← All topics

APRA

APRA prudential standards and AI: CPS 230, CPS 234, and CPS 220 translated into practical compliance for Australian financial services.

14 articles

Articles about APRA

Kalgoorlie Hannan Street Dusk
GRCRegulatory analysis·

Australia Will Not Pass an AI Act. You Are Still Regulated.

The National AI Plan settled the question every GRC team was waiting on. Australia will not pass a standalone AI Act. That is not a reprieve. It means AI is already regulated, spread across the laws and regulators you answer to now. Here is how to stop waiting for an AI law and map every AI use to the obligation it already touches.

Read article
Atlanta Midtown Skyline Dusk
GRCMarket intelligence·

The 2026 AI Governance Talent Market: Assurance Skills Move to the Core

Australia's AI governance market is shifting from principle-setting towards assurance: control design, model testing, data lineage, third-party oversight and evidence a board or auditor can challenge. APRA has named the skills gap, no salary guide prices the role cleanly, and the scarce profile is the practitioner who can move from principle to proof.

Read article
Santiago Sky Costanera Dusk
AI NewsAI Strategy·

Model Routing Cuts AI Bills. It Also Moves Your Data.

The enterprise AI story has shifted from which model is best to which one you can afford to keep using, and buyers are moving from tokenmaxxing to model routing. The instinct is right. But for Australian regulated work a cheaper model is usually a different provider in a different place, so every routing rule is also a Privacy Act and APRA data-flow decision.

Read article
Prague Old Town Vltava Dusk
GRCRegulatory analysis·

CPS 230's 1 July Deadline Just Caught Up With Your AI Vendors

From 1 July 2026, pre-existing contracts with material service providers must meet APRA's CPS 230, and a growing share of those arrangements are now AI. Here is the work to do before the deadline, plus a reusable contract-review prompt.

Read article
Bengaluru Ub City Dusk
AI NewsAnalysis·

AI Cyber Defence Just Scaled Up. Mind Your Open-Source Dependencies.

OpenAI pointed its most capable cyber model at the open-source software the world runs on, and found hundreds of real flaws in days. The capability is dual-use. Here is what it means for Australian teams.

Read article
Guangzhou Pearl River Blue Hour
AI NewsAnalysis·

AI Agents Just Went From Minutes to Hours. The Control Point Is Where They Run.

OpenAI bought Ona and published research showing AI agents now run for hours, not seconds. The unit you have to govern moved from the prompt to the environment the agent runs in.

Read article
Hamburg Hafencity Blue Hour
AI NewsAI Agents·

Your AI Assistant Just Became a Shared Teammate. Govern the Channel.

On 23 June, Anthropic launched Claude Tag, a single shared Claude that lives in a Slack workspace with its own memory and admin-scoped access to channels, tools and data. The unit of AI collaboration just moved from the private conversation to the team channel. The thing you now have to govern is no longer a prompt. It is a standing presence. Here is what changes, and the three decisions to make before it is live.

Read article
Taipei Skyline Blue Hour
AI NewsModel Release·

The Strongest Open Model Is Now Chinese. Mind Where Your Data Goes.

On 16 June, China's Z.ai released GLM-5.2 under an MIT licence with no regional limits, the highest-ranked open-weights model on its own coding benchmarks. With Anthropic's Fable 5 pulled by a US directive, the strongest model you can simply download and run is now Chinese. The decision that carries your risk is not the model. It is whether you run the open weights yourself or send your data to the hosted API.

Read article
Chicago Riverwalk Financial Blue Hour
GRCOperational Risk·

AI Cyber Risk Is Now a Board Governance Issue

ASIC's May 2026 cyber uplift warning highlights that AI-driven cyber risk demands active board and risk committee oversight, not just IT fixes. This article outlines a practical governance operating model for GRC teams.

Read article
Sydney Cbd Towers
GRCAI Governance·

Board AI Literacy Is Now a Control Expectation, Not a Training Nice-to-Have

APRA's April 2026 AI letter signals that board AI literacy is becoming a governance control expectation, not a generic awareness exercise.

Read article
Zurich Limmat Old Town
GRCRegulatory analysis·

CPS 234 and AI Vendors: A Due Diligence Framework

CPS 234 has been in force since 2019. AI vendors stretch the framework in specific ways: training data exposure, model update opacity, and inference infrastructure that crosses the standard's information asset boundaries. A practical due diligence framework.

Read article
Adelaide King William St
GRCRegulatory analysis·

FAR and AI: How Accountability Maps to Tooling Decisions

The Financial Accountability Regime makes specific senior executives answerable for the systems and decisions inside their portfolios. AI tooling decisions sit inside that accountability, whether they are formally documented in the responsibility map or not.

Read article
London
GRCRegulatory analysis·

APRA's Model Risk Thematic Review: What to Expect

APRA's model risk thematic review is expected to land in the second half of 2026. The signals from supervisory engagement to date suggest where it will press hardest, and what regulated entities should be doing now.

Read article
Oslo
GRCRegulatory analysis·

CPS 230 and AI: A Practical Operational Resilience Playbook

CPS 230 has been live since 1 July 2025. Nine months in, the practical question for boards and operational risk teams is no longer whether AI tools fall inside the standard. It is how to evidence it.

Read article