APRA Prudential Standard CPS 220 Risk Management
This Prudential Standard requires an APRA-regulated institution and a Head of a group to have systems for identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks that may affect its ability, or the ability of the group it heads, to meet its obligations to depositors and/or policyholders. These systems, together with the structures, policies, processes and people supporting them, comprise an institution’s or group’s risk management framework.
The Board of an APRA-regulated institution and the Board of a Head of a group, respectively, are ultimately responsible for having a risk management framework that is appropriate to the size, business mix and complexity of the institution or group it heads. The risk management framework must also be consistent with the institution’s or group’s strategic objectives and business plan.
The key requirements of this Prudential Standard are that an APRA-regulated institution and a Head of a group must:
- maintain a risk management framework that is appropriate to the size, business mix and complexity of the institution or group, as relevant;
- maintain a Board-approved risk appetite statement;
- maintain a Board-approved risk management strategy that describes the key elements of the risk management framework that give effect to the approach to managing risk;
- maintain a Board-approved business plan that sets out the approach for the implementation of the strategic objectives of the institution or group;
- maintain adequate resources to ensure compliance with this Prudential Standard; and
- notify APRA when it becomes aware of a significant breach of, or material deviation from, the risk management framework, or that the risk management framework does not adequately address a material risk.
Getting StartedClick "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.
|Laws or related obligations