Superannuation funds will likely be compelled to engage external audit firms to conduct a review of their cybersecurity arrangements, under a new regime being put in place by the Australian Prudential Regulation Authority.
The regulator announced the move today with its board member Geoff Summerhayes saying APRA would “shortly be requesting one-off tripartite independent cyber security reviews across all our regulated industries”.
He said that, starting next year, APRA would be asking boards to engage an external audit firm to conduct a thorough review of their CPS 234 compliance and report back to both APRA and the board.
“We haven’t made a final determination on which entities this will apply to, but all entities should prepare accordingly,” Summerhayes said.
He also used his speech to a Financial Service Assurance Forum to reveal that fund managers and other suppliers to APRA-regulated entities would be part of the assessment process with respect to cybersecurity.
“To achieve this, APRA will engage with a selection of suppliers, auditing associations and financial entities to develop stronger third-party provider assessment and assurance practices for use by APRA-regulated entities,” Summerhayes said.
He also pointed to the development of greater alignment between APRA, the Australian Securities and Investments Commission (ASIC) and the Reserve Bank with respect to cybersecurity requirements.
The central bank has announced its latest rate decision amid stubborn inflation and increasing geopolitical tension.
Aware Super has outlined its systematic approach to corporate engagement as institutional investors increasingly assert their influence on company boards and take on an active stewardship role.
The country’s second-largest super fund has completed its fourth SFT this past financial year and welcomes almost 5,000 new members.
The corporate fund has announced it is seeking a suitable merger partner as the number of corporate super funds in Australia continues to dwindle.
Add new comment