Media Release
May 5, 2025: With just under two months until the July 1 compliance deadline, Complii FinTech Solutions is encouraging APRA-regulated entities to intensify preparations for the incoming CPS 230 Prudential Standard on Operational Risk Management. This landmark regulation is reshaping how financial services organisations manage operational risk, ensure business continuity and oversee third-party arrangements.
The Australian Prudential Regulation Authority (APRA)’s CPS 230 represents one of the most significant regulatory developments in recent years for banks, insurers, and superannuation funds, according to Complii. The standard mandates a more robust, board-level oversight of operational risk and imposes stringent new requirements for managing critical operations and outsourcing relationships.
Complii CEO Alison Sarich stressed that at the heart of the standard is board accountability.
Directors must now approve Business Continuity Plans (BCPs), define tolerance levels for disruptions, and actively oversee service provider policies and testing outcomes. Importantly, APRA must be notified within 72 hours of any operational incident likely to have a material financial or operational impact.
Even for the advice industry, particularly in risk insurance, these changes are substantial.
“Risk insurance advice often involves interaction with insurer platforms, quoting tools and highly sensitive client data from medical histories to income details. The advisers in this sector must align with the operational rigor CPS 230 demands, even if not formally bound by it,” said Sarich.
Sarich noted the role of technology and digitisation in tackling these emerging compliance demands.
“Risk management ensures operational workflow risks are identified and effectively mitigated through digitally secured processes,” she explained. “It allows firms to create, track and automate risk-aware workflows throughout the advisory process, empowering Australian Financial Services Licensees (AFSLs) to scale and operate with greater control.”
Complii is encouraging all APRA-regulated entities to take immediate action and ensure they are not only meeting minimum compliance thresholds but are also leveraging this moment to embed long-term operational resilience.
The firm outlined the following priority actions:
1. Review operational risk frameworks: conduct a full audit of existing risk management and business continuity systems to assess their alignment with CPS 230.
2. Identify and close gaps: Pinpoint weaknesses in current plans, especially those related to critical operations and third-party services and act swiftly to rectify them.
3. Strengthen vendor oversight: evaluate all outsourced arrangements to ensure third-party providers are meeting the required standards, with updated contracts where necessary.
“Complii can assist APRA-regulated entities manage the impact of CPS 230 and identify any gaps in a firm’s current policies and processes. With the deadline fast approaching, we stress that compliance is not merely a checkbox exercise but a strategic opportunity to modernise and de-risk operations in an increasingly complex regulatory and cyber risk environment,” said Sarich.
Ends
About Complii Fintech Solutions
Complii is an integrated Corporate and Advisor management platform helping to navigate through the ever-changing regulatory landscapes and operational boundaries. Complii’s offering covers the whole equity Capital Markets ecosystem, from FS compliance, capital raising, risk management and operational needs. Complii’ s customisable and modular software provides a single desktop solution to automates key operational needs.
LinkedIn – https://www.linkedin.com/company/complii-pty-ltd/
Media contact
Simrita Virk, Capital Outcomes
simrita@capitaloutcomes.com
+61 2 434 531 172