APRA - CPG 235

The purpose of CPG 235 is to assist regulated entities within Australia managing data risk. It is designed to guide senior management, risk management and technical specialists (both management and operational). CPG 235 follows on from the principles that were laid down in BCBS 239.

CPG 235 and metadata management

Clause 20 of CPG 235 states:

In order to ensure that data risk management is not conducted in an ad hoc and fragmented manner, a regulated entity would typically adopt a systematic and formalized approach that ensures data risk is taken into consideration as part of its change management and business-as-usual processes.

This directly implies that banks must ensure that all data risk is clearly and unambiguously defined and understood enterprise-wide so to enforce consistency and control to improve regulatory compliance. Metadata that is managed properly enables strong data risk impact capabilities, while a clearly defined and usable infrastructure allows banks to know that the data, they are looking at is accurate and precise.

This level of understanding cannot be achieved without a fit-for-purpose metadata management process and data lineage solution.

CPG 235 and data lineage

Data management and data lineage are critical to an organizations ability to fulfill the intent of CPG 235, the Australian Prudential Regulation Authority (APRA) specfically call out lineage as being a key requirement for Data Architecture.


Clause 27

“In order to ensure that data risk management is effective, it is important that a regulated entity:
(a) understands the nature and characteristics of the data used for business purposes;
(b) is able to assess the quality of the data;
(c) understands the flow of data and processing undertaken (i.e. data lineage); and
(d) understands the data risks and associated controls.

Clause 29

“APRA envisages that the data architecture would normally align with a regulated entity’s established policies, standards and guidelines. An entity would normally maintain the data architecture as part of its change management, project management and system life-cycle processes. This includes controls to ensure alignment to the standards and guidelines embodied in the data architecture.

These points highlight the importance of data lineage when it comes to a bank’s ability to track data. Data is created, manipulated and used, usually ending a report of some sort, traceability plays a vital role in assisting with data related decision making.

Visualized data lineage acts as the supporting documentation of risk reporting. It is a reference point where a bank will be able to prove the outcome of the report to both the regulator and senior management.

Solidatus for CPG 235

Documenting a highly complex, large financial institution can be difficult. Until recently, data has been moving unfettered, with no controls, through organizations. Regulatory reporting data may originate from an inappropriate source, it may have undergone an unauthorized modification or simply be incorrect. This data needs to be understood to the relevant and correct granularity for it to be of value and to comply with legal obligations.

Solidatus’ metadata management allows the user to apply an unlimited number of properties to describe, categorize and control their data within a model as required by the business, satisfying the need for a “bank (to) establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data”.

Solidatus gives financial institutions the ability to gain valuable insight into their data landscape through visualized data lineage, showcasing how data flows through their organization, tracking from source to target and maintaining a temporal, historical record of change. Through its collaborative crowdsourcing model, Solidatus allows for quick and effective enterprise-wide sharing of knowledge identifying where data is held, its categorization and who has access to it.

This visualization enables an organization to easily share their CPG 235 data lineage in an interactive and dynamic format, allowing for greater transparency and control.

CPG 235 Model

Schedule your live demo

Best Data Governance Solution”, DMI Awards 2020
“Game changing”, Gartner review


Solidatus unlocks the true business value behind data. A lineage-first approach enables organizations to connect and visualize data relationships across the enterprise, simplifying how they identify, access and understand them. With a reimagined, sustainable data foundation in place, organizations can mine actionable intelligence and solve complex problems to deliver transformational business results.

Solidatus is a member of the EDM Council.

© 2022. Threadneedle Software Holdings Limited trading as Solidatus.  Privacy Policy | Modern Slavery Statement