Australian finance sector organisations will soon have to demonstrate oversight of their service providers’ risk management practices, providing a level of transparency now considered critical in an increasingly technologically complex and digitally interconnected world.

Coming into force on July 1, 2025, APRA’s CPS 230 rule will make finance sector companies responsible for their own operational resilience and require a lot more reporting, notification and monitoring of third-party service providers, says University of NSW marketing school head Professor Maggie Chuoyan Dong.