Operational Risk Management
Back to All Blogs

Key Highlights of APRA`s Discussion Paper on Strengthening Operational Risk Management

  • 2 min read
Vinod Menon
Vinod Menon
Chief Product Officer
Vinod Menon
Vinod Menon
Chief Product Officer

Events of recent years like COVID-19, cyber-attacks, flood and storms etc. has reinforced the importance of managing and responding to operational risks. To ensure that regulated entities are well placed to manage operational risk and respond to business disruptions when they inevitably occur, APRA (Australian Prudential Regulation Authority) is consulting on a new prudential standard for operational risk management.

The importance of operational risk management has been highlighted repeatedly in recent years, with regular examples of operational risk events and failures that have had both financial and non-financial implications. APRA has observed three key trends in recent years:

  1. Control Failures
  2. Low tolerance for disruptions
  3. Increasing reliance on service providers

 

APRA is proposing to introduce new and enhanced requirements to strengthen the management of operational risk and raise standards to align with the expectations and needs of the financial system and digital economy.

The main three objectives of the new proposed standard for operational risk management are:

  • Strengthen operational risk management
  • Improve business continuity planning
  • Enhance third party risk management

 

The proposed Prudential Standard CPS 230 Operational Risk Management (CPS 230) will replace five existing standards

Standards

Applicable

up to

Applicable

from

proposed Prudential Standard CPS 230 Operational Risk Management (CPS 230)

 

1st January 2024

Prudential Standard CPS 231 Outsourcing (CPS 231)

31st December 2023

 

Prudential Standard CPS 232 Business Continuity Management (CPS 232)

31st December 2023

 

Prudential Standard SPS 231 Outsourcing (SPS 231)

31st December 2023

 

Prudential Standard SPS 232 Business Continuity Management (SPS 232)

31st December 2023

 

Prudential Standard HPS 231 Outsourcing (HPS 231).

31st December 2023

 

 

Key Features of the new Proposed Standard includes

Prudential Standard CPS 230 Operational Risk Management

–        Entities must manage operational risks with effective internal controls, monitoring and remediation

–        Entities must be able to respond to disruptions and maintain continuity of critical operations

–        Entities must understand and manage the risks from the use of service providers

In developing CPS 230, APRA has adopted a principles-based approach with a focus on outcomes rather than process. In designing the new standard, APRA has had regard to:

  • existing APRA standards for business continuity and outsourcing, which have been streamlined and updated
  • international standards, such as the Basel Committee on Banking Supervision’s Core Principles, and the recently released Principles for Operational Resilience and Principles for the Sound Management of Operational Risk
  • international peer’s approaches and guidance, including the Prudential Regulation Authority (PRA) in the UK and the Office of the Superintendent of Financial Institutions (OSFI) in Canada.

 

Overview of draft CPS 230 requirements

Draft CPS 230

Key Requirements

Operational risk management

–        Operational risk assessment to ensure that APRA-regulated entities understand and monitor their risk profile

–        Operational risk controls which must be designed, implemented and embedded and regularly tested for effectiveness

–        Operational risk incidents which must be identified, escalated, recorded and addressed in a timely manner

Business continuity

–        Critical operations which are processes that, if disrupted, would have a material adverse impact on depositors, policyholders, beneficiaries or other customers or financial system stability

–        Tolerance levels for the maximum disruption to critical operations that an entity would accept in a disruption, including the maximum time and extent of data loss

–        Business continuity plan (BCP) that sets out how the entity would manage and respond to a disruption to critical operations and must be subject to testing and review

Service provider management

–        Identification of material service providers on which the entity relies for its critical operations or that expose it to material operational risk

–        Service provider agreements to ensure entities monitor and manage the risks associated with third parties and intra-group entities

The expected outcome from the standard is to integrate Operational risk management into an entity’s overall risk management framework and processes. This will strengthen the resilience of the Australian financial system, improve financial safety and promote sound operations.

The full extract of the discussion paper is available here:

https://www.apra.gov.au/discussion-paper-strengthening-operational-risk-management

Recent Blog’s

Operational Resilience Program – Steps to Conduct a Failure Modes and Effect Analysis (FMEA)

Impact Tolerance – Setting Impact Tolerance is a Vital Step to Build and Enhance Operational Resilience of an Organisation.

Improve your Organisation’s Decision Making and Response Mechanism through an Integrated Risk & Resilience Approach

Operational Resilience Programme – Digitize your BIA (Business Impact Analysis) – An Important Step

Synopsis of the Operational Resilience guideline of MAS- Monetary Authority of Singapore

Share

Explore more

Operational Resilience

Operational Resilience Program – Steps to Conduct a Failure Modes and Effect Analysis (FMEA)

Basel defines Operational Resilience as a bank`s ability to deliver critical operations even at times of disruption. This would mean that the bank should have …

Impact Tolerance
Operational Resilience

Impact Tolerance – Setting Impact Tolerance is a Vital Step to Build and Enhance Operational Resilience of an Organisation.

