APRA says boards are ultimately accountable for operational risk, such as cyber attacks.
This means having a plan for continuity of service is systems are compromised.
Banks, insurers and super funds now have until July 2025 to be ready.
The prudential regulator wants boards to sharpen oversight of accountability for cyber breaches, finalising a new standard on “operational risk management” which seeks to fortify the financial sector from hacks such as the one that devastated Medibank Private.
In a new cross-industry policy covering banks, insurers and superannuation trustees, the Australian Prudential Regulation Authority said boards were ultimately accountable for operational risk. It wants companies to get on the front foot to reduce disruption for customers should systems go down.
Loading...
James Eyers writes on banking, payments and fintech. He is a former legal and investment banking editor at the AFR, has degrees in commerce and law from UNSW, and is co-author of Buy now, pay later: The extraordinary story of Afterpay Connect with James on Twitter. Email James at jeyers@afr.com.au
