APRA and the “cloudy future”

The banking regulator has encouraged institutions to not only allocate investment to the new technologies but to ensure they allocate sufficient resources to maintain the existing platforms.

Speaking at the “Curious Thinkers” conference in Sydney on Monday this week the Australian Prudential Regulation Authority's (APRA) Chairman, Wayne Byres, told the audience that increased technology investment budgets will be required to ensure “cyber soundness”.

Wayne Byres - Chairman Australian Prudential Regulation Authority's (APRA)

In reminding Boards and management of regulated entities that they are ultimately responsible for data security, and that outsourcing does not abdicate this responsibility, he indicated that reviews by APRA “suggested the health of the systems environment and associated risks have not been as well understood by peak decision-makers as they should be”.

The remarks came on the day APRA released updated guidance on the use of shared computing services. APRA has developed this in response to a perceived increase in risk and what Mr Byres described as “observed areas of weakness.”

In acknowledging that new technologies have dramatically lowered the barriers to entry to financial services APRA are concerned that the response from the established players will come at the expense of existing platforms that support traditional financial service offerings.

In a speech outlining what Mr Byres called a long range forecast, he suggested that it was, "
not inconceivable that a provider of transactional payment services in Australian dollars could emerge that does not have any presence in Australia”, and that this will test the “regulatory statutes and frameworks”.

APRA in providing easier access to the challenger institutions, reiterated that it won’t lower standards in its protection of the Australian consumer. He also suggested that as those challengers continue to enter the market, the regulator may focus on, “functions, rather than companies”.

A key challenge for both the established and new market participants is how to manage the disaggregation of services, and data, within the risk profile that is acceptable to the regulator.

One solution does not fit all and to ensure that institutions are “fit for future”, Boards and executive will be required to invest in new and established customer facing technology, resources and education.

David Ingham B.Ec MBA
Phone: 0418 494 010