Australia: Adopted APRA Prudential Standard on Operational Risk Management

On 17 July 2023, the Australian Prudential Regulation Authority (APRA) adopted the Prudential Standard Operational Risk Management (CPS 230) with the purpose of enhancing operational risk management for banks, insurers, and superannuation trustees. The standard aims to equip the entities to better mitigate operational risks and effectively respond to business disruptions, including cyberattacks. It introduces new requirements to address identified vulnerabilities in existing controls, improve business continuity planning to ensure readiness for severe disruptions, and enhance third-party risk management by ensuring appropriate management of risks from significant service providers. The new standard will come into effect on 1 July 2025.