APRA's Policy Priorities 2019

APRA has recently announced its priorities for 2019. Please see below excerpts that are relevant to the operational risk management and the business continuity practitioners. See here for the full report.

“Operational risk and related standards

APRA has commenced an important project to update its existing prudential standards and guidance on outsourcing, business continuity and information security, which apply to entities in the banking, insurance and superannuation industries. The objective of this initiative is to align prudential requirements with industry better practice and community expectations for a high degree of resilience to material operational risk incidents.

In conjunction with these more technical standards, APRA’s intention is to issue broad-based expectations for operational risk management and resilience that align to the overarching risk management framework. APRA will take the opportunity to streamline existing requirements where appropriate.

The first stage of this project, involving a new prudential standard on information security was finalised in late 2018, with the new standard to commence on 1 July 2019. APRA will consult on associated guidance on information security in the first half of 2019. Subsequently, requirements for operational risk management and revised standards for business continuity and outsourcing (updated to cover service provision more broadly) will be the focus of consultation over the course of 2019.”

Our reading of the tea leaves is that there could well be considerable changes to the way APRA regulates the Australian finance market in the near term. The outcome of the Hayne Royal Commission and the looming risks from climate change means that it is likely that over the next twelve months our business continuity plans may need to be thoroughly reviewed.

Companies Most Exposed to Climate Change Risk | Barrons

“We’re steadily moving toward a new normal where billion-dollar disasters are a regular occurrence,” says Emilie Mazzacurati, founder and CEO of Four Twenty Seven. “This combination of extreme weather events and growing pressure from asset owners and regulators is pushing a lot of businesses to look for a way to understand their exposure and start managing their risks.”

Business Continuity Risks Across Cloud Services | Continuity Central

Despite sensitive data being increasingly moved to the cloud, research carried out by Databarracks reveals that over 60 percent of organisations have not evaluated the business continuity risks for their cloud services over the past year.

From a survey of 400 IT professionals, only 40 percent of organisations have evaluated the business continuity risks for their cloud services in the past 12 months. 17 percent of businesses have no plans to address this over the next 12 months. Further to this, almost a quarter (23 percent) of organisations admit to not having backup or recovery capabilities in place, beyond the standard default options offered by their cloud provider.

Read more

Recovering from a major Azure outage - options | Continuity Central
Untitled 23.png

Cloud failures - both major and minor - are inevitable. What is not inevitable is extended periods of downtime or unacceptable data loss caused by any resulting service outages.

Jonathan Meltzer examines four different options for ensuring application-level continuity through high availability and disaster recovery provisions in a hybrid or exclusively Azure cloud environment.

Read more

This scenario based seminar addresses compliance issues in the Cloud.

Compliance Without Control

Untitled 51.png

The increasing dependence of organisations on applications in the cloud has made it more challenging for privacy, risk and business continuity executives to satisfy themselves that they are complying with privacy and resilience regulations.

Hear from experts address the issues that arise when things go wrong. They will work their way through a realistic scenario, that worsens over time.

We will present the perspective of an APRA regulated user, a cloud services provider and the regulator.

There will be plenty of opportunity for questions and networking at this interactive and stimulating session. Drinks will be served at the conclusion of the session.

Melbourne October 16

Sydney October 17