Featured Product

    APRA Finalizes CPS 234 to Help Combat Threat of Cyber Attacks

    November 07, 2018

    APRA has released the final version of its prudential standard focused on information security management. The new Prudential Standard CPS 234 Information Security will shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Following extensive consultation with the industry, APRA also published a Response to Submissions paper outlining the final form of the standard. This Prudential Standard commences on July 01, 2019.

    Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or July 01, 2020. This prudential standard will apply to APRA-regulated entities, including authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. CPS 234 requires APRA-regulated entities to:

    • Clearly define information-security related roles and responsibilities
    • Maintain an information security capability commensurate with the size and extent of threats to their information assets
    • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls
    • Promptly notify APRA of material information security incidents

    APRA first released a discussion paper in March outlining the intended requirements of the new prudential standard. Industry was supportive of the intent and direction of CPS 234. APRA agreed to make several amendments, including clarifying requirements for information assets managed by third parties and modifying the timeframes for notifying APRA of information security incidents and material information security control weaknesses. To help entities fulfill their requirements, APRA will shortly update the Prudential Practice Guide CPG 234 on Management of Information and Information Technology. 

     

    Related Links

    Effective Date: July 01, 2019/July 01, 2020

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Regtech, Prudential Standard, APRA

    Related Articles
    News

    APRA Finalizes Prudential Standard for Credit Risk Management of Banks

    APRA updated the prudential standard on credit risk management requirements (APG 220) for authorized deposit-taking institutions, post a public consultation.

    December 12, 2019 WebPage Regulatory News
    News

    APRA Issues Operational Risk Rules, Consults on Reporting Requirements

    APRA published an updated prudential standard APS 115 that sets out operational risk requirements for authorized deposit-taking institutions in Australia.

    December 11, 2019 WebPage Regulatory News
    News

    ESMA Updates Q&A on European Benchmarks Regulation in December 2019

    ESMA updated the question and answers (Q&A) document on the European Benchmarks Regulation.

    December 11, 2019 WebPage Regulatory News
    News

    APRA Decides to Keep Countercyclical Capital Buffer for Banks at 0%

    APRA announced its decision to keep the countercyclical capital buffer (CCyB) for authorized deposit-taking institutions on hold at zero percent.

    December 11, 2019 WebPage Regulatory News
    News

    FED Extends Consultation Period for Capital Requirements for Insurers

    FED is extending comment period for the proposed rule establishing risk-based capital requirements for depository institution holding companies that are significantly engaged in insurance activities.

    December 10, 2019 WebPage Regulatory News
    News

    OSFI Sets Domestic Stability Buffer Level at 2.25%

    OSFI has set the Domestic Stability Buffer, or DSB, at 2.25% of total risk-weighted assets, with effect from April 30, 2020.

    December 10, 2019 WebPage Regulatory News
    News

    EBA Issues Revised List of Validation Rules for Reporting by Banks

    EBA published a revised list of validation rules in its implementing technical standards on supervisory reporting.

    December 10, 2019 WebPage Regulatory News
    News

    SRB Holds Annual Conference, Reflects on Turning Policy into Action

    SRB published a report on its fourth annual conference that was held on October 10, 2019 in Brussels.

    December 10, 2019 WebPage Regulatory News
    News

    APRA Specifies Capital Treatment of Equity Investments in ABGF

    APRA published a letter to the authorized deposit-taking institutions outlining the regulatory capital treatment of their equity investments in the Australian Business Growth Fund (ABGF).

    December 09, 2019 WebPage Regulatory News
    News

    EBA Updates Guidelines on Reporting of Funding Plans of Banks

    EBA updated the guidelines on harmonized definitions and templates for the reporting of funding plans of credit institutions.

    December 09, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 4305