Featured Product

    APRA Updates Guidance on Managing Information Security Risks

    June 25, 2019

    APRA released an updated Prudential Practice Guide CPG 234 on managing information security risks, including cyber-crime. APRA also published its response to submissions on the draft CPG 234 Information Security, the consultation for which was launched in March 2019. The updated CPG 234 will assist APRA-regulated entities to embed and comply with the requirements of the new cross-industry prudential standard CPS 234 Information Security, which was release in November 2018 and applies to all APRA-regulated entities from July 01, 2019.

    APRA, in March 2019, had proposed to update the cross-industry Prudential Practice Guide CPG 234 Management of Security Risk in Information and Information Technology, which is being renamed as the Prudential Practice Guide CPG 234 Information Security. APRA made a number of minor changes to CPG 234 as part of the final review process. The guide is aimed at boards and senior management as well as risk and information technology experts in regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimize their resilience when aspects of their information security are managed by third parties. The guide also sets out key information a board could consider in relation to its responsibilities under CPS 234. 

    CPS 234 is expected to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. The APRA letter states that, with the July 01 start date for CPS 234 imminent, it is important that all APRA-regulated entities have assessed their level of compliance with the standard and taken appropriate steps to address any gaps. APRA recognizes that the new information security requirements materially raise the bar across the industry and will take time to be fully effective. If an entity assesses that it will not be able to fully comply with the new standard from July 01, it should immediately contact its APRA supervisor.

     

    Related Links

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPG 234, CPS 234, Information Security, Prudential Practice Guide, Cyber Risk, Operational Risk, APRA

    Related Articles
    News

    OCC Revises Minimum Threshold for Banks to Conduct Stress Tests

    OCC issued the final rule that amends its company-run stress testing requirements under the 12 CFR 46 in Code of Federal Regulations.

    October 10, 2019 WebPage Regulatory News
    News

    US Agencies Update Management Interlock Rules Under DIMIA

    US Agencies (FDIC, FED, and OCC) issued a final rule that increases the thresholds in the major assets prohibition for management interlocks for purposes of the Depository Institution Management Interlocks Act (DIMIA).

    October 10, 2019 WebPage Regulatory News
    News

    US Agencies Finalize Rules to Closely Match Bank Risk Profiles

    US Agencies (OCC, FED, and FDIC) finalized rules that tailor the regulations for domestic and foreign banks to more closely match their risk profiles.

    October 10, 2019 WebPage Regulatory News
    News

    CPMI-IOSCO and FSB on Governance Arrangements for OTC Derivatives

    CPMI and IOSCO published a report that identifies key criteria, functions, and bodies for the governance arrangements.

    October 09, 2019 WebPage Regulatory News
    News

    EIOPA Launches Field Test on Templates Under 2020 Solvency II Review

    EIOPA, as part of the 2020 Solvency II reporting and disclosure review, launched a field test on the revised and newly proposed reporting templates.

    October 09, 2019 WebPage Regulatory News
    News

    US Agencies Adopt Rule on Appraisals for Real Estate Transactions

    US Agencies (FDIC, FED, and OCC) adopted the final rule to amend regulations requiring appraisals of real estate for certain transactions

    October 08, 2019 WebPage Regulatory News
    News

    US Agencies Finalize Amendments to Simplify Volcker Rule

    US Agencies (CFTC, FDIC, FED, OCC, and SEC) finalized amendments to the regulations implementing section 13 of the Bank Holding Company Act, also known as the Volcker Rule.

    October 08, 2019 WebPage Regulatory News
    News

    EC Report Explores Application and Challenges of Blockchain Technology

    The Joint Research Center of EC published a report exploring the challenges and impact of distributed ledger technologies.

    October 08, 2019 WebPage Regulatory News
    News

    BIS and SNB Sign Agreement on Innovation Hub Center in Switzerland

    BIS and SNB signed an operational agreement on the BIS Innovation Hub Center in Switzerland.

    October 08, 2019 WebPage Regulatory News
    News

    ECB Issues Results of Sensitivity Analysis of Liquidity Risk for Banks

    ECB published results of 2019 stress test on sensitivity analysis of liquidity risk.

    October 07, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3958