Our latest insights

In this episode of Navigating the New Normal, Katherine Shamai, Partner in the Risk Consulting team unpacks what modern slavery is and what businesses are required to report in Australia.

CFOs have a pivotal role in preventing and mitigating fraud risks within organisations. They should establish a strong governance framework promoting ethical behaviour, transparency, and accountability. Collaborating with technology leaders, CFOs can implement anti-fraud technology, stress-testing measures, and anti-money laundering controls. Maintaining an ethical culture through awareness, education, and reporting mechanisms is crucial.

This week, the Australian Prudential Regulation Authority (APRA) finalised new requirements to Prudential Standard CPS 511 Remuneration, which will significantly impact authorised deposit-taking institutions (ADIs), insurers, and superannuation entities. This new standard requires APRA-regulated entities to publish details around their remuneration frameworks, design, governance, and outcomes. These changes come in an effort to create more transparency and improve risk management, in particular in the context of the poorly designed and executed remuneration frameworks exposed through the financial services Royal Commission.

We recently sat down with NSW Club leaders to discuss Environmental, Social, and Governance (ESG) considerations on the Club industry in the short to medium term. The International Sustainability Standards Board (ISSB) has now released their standard on Sustainability, and Treasury has sent a draft policy on how the standards will be adopted in Australia. Although there is no set guidance at this stage, it is most likely Clubs will need to adopt this standard in FY26.

The current cost of living crisis compounded with salaries not keeping up with inflation has created a climate in which the fraud triangle can emerge. Internal Audit programs are a valuable tool that can be used to assess and report this.

You may not know it, but your privacy related risk exposure changed overnight. Now more than ever, businesses cannot afford to be complacent about privacy compliance.

CPS 230 requires regulated entities to consider service disruption from a different perspective. Working backwards through a scenario, entities must identify the harm that a disruption may cause to its customers or the broader financial system, then take active measures to prevent it (operational risk) and recover from it (operational resilience).

The Security of Critical Infrastructure Risk Management Program Rules (CIRMP) commenced on 17 February 2023 and was signed off by The Minister for Home Affairs the Hon Clare O’Neil MP (the Minister). This marks the beginning of the six-month transition period for responsible entities to adopt a written CIRMP.

Across New South Wales (NSW) there are 128 local councils, all with the important role of building community, maintaining infrastructure, and supporting future developments as well as providing a range of social services.

You may think that your business is too small to target – too insignificant to warrant the attention of the widely publicised cyber-criminal groups that chase multimillion dollar ransoms. In reality, a large number of criminal groups exist around the world, exploiting the entire spectrum of online activity.

On 10 November, APRA released their insights from their latest risk culture survey in an Insight, “No room for complacency on bank risk culture”. This survey was rolled out to 18 ADIs in late 2021. APRA’s analysis included matters for ADIs to consider, however in our experience these could equally be applied to insurers and Registerable Superannuation Entity Licences (RSELs).

One of the most common ways of managing operational risk is through a system of effective internal controls. Control failures however can lead to events as varied as mis-selling, data breaches and underpayments – as such in APRA's Prudential Standard CPS 230 they have strengthened the focus on operational risk management. In this second series of our CPS 230 technical guides we provide an overview of some necessary elements to achieve strong operational risk management and why it is the foundation of operational resilience.