Standard CPS 230: continuing the discussion
Regulatory -It was great to get together with our partner community last month for the second CPS 230 Partner Roundtable discussion. With over 40 representatives from across our partners joining us in Sydney and Melbourne, it’s evident this is a key focus for the industry.
The third-party risk regulatory landscape
We were pleased to have Ernst & Young Partner, Hanny Hassan join us to share some of the insights identified in global regulatory change and assurance models. From the discussion, it’s clear that the pace of change is increasing and we can expect further requirements of financial services entities around outsourcing and third-party risk management.
Defining critical operations
At TAL, our methodology for defining critical operations includes processes undertaken by us (or a service provider) which, if disrupted beyond tolerance levels, would have a material adverse impact on members.
Other processes not critical for the purpose of CPS 230 will continue to be managed under the existing Risk Management Framework including maintenance of related Business Continuity Plans.
Throughout the process of critical operations mapping, we’ve gained a number of valuable insights such as the importance of validating the currency and reliability of existing documents, and a focus on criticality and materiality.
During the session, we discussed the different types of assurance models available together with the considerations for each. Attendees agreed in principle that the best way forward is working towards a standardised model across the industry.
Next steps
As we await further updates from APRA, we will continue to work on identifying critical operations and Material Service Providers. Meeting early and taking a proactive approach as we strive for alignment puts us in a good position to not only meet current requirements but to also adapt to future shifts in the landscape.
Our team will reach out to your Risk or CPS 230 project leads over the coming months with next steps specific to your organisational needs.
If you have any questions, please speak with your internal Risk team or your TAL Partnership Manager.