What APRA did and why it matters
On 30 April 2026, APRA published a letter to all regulated entities on artificial intelligence, signed by APRA Member Therese McCarthy Hockey. It is not a consultation and it proposes no new standard. It is a statement of what APRA found when it went looking, and of what it now expects. The findings come from a targeted engagement conducted in late 2025 across a sample of the largest banks, insurers and superannuation trustees, published, in APRA's words, to assist entities earlier in their AI adoption journey.
The headline finding is blunt: every entity APRA engaged with is actively adopting AI, but maturity across governance, risk management and operational resilience varies, and assurance practices are not keeping pace with the scale, speed and complexity of AI. Boards showed strong interest in AI's benefits; many are still developing the technical literacy required to provide effective challenge. APRA also called out an overreliance on vendor presentations and summaries without sufficient examination of key risks such as unpredictable model behaviour and the impact on critical operations.
The two minimum board expectations
The letter sets out what APRA expects of boards, at a minimum: first, maintain sufficient understanding and literacy with respect to AI in order to set strategic direction and provide effective challenge and oversight; second, oversee an AI strategy consistent with the entity's risk appetite and tolerance settings, supported by effective monitoring and reporting, including for third-party dependencies, with clearly defined triggers aligned to resilience objectives so the entity can act when AI is not operating as expected.
Both expectations are live now. Neither requires a new standard, because APRA's framework is, as the letter emphasises, technology and vendor agnostic: existing standards already reach AI, from operational risk under CPS 230 to information security under CPS 234. An attachment to the letter sets out detailed observations for accountable executives, aimed squarely at CROs, CTOs and CISOs.
What the supervisory debrief found
The executive attachment is the most operationally useful part of the letter. APRA observes that AI adoption is materially changing the cyber threat landscape, and names the common attack pathways it is seeing: prompt injection, data leakage, insecure integrations, exploit injection, and the manipulation or misuse of autonomous AI agents. It notes that AI shortens the attack cycle and increases the speed, coordination and impact of attacks.
Specific control weaknesses follow. Identity and access management capabilities have not yet adjusted to non-human actors such as AI agents. The volume and speed of AI-assisted software development is straining change and release management controls. Security testing programmes show gaps in scope and coverage, and remediation timelines for patching and configuration are not consistently aligned to the accelerated threat environment. The letter also raises staff use of enterprise AI tools outside approved control frameworks: experimentation culture is commended, but its calibration to risk appetite, in APRA's words, appears weak.
On frontier models, the letter is unusually specific, noting sector engagement on the potential for increased cyber threats from high-capability frontier AI models and pointing entities to current Australian Signals Directorate advice. APRA has been engaged with the Council of Financial Regulators and government agencies on AI use and risks.
The enforcement signal
The consequential paragraph is the one boards should read twice. APRA states it will apply supervisory focus to entities' AI adoption, and that where entities fail to adequately identify, manage or control AI risks in a manner proportionate to their size, scale and complexity, it will take stronger supervisory action and, where appropriate, pursue enforcement. APRA is finalising a forward supervision plan covering proportional prudential reviews, thematic activities and AI supplier engagement, and will consider whether further policy action is needed.
What to do now
For APRA-regulated entities, the work programme writes itself from the letter: table it at the next board meeting and minute the discussion; assess board AI literacy honestly and schedule targeted education; map where AI sits inside critical operations and confirm monitoring, reporting and defined triggers exist; test identity and access management against non-human actors; and bring staff AI use inside an approved framework with risk-appetite calibration. The timing is pointed: the letter landed the same day as APRA's final CPS 230 amendments, and the transition for pre-existing material service provider contracts ends on 1 July 2026, putting AI vendors squarely inside the perimeter.
For everyone else, the letter is a preview. APRA's expectations have a habit of migrating: what the prudential regulator demands of banks today, directors' duties and sector regulators tend to ask of everyone else tomorrow. If you have never mapped which AI obligations apply to your organisation, a structured starting point is the AIRA AI Governance Health Check.