reporting requirements.

    July 10, 2020 WebPage Regulatory News
    News

    APRA Updates Reporting Validation Rules in July 2020

    APRA updated the lists of the Direct to APRA (D2A) validation rules for authorized deposit-taking institutions, insurers, and superannuation entities.

    July 10, 2020 WebPage Regulatory News
    News

    PRA to Partly Apply EBA Guidelines on Disclosures for COVID Measures

    PRA updated the statement that provides guidance to regulated firms on implementation of the EBA guidelines on reporting and disclosure of exposures subject to measures applied in response to the COVID-19 crisis.

    July 10, 2020 WebPage Regulatory News
    News

    EBA Updates List of Correlated Currencies Under CRR

    EBA updated the 2019 list of closely correlated currencies that was originally published in December 2013.

    July 10, 2020 WebPage Regulatory News
    News

    FASB Proposes to Delay Implementation of Insurance Contracts Standard

    FASB issued a proposed Accounting Standards Update that would grant insurance companies, adversely affected by the COVID-19 pandemic, an additional year to implement the Accounting Standards Update No. 2018-12 on targeted improvements to accounting for long-duration insurance contracts, or LDTI (Topic 944).

    July 09, 2020 WebPage Regulatory News
    News

    APRA Updates Regulatory Approach to Loan Deferrals Amid COVID Crisis

    APRA updated the regulatory approach for loans subject to repayment deferrals amid the COVID-19 crisis.

    July 09, 2020 WebPage Regulatory News
    News

    BCBS and FSB Set Out Recommendations for Benchmark Transition

    BCBS and FSB published a report on supervisory issues associated with benchmark transition.

    July 09, 2020 WebPage Regulatory News
    News

    IAIS Sets Out Recommendations for Benchmark Transition for Insurers

    IAIS published a report on supervisory issues associated with benchmark transition from an insurance perspective.

    July 09, 2020 WebPage Regulatory News
    News

    ESMA Updates Reporting Manual on European Single Electronic Format

    ESMA updated the reporting manual on the European Single Electronic Format (ESEF).

    July 09, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5469