Stemming the tide of disruption: CPS 230 Operational Risk Management

In March 2023, the financial world was rocked by the collapse of Silvergate Bank, Silicon Valley Bank, and Signature Bank and within a week, Credit Suisse was taken over in a 'voluntary transfer'. These failures, triggered by existing vulnerabilities, represent the most severe stress event for the global banking system since the Global Financial Crisis (GFC). Investigations confirmed that poor risk management practices exacerbated these vulnerabilities, leading to catastrophic disruptions that could not be curtailed. The events of 2023 underscore the critical need for risk management excellence.

To address these challenges, The Australian Prudential Regulation Authority (APRA) is introducing the Cross-industry Prudential Standard CPS 230 on Operational Risk Management (CPS 230). However, merely complying with regulatory requirements will not enable organisations to effectively withstand the unpredictable without embedding resilience into their business practices. BDO's financial services experts have analysed the CPS 230 environment and written a comprehensive report to help businesses navigate this complex regulatory landscape. 

Embracing operational resilience 

Disruption is inherently unpredictable, and it will always carry some level of uncertainty. Meeting regulatory obligations is essential, but those who only aim to meet APRA’s minimum standards will not be as protected as those who integrate operational risk management into their daily operations. Compartmentalising the implementation of CPS 230 may achieve compliance, but it won't foster true resilience, regardless of the expertise of those involved. 

Achieving resilience requires a strategic approach, scientific insight, and unwavering commitment. Most importantly, it demands support and investment from senior management who grasp the intricacies of CPS 230, including its dependencies and interconnectedness. Implementing operational risk management measures to merely comply may not have been a deliberate decision. Often, the focus on mere compliance arises from factors like delayed starts, unclear expectations, or difficulties in securing funding. While compliance might seem like the straightforward goal, those who choose this path must acknowledge its limited benefits. 

Key takeaways from our new report 

The events of 2023 have highlighted critical areas for improvement in risk management within the Australian financial sector. A few key takeaways have emerged, which are essential for building a resilient financial system: 

  • CPS 230 sets minimum standards for operational risk management 
  • Embracing operational resilience is crucial for withstanding future disruptions 
  • Senior management endorsement and investment are essential for building resilience. 

At BDO, we have adopted a scientific approach to analysing and implementing CPS 230. Just as DNA strands bond together to serve as a blueprint for the creation, growth, and survival of organisms, our analysis reveals that successful organisations have resilience embedded into their cultural and organisational DNA. Like strands of DNA, CPS 230 contains complementary elements that must be integrated for effective resilience so an organisation can thrive in the face of changing regulations and challenges. 

Our new report explores our scientific approach to implementing CPS 230 and outlines practical steps in the lead-up to the deadline. These takeaways emphasise the importance of regulatory compliance and the need for a proactive approach to operational resilience. 

For more insights and detailed analysis, read the full report. 

Read the report

How BDO can help

Navigating CPS 230 compliance can be challenging. At BDO, we see resilience as your business's new genetic code, offering benefits beyond regulatory obligations. BDO’s financial services experts combine regulatory knowledge and business expertise to help clients transform and unlock their full potential. Contact us today.