Access to financial services is essential for all Australian households and businesses. We rely on banking to pay, or accept payment, for goods and services. Insurance helps us rebuild after a flood or fire and pay for vital medical treatments. And superannuation supports us to maintain a dignified lifestyle in retirement.
But sometimes, despite best efforts, these services are threatened or disrupted; for example, if there’s a power outage, an internet outage or cyber incident. The ability of a company to deal with the risks that arise from operating its business, including those that may compromise its ability to provide services to the customers who depend on it, is known as operational risk management.
Disruptions to these services not only have a detrimental impact on the households and businesses that rely on them. A catastrophic operational risk incident, if not well managed, could lead to significant financial losses for the institution involved and undermine financial stability. As a result, APRA takes seriously operational risk management among the banks, insurers and superannuation trustees it supervises.
The issue has taken on greater importance over recent years as the financial system has become more interconnected, more dependent on digital technologies and more reliant on service providers. Many technological innovations in finance rely on the successful integration of multiple technologies provided by a range of financial system players: the banks, insurers and super funds themselves, the cloud, payments providers, telcos and big tech companies. A failure at any point in the chain has the potential to compromise services to the entire system.
Add in the worsening scourge of scams, the advancement of artificial intelligence and the declining use of physical cash, and the operational environment is becoming more complex for APRA-regulated entities to manage.