APRA issues final guidance to strengthen operational resilience across the financial sector | National Insurance Brokers Association of Australia

June 18, 2024

The Australian Prudential Regulation Authority (APRA) has unveiled its final version of the prudential practice guide.

APRA final guidance

The Australian Prudential Regulation Authority (APRA) has unveiled its final version of the prudential practice guide, which aims to bolster operational risk management and enhance business continuity planning for banks, insurers, and superannuation trustees.

The Prudential Practice Guide CPG 230 Operational Risk Management (CPG 230) is intended to assist in the implementation of the Prudential Standard CPS 230 Operational Risk Management (CPS 230), which will set to take effect on July 1, 2025.

APRA's latest guidance underscores its ongoing commitment to fortifying the resilience of critical operations and enhancing third-party risk management. The guidance has been streamlined and sharpened, focusing more tightly on meeting the expectations outlined in CPS 230. Among the key updates are provisions granting non-significant Financial Institutions an additional 12 months to comply with specific business continuity and scenario analysis requirements.

In addition, APRA has introduced a "day one" checklist designed to facilitate the seamless implementation of CPS 230 for entities. This practical tool is part of a broader effort to ensure that financial institutions are adequately prepared to meet the new standards from the outset. Furthermore, APRA has outlined a three-year forward plan detailing its supervisory approach to CPS 230, providing the industry with a clear roadmap for implementation and ongoing compliance.

APRA Chair John Lonsdale emphasised the growing importance of operational resilience in the digital age, noting the significant impact disruptions to financial services can have on consumers.

"Disruptions to financial services can have a major impact on people who rely on them to save, spend, recover from financial loss, or support themselves in retirement," Lonsdale stated. "CPS 230 is designed to ensure entities safeguard the resilience of their operations and are well prepared to respond to disruptions."

The refined guidance reflects APRA's dual objectives of maintaining high industry standards while mitigating the compliance burden on smaller entities, ensuring continued competitiveness. By providing clear and concise directives, APRA aims to support the financial sector in enhancing its operational risk management capabilities and ensuring robust business continuity plans are in place.