Solutions
Support
About
Property Insights
Join
Sign In

PEXA's position on APRA's CPS 230

Here’s what you need to know

Supporting our Banks and Financial Institutions

CPS 230 sets forth standards and regulatory requirements that APRA-regulated entities (banks, insurers, and superannuation funds) must adhere to by 1st July 2025. It is designed to strengthen operational risk management, improve business continuity planning, and enhance the management of third and fourth-party service providers

 

PEXA's position on CPS230

PEXA is not regulated by APRA and has no obligation to be compliant with the standard, however, the standard introduces a new level of risk management practices in the industry that are useful in their own right. We also recognise that the services we provide are considered by our Banking and Financial Institution customers to be a ‘critical operation’.

As a result, and for the purposes of CPS230, we’ve considered ourselves to be a Material Service Provider (MSP) and endeavour to support your business.

 

Access presentation for more information

Key Activities

  • PEXA is in the process of updating Participation Agreements (PAs) to incorporate the relevant changes for CPS230. Please note, this update includes references relevant to the SOCI Act and CPS234.

    View current FI Participation Agreement

  • PEXA will email Representative Bodies for Banks, i.e. the ABA, COBA and ASL and directly to any non-member Financial Institution, with the modified PA on 9th May. Allowing a 30 day consultation period to collate feedback and share with PEXA.

    If you would like to participate in the review & consultation process, please reach out to your respective legal team or representative body liaison for a copy of the PA. All feedback should be sent to PEXA via your representative body accordingly.

  • PEXA will create a mechanism for our customers to access assurance artefacts to conduct their risk management activities. This will be communicated when available.

Resources

Watch our recent information session to learn more about APRA’s regulatory landscape, our obligations under the SOCI Act and our position on APRA’s new Prudential Standard CPS230 and how we intend on supporting you.

FAQ's

No, unlike Financial Institutions and other entities, PEXA is regulated by ARNECC and operates under the rules of the Model Operating Requirements (MOR).  

https://www.arnecc.gov.au/publications/model_operating_requirements/ 

PEXA recognises that the services it provides under the Participation Agreement are considered by APRA-regulated financial institution customers to be a ‘critical operation’.  

Therefore, we have chosen to classify ourselves as a Material Service Provider (MSP) and strengthen our ongoing assurance activity to support our customers.

PEXA is updating its Banking and Financial Services sector Participation Agreement to incorporate regulatory requirements in line with:

  • CPS230
  • CPS234 

Yes. Current practise is for material changes to the Participation Agreement to be shared via the ABA. The ABA will notify its members and allow a period of consultation. The ABA will collate and notify PEXA of the feedback.

Yes, PEXA will be providing its customers with the below tolerance metrics by July 1, 2025:

  • Recovery Time Objective (RTO)
  • Recovery Point Objective (RPO) 

Yes, PEXA will provide its customers a list of suppliers that are relevant to the performance of its critical operations by July 1, 2025.

Yes. Due to PEXA’s obligations under the SOCI Act, we are restricted in providing information / artefacts in relation to: 

  • PEXA’s Critical Infrastructure Risk Management Program (CIRMP) or components thereof
  • Any vulnerability / penetration testing results
  • Business continuity plans, policies or procedures 
  • SOC 2 Type 2 External Audit report – showcasing PEXA’s control environment and testing results
  • ISO27001 Information Security Management Certification + Statement Of Applicability (SOA) 

PEXA has introduced an annual process post the release of the SOC2Type 2 report to receive feedback from its customers. This allows us to continuously review and improve our control testing environment in line with changing needs.

Support

If you have any further questions, please contact our team or your relationship manager directly. 

Contact now
Product Suite
PEXA Exchange
PEXA Key
PEXA Projects
PEXA Planner
PEXA Tracker
Value Australia
.id (informed decisions)
Land Insight
API Integration
Solutions for
Lawyers & Conveyancers
Financial Institutions
Solutions for Government
Property Developers
Practice Management Software Providers
Buyers & Sellers
Support
Overview
Pricing
Mobile Signing
Help Centre
PEXA Certification
System Status
Security
About
Company
Management Team
Board of Directors
ESG
Careers
Investor Centre
Property Insights
All Property Insights
Research
PEXA News & Media Centre
Australia Map

In the spirit of reconciliation PEXA acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander people today.

Uluru Statement

We accept the invitation to walk with First Nations Peoples to a better future for us all. For more information visit the UluruStatement website.

Pexa
© Property Exchange Australia Ltd. ABN 92 140 677 792.
Terms
Privacy Policy
We use cookies to improve your experience. You consent to the use of our cookies if you proceed. Visit our Privacy policy for more information.
OK