Skip to main content
Media Releases

APRA releases final guidance on managing data risk

Monday 2 September 2013



The Australian Prudential Regulation Authority (APRA) today released in final form its prudential practice guide on the management of data risk for all APRA-regulated institutions.

Prudential Practice Guide CPG 235 Managing Data Risk (CPG 235) is a cross-industry guide applicable to all authorised deposit-taking institutions (ADIs), general and life insurance companies and superannuation funds regulated by APRA. The guide is designed to assist these institutions in appropriately managing their data risk and is targeted at those areas where APRA has identified weaknesses through its supervisory activities.

The management of data risk is crucial for APRA-regulated institutions because it can affect their ability to meet financial and other obligations to beneficiaries. The risks associated with the use of data, including data application, retention, storage and security, have become more significant with increasing automation and the criticality of data to decision-making.

CPG 235 provides guidance on each of these areas as part of an overall framework for managing data risk. The guidance is intended to be used by Boards and senior management of APRA-regulated institutions, as well as risk and technical specialists and others with an interest in this topic.

CPG 235 and other guidance material can be found on APRA’s website on the following pages:

The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding $6 trillion in assets for Australian depositors, policyholders and superannuation fund members.