APRA has responded to the growing threat of cyber attacks by proposing its first prudential standard on information security, known as CPS 234. APRA released a package of measures, titled “Information Security Management: A new cross-industry prudential standard,” for industry consultation. The package is aimed at shoring up the ability of APRA-regulated entities to repel cyber adversaries, or respond swiftly and effectively in the event of a breach. Comment period is open until June 07, 2018.
Key areas where APRA is hoping to lift standards include assurance over the cyber capabilities of third parties such as service providers and enhancing entities’ ability to respond to, and recover from, cyber incidents. APRA proposes to apply this standard authorized deposit-taking institutions, general insurers, life insurers, private health insurers, licensees of registrable superannuation entities (RSE licensees), and authorized or registered non-operating holding companies. APRA intends to finalize the proposed standard toward the end of the year, with a view to implementing CPS 234 from July 01 next year. The proposed new standard, CPS 234, would require regulated entities to:
- Clearly define the information security-related roles and responsibilities of the board, senior management, governing bodies, and individuals
- Maintain information security capability commensurate with the size and extent of threats to information assets and which enables the continued sound operation of the entity
- Implement information security controls to protect its information assets and undertake systematic testing and assurance regarding the effectiveness of those controls
- Have robust mechanisms in place to detect and respond to information security incidents in a timely manner
- Notify APRA of material information security incidents
Comment Due Date: June 07, 2018
Keywords: Asia Pacific, Australia, Banking, Insurance, CPS 234, Cyber Risk, Prudential Standard, APRA
ECB finalized the guide on assessment methodology for the internal model method for calculating exposure to counterparty credit risk (CCR) and the advanced method for own funds requirements for credit valuation adjustment (A-CVA) risk.
EBA published an Opinion addressed to EC to raise awareness about the opportunity to clarify certain issues related to the definition of credit institution in the upcoming review of the Capital Requirements Directive and Regulation (CRD and CRR).
APRA is consulting on updates to ARS 210.0, the reporting standard that sets out requirements for provision of information on liquidity and funding of an authorized deposit-taking institution.
FED released hypothetical scenarios for a second round of stress tests for banks.
PRA published updates in relation to the 2021 Supervisory Benchmarking Portfolio exercise.
FED adopted a proposal to extend for three years, with revision, the capital assessments and stress testing reports (FR Y-14A/Q/M; OMB No. 7100-0341).
HKMA revised the Supervisory Policy Manual module CR-G-14 on margin and other risk mitigation standards for non-centrally cleared over-the-counter (OTC) derivatives transactions.
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.