Is your AI ready for APRA?
On 30 April 2026, APRA wrote to every regulated entity with its first AI-specific expectations. The message was blunt: AI adoption is racing ahead, but the governance, risk management, assurance, and operational resilience around it are not keeping pace. Here is what the letter says, how it lands against CPS 230, and what your board should be able to show.
What the letter actually says
Following a supervisory review across the banking, insurance, and superannuation sectors it oversees, APRA concluded that the systems and processes needed to safely govern AI are not keeping up with how fast it is being adopted. Importantly, APRA is not introducing new prudential standards for AI — it expects entities to apply the standards that already exist, and signalled it will move from principle-based guidance toward active supervision, and enforcement where warranted.
For the underlying standard, see CPS 230, and our regulator profiles for how APRA sits alongside ASIC and the OAIC.
The four areas APRA flagged
Cyber and information security
APRA tied AI directly to CPS 234, warning that AI both expands the attack surface and accelerates threats. It named AI-specific pathways — prompt injection, data leakage, insecure integrations, vulnerabilities in AI-generated code, and the manipulation of autonomous agents — and said the speed of identifying and patching weaknesses must rise to match.
Governance and board oversight
APRA observed that many boards are still building the technical literacy needed to challenge AI decisions effectively. It expects clear accountability, AI lifecycle governance from design to decommissioning, and human involvement in high-risk decisions — not reliance on vendor summaries.
Supplier and concentration risk
APRA flagged heavy reliance on a small number of AI providers and asked entities to map material, third- and fourth-party dependencies and to plan for contingency. This is operational-risk and concentration-risk management applied to the AI supply chain.
Change management and assurance
APRA wants continuous, integrated assurance across cyber, data governance, model performance, operational resilience, privacy, and conduct — supported by second-line and internal-audit capability able to assess probabilistic models and agentic workflows, not just traditional software.
CPS 230 and your AI suppliers
CPS 230 has applied since 1 July 2025, but transitional relief for pre-existing arrangements with material service providers ends on 1 July 2026. As AI models and platforms increasingly become critical inputs, the AI vendor is increasingly a material service provider — so that date is a practical deadline for having AI supplier arrangements, registers, and contingency planning in order.
APRA was clear that the obligation runs deeper than your direct contracts. It asked entities to map concentration risk and fourth-party risk — the cloud hosts and foundation-model providers sitting behind your vendors — as part of operational resilience.
What APRA expects you to be able to show
An inventory of AI tooling and use cases — you cannot govern what you have not catalogued.
AI lifecycle governance: design, deployment, monitoring, and decommissioning, with clear ownership.
Human involvement proportionate to risk, especially for decisions that significantly affect customers.
Board and senior-management AI literacy sufficient to provide effective challenge.
Mapping of material service providers and the fourth parties behind them, with contingency plans.
Continuous assurance spanning cyber, data, model performance, resilience, privacy, and conduct.
Second-line and internal-audit capability able to assess AI models and agentic workflows.
Frequently asked questions
Does this apply to my organisation?
The 30 April 2026 letter is addressed to APRA-regulated entities — banks and other authorised deposit-taking institutions, insurers, and superannuation trustees — across all the industries APRA supervises. If you are not APRA-regulated, the letter is not binding on you, but it is rapidly becoming a reference point for what good AI governance looks like in Australian financial services and beyond.
Is APRA introducing new AI rules?
Not at this stage. APRA was explicit that it is not introducing new prudential standards for AI; instead it expects entities to apply existing standards — including CPS 230 (operational risk management), CPS 234 (information security), CPS 220 (risk management), and CPS 510 (governance) — to their use of AI. The shift is from principle-based guidance toward active supervision.
What is the significance of 1 July 2026?
CPS 230 has applied since 1 July 2025, but transitional relief for pre-existing arrangements with material service providers ends on 1 July 2026. With AI and cloud providers increasingly meeting the definition of a material service provider, that date is a practical marker for having your AI supplier arrangements, registers, and contingency planning in order.
What does APRA mean by concentration and fourth-party risk?
Concentration risk is over-reliance on a small number of AI providers, models, or platforms, so a single failure has outsized impact. Fourth-party risk is the exposure created by your suppliers’ own suppliers — for example the cloud host or foundation-model provider behind your AI vendor. APRA asked entities to map both, not just their direct contracts.
How does this connect to CPS 230 and CPS 234?
APRA framed AI risk as squarely within existing obligations. CPS 230 requires you to manage operational risk, identify critical operations and material service providers, and maintain resilience; CPS 234 requires information-security capability proportionate to threats. The letter applies both lenses to AI specifically.
What should the board do now?
Build enough AI literacy to challenge management; ensure there is an AI inventory and lifecycle governance; confirm material service providers and fourth parties are mapped with contingency plans; and check that assurance is continuous and covers model, cyber, privacy, and conduct risks together. APRA signalled it will take stronger supervisory action, and where appropriate pursue enforcement, where entities fail to manage AI risks proportionately to their size and complexity.
Related glossary terms
From "we use AI" to "we can show how we govern it"
APRA’s expectations reward organisations that can evidence their AI governance. A clear view of where your AI sits, who relies on whom, and how it is assured is the place to start.
This page is general information about APRA’s published expectations, not legal, financial, or compliance advice, and not a substitute for advice tailored to your circumstances. Prudential requirements and timelines change; always confirm the current position against APRA’s own publications and your obligations under the relevant prudential standards.