Strengthening your operational risk and resilience practices

KPMG is pleased to share information on The Australian Prudential Regulation Authority (APRA) release of draft cross-industry Prudential Standard CPS 230 Operational Risk Management which has been designed to strengthen the management of operational risk by all APRA-regulated entities.

The proposed standard underpins CPS 220 Risk Management and replaces several existing standards including CPS/SPS 232 Business Continuity management and CPS/SPS 231 Outsourcing.

CPS 230 timeline

July 2022 
Consultation open

21 October 2022
Consultation closes

Early 2023
CPS 230 finalised

1 January 2024
Effective date

Key considerations for CPS 230

In consideration of the proposed timeframe for implementation, APRA regulated entities should start considering the key components of the proposed standard now to ensure they are appropriately prepared. Whilst the construct of the draft prudential standard may change, the key themes are still features of APRA’s updated Corporate Plan, which indicates they are will remain as areas of regulatory focus regardless of the outcome of the consultation.

Key themes of CPS 230

  • Be prepared for risk events – Entities must ensure effective process to support the management and response to risk events, effectively reducing their impact
  • Be resilient – Entities must be able to continue to operate through the ever-increasing breadth of disruption, providing critical services to their customers.
  • Protect the entity and the community – Business Continuity Planning and exercising will be critical to ensure that the impact of disruptions is minimised to an acceptable/ tolerable level

CPS 230 areas of focus

  • Operating model
  • Critical operations
  • Material service providers
  • Business continuity
  • Incident management
  • Controls management

Download further guidance

Strengthening your operational risk practices

The KPMG team has deep experience in supporting our Global Financial Services clients across Europe, the UK and ASPAC to respond to evolving regulation and framework changes and implement Operational Risk and Resilience practices.

Regular updates comprised of thoughts, insights and learnings about this important regulatory change will be rolled out. Please contact us for an individual briefing on what the changes will mean for you.

Contact our team