APRA determines new prudential standards on Business Continuity Management

APRA Media Release of 18 April, 2005

The Australian Prudential Regulation Authority (APRA) today issued prudential standards on business continuity management (BCM) for authorised deposit-taking institutions (ADIs) and general insurers. The new prudential standards aim to ensure that ADIs and general insurers implement a “whole of business” approach to BCM appropriate to the nature and scale of their individual operations.

Key requirements of the prudential standards include:

  • the Board of Directors and senior management of an ADI or general insurer must consider business continuity risks and controls as part of the company’s overall risk management framework provided to APRA on an annual basis;
  • an ADI or general insurer must identify critical business functions, resources and infrastructure which, if disrupted, would have a material impact on the company’s business operations, reputation or profitability;
  • an ADI or general insurer must assess the impact of plausible disruption scenarios on critical business functions, resources and infrastructure and have in place appropriate recovery strategies to ensure all necessary resources are readily available to withstand the impact of the disruption; and
  • an ADI or general insurer must develop, implement and maintain through review and testing procedures, a Business Continuity Plan that documents procedures and information which enable the company to respond to disruptions and recover critical business functions.

The two new standards come into effect immediately, but ADIs and general insurers have a 12?month transitional period in which to identify areas of non-compliance with the new standards and provide to APRA a rectification plan and timetable.

APRA’s Chairman, Dr John Laker, said APRA has identified BCM as an area of the prudential framework requiring further improvement.

“As business operations have become increasingly complex, with a growing reliance on outsourcing activities offshore, it is vital that ADIs and general insurers maintain critical business operations in the event of an external disruption”, said Dr Laker. “The new prudential standards provide a structured framework for addressing BCM on an organisation-wide basis to ensure this important part of risk management is adequately addressed.”

APRA is anticipating the release of a similar standard on BCM for life companies in the first half of 2006.

The prudential standards can be found on APRA’s web site at http://www.apra.gov.au/Policy/Prudential-Standards-Guidance-Notes-for-ADIs.cfm and http://www.apra.gov.au/General/General-Insurance-Prudential-Standards-and-Guidance-Notes.cfm.

The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, friendly societies, and most members of the superannuation industry. APRA is funded largely by the industries that it supervises. It was established on 1 July 1998. APRA supervises institutions holding approximately $2.0 trillion in assets for 20 million Australian depositors, policyholders and superannuation fund members.

Browse our upcoming Training & Events

Signup for our Newsletter