Rules Mate

Comply with APRA CPS 220 (Risk Management)

APRA-regulated entities must have a comprehensive risk management framework.

criticalcurrentannual

Who must comply

APRA-regulated entities (ADIs, insurers, super trustees).

What triggers it

Being APRA-regulated.

When due

Continuous; annual board attestation.

Evidence required

RMF, board approval, risk appetite statement, risk register, BCM, attestation.

Max penalty

APRA enforcement actions including capital, licence conditions

Summary

CPS 220 requires APRA-regulated entities to maintain a Board-approved Risk Management Framework covering: risk appetite, risk culture, three lines of defence, risk register, business continuity, and material risks. Annual board attestation.

Enforced by

Industries

Topics

aprarisk-management

Related obligations

Frequently asked questions

Who must comply with APRA CPS 220 (Risk Management)?
APRA-regulated entities (ADIs, insurers, super trustees).
What triggers APRA CPS 220 (Risk Management)?
Being APRA-regulated.
When is APRA CPS 220 (Risk Management) due?
Continuous; annual board attestation.
What is the maximum penalty for APRA CPS 220 (Risk Management)?
APRA enforcement actions including capital, licence conditions
What evidence is required for APRA CPS 220 (Risk Management)?
RMF, board approval, risk appetite statement, risk register, BCM, attestation.

Source: https://apra.gov.au/risk-management. Rules Mate is not a law firm. Always verify against the live regulator source before acting.