AU: CPS 520 Fit and Proper¶
| Regulator | APRA |
| Jurisdiction | AU |
| Status | live |
| Applicability | External — APRA fit and proper requirements for responsible persons. Human vetting and governance process; not system-delivered. |
Outside platform boundary
APRA fit and proper requirements for responsible persons. Human vetting and governance process; not system-delivered.
APRA Prudential Standard CPS 520 Fit and Proper requires APRA-regulated entities to ensure that persons in responsible person roles are fit and proper before appointment and on an ongoing basis. Responsible persons include board directors, the CEO, and senior managers accountable for risk, audit, finance, and compliance functions.
The assessment criteria are: probity (no disqualifying criminal convictions, no adverse regulatory history, no unresolved financial difficulty or insolvency), competence, and relevant experience. ADIs must maintain a register of all responsible persons, complete assessments before appointment and at least every three years thereafter, notify APRA of new appointments within 20 business days, and notify APRA of any disqualifying matter within 10 business days.
CPS 520 is entirely outside platform scope. All obligations are institutional, owned by the Chief People Officer and the board. The platform plays no role in fit and proper assessment, record-keeping, or APRA notification under this standard.
Compliance register¶
This register maps every material obligation under the standard to the platform control or institutional process that satisfies it. It is the static traceability layer for the Totara compliance report — dynamic data (module build status, test evidence, control test dates) is overlaid at runtime.
Scope legend¶
| Symbol | Meaning |
|---|---|
| 🤖 Automated | Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced | Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional | Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A | Obligation does not apply to this deployment configuration. |
Build legend¶
| Symbol | Meaning |
|---|---|
| ✅ | Module built and deployed |
| 🔨 | Module planned — not yet built (build_status: Not started) |
| ❌ | Uncontrolled gap — no module attributed |
All obligations (institutional)¶
| Ref | Obligation | Scope | Policy | Platform controls | Build |
|---|---|---|---|---|---|
| Para 14 | Define and maintain a register of all responsible persons (board directors, CEO, senior managers with accountability for risk, audit, finance, compliance) | 🏛 Institutional | GOV-004, PPL-002 | Register is maintained in the HR system and with the company secretary. Platform has no role. | — |
| Para 15 | Assess each responsible person against fit and proper criteria (probity, competence, experience) before appointment | 🏛 Institutional | GOV-004, PPL-004 | Pre-appointment assessment is a CPO and board process. Platform has no role. | — |
| Para 16 | Periodic re-assessment — re-assess all responsible persons at least every three years | 🏛 Institutional | GOV-004, PPL-004 | Periodic re-assessment is a CPO process. Platform has no role. | — |
| Para 17 | Annual certification — responsible persons certify annually that they continue to meet the fit and proper criteria | 🏛 Institutional | GOV-004 | Annual self-certification is a governance and HR process. Platform has no role. | — |
| Para 18 | Notify APRA of new responsible person appointments — within 20 business days of appointment | 🏛 Institutional | GOV-004 | APRA notification is a Compliance Officer process. Platform has no role. | — |
| Para 19 | Notify APRA of disqualifying matters — within 10 business days of becoming aware | 🏛 Institutional | GOV-004 | APRA notification is a Compliance Officer process. Platform has no role. | — |
| Para 20 | Remediation — take prompt action where a responsible person ceases to be fit and proper | 🏛 Institutional | GOV-004 | Remediation (suspension, removal, restructure) is a board and HR process. Platform has no role. | — |
Institutional obligations summary¶
All obligations under CPS 520 are institutional. The table below documents ownership for compliance tracking purposes.
| Obligation | Owner | Notes |
|---|---|---|
| Responsible persons register | Company Secretary / Chief People Officer | HR system record; not a platform function |
| Pre-appointment fit and proper assessment | Chief People Officer / Board | Background screening, reference checks, regulatory history search |
| Periodic re-assessment (at least every 3 years) | Chief People Officer | Scheduled by HR; no platform involvement |
| Annual self-certification | Chief People Officer / Company Secretary | Governance process; not a platform function |
| APRA notification — new appointment (20 business days) | Chief Compliance Officer | Regulatory correspondence; not a platform function |
| APRA notification — disqualifying matter (10 business days) | Chief Compliance Officer | Regulatory correspondence; not a platform function |
| Remediation on failure of fit and proper | Board / CEO | HR and governance process; not a platform function |
Coverage summary¶
| Area | Total obligations | Platform automated 🤖 | Platform evidenced 📊 | Institutional 🏛 | N/A |
|---|---|---|---|---|---|
| Register and assessment | 3 | 0 | 0 | 3 | 0 |
| Certification and notification | 3 | 0 | 0 | 3 | 0 |
| Remediation | 1 | 0 | 0 | 1 | 0 |
| Total | 7 | 0 (0%) | 0 (0%) | 7 (100%) | 0 (0%) |
CPS 520 is entirely institutional. The platform plays no role in fit and proper assessment, certification, or APRA notification. This is intentional — responsible person vetting is a human governance process that cannot and should not be delegated to an automated platform.
Related policies¶
| Policy | Title |
|---|---|
| GOV-004 | Fit & Proper Policy |
| PPL-002 | Remuneration & Variable Pay Policy |
| PPL-004 | Background Screening & Fit and Proper Policy |
See D08 Governance & Accountability for the full risk domain.
Official documentation¶
Policies referencing this standard¶
- GOV-004 — Fit & Proper Policy
- PPL-002 — Remuneration & Variable Pay Policy
- PPL-004 — Background Screening & Fit and Proper Policy
Compiled 2026-05-22 from source/entities/regulations/au-cps-520.yaml