APRA Prudential Standard CPS 230 ‘Operational Risk Management’ comes into force July 2025.
CPS 230 applies to APRA-regulated insurers (including both local insurers & Category C insurers) however there are indirect or downstream impacts on Underwriting Agencies, Claim Managers (Service Suppliers) & Insurance Brokers.
These impacts arise in respect of insurers’ critical operations & material service providers.
𝙘𝙧𝙞𝙩𝙞𝙘𝙖𝙡 𝙤𝙥𝙚𝙧𝙖𝙩𝙞𝙤𝙣𝙨
An APRA-regulated entity must maintain its critical operations within tolerance levels through severe disruptions & manage the risks associated with the use of service providers (para 12 CPS 230).
For an insurer, claims processing is a critical operation unless the insurer can justify otherwise.
𝙈𝙖𝙩𝙚𝙧𝙞𝙖𝙡 𝙨𝙚𝙧𝙫𝙞𝙘𝙚 𝙥𝙧𝙤𝙫𝙞𝙙𝙚𝙧𝙨
An APRA-regulated entity must, at a minimum, classify a provider of the following services as a material service provider, unless it can justify otherwise: for an insurer (general, life, private health): underwriting, claims management, insurance brokerage & reinsurance (p50)
𝘔𝘢𝘯𝘢𝘨𝘦𝘮𝘦𝘯𝘵 𝘰𝘧 𝘴𝘦𝘳𝘷𝘪𝘤𝘦 𝘱𝘳𝘰𝘷𝘪𝘥𝘦𝘳 𝘢𝘳𝘳𝘢𝘯𝘨𝘦𝘮𝘦𝘯𝘵𝘴
An APRA-regulated insurer must:
- Maintain a comprehensive service provider management policy (p47);
- Identify & maintain a register of its material service providers & manage the material risks associated with using these providers (p49) & submit the register to APRA on an annual basis;
- Before entering into or modifying a material arrangement undertake due diligence assessing the financial & non-financial risks (p53)
- Maintain a formal legally binding agreement covering the matters listed in p54 (a) – (g);
- Monitor the arrangement (p58);
- Meet the APRA notification requirements (p59); &
- Have the arrangements reviewed by its internal audit function (p60).
𝙎𝙤 𝙬𝙝𝙖𝙩 𝙙𝙤𝙚𝙨 𝙩𝙝𝙞𝙨 𝙢𝙚𝙖𝙣 𝙛𝙤𝙧 𝙢𝙖𝙩𝙚𝙧𝙞𝙖𝙡 𝙨𝙚𝙧𝙫𝙞𝙘𝙚 𝙥𝙧𝙤𝙫𝙞𝙙𝙚𝙧𝙨?
Material service providers who are well prepared for the impacts of CPS 230 will achieve a competitive advantage in their partnering with insurers.
Providers of material services must:
- Incorporate the requirements of CPS 230 into their risk & compliance arrangements including referencing APRA’s Prudential Practice Guide (CPG 230);
- Engage early with insurer(s) to understand the insurer(s) project plan in respect of timeframes & any unique requirements they have; &
- Arrange for a compliance review in early 2024 (due diligence) to fully understand the impact of the proposed changes to ensure a seamless transition to the new arrangements.
Do not hesitate to contact me to assist in being prepared for the impacts of CPS 230 on your business.