The new financial year will see all APRA-regulated entities required to comply with Prudential Standard CPS 230 Operational Risk Management – or CPS 230 – a new standard that will change how these entities manage operation risk, business continuity and oversight of third-party providers.
While this new regulation is directed specifically at institutions operating under APRA’s rules, Complii chief executive Alison Sarich said CPS 230 will also inadvertently impact financial advisers, particularly risk advisers, through their work with life insurers.
“With CPS 230, advisers will be subject to a more rigorous and comprehensive approach to manage operational risk management within their firms. Unfortunately, this may potentially lead to increased costs and complexities within a firm, and this cost/complexity may potentially be passed down to an adviser,” Sarich told ifa.
The CEO explained that these changes could also impact how insurers exchange information. In addition to being asked to provide further details about their own controls, the new standards will require entities to “have a better understanding of their operational risk profile and will also impact service provider arrangements”.
As a result of these additional requirements, Sarich suggested that operational costs could see an increase.
“Firms can keep costs at bay, or increased minimally, by adopting cost-effective technology like risk management systems to help manage a company’s risk appetite, obligations, changes and controls, and demonstrate an overall framework representing their business risks and management of those, which will keep processes and key person reliance manageable,” she said.
Although CPS 230 will see further regulations inadvertently placed on an already overregulated profession, Sarich said it should have an overall positive impact on advisers’ clients by “strengthening the operational resilience of APRA-regulated financial institutions”.
This, she said, could lead to greater stability and reduced risk of disruptions with the ultimate goal of protecting customers and the wider financial system.
“This will involve considerable changes in how these institutions manage their operational risks, business continuity and service provider agreements,” Sarich said.
As 1 July approaches, the CEO explained that relevant entities will be conducting thorough reviews of their current risk management plan, identifying and addressing any gaps, engaging with service providers to ensure compliance and developing comprehensive implementation plans in preparation.
“This should ultimately result in advisers preparing themselves and making adjustments in their own processes to pre-empt the changes,” Sarich said.
While it would be easy for advisers to overlook this given it isn’t directly impacting them, Risk Hub founder Marc Fabris told ifa last month that “this isn’t just an institutional issue … and advisers need to be part of the conversation”.
“If your business relies on APRA-regulated providers or third-party platforms, understanding CPS 230 will help you improve your own resilience, demonstrate good practice and align with rising industry expectations,” Fabris said at the time.
Good grief, what will these revenue raising pollies dream up next? Seriously, they make the highway patrol quota system look like primary school lunch money. Thank the Good Lord above I was fortunate enough to sell up and leave this absolute farce of an industry (never allowed to become a profession) in 2021 and retire. I still feel for my clients with whom I’d been very close to many. Risk industry only a former shadow of previous self and will be completely gone as we knew it by end of 2026, sadly.
i asked my licensee and they said there was nothing for us to be concerned about.
CPS 230 is set to bring significant changes to how financial advisers—especially risk advisers—interact with life insurers and manage operational risks. While the regulation is primarily aimed at APRA-regulated entities, its ripple effects will be felt across the financial advice sector.
Here’s how risk advisers may be affected:
– **Increased Compliance Requirements**: Advisers will likely face more stringent operational risk management expectations, even if they are not directly regulated by APRA. This could mean additional documentation and oversight in their dealings with insurers.
– **Higher Operational Costs**: The new standard may lead to increased costs for insurers, which could be passed down to advisers. Firms may need to invest in risk management systems to streamline compliance and keep costs manageable.
– **Stricter Data Sharing and Access Controls**: Insurers will need to tighten their control over client data and service provider arrangements. Advisers may see changes in how they access insurer platforms, share client information, and manage login credentials.
– **Greater Scrutiny from Insurers**: Advisers working closely with insurers may be asked to demonstrate their own risk management controls, particularly around cybersecurity and data protection.
– **Potential Benefits for Clients**: Despite the added complexity, CPS 230 aims to strengthen the operational resilience of financial institutions, which could lead to greater stability and reduced risk of disruptions for clients.
As the July 1 deadline approaches, advisers should prepare by reviewing their risk management processes, engaging with insurers to understand new requirements, and considering technology solutions to help navigate the changes. While CPS 230 isn’t directly targeted at advisers, staying ahead of these shifts will be crucial for maintaining smooth operations and client trust.
Just do general advice and don’t worry about any compliance.
While CPS 230 is primarily directed at APRA-regulated entities like banks, insurers, and super funds, it will indirectly impact insurance advisers, especially those working in risk advice. Here’s how:
Stricter Data Controls: Insurers may tighten access to client data, meaning advisers could face new restrictions on how they interact with insurer platforms.
Changes in Information Exchange: Advisers often share client data manually (via email, PDFs, etc.), but CPS 230 pushes insurers to improve security, which could alter how advisers submit and receive information.
Increased Compliance Costs: Advisers may need to adjust their own risk management processes to align with insurers’ new requirements, potentially leading to higher operational costs.
Greater Scrutiny from Insurers: Insurers may ask advisers to demonstrate their own risk controls, such as secure login practices and data protection measures
well don’t just give us the bad news – tell advisers at the front line how it could impact us.
Labor will come up with another way to charge you…
There is no good news