APRA released a revised version of CPS 231 with commencement date July 2017. Main changes are:
- Requirements apply to all members of a group if the head of the group is an APRA regulated institution
- Agreements need to include provisions for data ownership, storage and control
- Agreements must contain reporting requirements
While listed changes are only minor in nature, this CPS 231 Primer may help executives to understand key requirements in order to determine whether risks associated with outsourced business activities are managed effectively in their organisation.