Featured Product

    APRA Finalizes CPS 234 to Help Combat Threat of Cyber Attacks

    November 07, 2018

    APRA has released the final version of its prudential standard focused on information security management. The new Prudential Standard CPS 234 Information Security will shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Following extensive consultation with the industry, APRA also published a Response to Submissions paper outlining the final form of the standard. This Prudential Standard commences on July 01, 2019.

    Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or July 01, 2020. This prudential standard will apply to APRA-regulated entities, including authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. CPS 234 requires APRA-regulated entities to:

    • Clearly define information-security related roles and responsibilities
    • Maintain an information security capability commensurate with the size and extent of threats to their information assets
    • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls
    • Promptly notify APRA of material information security incidents

    APRA first released a discussion paper in March outlining the intended requirements of the new prudential standard. Industry was supportive of the intent and direction of CPS 234. APRA agreed to make several amendments, including clarifying requirements for information assets managed by third parties and modifying the timeframes for notifying APRA of information security incidents and material information security control weaknesses. To help entities fulfill their requirements, APRA will shortly update the Prudential Practice Guide CPG 234 on Management of Information and Information Technology. 

     

    Related Links

    Effective Date: July 01, 2019/July 01, 2020

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Regtech, Prudential Standard, APRA

    Related Articles
    News

    APRA Reviews Repayment Deferral Plans, Identifies Best Practices

    APRA has concluded its review of the comprehensive plans of authorized deposit-taking institutions for the assessment and management of loans with repayment deferrals.

    September 22, 2020 WebPage Regulatory News
    News

    ESAs Assess Risks to Financial Sector After COVID-19 Outbreak

    ESAs (EBA, EIOPA, and ESMA) published the first joint report that assesses risks in the financial sector since the outbreak of the COVID-19 pandemic.

    September 22, 2020 WebPage Regulatory News
    News

    BoE Confirms Withdrawal of COVID Corporate Financing Facility

    BoE and HM Treasury confirmed that the COVID Corporate Financing Facility (CCFF) will close for new purchases of commercial paper, with effect from March 23, 2021.

    September 22, 2020 WebPage Regulatory News
    News

    ECB Allows Temporary Relief in Leverage Ratio Amid COVID-19 Pandemic

    ECB published a decision allowing the euro area banks under its direct supervision to exclude certain central bank exposures from the leverage ratio.

    September 21, 2020 WebPage Regulatory News
    News

    ESAs Launch Survey on Templates for Product Disclosures Under SFDR

    ESAs launched a survey seeking feedback on the presentational aspects of product templates under the Sustainable Finance Disclosure Regulation (SFDR or Regulation 2019/2088).

    September 21, 2020 WebPage Regulatory News
    News

    ECB Proposes Integrated Reporting Framework to Reduce Burden for Banks

    ECB published input of the European System of Central Banks (ESCB) into the EBA feasibility report on reducing the reporting burden for banks in EU.

    September 21, 2020 WebPage Regulatory News
    News

    EC Deems UK Framework for CCPs Temporarily Equivalent to EMIR Rules

    EC adopted a decision determining, for a limited period of time, that the regulatory framework applicable to central counterparties, or CCPs, in the UK and Northern Ireland is equivalent to the requirements laid down in the European Market Infrastructure Regulation (EMIR or Regulation 648/2012).

    September 21, 2020 WebPage Regulatory News
    News

    EBA to Phase Out Guidelines on Loan Repayment Moratoria

    EBA has decided to phase out the guidelines on legislative and non-legislative moratoria of loan repayments, in accordance with the earlier specified end of September deadline.

    September 21, 2020 WebPage Regulatory News
    News

    EBA Provides Opinion on Definition of Credit Institution in CRR

    EBA published an Opinion addressed to EC to raise awareness about the opportunity to clarify certain issues related to the definition of credit institution in the upcoming review of the Capital Requirements Directive and Regulation (CRD and CRR).

    September 18, 2020 WebPage Regulatory News
    News

    ECB Finalizes Methodology to Assess CCR and A-CVA Risk of Banks

    ECB finalized the guide on assessment methodology for the internal model method for calculating exposure to counterparty credit risk (CCR) and the advanced method for own funds requirements for credit valuation adjustment (A-CVA) risk.

    September 18, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5820