30 Days Gen AI Risk Trial -Start Now
Book a demo
APRA AI Governance · CISO Checklist

APRA AI GovernanceChecklist for CISOs

APRA's 30 April 2026 letter to industry named four areas where AI governance is falling behind adoption. This guide translates each one into concrete controls for CISOs at Australian banks, insurers and superannuation trustees.

30 Apr 2026
APRA letter to industry
4
observation areas named
0
new standards (for now)
Active
supervisory program begun

What APRA expects on AI governance in 2026

Facts verified July 2026 · Sourced from APRA's letter of 30 April 2026 and law firm analyses

APRA expects regulated banks, insurers and superannuation trustees to govern AI under existing prudential standards, with boards that understand AI well enough to challenge it. Its 30 April 2026 letter names four weak areas: information security, governance maturity, supplier concentration and assurance. There is no new standard yet. Active supervision has started, so entities need visibility, enforced policy and evidence now.

On 30 April 2026, APRA published a letter to industry on artificial intelligence calling for a step-change in how regulated entities manage AI-related risks. The letter draws on a deep-dive review of a sample of the largest banks, insurers and superannuation trustees, and it is blunt: AI adoption is accelerating, and governance, risk management, assurance and operational practices are not keeping pace.

The letter introduces no new prudential standard. Instead, APRA confirms that existing standards already apply to AI risk and observes that few entities have operationalised that in practice. Law firm analyses from MinterEllison and Clayton Utz map the expectations to CPS 230 (operational risk management), CPS 234 (information security), CPS 220 (risk management), CPG 235 (data risk) and CPS 510 (governance). APRA has also flagged an active supervisory program, with stronger supervisory action and, where appropriate, enforcement where entities fail to adequately manage AI risks.

This guide is written for CISOs and security leaders who now have to turn that letter into a work program. It covers what APRA actually said, how each observation maps to controls you can implement, and a practical checklist you can take to your next risk committee.

The four observations APRA named

APRA structured its letter around four areas where practice is falling short. Standards mapping per MinterEllison and Clayton Utz analyses of the letter.

OBSERVATION 01Maps to CPS 234

AI is changing the cyber threat landscape

APRA observed that AI adoption is materially changing the cyber threat landscape for regulated entities. The letter names prompt injection, data leakage, insecure integrations, exploit injection and the manipulation or misuse of autonomous AI agents as attack pathways. It also found that identity and access management has not yet adjusted to non-human actors such as AI agents, and that security testing programs have gaps in scope and coverage.

The CISO read: Your CPS 234 program now has to cover AI-specific threats, including the data your own employees send to AI tools and the agents acting on their behalf.

OBSERVATION 02Maps to CPS 510 · CPS 220

Governance has not matured at the pace of adoption

Most entities recognise that existing prudential standards apply to AI risk, but few have operationalised governance in practice. APRA called out a tendency to treat AI risk as “just another technology”, missing the distinct characteristics of predictive and adaptive systems, and found weak controls over post-deployment monitoring, model behaviour monitoring, change management and decommissioning.

The CISO read: A policy document alone will not satisfy APRA. Governance needs named owners across the AI lifecycle, from design and deployment through to monitoring and decommissioning.

OBSERVATION 03Maps to CPS 230

Supplier concentration and opaque AI supply chains

APRA observed some entities heavily dependent on a single provider for multiple AI use cases, few entities with robust contingency planning, and contractual arrangements that lag actual practice with limited AI-specific provisions. Law firm coverage highlights the expectation to maintain visibility over the full AI supply chain, including material third and fourth-party dependencies.

The CISO read: You need to know which AI providers sit under your critical operations, what happens if one fails or changes its models, and whether your contracts actually cover AI behaviour.

OBSERVATION 04Maps to CPS 220

Assurance methods are not fit for probabilistic systems

APRA found existing change and assurance approaches often fragmented, with reliance on point-in-time and sample-based methods that are ill-suited to probabilistic models that learn, adapt and degrade over time. Few entities had continuous validation or monitoring to detect model drift, bias, failure modes or control breakdowns in a timely manner, and many internal audit and risk functions lack the specialist skills and tools to assess AI.

The CISO read: Annual reviews and sampled evidence will not stand up. APRA expects continuous, proportionate monitoring, which means always-on visibility and logging rather than periodic snapshots.

From APRA expectation to CISO control

Each observation lands on the CISO's desk as one of five control areas. Here is the mapping.

AI usage visibility

What APRA named

Few entities have operationalised AI governance; assurance relies on point-in-time snapshots.

Your control

Maintain a live inventory of every AI tool in use, sanctioned and unsanctioned, with continuous discovery rather than annual surveys. You cannot govern usage you cannot see.

Policy enforcement

What APRA named

AI treated as “just another technology”, with governance not operationalised in practice.

Your control

Publish an AI acceptable use policy that names approved tools, prohibited data categories and escalation paths, then enforce it technically at the point of use, not just on paper.

Data protection for AI tools

What APRA named

Data leakage, prompt injection and insecure integrations named as attack pathways.

