By Phil Noble , Roger Wood , Roman Zaytsev   /

Outcomes for resilience and results

Can new regulation drive more than just a regulatory response – providing an opportunity to make your organisation more resilient, self-sufficient, and efficient into the future?

Takeaways

  • CPS 230 places pressure on APRA regulated entities to prepare a more comprehensive and rigorous risk management approach.
  • The complexity associated with delivering improvements is wide-reaching within an organisation, and the cost may be high.
  • At the same time, this change provides an opportunity to take advantage of a demanding situation to drive greater efficiency, effectiveness, internal capability, and customer results.
  • Understanding current state and gaps is the first step in setting you up for success.
  • SPP’s accreditation planning workshop will establish a practical action plan for becoming CPS230 compliant and identify areas of potential additional benefit

CPS 230 seeks to ensure APRA-regulated entities are resilient to operational risks and disruptions

The new Standard was developed in response to recent operational risk control failures, including significant cyber breaches. It has three key focus areas:

  • Strengthened operational risk management;
  • Enhanced 3rd party risk management; and
  • Improved business continuity planning.

Exhibit 1: Overview of CPS 230 requirements

The Standard sets the agenda for the CRO/CEO

CPS230 sets a refreshed agenda for the CRO/CEO

CPS230 commences in July 2025 and regulated entities must proactively prepare for implementation.

APRA expects that organisations deliver these outcomes through a set of internal mechanisms, including:

  • Improved internal controls, monitoring and remediation;
  • Management and monitoring of service providers (3rd parties); and
  • Effective business continuity planning.

In short, the requirements will place greater demands on the organisation to run an integrated set of risk management processes and controls.

The critical question for many entities subject to this new regime is: How do we achieve and maintain accreditation while also improving business performance?

More than just a regulatory response, the process of adapting to CPS230 provides an opportunity to make your organisation more resilient, self-sufficient, and efficient into the future.

Exhibit 2: The CRO agenda for CPS230

The complexity (and potential cost) is high

Focusing on five key priorities creates a foundation for future success

Preparing for implementation then requires a methodical & comprehensive approach

CPS230 will have wide-ranging consequences for regulated entities’ risk management approach. The complexity associated with delivering improvements is considerable, and the cost may be high.

Some questions to consider when planning your response to CPS230:

Understanding accreditation gaps is the first step

A targeted six-week diagnostic program will establish a clear view of requirements, implications and initiatives leading to a practical action plan for accreditation and (beyond).

Next Step

We will work with you to facilitate a half day workshop to kick- start your journey to achieving and maintaining CPS230 compliance.

The outcome of this highly effective workshop will be a practical CPS230 compliance action plan with identified areas of potential additional benefit – greater resilience, self-sufficiency & operational efficiency.

Key Contacts

Phil Noble  /  Founder and Managing Partner

Phil Noble is the Founder and Managing Partner of SPP. He is an experienced General Manager, Consultant and Entrepreneur and has worked in a wide range of industries including financial services, telecommunications, infrastructure and Not for Profit.  Phil has...

Connect on email

Connect on LinkedIn

By Phil Noble , Roger Wood , Roman Zaytsev   /