JUser: :_load: Unable to load user with ID: 3667
Wednesday, 12 December 2012 08:53

APRA warns on data risks


The Australian Prudential Regulation Authority (APRA) has issued a draft guide for banks, insurers and superannuation companies about the need to properly manage data risks that will have implications for organisations considering outsourcing or moving data to the cloud.

The industry has until the end of March to make submissions regarding the draft code.

The Draft Prudential Practice Guide released by APRA states clearly that it is not intended as an all-encompassing framework governing data management, rather it offers a series of guidelines regarding monitoring and managing data risk.

The far from prescriptive approach taken by the Guide allows organisations to assess their own appetite for data risk. While it does not outlaw outsourcing, offshoring or use of cloud services it notes that risk could be magnified through offshoring as a result of “control framework variations, lack of proximity, reduced corporate allegiance, geopolitical risks and jurisdictional-specific requirements.”

It notes that; “APRA expects a regulated institution to apply a cautious and measured approach when considering retaining data outside the jurisdiction it pertains to. It is important that a regulated institution is fully aware of the risks involved and makes a conscious and informed decision as to whether the additional risks are within its risk-appetite.”

Whatever solution an organisation selects APRA has made clear that it would expect an institution to be able to continue operations regardless of the situation of its outsourcer, offshorer or cloud provider. It also requires proper maintenance of data and compliance with legislative and prudential requirements.

APRA also indicated that organisations needed to ensure there were no jurisdictional hurdles or technical complications that would stall APRA from being able to access data as required to fulfil its prudential  obligations.

The draft guide also points to the risks that may be introduced by allowing end users to bring or develop their own technology. It notes that traditional data management policies may not be able to adequately manage the risk that this introduces, and special attention and policies might be required.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more




Recent Comments