The Australian Prudential Regulation Authority (APRA) is set to introduce Prudential Standard CPS 230 Operational Risk Management (CPS 230), a comprehensive cross-industry standard aimed at enhancing operational risk management across APRA-regulated entities. This includes banks, insurance companies and superannuation funds.
Effective from July 1, 2025, CPS 230 will replace existing standards such as CPS/SPS 231 Outsourcing and CPS/SPS 232 Business Continuity Management. This change is designed to streamline compliance requirements, making it easier for organizations to implement and manage their operational risk. This standard also brings into focus material service providers of the APRA-regulated entity; potentially Computershare could be one.
The key objectives and purpose of CPS 230 are to:
- strengthen operational risk management by addressing weaknesses in existing operational risk controls and enhance the overall resilience of APRA-regulated entities
- improve business continuity planning by emphasizing the importance of having robust business continuity plans to ensure critical operations can be maintained during disruptions
- enhance third-party risk management by focusing on managing risks associated with material service providers, including outsourcing and offshoring arrangements
While Computershare isn’t an APRA-regulated entity or required to implement or abide by the CPS 230 standards, we serve clients that do have a requirement to abide by them.
If these new standards apply to your organisation, please reach out to your relationship manager and let us know how we can help. We will work with you to support and enable your organisation to be compliant by the effective date. You can learn more about the Prudential Practice Guide here.