Holocentric Connect helps organisations meet CPS 230 requirements to “identify and document the processes and resources needed to deliver critical operations”. We are also developing specific features with regulated entities and Three6 to streamlines CPS 230 compliance. Click here to learn how Holocentric software can help.
Last updated August 2023.
On 17th July 2023, APRA released the final version of Prudential Standard CPS 230 Operational Risk Management, a new standard that consolidates five existing Prudential Standards covering outsourcing and business continuity planning across banking, insurance and superannuation. CPS 230 will introduce new requirements and enhance existing requirements across three key areas:
Entities with sufficient scale, such as the “big four” banks, will undoubtedly have some advantage in complying to CPS 230. They typical already have a higher level of maturity in process, risk, BCP and supplier management from years of investment, and they have the tools and internal expertise to meet the new requirements.
For many regional and customer-owned banks, medium-sized insurance companies and superannuation funds, CPS 230 presents a significant challenge. Their size, maturity and access to resources make complying to CPS 230 a more onerous task compared to their larger peers. For some entities, the commercial viability of operating under this prudential standard is uncertain.
Software designed specifically for CPS 230 would help entities comply to the standard faster and more cost effectively. This is especially so when compared to approaches involving traditional documents or cobbling a solution together using disparate systems. Purpose-built software would support capturing, understanding, monitoring and reporting in operational risk, business continuity planning and service provider management out-of-the-box.
Importantly, CPS 230 software would enable entities to go beyond a shallow assessment of requirements and provide increased assurance that they are compliant. In designing our CPS 230 software, we think that it should support:
These features would cover all three areas of CPS 230: Operational risk management, business continuity planning, and service provider management.
A key feature of CPS 230 software is a purpose-built information model that helps entities capture, understand and report on:
This information model provides entities with a fit-for-purpose framework for complying to CPS 230. Capturing information using this model brings depth to the entity’s compliance regime and provides a level of assurance that could not be achieved with documents. Supported by an easy-to-use user interface, the software enables entities to capture the necessary information to become compliant quickly, as well as reduces the risk of non-compliance on an ongoing basis.
CPS 230 software has a combination of features that reduces the costs and effort required to maintain CPS 230 compliance.
Dashboards, such as visual heatmaps, would show the coverage of risks, controls, accountable persons and service providers across critical operations. Any gaps in compliance, such as a BCP test or a service provider assessment that has lapsed, would be flagged for attention.
The software has workflows and notifications to support managing changes (for example, version control), reviews and approvals. A record of changes and approvals is stored for auditing purposes. Automated notifications support periodic review of information and testing of BCPs, helping the entity ensure that compliance is maintained at any point of time.
Purpose-built software enables entities to prove to internal and external auditors that they were compliant at any point in the past. It provides a snapshot of the processes, resources, assessments, BCPs and supplier arrangements that were in place at that point of time. A package of all the relevant information could compiled and packaged on demand and in a few clicks. The preparation involved in responding to an audit is significantly reduced as a result.
The software would also have features that support entities in reporting to APRA. For example, it would help create information packages for any new agreements or changes with material services providers. It also keeps a record of what was reported to APRA, who approved it for release, and how the information has changed over time.
Holocentric and Three6 are collaborating to develop innovative solutions to reduce the cost of addressing and maintaining CPS 230 compliance. With our combined financial services, compliance, and software expertise, we understand the challenges you face. Our software solution streamlines CPS230 compliance, saving you time, effort, and money.