APRA CPS 230 Explained: Operational Risk and AI Vendors

What it covers

CPS 230 is APRA's Prudential Standard CPS 230 Operational Risk Management. It came into force on 1 July 2025 and sits within the risk management framework an entity already maintains under CPS 220 and SPS 220. The standard pulls operational risk, business continuity and third-party risk into one set of board-level obligations.

In APRA's own framing, a regulated entity must develop governance arrangements for the oversight of operational risk, assess its operational risk profile with a defined risk appetite supported by indicators, limits and tolerance levels, maintain internal controls that are designed and operating effectively, and monitor, analyse and report operational risks with escalation processes for incidents. It must also maintain business continuity plans that keep critical operations within tolerance levels through severe but plausible disruptions, and these plans must be tested regularly. See APRA's CPS 230 standard page and the operational risk management overview.

Who it applies to

CPS 230 applies to all APRA-regulated entities across industries: authorised deposit-taking institutions (banks), general insurers, life insurers, private health insurers, and superannuation trustees. There is a transitional arrangement for existing material service provider contracts, which extend to 1 July 2026 at the earliest of the next renewal date.

APRA has since finalised targeted amendments to CPS 230, the practice guide CPG 230, and the Material Service Provider Register template. Those amendments introduce limited exemptions from specific contractual requirements for certain non-traditional service providers, such as central banks and clearing and settlement facilities, where contractual compliance is not practicable. They take effect on 1 July 2026, per APRA's final targeted amendments page.

Where AI fits

CPS 230 does not name AI, but AI sits squarely inside the service provider and operational risk obligations. Where an entity relies on an external AI vendor, a hosted model, or an AI-enabled service to support a critical operation, that arrangement can be a material service provider arrangement. The entity is then expected to have a formal agreement, defined service levels, monitoring, and the ability to assess and respond to provider risk, including fourth-party concentration where the AI provider itself depends on a small number of upstream platforms.

The board cannot delegate accountability. An AI tool that supports claims processing, fraud detection, underwriting or customer-facing decisions should be visible in the operational risk profile, covered by business continuity planning if the entity depends on it, and assessed for failure modes such as model unavailability, degraded output, or a vendor outage. Guidance on APRA's expectations is set out in the Prudential Practice Guide CPG 230.

What practitioners should do

Map AI use to critical operations first. Identify which AI tools and AI-enabled services touch a critical operation, then test each against the material service provider definition. Build or update the Material Service Provider Register so AI vendors are captured, with documented service levels, audit and access rights, and an assessment of fourth-party dependencies.

For business continuity, define tolerance levels for AI-dependent processes and confirm there is a workable fallback if the model or vendor fails. For governance, confirm the board receives reporting on AI-related operational risk and that escalation paths exist for AI incidents. CPS 230 rewards entities that can show, on evidence, that they understand and control the operational risk their AI estate introduces.

TheAICommand. Intelligence, At Your Command.*

TheAICommand. Intelligence, At Your Command.

Frequently asked questions

When did CPS 230 take effect?

CPS 230 came into force on 1 July 2025. There is a transitional arrangement for existing material service provider contracts, which runs to 1 July 2026 at the earliest of the next renewal date. Separate targeted amendments for non-traditional service providers also take effect on 1 July 2026.

Does CPS 230 apply to AI vendors?

CPS 230 does not mention AI, but AI vendors and AI-enabled services fall within its service provider obligations. Where an AI tool supports a critical operation, the arrangement can be a material service provider arrangement, requiring a formal agreement, service levels, monitoring and oversight of fourth-party dependencies.

Who has to comply with CPS 230?

All APRA-regulated entities must comply. That covers authorised deposit-taking institutions (banks), general insurers, life insurers, private health insurers, and superannuation trustees. The standard sits within the existing risk management framework under CPS 220 and SPS 220.

What is a material service provider under CPS 230?

A material service provider is one the entity relies on to undertake a critical operation, or one that exposes the entity to material operational risk. For AI, this can include a hosted model or AI-enabled service supporting claims, underwriting or customer decisions. The Material Service Provider Register should capture these arrangements.

How does CPS 230 relate to business continuity for AI tools?

CPS 230 requires business continuity plans that keep critical operations within defined tolerance levels through severe but plausible disruptions, tested regularly. If a critical operation depends on an AI model or vendor, the entity should define tolerances for that dependency and confirm a workable fallback if the AI fails.