APRA Updates Guidance on Managing Information Security Risks
APRA released an updated Prudential Practice Guide CPG 234 on managing information security risks, including cyber-crime. APRA also published its response to submissions on the draft CPG 234 Information Security, the consultation for which was launched in March 2019. The updated CPG 234 will assist APRA-regulated entities to embed and comply with the requirements of the new cross-industry prudential standard CPS 234 Information Security, which was release in November 2018 and applies to all APRA-regulated entities from July 01, 2019.
APRA, in March 2019, had proposed to update the cross-industry Prudential Practice Guide CPG 234 Management of Security Risk in Information and Information Technology, which is being renamed as the Prudential Practice Guide CPG 234 Information Security. APRA made a number of minor changes to CPG 234 as part of the final review process. The guide is aimed at boards and senior management as well as risk and information technology experts in regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimize their resilience when aspects of their information security are managed by third parties. The guide also sets out key information a board could consider in relation to its responsibilities under CPS 234.
CPS 234 is expected to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. The APRA letter states that, with the July 01 start date for CPS 234 imminent, it is important that all APRA-regulated entities have assessed their level of compliance with the standard and taken appropriate steps to address any gaps. APRA recognizes that the new information security requirements materially raise the bar across the industry and will take time to be fully effective. If an entity assesses that it will not be able to fully comply with the new standard from July 01, it should immediately contact its APRA supervisor.
Related Links
Keywords: Asia Pacific, Australia, Banking, Insurance, CPG 234, CPS 234, Information Security, Prudential Practice Guide, Cyber Risk, Operational Risk, APRA
Related Articles
|
News
US Agencies Consult on Capital Treatment of Land Development LoansUS Agencies (FDIC, FED, and OCC) issued a proposed rule on the treatment of loans that finance the development of land for purposes of the one- to four-family residential properties exclusion in the definition of high volatility commercial real estate (HVCRE) exposure in the regulatory capital rule.
July 12, 2019
WebPage
Regulatory News
|
|
News
EBA Single Rulebook Q&A: Second Update for July 2019Under the Single Rulebook question and answer (Q&A) updates for this week, EBA published answers to five questions related to supervisory reporting.
July 12, 2019
WebPage
Regulatory News
|
|
News
ESMA Updates Manual for European Single Electronic Format in EUESMA updated the reporting manual for European Single Electronic Format (ESEF).
July 12, 2019
WebPage
Regulatory News
|
|
News
FED Updates Supplemental Instructions for Reporting Form FR Y-9CFED updated the supplemental instructions for FR Y-9C reporting.
July 12, 2019
WebPage
Regulatory News
|
|
News
EBA Publishes Report on Monitoring Implementation of LCR in EUEBA published its first report on the monitoring of the implementation of liquidity coverage ratio (LCR) in EU.
July 12, 2019
WebPage
Regulatory News
|
|
News
EIOPA Consults on Reporting and Disclosures Under Solvency II ReviewEIOPA launched a consultation package on supervisory reporting and public disclosure in the context of its work linked with the 2020 Solvency II review.
July 12, 2019
WebPage
Regulatory News
|
|
News
APRA Applies Additional Capital Requirements to Three Australian BanksAPRA is applying additional capital requirements to three major banks in Australia to reflect higher operational risk identified in their risk governance self-assessments.
July 11, 2019
WebPage
Regulatory News
|
|
News
IMF Report on 2019 Article IV Consultation on Euro Area PoliciesIMF published its staff report in context of the 2019 Article IV consultation on euro area policies with member countries.
July 11, 2019
WebPage
Regulatory News
|
|
News
FSB to Survey Practices on Cyber Incident Response and RecoveryFSB launched a survey on the industry practices on cyber incident response and recovery.
July 11, 2019
WebPage
Regulatory News
|
|
News
ECB Appoints New Members of Supervisory BoardThe Governing Council of ECB appointed Edouard Fernandez-Bollo, Kerstin af Jochnick, and Elizabeth McCaul as representatives to the Supervisory Board of ECB Banking Supervision, for a five-year non-renewable term.
July 11, 2019
WebPage
Regulatory News
|
