R
Obligations/CWLTH

Comply with APRA CPS 220 (Risk Management)

APRA-regulated entities must have a comprehensive risk management framework.

criticalcurrentannual

Who must comply

APRA-regulated entities (ADIs, insurers, super trustees).

What triggers it

Being APRA-regulated.

When due

Continuous; annual board attestation.

Evidence required

RMF, board approval, risk appetite statement, risk register, BCM, attestation.

Max penalty

APRA enforcement actions including capital, licence conditions

Summary

CPS 220 requires APRA-regulated entities to maintain a Board-approved Risk Management Framework covering: risk appetite, risk culture, three lines of defence, risk register, business continuity, and material risks. Annual board attestation.

Enforced by

Industries

banking adiinsurance generalsuperannuation trusteesprivate health insurers

Topics

aprarisk-management

Source: https://apra.gov.au/risk-management. Rules Mate is not a law firm. Always verify against the live regulator source before acting.