CPS 230 Operational Risk Management transitional provisions

APRA has registered a variation of Prudential Standard CPS 230 Operational Risk Management to insert a new transition provision in CPS 230 and also to incorporate a new definition of “significant financial institution” for registrable superannuation entity licensees .

The additional transition provision allows APRA-regulated entities that are non-significant financial institutions (non-SFIs) an additional period of 12 months to 1 July 2026 on requirements relating to business continuity and scenario analysis.

CPS 230 is due to commence on 1 July 2025 for all APRA-regulated entities.

When an APRA-regulated entity has pre-existing contractual arrangements in place with a service provider, the requirements in Prudential Standard CPS 230 will apply in relation to those arrangements from the earlier of the next renewal date of the contract with the service provider or 1 July 2026.

An APRA-regulated entity that is a non-SFI will automatically receive the benefit of the additional transition and will continue to be subject to existing requirements in existing Prudential Standard CPS 232 Business Continuity Management and Prudential Standard SPS 232 Business Continuity Management.

In relation to RSE licensees:
(i) non-significant financial institution (non-SFI) means an RSE licensee that is not an SFI; and
(ii) significant financial institution (SFI) means an RSE licensee that either:
(A) has total assets in excess of AUD $30 billion in the case of a single RSE operated by an RSE licensee, or if the RSE licensee operates more than one RSE where the combined total assets of all RSEs exceed this amount; or
(B) is determined as such by APRA, having regard to matters such as complexity in its operations or its membership of a group.

In relation to ADI’s significant financial institution (SFI) means an ADI or authorised NOHC that is either:
(a) not a foreign ADI and has total assets in excess of AUD $20 billion; or
(b) determined as such by APRA, having regard to matters such as complexity in its operations or its membership of a group.

In relation to General Insurers significant financial institution (SFI) means an insurer, authorised NOHC or parent entity of a Level 2 insurance group that is either:
(a) not a Category C insurer and has total assets in excess of AUD $10 billion;
or
(b) determined as such by APRA, having regard to matters such as complexity in its operations or its membership of a group.

In relation to Life Insurers significant financial institution (SFI) means a life company or registered NOHC that is either:
(a) not an EFLIC and has total assets in excess of AUD $10 billion; or
(b) determined as such by APRA, having regard to matters such as complexity in its operations or its membership of a group.

In relation to Private Health Insurers significant financial institution (SFI) means a private health insurer that either:
(a) has total assets in excess of AUD$3 billion; or
(b) is determined as such by APRA, having regard to matters such as complexity in its operations or its membership of a group.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.