Featured Product

    APRA Updates Guidance on Managing Information Security Risks

    June 25, 2019

    APRA released an updated Prudential Practice Guide CPG 234 on managing information security risks, including cyber-crime. APRA also published its response to submissions on the draft CPG 234 Information Security, the consultation for which was launched in March 2019. The updated CPG 234 will assist APRA-regulated entities to embed and comply with the requirements of the new cross-industry prudential standard CPS 234 Information Security, which was release in November 2018 and applies to all APRA-regulated entities from July 01, 2019.

    APRA, in March 2019, had proposed to update the cross-industry Prudential Practice Guide CPG 234 Management of Security Risk in Information and Information Technology, which is being renamed as the Prudential Practice Guide CPG 234 Information Security. APRA made a number of minor changes to CPG 234 as part of the final review process. The guide is aimed at boards and senior management as well as risk and information technology experts in regulated entities. It outlines how entities can maintain information security capabilities commensurate with the size and complexity of their business and the sensitivity of the data they possess. It also explains how entities can optimize their resilience when aspects of their information security are managed by third parties. The guide also sets out key information a board could consider in relation to its responsibilities under CPS 234. 

    CPS 234 is expected to shore up APRA-regulated entities’ resilience against information security incidents (including cyber-attacks) and their ability to respond swiftly and effectively in the event of a breach. The APRA letter states that, with the July 01 start date for CPS 234 imminent, it is important that all APRA-regulated entities have assessed their level of compliance with the standard and taken appropriate steps to address any gaps. APRA recognizes that the new information security requirements materially raise the bar across the industry and will take time to be fully effective. If an entity assesses that it will not be able to fully comply with the new standard from July 01, it should immediately contact its APRA supervisor.

     

    Related Links

    Keywords: Asia Pacific, Australia, Banking, Insurance, CPG 234, CPS 234, Information Security, Prudential Practice Guide, Cyber Risk, Operational Risk, APRA

    Related Articles
    News

    EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS

    The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.

    February 23, 2024 WebPage Regulatory News
    News

    ECB to Expand Climate Change Work in 2024-2025

    Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.

    February 23, 2024 WebPage Regulatory News
    News

    BIS Bulletin Examines Cognitive Limits of Large Language Models

    The use cases of generative AI in the banking sector are evolving fast, with many institutions adopting the technology to enhance customer service and operational efficiency.

    January 25, 2024 WebPage Regulatory News
    News

    ECB is Conducting First Cyber Risk Stress Test for Banks

    As part of the increasing regulatory focus on operational resilience, cyber risk stress testing is also becoming a crucial aspect of ensuring bank resilience in the face of cyber threats.

    January 24, 2024 WebPage Regulatory News
    News

    EBA Continues Momentum Toward Strengthening Prudential Rules for Banks

    A few years down the road from the last global financial crisis, regulators are still issuing rules and monitoring banks to ensure that they comply with the regulations.

    January 24, 2024 WebPage Regulatory News
    News

    EU and UK Agencies Issue Updates on Final Basel III Rules

    The European Commission (EC) recently issued an update informing that the European Council and the Parliament have endorsed the Banking Package implementing the final elements of Basel III standards

    December 19, 2023 WebPage Regulatory News
    News

    Industry Agency Expects Considerable Uptake for Swiss Climate Scores

    The Swiss Federal Council recently decided to further develop the Swiss Climate Scores, which it had first launched in June 2022.

    December 18, 2023 WebPage Regulatory News
    News

    BCBS Consults on Disclosure of Climate Risks, Issues Other Updates

    The Basel Committee on Banking Supervision (BCBS) launched consultation on a Pillar 3 disclosure framework for climate-related financial risks, with the comment period ending on February 29, 2024.

    December 18, 2023 WebPage Regulatory News
    News

    US Government Moves to Regulate Development and Use of AI Models

    The U.S. President Joe Biden signed an Executive Order, dated October 30, 2023, to ensure safe, secure, and trustworthy development and use of artificial intelligence (AI).

    December 18, 2023 WebPage Regulatory News
    News

    MAS Launches Gprnt Digital Platform for ESG Reporting for SMEs

    The Monetary Authority of Singapore (MAS) launched an integrated digital platform, Gprnt, also known as “Greenprint.”

    November 29, 2023 WebPage Regulatory News
    RESULTS 1 - 10 OF 8949