Brought to you by:
Home / Regulatory & Government / APRA monitors tech outage threats

APRA monitors tech outage threats

The prudential watchdog has warned insurers’ reliance on third-party technology vendors poses “concentration risk” to their operations.

Australian Prudential Regulation Authority member Suzanne Smith says the CrowdStrike systems outage in July last year provides an example of the disruption that can arise if a vendor has to halt its services.

“One concern APRA is paying close attention to is concentration risk,” she said. “To better understand this risk, APRA asked all its regulated entities to submit a list of their material service providers by the beginning of this month.”

She says the authority has started analysing the data to develop a financial system-wide view of entities’ reliance on third-party providers and where concentration risks may lie.

“Across banking, insurance and superannuation, critical operation delivery often hinges on a concentrated set of technology vendors … That means if one of these technology providers fails, even temporarily, they can potentially take down services at every company relying on their service.”

Dependence on third-party service providers has increased as the cost and complexity of the modern tech infrastructure needed in financial services grows.

“Entities should be undertaking their own work independently to address third-party and concentration risk,” Ms Smith told a financial services forum last week.

“Your checks need to go beyond checking documents to properly validating whether tolerance levels, mapping and testing truly capture real points of failure across first, second, third and further parties.”

Data risk is another area of concern.

“This isn’t a new risk, but it’s one that is growing if for no other reason than the volume of data that companies generate each year keeps expanding,” Ms Smith said.

The authority is also tracking artificial intelligence risk.

“Before the end of the year, we will undertake targeted supervisory engagements with a group of larger financial institutions to get a better understanding of leading industry practices and common challenges relating to AI,” Ms Smith said.