APRA Prudential Standard CPS 230 ‘Operational Risk Management’ comes into force July 2025.
CPS 230 applies to APRA-regulated insurers (including both local insurers & Category C insurers) however there are indirect or downstream impacts on Underwriting Agencies, Claim Managers (Service Suppliers) & Insurance Brokers.
These impacts arise in respect of insurers’ critical operations & material service providers.
๐๐ง๐๐ฉ๐๐๐๐ก ๐ค๐ฅ๐๐ง๐๐ฉ๐๐ค๐ฃ๐จ
An APRA-regulated entity must maintain its critical operations within tolerance levels through severe disruptions & manage the risks associated with the use of service providers (para 12 CPS 230).
For an insurer, claims processing is a critical operation unless the insurer can justify otherwise.
๐๐๐ฉ๐๐ง๐๐๐ก ๐จ๐๐ง๐ซ๐๐๐ ๐ฅ๐ง๐ค๐ซ๐๐๐๐ง๐จ
An APRA-regulated entity must, at a minimum, classify a provider of the following services as a material service provider, unless it can justify otherwise: for an insurer (general, life, private health): underwriting, claims management, insurance brokerage & reinsurance (p50)
๐๐ข๐ฏ๐ข๐จ๐ฆ๐ฎ๐ฆ๐ฏ๐ต ๐ฐ๐ง ๐ด๐ฆ๐ณ๐ท๐ช๐ค๐ฆ ๐ฑ๐ณ๐ฐ๐ท๐ช๐ฅ๐ฆ๐ณ ๐ข๐ณ๐ณ๐ข๐ฏ๐จ๐ฆ๐ฎ๐ฆ๐ฏ๐ต๐ด
An APRA-regulated insurer must:
- Maintain a comprehensive service provider management policy (p47);
- Identify & maintain a register of its material service providers & manage the material risks associated with using these providers (p49) & submit the register to APRA on an annual basis;
- Before entering into or modifying a material arrangement undertake due diligence assessing the financial & non-financial risks (p53)
- Maintain a formal legally binding agreement covering the matters listed in p54 (a) – (g);
- Monitor the arrangement (p58);
- Meet the APRA notification requirements (p59); &
- Have the arrangements reviewed by its internal audit function (p60).
๐๐ค ๐ฌ๐๐๐ฉ ๐๐ค๐๐จ ๐ฉ๐๐๐จ ๐ข๐๐๐ฃ ๐๐ค๐ง ๐ข๐๐ฉ๐๐ง๐๐๐ก ๐จ๐๐ง๐ซ๐๐๐ ๐ฅ๐ง๐ค๐ซ๐๐๐๐ง๐จ?
Material service providers who are well prepared for the impacts of CPS 230 will achieve a competitive advantage in their partnering with insurers.
Providers of material services must:
- Incorporate the requirements of CPS 230 into their risk & compliance arrangements including referencing APRA’s Prudential Practice Guide (CPG 230);
- Engage early with insurer(s) to understand the insurer(s) project plan in respect of timeframes & any unique requirements they have; &
- Arrange for a compliance review in early 2024 (due diligence) to fully understand the impact of the proposed changes to ensure a seamless transition to the new arrangements.
Do not hesitate to contact me to assist in being prepared for the impacts of CPS 230 on your business.