How Boards Are Preparing for CPS 230
According to an industry expert, resilience has become a board-level concern for Australia’s financial services industry ahead of new CPS 230 Operational Risk Management regulations from the Australian Prudential Regulatory Authority, the industry’s regulatory body. Australian banks, insurers, and superannuation funds will be required to meet the APRA’s new consolidated CPS 230 standard for operational risk management. Those classified as “significant” financial institutions have until July 2025 to comply, while non-significant financial institutions have been given until July 2026 to comply with specific business continuity requirements and scenario analysis requirements. The obligations focus on businesses’ resilience. Institutions subject to CPS 230 must ensure the continuity of critical operations during business disruptions. Compliance with these regulations is closely tied to technology, as organisations must maintain operational technology to deliver critical services during events such as cybersecurity incidents and other disruptions. Jamie Simon, director of banking and financial services at Amazon Web Services, told TechRepublic that the APRA-regulated industry was well prepared for the introduction of next year’s new requirements. “We’ve had quite a bit of time …

