Superannuation funds will likely be compelled to engage external audit firms to conduct a review of their cybersecurity arrangements, under a new regime being put in place by the Australian Prudential Regulation Authority.
The regulator announced the move today with its board member Geoff Summerhayes saying APRA would “shortly be requesting one-off tripartite independent cyber security reviews across all our regulated industries”.
He said that, starting next year, APRA would be asking boards to engage an external audit firm to conduct a thorough review of their CPS 234 compliance and report back to both APRA and the board.
“We haven’t made a final determination on which entities this will apply to, but all entities should prepare accordingly,” Summerhayes said.
He also used his speech to a Financial Service Assurance Forum to reveal that fund managers and other suppliers to APRA-regulated entities would be part of the assessment process with respect to cybersecurity.
“To achieve this, APRA will engage with a selection of suppliers, auditing associations and financial entities to develop stronger third-party provider assessment and assurance practices for use by APRA-regulated entities,” Summerhayes said.
He also pointed to the development of greater alignment between APRA, the Australian Securities and Investments Commission (ASIC) and the Reserve Bank with respect to cybersecurity requirements.