Prudential standard CPS 230 now in force, APRA warns super funds

1 July 2025
| By miranda.brownl… |
image
image image
expand image

Banks, insurers and superannuation funds will be required to meet higher standards of operational risk management from today with prudential standard Prudential Standard CPS 230 now effective.

Cross-industry Prudential Standard (CPS) 230 Operational Risk Management aims to ensure that APRA-regulated entities are resilient to operational risks and disruptions.

It requires entities to effectively manage its operational risks, maintain its critical operations through disruptions, and manage the risks arising from service providers.

Under the key requirements of the standard, APRA-regulated entities must:

• Identify, assess and manage its operational risks, with effective internal controls, monitoring and remediation;

• Be able to continue to deliver its critical operations within tolerance levels through severe disruptions, with a credible business continuity plan (BCP); and

• Effectively manage the risks associated with service providers, with a comprehensive service provider management policy, formal agreements and robust monitoring.

APRA said the issue of operational resilience has taken on greater importance over recent years as the financial system has become more interconnected and more dependent on digital technologies and service providers.

Recent geopolitical turmoil also increases risks such as cyber attacks and personnel risks associated with bad actors.

APRA Member Therese McCarthy Hockey said CPS 230 will play an important role in financially protecting the community. 

“Australians depend on banking to pay for goods and services, insurance helps us rebuild after a flood or fire and pay for vital medical treatments, while superannuation supports us to maintain a dignified lifestyle in retirement," said Hockey.

"In an environment where one crashed server or ransomware attack could leave millions without access to these essential services, effective operational risk management is vital for financial stability and community wellbeing."

The new standard requires entities to identify their own operational vulnerabilities and have plans to mitigate them while also having a detailed level of understanding and mitigation planning in relation to their most critical third-party service providers. 

"This will require an entirely new mindset about where the boundaries of responsibility sit," said Hockey.

Under the requirements, APRA also requires each entity to provide a list of its most material service providers, which will help APRA identify concentration risks across the financial services sector.

Over the past two years, APRA said it has worked closely with industry to help regulated entities prepare for the new standard. APRA has granted smaller, less complex entities an extra 12 months to meet some requirements. 

 

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest developments in Super Review! Anytime, Anywhere!

Grant Banner

From my perspective, 40- 50% of people are likely going to be deeply unhappy about how long they actually live. ...

1 year 6 months ago
Kevin Gorman

Super director remuneration ...

1 year 6 months ago
Anthony Asher

No doubt true, but most of it is still because over 45’s have been upgrading their houses with 30 year mortgages. Money ...

1 year 6 months ago

Banks, insurers and superannuation funds will be required to meet higher standards of operational risk management from today with prudential standard Prudential Standard ...

9 hours 54 minutes hence

The Australian Retirement Trust is adopting a “healthy level of conservatism” towards the US as the end of the 90-day tariff pause approaches, with “anything possible”....

1 hour ago

Uncertainty around tariffs and subdued growth may lead to some short-term constraints in relation to the private credit market, the fund manager has said....

1 hour ago

TOP PERFORMING FUNDS

ACS FIXED INT - AUSTRALIA/GLOBAL BOND
Fund name
3y(%)pa
1
DomaCom DFS Mortgage
92.15 3 y p.a(%)
3