APRA finalises cross-industry guidance on operational resilience
The Australian Prudential Regulation Authority (APRA) has released its finalised prudential practice guide to help banks, insurers and superannuation trustees strengthen their management of operational risk and improve business continuity planning.
The new Prudential Practice Guide CPG 230 Operational Risk Management (CPG 230) is designed to assist in the implementation of Prudential Standard CPS 230 Operational Risk Management (CPS 230), which was finalised in July last year and takes effect from 1 July 2025.
In a response to submissions paper released today, APRA has reconfirmed its focus on the resilience of critical operations and uplift in third-party risk management, while also announcing a range of changes to the new guidance.
Key changes include:
- the guidance has been shortened and is more tightly focused on how to meet expectations set by the standard;
- entities that are classified as non-Significant Financial Institutions have an additional 12 months to comply with certain requirements in CPS 230 relating to business continuity and scenario analysis;
- APRA has included a “day one” checklist for entities to assist in their implementation of CPS 230; and
- APRA has provided a three-year forward plan of its intended approach to supervising CPS 230 to assist industry with implementation and planning.
APRA Chair John Lonsdale said operational resilience was becoming increasingly important in the digital financial age.
“Disruptions to financial services can have a major impact on people who rely on them to save, spend, recover from financial loss or support themselves in retirement.
“CPS 230 is designed to ensure entities safeguard the resilience of their operations and are well prepared to respond to disruptions. By amending the accompanying guidance, we aim to keep industry standards high while also being mindful of the compliance burden on smaller entities so they can remain competitive.”
The response paper is available on the APRA website at: Response to submissions - CPG 230 Operational Risk Management.
Media enquiries
Contact APRA Media Unit, on +61 2 9210 3636
All other enquiries
For more information contact APRA on 1300 558 849.
The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, mutuals, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding around $9 trillion in assets for Australian depositors, policyholders and superannuation fund members.