Impact Tolerance is quantifying the level of disruption, a critical business service can accommodate or absorb, before such disruption creates a significant impact or harm …

Risk & Resilience Approach
Risk Management

Improve your Organisation’s Decision Making and Response Mechanism through an Integrated Risk & Resilience Approach

During last twelve to twenty four months we have all experienced extraordinary uncertainty primarily due to natural calamity, COVID-19 pandemic, unstable global economy,  political differences …

Operational Resilience Programme
Operational Resilience

Operational Resilience Programme – Digitize your BIA (Business Impact Analysis) – An Important Step

Let’s first try and understand what is a BIA? Business Impact Analysis is a methodology which allows to predict the impact of disruption on your …

Operational Resilience Guideline
Operational Resilience

Synopsis of the Operational Resilience guideline of MAS- Monetary Authority of Singapore

Operational disruptions, if not recovered speedily, may compromise the ability of financial institutions (“FIs”) to meet their business obligations, resulting in financial and reputational damage, …

Business Process Model and Notation
BPMN

The What and Why of BPMN – Business Process Model and Notation

The Business Process Model Notation (BPMN) is a graphical representation for specifying business processes in a business process model. The objective of BPMN is to …

Risk and Resilience Framework
Risk Management

An Integrated Risk and Resilience Framework – A Better Approach to Manage Uncertainty

Businesses across the globe have, in the last couple of years, seen exceptional uncertainty due to political tensions, economic turmoil, COVID-19 pandemic and others.   Markets …

Risk Management Process
Risk Management

The Seven Steps to Implementing an Effective Risk Management Process

Risk Management Process is a methodology by which risks are formally identified, measured and treated to ensure that risk is avoided, transferred or mitigated. As …

Simple steps to Automate and Standardise your Risk & Control Self Assessment (RCSA)
Risk Management

Simple steps to Automate and Standardise your Risk & Control Self Assessment (RCSA)

Risk and Control Self Assessment process is a widely accepted methodology used by banks, financial companies, insurance companies and others to identify and assess the …

Key Risk Indicators -A Powerful Tool to Anticipate Your Risk Within the Enterprise
Risk Management

Key Risk Indicators -A Powerful Tool to Anticipate Your Risk Within the Enterprise

In simple terms, Key Risk Indicator (KRI) is a metric used to measure the level of exposure to risk. These are indicators that denote the …

Hongkong’s Regulations for Operational Resilience
Operational Resilience

Hongkong’s Regulations for Operational Resilience

On 22nd December, 2021 HKMA (Hong Kong Monetary Authority) came up with a Supervisory Policy Manual for Operational Resilience to provide Authorized Institutions (AI) with …

Irelands’ Financial Service Sector Guidance on Operational Resilience
Operational Resilience

Irelands’ Financial Service Sector Guidance on Operational Resilience

The Central Bank of Ireland`s objective of this guidance is to communicate to industry how to prepare for, respond to and recover and learn from …

New Operational Resilience Regulation
Operational Resilience

New Operational Resilience Regulation for Financial Institutions in United States (USA)

The Federal Reserve, the Central Bank of the United States in August 2021 has released a paper intended to help community banks assess threats when …

Process Mapping is an important step in building an Operational Resilience Framework
Operational Resilience

Process Mapping is an important step in building an Operational Resilience Framework

The Covid -19 pandemic has clearly shown two trends within firms: The intensified use of technology and Operations can be managed through digital work force …

What is Game-Based Employee Onboarding? Tips and tricks to implement the right gamification strategy
Game-based Learning

What is Game-Based Employee Onboarding? Tips and tricks to implement the right gamification strategy

Learning begins with joining. Effective Onboarding contributes to a newbie commencing with confidence, feeling supported, and acclimatizing much sooner. Conversely, employees who spend weeks and …

Strategies for Improving Banks’ Operating Efficiency
Digital Transformation

Strategies for Improving Banks’ Operating Efficiency

Banks occupy a place of pride because of its structure of undivided attention and contemporary functions. They have come an extended way from merely performing …

Get started with Digital Identity Verification
Digital Identity

Get started with Digital Identity Verification

In a growing interconnected digital economy, identity verification of an individual’s real-world identity against their digital one has become ever critical in fraud detection. The …

Growing Importance of Operational Resilience in the Digital Era
Operational Resilience

Growing Importance of Operational Resilience in the Digital Era

Operational Resilience assumes that things will go wrong, and it will force organizations to plan on how to recover from the disruption. It is a …

Why are organizations jumping onto the AI-enabled Identity verification bandwagon?
Digital Identity

Why are organizations jumping onto the AI-enabled Identity verification bandwagon?

Who has not experienced being asked to show some kind of government ID, be it to receive your courier, or check into a hotel, or …

What is Identity Proofing?
Digital Identity

What is Identity Proofing?

As per the Digital Identity Guidelines published by NIST, a US agency, Identity Proofing is verifying the claimed identity of an applicant by authenticating the …

New Amendment to KYC Regulation by RBI
Digital Identity

New Amendment to KYC Regulation by RBI – 10th May, 2021

In Jan 2020, Reserve Bank of India amended the KYC norms allowing banks and other lending institutions to use Video based Customer Identification Process (VCIP) …

5 Steps to a Successful Execution of a Digital Transformation Project
Digital Transformation

5 Steps to a Successful Execution of a Digital Transformation Project

Digital Transformation is bringing about a radical shift in the way you run your business, deliver services or manage your customers. The objective of digital …

Privacy Policy: By using this Site, you agree to our terms of use. If you do not agree to these terms of use, you must not use the Site.

Intellectual Property: The content of this Site is protected by copyright and trademark law. Apart from fair dealing for the purposes of private study, research, criticism or review, as permitted under copyright law, no part may be reproduced or reused for any commercial purposes whatsoever without the prior written permission of the copyright owner. All trademarks, logos and other marks shown at GIEOM Sites are the property of their respective owners.

            

customers

Solutions

Digital Validator

Digital Blueprint

Risk Central

Partners

COMPANY

NEWS

Case Studies

Testimonials

Whitepapers

Brochures

Webinar

Blog

Contact Us