November 07, 2018

APRA has released the final version of its prudential standard focused on information security management. The new Prudential Standard CPS 234 Information Security will shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. Following extensive consultation with the industry, APRA also published a Response to Submissions paper outlining the final form of the standard. This Prudential Standard commences on July 01, 2019.

Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or July 01, 2020. This prudential standard will apply to APRA-regulated entities, including authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. CPS 234 requires APRA-regulated entities to:

  • Clearly define information-security related roles and responsibilities
  • Maintain an information security capability commensurate with the size and extent of threats to their information assets
  • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls
  • Promptly notify APRA of material information security incidents

APRA first released a discussion paper in March outlining the intended requirements of the new prudential standard. Industry was supportive of the intent and direction of CPS 234. APRA agreed to make several amendments, including clarifying requirements for information assets managed by third parties and modifying the timeframes for notifying APRA of information security incidents and material information security control weaknesses. To help entities fulfill their requirements, APRA will shortly update the Prudential Practice Guide CPG 234 on Management of Information and Information Technology. 

 

Related Links

Effective Date: July 01, 2019/July 01, 2020

Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Regtech, Prudential Standard, APRA

Related Articles
News

BIS Report Discusses Regulatory Issues Related to Big Techs in Finance

BIS has pre-released a chapter of the BIS Annual Economic Report; this chapter focuses on the risks and opportunities presented by large technology firms (big techs) in the financial services sector.

June 23, 2019 WebPage Regulatory News
News

IOSCO Report Examines Liquidity in Corporate Bond Markets

IOSCO published a report that examines the factors affecting liquidity, under stressed conditions, in the secondary corporate bond markets.

June 21, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for June 2019

Under the Single Rulebook question and answer (Q&A) updates for this week, EBA published one answer regarding the calculation of institution-specific countercyclical capital buffer rates.

June 21, 2019 WebPage Regulatory News
News

HKMA Publishes Banking Exposure Limits Code Under Banking Ordinance

HKMA issued a circular to all authorized institutions informing that the Banking (Exposure Limits) Code has been published in the Gazette on June 21, 2019.

June 21, 2019 WebPage Regulatory News
News

BCBS Report Examines Global Pillar 2 Supervisory Review Practices

BCBS published a report that examines the Pillar 2 supervisory review practices and approaches in Basel member jurisdictions.

June 21, 2019 WebPage Regulatory News
News

FED Publishes Results of the 2019 Stress Tests for Banks

FED published a report presenting results of the Dodd-Frank Act Stress Test (DFAST) exercise for 2019.

June 21, 2019 WebPage Regulatory News
News

IASB Publishes Work Plan and Meeting Updates for June 2019

IASB published an updated work plan and a summary of its June meeting, which presents preliminary decisions of the Board.

June 21, 2019 WebPage Regulatory News
News

OSFI Proposes Guideline on Internal Model Oversight for Insurers

OSFI proposed the draft guideline E-25 on the internal model oversight framework for federally regulated property and casualty (P&C) insurance companies.

June 21, 2019 WebPage Regulatory News
News

BCBS Publishes Summary of the Meeting in June 2019

BCBS published a summary of its June meeting in Basel.

June 20, 2019 WebPage Regulatory News
News

OCC Bulletin on Risk Management Guidance for Home Mortgage Lending

OCC published Bulletin 2019-28 on risk management guidance for higher-loan-to-value (LTV) lending activities in communities targeted for revitalization.

June 19, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 3298