Featured Product

    APRA Finalizes CPS 234 to Help Combat Threat of Cyber Attacks

    November 07, 2018

    APRA has released the final version of its prudential standard focused on information security management. The new Prudential Standard CPS 234 Information Security will shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Following extensive consultation with the industry, APRA also published a Response to Submissions paper outlining the final form of the standard. This Prudential Standard commences on July 01, 2019.

    Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or July 01, 2020. This prudential standard will apply to APRA-regulated entities, including authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. CPS 234 requires APRA-regulated entities to:

    • Clearly define information-security related roles and responsibilities
    • Maintain an information security capability commensurate with the size and extent of threats to their information assets
    • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls
    • Promptly notify APRA of material information security incidents

    APRA first released a discussion paper in March outlining the intended requirements of the new prudential standard. Industry was supportive of the intent and direction of CPS 234. APRA agreed to make several amendments, including clarifying requirements for information assets managed by third parties and modifying the timeframes for notifying APRA of information security incidents and material information security control weaknesses. To help entities fulfill their requirements, APRA will shortly update the Prudential Practice Guide CPG 234 on Management of Information and Information Technology. 

     

    Related Links

    Effective Date: July 01, 2019/July 01, 2020

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Regtech, Prudential Standard, APRA

    Related Articles
    News

    SEC Finalizes Capital and Margin Requirements for Security-Based Swaps

    SEC adopted a package of rules and rule amendments to establish capital, margin, and segregation requirements for security-based swaps, under Title VII of the Dodd-Frank Act.

    August 22, 2019 WebPage Regulatory News
    News

    ECB Revises Prudential Provisioning Expectations for New NPEs

    ECB is revising its supervisory expectations for prudential provisioning of new non-performing exposures (NPEs) specified in the “Addendum to the ECB Guidance to banks on non-performing loans” (Addendum)

    August 22, 2019 WebPage Regulatory News
    News

    CFTC Proposes to Revise Information Collection on Margin Requirements

    CFTC is requesting comments on the burdens associated with certain aspects of the Margin Requirements for Uncleared Swaps for Swap Dealers and Major Swap Participants (final rule).

    August 21, 2019 WebPage Regulatory News
    News

    FASB to Delay Effective Date for Insurance Contracts Standard

    FASB issued a proposed Accounting Standards Update that would grant all insurance companies that issue long-duration contracts, such as life insurance and annuities, additional time to apply the standard that addresses this area of financial reporting.

    August 21, 2019 WebPage Regulatory News
    News

    EBA Publishes Phase 2 of Technical Package on Reporting Framework 2.9

    EBA published phase 2 of its technical package on the reporting framework 2.9, which includes validation rules, Data Point Model (DPM) data dictionary, and XBRL taxonomies.

    August 21, 2019 WebPage Regulatory News
    News

    FSB Publishes Responses to Its Consultation Related to SME Financing

    FSB published responses received to the consultation on a report on the evaluation of the effects of financial regulatory reforms on small and medium-sized enterprise (SME) financing.

    August 21, 2019 WebPage Regulatory News
    News

    APRA Revises Related Entities Standard for Banks

    APRA published a strengthened prudential standard APS 222 on associations with related entities, with the aim to mitigate contagion risk within banking groups.

    August 20, 2019 WebPage Regulatory News
    News

    EBA and ESMA Issue Joint Response to EC Letter on Crypto-Assets

    EBA and ESMA issued a joint response to the EC letter, from July 19, 2019, on crypto-assets.

    August 20, 2019 WebPage Regulatory News
    News

    FSB on Responses to Consultation on Wind-Down of Trading Portfolios

    FSB published responses received to the consultation on the solvent wind-down of the derivatives and trading book portfolio of a global systemically important bank (G-SIB).

    August 19, 2019 WebPage Regulatory News
    News

    FSB Publishes Responses to Consultation on Resolvability Disclosures

    FSB published responses received to the consultation on disclosures for resolution planning and resolvability of banks.

    August 19, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3681