The Australian Prudential Regulation Authority (APRA) has issued prudential standards on business continuity management (BCM) for authorised deposit-taking institutions (ADIs) and general insurers.
The new prudential standards aim to ensure that ADIs and general insurers implement a “whole of business” approach to BCM appropriate to the nature and scale of their individual operations.
Key requirements of the prudential standards include:
- the
Board of Directors and senior management of an ADI or general insurer must consider business continuity risks and controls as part of the company’s overall risk management framework provided to APRA on an annual basis; - an ADI or general insurer must identify critical business functions, resources and infrastructure which, if disrupted, would have a material impact on the company’s business operations, reputation or profitability;
- an ADI or general insurer must assess the impact of plausible disruption scenarios on critical business functions, resources and infrastructure and have in place appropriate recovery strategies to ensure all necessary resources are readily available to withstand the impact of the disruption; and
- an ADI or general insurer must develop, implement and maintain through review and testing procedures, a Business Continuity Plan that documents procedures and information which enable the company to respond to disruptions and recover critical business functions.
The two new standards come into effect immediately, but ADIs and general insurers have a 12-month transitional period in which to identify areas of non-compliance with the new standards and provide to APRA a rectification plan and timetable.