🇺🇸 US 30-yr mortgage rate: 6.55% — Bankrate, June 10🇯🇵 BOJ June rate hike: 80% market probability — CNBC🇮🇳 India opens insurance to 100% FDI under automatic route🇺🇸 Fed holds rates at 3.50–3.75% — third consecutive hold🌍 Global cyber insurance market: $33.4B projected for 2026🇬🇧 FCA: Insurance premium finance APRs down 4.1% since 2022🇰🇷 DB Insurance completes $1.65B Fortegra acquisition🇺🇸 Medicaid cuts: CBO estimates 11.8M to lose coverage🇦🇺 APRA CPS 230 amendments effective July 1, 2026🇩🇪 BaFin launches dedicated cyber insurance reporting class🇺🇸 US 30-yr mortgage rate: 6.55% — Bankrate, June 10🇯🇵 BOJ June rate hike: 80% market probability — CNBC🇮🇳 India opens insurance to 100% FDI under automatic route🇺🇸 Fed holds rates at 3.50–3.75% — third consecutive hold🌍 Global cyber insurance market: $33.4B projected for 2026🇬🇧 FCA: Insurance premium finance APRs down 4.1% since 2022🇰🇷 DB Insurance completes $1.65B Fortegra acquisition🇺🇸 Medicaid cuts: CBO estimates 11.8M to lose coverage🇦🇺 APRA CPS 230 amendments effective July 1, 2026🇩🇪 BaFin launches dedicated cyber insurance reporting class
PG

PolicyGlobal

Insurance & Finance Intelligence

Sydney Australia financial district representing regulatory compliance - illustrative image
Regulation🇦🇺Australia

Australia's APRA CPS 230 Operational Risk Standard Set to Take Full Effect July 1

Editorial Desk··4 min read
Verified Story

Australia's landmark CPS 230 Operational Risk Management standard takes full effect on July 1, 2026, requiring banks, insurers, and superannuation funds to demonstrate resilience to operational disruptions including cyber incidents and third-party failures. The deadline arrives as APRA's finalised amendments — introducing limited exemptions for non-traditional service providers — also commence, marking the culmination of a multi-year implementation program.

Australia's financial sector reaches a major regulatory milestone on July 1, 2026, when the Australian Prudential Regulation Authority's (APRA) cross-industry Prudential Standard CPS 230 Operational Risk Management takes full effect for in-scope entities. The standard, which has been in development since 2023, is designed to ensure that APRA-regulated entities across banking, insurance, and superannuation can withstand and rapidly recover from operational disruptions — including cyber incidents, system failures, and third-party service provider outages.

The July 1 commencement applies to pre-existing contractual arrangements with service providers, with requirements applying from the earlier of the next contract renewal date or July 1, 2026. Additionally, deferred requirements relating to business continuity and scenario analysis apply to non-significant financial institutions (non-SFIs) from this date, following a 12-month extension APRA granted to give smaller entities more time to comply.

Arriving simultaneously are APRA's finalised targeted amendments to CPS 230, which the regulator released on April 30, 2026. These amendments introduce limited exemptions from specific contractual requirements for material arrangements with certain categories of non-traditional service providers (NTSPs) — including government agencies, regulators, central banks, and financial market exchanges such as clearing and settlement facilities — where negotiating bespoke contractual terms is not practicable. APRA developed the exemptions in response to industry feedback, while preserving the core operational resilience objectives of the standard.

To implement the framework, insurers, superannuation trustees, and banks must review their full material service provider portfolios, identify which arrangements qualify for the exemptions, and update their Material Service Provider (MSP) registers and reporting processes before the July 1 deadline. APRA has updated the MSP Register template to accommodate the exempt provider categories and will issue an updated APRA Connect return for the 2026 reporting cycle. The regulator has signalled it expects the scope of these exemptions to narrow over time as operational resilience practices and market contract norms continue to develop. CPS 230 forms part of a broader strengthening of operational and cyber resilience across Australia's financial system, alongside the Financial Accountability Regime (FAR) that now extends to insurers and superannuation funds.

Key Points

  • 1APRA's CPS 230 Operational Risk Management standard takes full effect on July 1, 2026
  • 2Pre-existing service provider contracts must comply from the earlier of renewal or July 1, 2026
  • 3Finalised amendments introduce limited exemptions for non-traditional service providers like central banks
  • 4Insurers, super funds, and banks must update Material Service Provider registers before the deadline
  • 5Non-significant financial institutions gain compliance for deferred business continuity requirements from July 1

Why This Matters

CPS 230 is the cornerstone of Australia's operational resilience framework, and the July 1 deadline is a hard compliance date for banks, insurers, and superannuation funds. As cyber threats and third-party dependencies grow, the standard aims to ensure financial institutions can keep serving customers through disruptions. For Australian consumers and policyholders, the standard strengthens protections against service outages and operational failures; for regulated entities, missing the deadline exposes them to supervisory action, making this a top compliance priority across the sector.

#APRA#CPS 230#Australia#operational risk#cyber resilience#insurance regulation

Original Source

APRA (Australian Prudential Regulation Authority)
Verified · Jun 25, 2026Read Original
Disclaimer: This article is for informational purposes only and does not constitute financial, investment, legal, or insurance advice. Always consult a qualified professional before making financial decisions. PolicyGlobal reports on publicly available information from third-party sources and cannot guarantee the accuracy or completeness of such information.

Related Stories

European Central Bank and financial stability risk analysis - illustrative image
Regulation

ECB Warns Private Credit Shock Would Hit Insurers Harder Than Banks Amid AI-Fuelled Boom

May 26, 2026

UK financial regulation and insurance compliance in London - illustrative image
Regulation

UK PRA Sets June 30 Deadline for Insurers to Complete Solvent Exit Planning

June 24, 2026

Life insurance policy and Australian financial market - illustrative image
Life Insurance

Zurich's Proposed Acquisition of ClearView Life Expected to Complete by Q3 2026

June 24, 2026

German financial regulation and cyber insurance oversight - illustrative image
Regulation

Germany's BaFin Confirms Legal Permissibility of Ransom Insurance, Expands Supervisory Powers

June 24, 2026

Daily Intelligence

The PolicyGlobal Daily Brief

Get the top 5 insurance and finance stories every morning, curated and verified by our editorial desk. No spam. Unsubscribe anytime.

Informational newsletter only. Not financial advice. Disclaimer