Home Government Tech Policy APRA warns on data risks


JUser: :_load: Unable to load user with ID: 3667

The Australian Prudential Regulation Authority (APRA) has issued a draft guide for banks, insurers and superannuation companies about the need to properly manage data risks that will have implications for organisations considering outsourcing or moving data to the cloud.

The industry has until the end of March to make submissions regarding the draft code.

The Draft Prudential Practice Guide released by APRA states clearly that it is not intended as an all-encompassing framework governing data management, rather it offers a series of guidelines regarding monitoring and managing data risk.

The far from prescriptive approach taken by the Guide allows organisations to assess their own appetite for data risk. While it does not outlaw outsourcing, offshoring or use of cloud services it notes that risk could be magnified through offshoring as a result of “control framework variations, lack of proximity, reduced corporate allegiance, geopolitical risks and jurisdictional-specific requirements.”

It notes that; “APRA expects a regulated institution to apply a cautious and measured approach when considering retaining data outside the jurisdiction it pertains to. It is important that a regulated institution is fully aware of the risks involved and makes a conscious and informed decision as to whether the additional risks are within its risk-appetite.”

Whatever solution an organisation selects APRA has made clear that it would expect an institution to be able to continue operations regardless of the situation of its outsourcer, offshorer or cloud provider. It also requires proper maintenance of data and compliance with legislative and prudential requirements.

APRA also indicated that organisations needed to ensure there were no jurisdictional hurdles or technical complications that would stall APRA from being able to access data as required to fulfil its prudential  obligations.

The draft guide also points to the risks that may be introduced by allowing end users to bring or develop their own technology. It notes that traditional data management policies may not be able to adequately manage the risk that this introduces, and special attention and policies might be required.


Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Popular News




Guest Opinion


Sponsored News