Moroku’s lending platform proactively manages regulatory compliance within the APRA regime by embedding compliance across the lending lifecycle and leveraging technology for compliance automation. By implementing detailed compliance policies and procedures based on APRA’s standards, the platform remains consistently aligned with regulatory requirements.
Moroku’s event driven alerting and logging system captures all events within the system to create transparency and insight across the network and user behaviour, from customer, partners and staff. This ensures that all aspects of the platform are consistently aligned with financial regulations, including APRA standards
Specifically:
Operational Risk
Moroku has a robust Operational Risk Management Framework in place to identify, assess, and manage operational risks. This has been building over the last year as we go through our ISO 27001 application with upscaler.io. The framework includes regular management reviews, detailed compliance policies, and scenario analysis to evaluate the effectiveness of our risk management practices and is available for audit and review under agreement.
Business Continuity Plan (BCP): Moroku maintains a credible BCP, to ensure critical operations can continue during severe disruptions, demonstrating our preparedness and resilience. This again is part of our ISO 27001 processes and leverages the resilience of AWS’s global cloud fabric.
Service Provider Management: We have a suitable policy for managing AWS as our service provider, including formal agreements and robust monitoring. This ensures that all outsourcing arrangements are subject to appropriate due diligence, approval, and ongoing monitoring, as required by APRA.
Risk Assessment and Monitoring: Regularly assessment and monitoring of operational risks, supported by defined risk appetite, indicators, limits, and tolerance levels
Training and Awareness: Ongoing training for staff to ensure they understand compliance obligations and best practices
Regular Testing and Scenario Analysis: Regular testing and scenario analysis to evaluate the effectiveness of operational risk management practices
Policy and Procedure Updates: Annual review and updating policies and procedures to align with evolving regulatory requirements and best practices
Stakeholder Engagement: Engagement with the board and senior management to ensure they are informed and involved in compliance effort
Continuous Monitoring: Early detection and remediation of compliance risks by utilising advanced monitoring tools to track compliance metrics in real-time, ensuring that any deviations are promptly identified and addressed. Specifically the application of Amazon CloudWatch, a monitoring and management service that provides data and actionable insights for AWS applications and infrastructure. Here’s how it works:
o Real-Time Monitoring: CloudWatch collects and monitor log files, with set alarms. This real-time monitoring ensures that Moroku can detect and respond to any operational issues or anomalies immediately, maintaining the integrity and reliability of your loan origination system.
o Automated Alerts: By setting up CloudWatch alarms, Moroku can automatically react to changes in our AWS resources. These alarms can notify you of any unusual activity or performance issues, allowing for prompt remediation and minimizing the impact on operations.
o Log Management: Log files are stored across various AWS services. This comprehensive logging helps in auditing, troubleshooting, and ensuring that all actions are recorded and traceable, which is essential for compliance and regulatory requirements.
o Compliance Reporting by providing detailed logs and metrics that can be used to demonstrate adherence to regulatory standards. This is particularly important for meeting APRA CPS regulations, as it provides evidence of compliance and operational integrity.
o Integration with Other AWS Services: CloudWatch integrates seamlessly with other Moroku AWS services such as AWS Config, AWS Security Hub, and AWS Lambda. This integration enhances our ability to assess, audit, and evaluate configurations, ensuring that Moroku Lending remains compliant with internal policies and industry guidelines.
o Scalability and Flexibility: CloudWatch can handle large volumes of data and provide insights that help in optimising performance and resource utilization.
By adopting these strategies, Moroku ensures robust compliance management, reducing the risk of regulatory breaches, and providing assurance that compliance is managed effectively.
