APRA’s focus on data risk has been steadily increasing throughout the years, with specific guidance in CPG 235 on Managing Data Risk, and data featuring as a key risk type in CPS 234 Information Security and more recently in CPS 230 Operational Resilience.
To date, APRA’s supervisory activities on data have been focused on the accuracy of prudential reporting processes, maturity of data risk management practices, and effectiveness of data security controls. Recent cyber events leading to customer data leakages and entity data breaches in the industry have highlighted the importance of data storage, deletion, and security, all of which require a sound understanding of the data environment and quality of data. Data is key to many, if not all, the decisions an entity must make and as such is the “crown jewels” for most entities. The protection of an entity’s crown jewels should be a high priority for directors and executives alike.
To gain insights into the status of data risk management, APRA embarked on a multi-year pilot study with a selection of banks. Observations point to recent improvements in data practices driven in part by APRA’s supervision…
