APRA releases final guidance on managing data risk

13.31

The Australian Prudential Regulation Authority (APRA) today released in final form its prudential practice guide on the management of data risk for all APRA-regulated institutions.



Prudential Practice Guide CPG 235 Managing Data Risk (CPG 235) is a cross-industry guide applicable to all authorised deposit-taking institutions (ADIs), general and life insurance companies and superannuation funds regulated by APRA. The guide is designed to assist these institutions in appropriately managing their data risk and is targeted at those areas where APRA has identified weaknesses through its supervisory activities.



The management of data risk is crucial for APRA-regulated institutions because it can affect their ability to meet financial and other obligations to beneficiaries. The risks associated with the use of data, including data application, retention, storage and security, have become more significant with increasing automation and the criticality of data to decision-making.



CPG 235 provides guidance on each of these areas as part of an overall framework for managing data risk. The guidance is intended to be used by Boards and senior management of APRA-regulated institutions, as well as risk and technical specialists and others with an interest in this topic.

CPG 235 and other guidance material can be found on APRA’s website on the following pages:

• for the ADI industry - ADI prudential and reporting standards and guidance
• for the general insurance industry - General insurance prudential and reporting standards and guidance
• for the life insurance industry - Life insurance prudential and reporting standards and guidance
• for the superannuation industry - Superannuation prudential and reporting standards and guidance