With the deadline for APRA’s CPS230 Operational Risk Management standard fast approaching, the pressure is on institutions to deliver outcomes and benefits that demonstrate compliance. As institutions navigate the shift from building and implementing to embedding new operational risk management capabilities, it’s clear that success hinges on immediate, decisive steps to finalise the documentation of critical operations, engage of third parties, and embed automated and integrated processes. In a series of roundtable discussions hosted by ReadiNow, over 50 senior risk professionals from 40 institutions shared their insights on the challenges, progress, and urgent priorities for achieving CPS230 compliance before time runs out. Below are the key insights from these discussions
CPS230 Compliance Progress: Where Financial Institutions Stand
From the insights gathered, it’s clear that most organisations have moved beyond the design and build phases of their CPS230 compliance programs and are preparing for full implementation and the embedding of new processes in 2025. However, the pace of progress varies significantly between institutions. The banking sector is leading the way, with insurers following and superannuation funds making slower progress. Larger organisations are notably further ahead compared to their smaller counterparts, but even among the larger institutions, many have yet to fully embed their new operational risk capabilities.
Critical Focus Areas for Achieving CPS230 Compliance
One of the primary challenges institutions face is documenting their critical operations. This includes identifying associated risks, controls, vulnerabilities, tolerances, and third-party dependencies. This documentation process has proven to be iterative, as organisations struggle to find the right balance between satisfying regulatory expectations and maintaining operational efficiency. While many institutions have made strides, getting the necessary level of detail remains an ongoing challenge.
Transforming Operating Models to Meet CPS230 Standards
To comply with CPS230, many organisations are undergoing significant changes to their operating models. This transformation is happening in a cascading manner. The first wave of changes is occurring at the policy, framework, and process levels. These changes are then driving updates in technology and systems, which in turn are improving data quality and reporting. Ultimately, these enhancements are expected to strengthen governance. However, most organisations are still grappling with the extent of changes needed in roles, responsibilities, and resourcing, and few have begun measuring the cultural impact of these shifts. Key Teams Leading the Charge
Clarity of accountabilities and future operating model roles, responsibilities and resourcing is being enhanced on an iterative basis. Considerable impact is being felt by the business, particularly by the technology departments who are tasked with delivering the largest share of the changes necessary to achieve compliance – ranging from owning specific critical operation through to mapping IT vulnerabilities and enhancing governance over growing number of material service providers. The second line of defence—risk and compliance teams—must also evolve to guide the business through these changes. Additionally, first-line teams such as operations, procurement, and legal will need to undergo significant adjustments to align with the new compliance requirements.
CPS230 Action Plan: Preparing for Full Implementation for 2025 and Beyond
As institutions prepare for the implementation and embedding phases in 2025, several critical actions should be prioritised to ensure success:
As the countdown to CPS230 compliance continues, organisations must shift their focus from design and build to full-scale implementation and embedding. The insights shared at our roundtable discussions highlight the areas where institutions are making progress, but also the significant challenges that remain.
How ReadiNow Can Assist with CPS230 Compliance
ReadiNow’s no-code process automation platform is uniquely positioned to help organisations meet their CPS230 obligations efficiently and effectively. By providing scalable, out-of-the-box solutions tailored for Operational Risk Management in FSI.
ReadiNow enables regulated institutions to document critical operations, improve governance and manage third-party vendors, incident Management and continuity plans. With ReadiNow, organisations can quickly move from implementation to embedding, ensuring compliance with APRA’s standards is met ahead of the deadline.
Suite 202, Level 2
55 Clarence Street
Sydney NSW 2000
Call Us: 1800 153 153
Email Us: sales@readinow.com
No Comments Yet
Let us know what you think