🇦🇺 Live Insurance

APRA CPS 230 Operational Risk Management

Sets requirements for APRA-regulated entities to manage operational risk, including business continuity, third-party service provider management, and tolerance for disruptions. Applies to banks, insurers, and superannuation trustees in Australia.

View official source document

14

Rules extracted

58

Obligations decomposed

4.1x

Avg obligations per rule

🇦🇺 Australia

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

14

Rules

Decomposed

58

Obligations

4.1x

Decomposition ratio

Each rule is decomposed into an average of 4.1 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 58 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in CPS 230 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
APRA CPS 230 Operational Risk Management
Regulatory body
Australian Prudential Regulation Authority
Jurisdiction
🇦🇺 Australia
Document type
prudential-standard
Effective date
July 1, 2025
Issuing authority
Australian Prudential Regulation Authority (APRA)
Industry
Insurance
Official source
View source document ↗

Who this applies to

ADIsgeneral insurerslife companiesprivate health insurersRSE licensees

Key requirements

  • operational risk management
  • business continuity
  • critical operations
  • service provider management
  • tolerance levels
  • incident notification
  • testing program

Frequently asked questions about CPS 230

What is CPS 230?
Sets requirements for APRA-regulated entities to manage operational risk, including business continuity, third-party service provider management, and tolerance for disruptions. Applies to banks, insurers, and superannuation trustees in Australia.

Who does CPS 230 apply to?
CPS 230 applies to ADIs, general insurers, life companies, private health insurers, RSE licensees.

How many obligations does CPS 230 contain?
AuditDSS has decomposed CPS 230 into 58 atomic obligations from 14 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of CPS 230?
The key requirements include: operational risk management, business continuity, critical operations, service provider management, tolerance levels, incident notification, testing program.

How can I assess my CPS 230 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 58 CPS 230 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces CPS 230?
CPS 230 is enforced in Australia by Australian Prudential Regulation Authority.

When did CPS 230 come into effect?
CPS 230 became effective on July 1, 2025.

What industry does CPS 230 apply to?
CPS 230 is primarily relevant to the Insurance industry. AuditDSS covers 98 regulations in this industry sector.

Build a CPS 230 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for CPS 230 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering CPS 230 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine CPS 230 with other regulations into a single unified compliance pack for your business.

Build CPS 230 compliance pack

Already have a policy? Assess it against CPS 230

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 58 obligations

Your document is scored against every obligation in CPS 230. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Insurance

🇦🇺 Live

CPS 234

13 rules, 83 obligations
🇦🇺 Live

GPS 116

10 rules, 67 obligations
🇦🇺 Live

LPS 110

10 rules, 71 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

ASIC Regulatory Guide 271 — Internal Dispute Resolution

10 rules, 150 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Insurance Contracts Act 1984

18 rules, 120 obligations

Assess your CPS 230 compliance

Upload your document and get a risk-scored gap analysis against 58 CPS 230 obligations in under 5 minutes.

Start assessment Browse all regulations