APRA CPS 232: Business Continuity Management Standard
This Prudential Standard requires each APRA-regulated institution and Head of a group to implement a whole-of-business approach to business continuity management that is appropriate to the nature and scale of the operations. Business continuity management increases resilience to business disruption arising from internal and external events and may reduce the impact on the institution’s or group’s business operations, reputation, profitability, depositors, policyholders and other stakeholders.
The Board of an APRA regulated institution and the Board of a Head of a group, respectively, have ultimate responsibility for the business continuity of the institution or group.
The key requirements of this Prudential Standard are that an APRA-regulated institution and a Head of a group must:
- maintain a business continuity management policy for the institution or group, approved by the Board;
- identify, assess and manage potential business continuity risks to ensure that it is able to meet its financial and service obligations to its depositors, policyholders and other stakeholders;
- consider business continuity risks and controls as part of its risk management framework;
- maintain a business continuity plan that documents procedures and information which enable the institution to manage business disruptions;
- review the business continuity plan annually and periodically arrange for its review by the internal audit function or an appropriate external expert; and
- notify APRA in the event of certain disruptions.
Where an APRA-regulated institution is the Head of a group, this Prudential Standard requires that the group has in place business continuity management appropriate to the nature and scale of the group’s operations, and the provisions of this Prudential Standard are applied appropriately throughout the group, including in relation to
institutions that are not APRA-regulated. In addition, where specified, the Head of a group must comply with the requirements on a group basis.
Getting StartedClick "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.
|Laws or related obligations