“This new standard will ensure that regulated entities set and test controls and maintain robust business continuity plans to respond if disruptions do occur.”
APRA has extended the effective date for the new standard by 18 months to July 2025, to provide more time for banks, insurers and super funds to prepare.
Boards on notice
In guidance accompanying the policy release on Monday, APRA said a prudent board must have “a clear understanding of who is accountable” for all parts of operational risk management, and to be “confident that there are no gaps in accountabilities”.
APRA said boards should “pay particular attention” to new ventures that may give rise to novel operational risks, including activities associated with crypto assets, which comes as banks ban payments to high-risk cryptocurrency exchanges.
The regulator said some boards “have not consistently been provided with important information on operational risk when making strategic decisions”, and it expects “information provided to the board [to] be targeted, relevant and sufficient for directors to clearly understand the potential impact on the operational resilience of an entity’s critical…
