Effective April 2018, APRA’s CPS 220 will also apply to private health insurer. Furthermore, end of 2016 APRA assessed the risk management culture of selected financial institutions and found that the sophistication is sometimes lacking.
Focussing on some key components of CPS 220, an organisation’s risk management framework needs to meet certain requirements such as risk appetite statement, risk management strategy and business plan.
The risk appetite needs to outline the risk tolerance for identified key risks. The risk management strategy describes how these key risks will be managed. In addition, the business plan illustrates how business objectives are implemented and associated risks managed. All three documents are required to be submitted to APRA.
The CPS 220 Primer contains a more detailed description and may help to develop a high level understanding of requirements. It also indicates the next steps on a transformational journey to enhance an organisational risk management culture.