Your Shopping Cart
By using this site you agree to our use of cookies. Please refer to our privacy policy for more information. Close
APRA Prudential Standard CPS 232 - Business Continuity Management: Overview and Summary of Requirements
- By: Staff Editor
- Date: June 14, 2013
This APRA Prudential Standard requires regulated institutions to manage and monitor potential business continuity risks and that the respective boards of these institutions consider business continuity risks as a part of the entire risk management system.
The standard also requires regulated institutions to document and maintain their business continuity plans periodically. The standard came into force on January 1 2013.
Applicability
- The standard applies to all ADIs including foreign ADIs and NOHCs, all Category C insurers, authorized insurance NOHCs and parent entities of Level 2 insurance groups
- The standard also applies to friendly societies, Eligible Foreign Life Insurance Companies (EFLICs) and registered life NOHCs
- The standard applies whether or not activities are outsourced to related bodies – corporate or third party.
Role of Board and Senior Management
- Regulated institutions must identify, assess, manage and mitigate potential business continuity risks
- The Board is ultimately responsible for business continuity of the regulated institution
- The Board can delegate day-to-day handling of BCM to a responsible committee, including responsible committee of the Head of the Level 2 group, and/or senior management
- The Board must approve the BCM policy
Factors to be Included in a Regulated Institute’s BCM Plan
- BCM Policy
- Up to date and documented BCM policy setting out objectives and approach to BCM
- Must clearly state the respective roles, responsibilities and authorities
- Business Impact Analysis (BIA)
- Involves identifying critical business functions, resources and infrastructure of regulated institution and assessing disruption impact
- Disruption scenarios and periods of time must be considered while making the BIA
- The extent to which a disruption may impact an institution’s depositors, policyholders
- Financial, legal, regulatory and reputational impact of a disruption to critical business operations
- Recovery Objectives and Strategies
- These are pre-defined goals for recovering key business operations after a possible disruption to a specified level of service (recovery level) within a defined period (recovery time)
- The recovery objectives and implementation strategies must be identified and documented using the results of the BIA
- Business Continuity Plan (BCP)
- The BCP must be documented and meet the objectives of the BCM policy
- It must identify:
- critical business operations,
- recovery levels and time targets for each critical business operation
- recovery strategies for each critical business operation
- infrastructure and resources required to implement the BCP
- roles and responsibilities
- communication plans with staff and external stakeholders
Review and Testing Of BCP
- The regulated institution must review and test the BCP at least once on an annual basis and if possible, more frequently.
- The reviews must happen after every change made in the business operations
- The results of the review must be reported to the Board or delegated management
- The BCP must be updated based on the reviews and the shortcomings identified
Auditing and Adjustments
- The internal or external audit function of the regulated institution must provide an assurance to the Board that:
- The BCP is in accordance with the BCM Policy and addresses the necessary risks
- Testing procedures are adequate and satisfactory
- The APRA may in writing adjust or exclude the requirements mentioned above in relation to a specific regulated institution
- In case of a major disruption that can materially affect the regulated institution’s risk profile, the APRA must be notified as soon as possible (in less than 24 hours) of the same.
Additional Resources
Read the APRA Prudential Standard CPS 232 - Business Continuity Management in full.
Compliance Trainings
Employee Expense Reimbursement Fraud: Detection, Prevention and Deterrence
By - Peter Goldmann
On Demand Access Anytime
By - Peter Goldmann
On Demand Access Anytime
Credit card surcharging - who is going to do it and what are the stipulations for compliance?
By - Ray Graber
On Demand Access Anytime
By - Ray Graber
On Demand Access Anytime
Compliance Standards
Best Sellers
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
-
By: Miles HutchinsonAdd to CartPrice: $249
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
-
San Francisco, CA | Aug 6-7, 2020
-
Virtual Seminar | Jul 16-17, 2020
-
Virtual Seminar | Jun 18-19, 2020
-
Los Angeles, CA | Aug 20-21, 2020
-
Virtual Seminar | Jul 16-17, 2020
-
Virtual Seminar | Jun 25-26, 2020
-
Virtual Seminar | Jun 10, 2020
-
Virtual Seminar | Jun 3-4, 2020
-
Virtual Seminar | Jul 6-7, 2020
-
San Francisco, CA | Oct 22-23, 2020
-
Virtual Seminar | Jul 9-10, 2020
-
Virtual Seminar | Jun 3-4, 2020
-
Virtual Seminar | June 3-4, 2020
-
Miami, FL | Jul 29-31, 2020
-
Virtual Seminar | Jun 17, 2020
-
Provider: ANSIAdd to CartPrice: $142
- Add to Cart
- Add to Cart
- Add to Cart
-
Provider: ANSIAdd to CartPrice: $120
-
Provider: ANSIAdd to CartPrice: $250
-
Provider: SEPTAdd to CartPrice: $299
- Add to Cart
-
Provider: Quality-Control-PlanAdd to CartPrice: $37
- Add to Cart
-
Provider: At-PQCAdd to CartPrice: $397
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
You Recently Viewed