Guide to Prudential Standard CPS 234 Information Security for APRA-Regulated Entities

Best Practice Guide

About Prudential Standard CPS 234 Information Security

The failure of just one regulated institution can undermine the stability of the financial system. For that reason, APRA is obliged to maintain a low incidence of failure among the entities it regulates.

Of course, APRA can only do so much. Instead, it must compel the management and directors of those entities (most likely the Board of Directors) to ensure that their own institutions remain sound.

APRA primarily does so through the imposition of prudential standards. The reason they are put into place is to increase the resilience to business disruption arising from internal and external events and reduce impact on business operations, reputation, profitability, depositors, policyholders, and other stakeholders.

Key standards address capital adequacy, liquidity, and governance to ensure that systemic risks (i.e., risks that would endanger the system as a whole) are properly managed. Information security falls under this rubric, as well.

Information security, particularly data breaches, is of ever-increasing concern for APRA-regulated entities; finance and insurance routinely top the ranks of the most vulnerable sectors to data breaches. And so, in July 2019, APRA released Prudential Standard CPS 234 Information Security, to which the subsequent guide provides a primer.

Download the full guide to continue reading >>

Download the Free Guide