Your control

Apply AI-aware DLP to prompts, file uploads and outputs so customer data, MNPI and internal records cannot reach unapproved AI services. Extend IAM thinking to non-human actors.

Board reporting

What APRA named

Boards must maintain sufficient AI understanding and literacy to provide effective challenge.

Your control

Give the board decision-useful reporting on AI usage, incidents and control effectiveness, independent of vendor material, with audit trails behind every number.

Third-party and vendor AI risk

What APRA named

Heavy single-provider dependence, weak contingency planning, contracts lagging practice.

Your control

Map AI supply chain dependencies including fourth parties, assess concentration risk, add AI-specific contract provisions and plan substitution or exit for material dependencies.

The APRA AI governance checklist

Twenty actions across five control areas. Work through them in order: visibility first, because every other control depends on knowing what AI is actually in use.

1. AI usage visibility

  • Build and maintain an inventory of every AI tool and embedded AI feature in use, sanctioned and unsanctioned
  • Deploy continuous shadow AI discovery across browsers and endpoints, including free-tier consumer tools
  • Identify which teams send which categories of data to which AI services
  • Track newly adopted AI tools continuously instead of through periodic surveys

2. Policy and governance

  • Publish an AI acceptable use policy naming approved tools, prohibited data and escalation paths
  • Assign named ownership and accountability across the AI lifecycle, from design through to decommissioning
  • Define human oversight requirements for high-impact AI-assisted decisions
  • Train staff on AI use, misuse, limitations and secure practices, and keep the records

3. Data protection for AI tools

  • Enforce technical controls that stop regulated and sensitive data entering unapproved AI tools
  • Apply real-time DLP to prompts, file uploads and generated outputs
  • Extend identity and access management to non-human actors such as AI agents and service accounts
  • Include AI-specific threats (prompt injection, data leakage, insecure integrations) in security testing scope

4. Board reporting and evidence

  • Report AI usage, risk and control effectiveness to the board, not just activity metrics
  • Provide the board structured AI literacy input that is independent of vendor presentations
  • Keep audit trails of AI interactions that involve sensitive or regulated data
  • Retain evidence of policy enforcement actions for supervisory review

5. Third-party and vendor AI risk

  • Map AI supply chain dependencies, including material third and fourth parties
  • Assess concentration risk where one provider serves multiple AI use cases
  • Review contracts for AI-specific provisions covering data handling, model changes and incident notification
  • Maintain substitution, portability or exit plans for material AI dependencies

Need the policy piece?

Item one under policy and governance is an AI acceptable use policy. We publish a free template you can adapt to your organisation's risk appetite and approved tool list.

Get the AI Acceptable Use Policy template →

Timelines: what happens next

APRA set no fixed compliance deadline in the letter, and stated it will not introduce additional requirements at this stage. That is not a reprieve. APRA said it is finalising its forward plan for supervising AI risks, built on proportionate prudential reviews, thematic activities and engagement with AI suppliers, and it encouraged entities to engage early with its Non-Financial Risk Team via their supervisors.

The letter is also explicit that where entities fail to adequately identify, manage or control AI risks, APRA will take stronger supervisory action and, where appropriate, pursue enforcement. For a CISO, the practical planning assumption is that AI governance questions will start appearing in routine supervisory engagement now, and that you should be able to evidence visibility, policy enforcement and monitoring rather than describe intentions.

How Aona maps to APRA's expectations

Aona's Discover, Govern and Protect platform covers the employee-facing slice of APRA's expectations: who is using which AI tools, under what policy, with what data, and with what evidence.

Discover

Continuous shadow AI discovery across the workforce. A live inventory of sanctioned and unsanctioned AI tools, and which teams use them, replacing the point-in-time snapshots APRA criticised.

Shadow AI Discovery →

Govern

Enforce your AI acceptable use policy at the point of use, coach employees in real time at the moment of a risky prompt, and generate board-ready reporting with full audit trails behind it.

Compliance Reporting →

Protect

AI-native DLP over prompts, uploads and outputs, so customer data and market-sensitive information cannot reach unapproved AI tools. AI agent oversight is available in limited rollout.

AI Security →

To be clear about scope: no tool makes an entity APRA-compliant, and Aona does not claim to. Model risk management, supplier contracts and internal audit capability remain your governance program's job. What Aona provides is the workforce layer of that program: employee AI usage visibility, enforced policy, data protection and the audit evidence supervisors ask for. In an anonymised customer case study, an Australian healthcare organisation cut shadow AI prompts by 92.9 percent in three months after deploying it.

FAQ

APRA AI governance: common questions

APRA has not issued a standard that mandates a document called an AI policy. Its 30 April 2026 letter to industry confirms that existing prudential standards already apply to AI risk, and expects boards to oversee an AI strategy consistent with the entity's risk appetite, supported by effective monitoring and reporting. In practice most regulated entities meet this with an AI acceptable use policy plus lifecycle governance, because APRA specifically criticised entities that treat AI as just another technology without operationalising governance.

Turn APRA's Letter into Evidence, Not Intentions

Get visibility of every AI tool your workforce uses, enforce your policy at the point of use, and walk into your next supervisory conversation with audit trails instead of assumptions.