Finance & Banking , Geo Focus: Asia , Geo-Specific
Australian Banks, Insurers Must Perform Security Assessments
Aussie Financial Regulator's Plan Focuses on Operational and Cyber ResilienceAustralia's banking and insurance regulator for the first time included cyber risk management and operational resilience among its top priorities for the year to make banks, insurers and superannuation trustees resilient to current and emerging cyberthreats.
See Also: Software Supply Chain Platform for Financial Services
The Australian Prudential Regulation Authority listed seven priority areas in its new Corporate Plan for 2024-25 released Wednesday, including a plan to raise industry standards on cyber risk management and increase minimum standards for operational resilience for banks and insurers by ensuring the industry's compliance with CPS 230 Operational Risk Management guidelines released last year.
In its statement of expectations, the regulator said all banks, financial services, insurance providers and superannuation trustees must submit CPS 234 tripartite assessments for evaluation. "The purpose of the standard is to ensure that regulated entities have baseline prevention, detection and response capability to withstand cybersecurity threats," the authority said.
If companies are found to have significant vulnerabilities, APRA said it "will take a proportionate response and may intensify supervision, require root cause analysis, request remediation plans and consider enforcement action."
APRA Chair John Lonsdale said the agency is focusing on operational and cyber resilience to protect financial services "in a world that is becoming more interconnected and dependent on digital technologies."
The regulator also announced an internal reorganization, bringing together existing teams focused on financial and nonfinancial risk in a new cross-industry risk division.
APRA announced in January that operational and cyber resilience are top priorities for 2023-24.
The Treasury in May set APRA's annual budget at AU$270.2 million, up AU$31.1 million, or 13%, compared to the previous year. "The increase is largely due to the Cyber Security of Regulators and Improving Registers 2024-25 Budget Measure and the effects of wage cost index movements," Treasury said.