APRA CPS 230 — Operational Risk Management · vCPS 230 (effective 1 July 2…
APRA CPS 230 — Operational Risk Management
APRA CPS 230 — Operational Risk Management — 100% covered.
6 requirements · 6 enforced · 0 designed · 0 advisory · 0 deferred.
Source: Australian Prudential Regulation Authority, Prudential Standard CPS 230 Operational Risk Management (effective 1 July 2025). Operational risk management (paras 13-21), business continuity (paras 30-34), service provider management (paras 35-48).
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Operational risk management (paras 13-21) | 4 | 4 | 0 | 0 | 0 | 100% |
| Service provider management (paras 35-48) | 1 | 1 | 0 | 0 | 0 | 100% |
| Business continuity (paras 30-34) | 1 | 1 | 0 | 0 | 0 | 100% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
apra-cps-230.13 |
Paragraph 13 — Effective management of operational risk across the full life cycle of all business operations | enforced | audit_events: kye.compliance.attestation.v1, kye.assurance.risk_assessment.v1, kye.evidence.decision_map.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/51-NO-SPOF.md |
apra-cps-230.15 |
Paragraph 15 — Maintain a comprehensive operational risk profile and assess the impact of material changes | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
apra-cps-230.18 |
Paragraph 18 — Effective internal controls, monitoring and assurance over operational risk | enforced | audit_events: kye.evidence.decision_map.v1, kye.purpose.admissibility.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
apra-cps-230.20 |
Paragraph 20 — Notify APRA of operational risk incidents that have a material financial impact or affect the entity's ability to maintain critical operations | enforced | audit_events: kye.signal.incident.opened.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
apra-cps-230.35 |
Paragraph 35 — Maintain a register of material service providers and manage the risks associated with the use of those providers | enforced | audit_events: kye.risk.authority_register.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/51-NO-SPOF.md |
apra-cps-230.42 |
Paragraph 42 — Critical-operation tolerances and the ability to continue critical operations within tolerance during a disruption | enforced | audit_events: kye.resilience.signal.v1, kye.replay.proof.v1engines: internal, internalconstitution_refs: constitution/25-EDGE-GOVERNANCE.md, constitution/51-NO-SPOF.md |