CPS 230 Operational Risk Management

Consistent with global regulatory trends, the Australian Prudential Regulatory Authority (APRA) has sharpened its focus on the operational and financial resilience of the financial services industry.

APRA’s Operational Risk Management standard (CPS 230) brings into scope new and enhanced requirements with respect to operational risk management, business continuity planning and service provider management. At its core, CPS 230 firmly places accountability for operational risk management on the Board and seeks to  reduce the impact of disruptions on customers, market participants and the financial system. The standard aims to ensure critical operations are maintained through severe but plausible business disruptions, and risks associated third and fourth-party service providers are managed more effectively.

Here we share our perspectives on the key changes and implications of the draft CPS 230, the benefits of operational resilience, and the practical steps regulated entities can take while awaiting the finalised standard.