Close

APRA issues warning to banks

  • REVEALED: MPA's Top 100 Brokers 2020

    The complete list of the best brokers for 2020 is now live – see who made it

  • Another major Australian non-bank to list

    Reports that planned IPO will value company at $750m

  • SPECIAL REPORTS

    • 2018 Commercial Lenders Roundtable
    • Top 10 Brokerages 2018
    • 2018 Brokers on Aggregators

    The Australian Prudential Regulation Authority (APRA) has warned that its newly released cyber security strategy requires more intense focus from financial firms. The regulator has ordered insurers, banks, and super funds to conduct urgent audits against the new prudential standard to ensure they’re compliant.

    APRA’s new five-year cybersecurity strategy extends the regulator’s influence into non-banks, including third-party IT suppliers, fund managers, and payment companies, to defend the financial system from the growing threat of cyber attackers.

    “Our view that it’s only a matter of time until a major incident occurs hasn’t changed. In light of evidence that boards frequently don’t understand or are not adequately informed about cyber risks, we’re no longer prepared to simply take their words for it – we want compliance independently verified,” said APRA executive Geoff Summerhayes, as reported by the Australian Financial Review (AFR).

    He emphasised that it’s “only a matter of time” before hackers hit a major financial institution. Therefore, bank boards should engage in an external audit firm to review compliance with the regulator’s prudential standard on cybersecurity, known as CPS 234.

    APRA also calls for more investment into internal audit teams to police standards, and for much stricter vetting of third-party suppliers.

    “If boards are unwilling or unable to make the required changes in a timely manner, we will consider using formal enforcement action,” Summerhayes said.

    “In an environment where an attack on one of us could be an attack on any of us, our financial system is only as resilient to cyberattacks as the weakest link in the chain. By working together, we can actually capitalise on our increased connectivity to strengthen the chain and protect ourselves by protecting each other.”

    Related stories:

    • Three Liberty Financial shareholders worth nearly $2 billion
    • Make things tougher for non-banks – ABA

    Original Article