Commonwealth Coat of Arms

Banking, Insurance, Life Insurance, Health Insurance and Superannuation (prudential standard) variation No. 1 of 2024

Prudential Standard CPS 230 Operational Risk Management

Banking Act 1959

Insurance Act 1973

Life Insurance Act 1995

Private Health Insurance (Prudential Supervision) Act 2015

Superannuation Industry (Supervision) Act 1993

 

I, John Lonsdale, a delegate of APRA, under subsections 11AF(3) of the Banking Act 1959, 32(4) of the Insurance Act 1973, 230A(5) of the Life Insurance Act 1995, 92(5) of the Private Health Insurance (Prudential Supervision) Act 2015 and 34C(6) of the Superannuation Industry (Supervision) Act 1993, VARY Banking, Insurance, Life Insurance, Health Insurance and Superannuation (prudential standard) determination No. 2 of 2023, including Prudential Standard CPS 230 Operational Risk Management, in the manner set out in the schedule.

 

This instrument commences on 1 July 2025.

 

Dated: 30 August 2024

 

John Lonsdale

Chair

APRA

Interpretation

In this instrument:

APRA means the Australian Prudential Regulation Authority.


Schedule – variations

  1.         Application and commencement (heading)

Omit the heading, substitute:

Application

  1.         Paragraphs 6 to 7

Omit the paragraphs, substitute:

Transitional Arrangements

  1.         Where an APRA-regulated entity has pre-existing contractual arrangements in place with a service provider, the requirements in this Prudential Standard will apply in relation to those arrangements from the earlier of the next renewal date of the contract with the service provider or 1 July 2026.
  2.         Deferred requirements apply to an APRA-regulated entity that is a non-significant financial institution (non-SFI) from 1 July 2026. Despite the revocation of Prudential Standard CPS 232 Business Continuity Management (CPS 232) and Prudential Standard SPS 232 Business Continuity Management (SPS 232), existing requirements continue to apply to the relevant non-SFIs until 30 June 2026, as if that revocation had not happened.

For the purposes of this paragraph:

  1.           deferred requirements means the requirements in paragraphs 40, 41 and 43 to 46 of this Prudential Standard;
  2.           existing requirements means the following requirements:
    1.         paragraphs 30 to 35 of CPS 232;
    2.       paragraphs 21 to 26 of SPS 232; and
  1.            in relation to RSE licensees[4]:
    1.         non-significant financial institution (non-SFI) means an RSE licensee that is not an SFI; and
    2.       significant financial institution (SFI) means an RSE licensee that either:
  1.      has total assets in excess of AUD $30 billion in the case of a single RSE operated by an RSE licensee, or if the RSE licensee operates more than one RSE where the combined total assets of all RSEs exceed this amount; or
  1.      is determined as such by APRA, having regard to matters such as complexity in its operations or its membership of a group.

 

[4] Prudential Standard APS 001 Definitions, Prudential Standard GPS 001 Definitions, Prudential Standard LPS 001 Definitions and Prudential Standard HPS 001 Definitions define these terms in relation to other APRA-regulated entities.