Outsource and Cloud APRA Engagement
Australian FSIs need to advise and consult with the regulator, APRA for any material, heightened outsourcing. This includes migration to all cloud based technologies. They will ultimately require a formal ‘no objection’ ruling from APRA.
We help FSIs with their APRA engagement approach, plan, content and evidence of adherence to the regulatory framework. This often includes uplift or readiness activity utilising our suite of 'APRA ready' frameworks, processes and materials.
Our APRA readiness support services:
- ensure that project and business teams understand the pathway or playbook to APRA engagement
- Regulatory compliance aspects are built in to all components of the design and delivery planning
- assesses completeness of submission contents
- assesses quality of materials and content to be submitted
- ensures alignment to the APRA standards, guidelines and regulatory framework
- advise what is considered good practice aligned to APRA expectations
- ensures all accountable parties - project, operational, support and vendor teams, are aware and prepared for the APRA engagement
By taking APRA readiness off the critical path to delivery, we ensure a smooth and successful delivery.
Our Cloud Engagement Services
Some ways we help FSIs with their Outsource and Cloud APRA engagement
APRA Engagement Planning
Not sure how to best engage APRA? Or need a fresh look at your APRA engagement plans for a project with regulatory impacts? Many of our clients start here.
We work with your teams to understand your target solution, constraints, risks and current state. We then create an approach and roadmap for regulatory engagement with APRA, via the most effective regulatory pathway, aligned to key delivery milestones.
APRA Readiness Review
We review your APRA submission artefacts to ensure completeness, quality and alignment to APRA expectations. We identify gaps, weakness and quality issues that need to be remedied as aligned to your company's policy, risk and operational processes.
The objective is to provide guidance on how to plan for the most effective regulatory pathway by taking regulatory requirements off the critical path. Design and Plan with regulatory end in mind.
APRA Submission Authoring
We supplement your project team and author the APRA submission. We have refined our approach, framework and content through dozens of APRA consultations - our APRA ready 'backpack' of accelerators.
A clear and concise narrative is imperative to describe how designs and deliverables align to the APRA regulatory requirements. This is from both a delivered risk perspective and operational readiness.
Case Study
Australian Digital Bank
The Situation
A digital bank had their proprietary integration platform coming to the end of its maintenance support arrangement.
After completion of a proof of concept, the decision was made to replace the existing platform with a cloud based, integration solution on public cloud.
This was material in nature and defined as heightened risk so required a consultation with APRA and ultimately their ‘no objection’.
What We Did
Capital Consult were engaged in the initiation phase to define the APRA engagement plan and the scope and quality of evidence for the APRA cloud consultation. We provided APRA ready frameworks, processes and artefacts and worked with the bank’s IT, digital, business, security and risk teams to implement these as ongoing practice.
Capital Consult’s specialist regulatory, risk and cloud consultants also assisted with the creation of the bank’s cloud strategy, revised security framework and uplifted data framework.
A Capital Consult project manager was engaged to lead the 4 month APRA cloud readiness and uplift project. We delivered key inputs such as the materiality framework, cloud risk register (68 cloud and outsource specific risks), cloud and program assurance approach and recovery test plan. This culminated in the completion of the APRA consultation pack of 56 cloud related artefacts covering 8 cloud risk domains. We assisted with the APRA submission and coaching of bank executives in presenting to APRA.
The Outcome
APRA gave their ‘no objection’ to move ahead with a phased approach to building the bank’s integration platform on the cloud.
New cloud related operational processes were embedded in the business such as a new approach to managing cloud risks and the risk profile of future workloads, materiality definition framework and ongoing cloud assurance.
Capital Consult also defined the ongoing and re-useable APRA engagement plan and cloud readiness ‘backpack’ for all future outsource and cloud related APRA submissions.