APRA CPS 230 is coming. Here is one thing you can do to get ready
You might’ve heard that a new cross-industry operational risk standard will be released in its final version very soon (mid-2023).
APRA’s Prudential Standard CPS 230 Operational Risk, or simply “CSP 230”, aims to strengthen operational risk management in the insurance, banking, and superannuation industries.
Even if the new standard’s effective date is now July 1, 2025, many companies are already making a move, based on the consultation paper released by APRA in July 2022.
What is CPS 230 about?
“Disruptions to financial services – even temporarily – can have a major detrimental impact on the community. In strengthening the ability of APRA-regulated entities to identify, manage, and respond to operational risk events, APRA is seeking to enhance operational and financial resilience, as well as financial stability,” the former APRA Chair Wayne Byres said.
CPS 230 wants to better align requirements with global standards and industry-leading practices, and strengthen the resiliency of the FSI sector.
Why?
Well, for 3 main reasons: there is always less tolerance for disruptions (as we’re talking about important financial services, you are expected to be “always on”), more reliance on service providers (and this creates a more complex financial ecosystem), and ultimately, it’s pretty clear that there are control failures, as more and more issues are caused by inefficient controls.
The objectives are then quite clear. To reduce the impact of disruptions on customers and the market itself, APRA asks the FSI sector to strengthen operational resilience. Service providers and fourth parties should be managed with the goal of ensuring that critical operations are maintained even through important business disruptions. The final objective is to add some clarity to the standards ecosystem, consolidating and streamlining existing regulations.
If you want to know more about CSP 230, here is the link to the discussion paper from APRA.
How can you plan to adapt and be compliant with CPS 230?
Like with every standard, managing CPS 230 compliance with advanced GRC solutions can be very expensive. We know for a fact that many SMBs will just download another Excel checklist and start using it to manage their CPS 230 compliance.
The question is: apart from achieving compliance, what does your company want the most out of this regulation?
Since the effective date has been recently moved from Jan 01, 2024 to 18 months later, this is the perfect time for boards and executive teams to re-evaluate priorities and plans. The extended deadline enables organisations to focus on sustainable longer-term solutions that not only meet compliance requirements but go further to constantly improve your operational resilience and operational risk in a comprehensive way.
An Excel spreadsheet can barely help you keep track of the compliance aspect (still with many limitations), but let’s be honest, it won’t help you mature your security and resiliency.
How Cybereen can help
To facilitate your organisation’s structured preparation for CPS 230, Cybereen has incorporated the draft into its platform. As the standard evolves, we will continually update it, allowing you to begin assigning accountabilities and responsibilities. You’ll also be able to connect pertinent evidence materials, and commence understanding how your compliance teams must operate to achieve CPS 230 compliance.
Cybereen goes beyond assisting you in achieving compliance; it enables security, risk, and compliance teams to enhance the cybersecurity maturity of your company and identify significant security vulnerabilities.
About Cybereen
Even individuals without technical expertise or extensive cyber and compliance knowledge can benefit from it. It offers guidance on the expected requirements for each maturity level, allowing you to accurately assess your current status and determine the necessary steps to advance your maturity level.
By reducing time spent on audits, reporting, and cybersecurity management, your people can finally focus on creating a more resilient organisation, which is really what CPS 230 is about.
All of this, is for a fraction of the cost of every other solution in the market. Keen to know more? We’d love to show you how it does it.