The Australian Prudential Regulation Authority has brought into force its cross-industry Prudential Standard CPS 230 Operational Risk Management, raising operational risk management expectations for APRA-regulated banks, insurers and superannuation funds to support continuity of critical services and effective response to severe business disruptions. CPS 230 requires entities to identify important business services and determine the extent to which those services can continue during severe disruptions, test business continuity planning to find and address vulnerabilities, and strengthen third-party risk management by identifying and appropriately managing risks from material service providers. Entities must also provide APRA with a list of their most material service providers to help the regulator identify concentration risks across the financial services sector, with smaller and less complex entities granted an additional 12 months to meet some requirements.
Australian Prudential Regulation Authority 2025-07-01
Australian Prudential Regulation Authority brings CPS 230 operational risk management standard into force across banks insurers and superannuation funds
The Australian Prudential Regulation Authority has implemented Prudential Standard CPS 230 Operational Risk Management, enhancing expectations for banks, insurers, and superannuation funds to ensure continuity of critical services and effective response to disruptions. The standard mandates identification of key business services, testing of business continuity plans, and improved third-party risk management, with smaller entities given an additional year to comply.