APRA's 30 April 2026 letter to industry named four areas where AI governance is falling behind adoption. This guide translates each one into concrete controls for CISOs at Australian banks, insurers and superannuation trustees.
Facts verified July 2026 · Sourced from APRA's letter of 30 April 2026 and law firm analyses
APRA expects regulated banks, insurers and superannuation trustees to govern AI under existing prudential standards, with boards that understand AI well enough to challenge it. Its 30 April 2026 letter names four weak areas: information security, governance maturity, supplier concentration and assurance. There is no new standard yet. Active supervision has started, so entities need visibility, enforced policy and evidence now.
On 30 April 2026, APRA published a letter to industry on artificial intelligence calling for a step-change in how regulated entities manage AI-related risks. The letter draws on a deep-dive review of a sample of the largest banks, insurers and superannuation trustees, and it is blunt: AI adoption is accelerating, and governance, risk management, assurance and operational practices are not keeping pace.
The letter introduces no new prudential standard. Instead, APRA confirms that existing standards already apply to AI risk and observes that few entities have operationalised that in practice. Law firm analyses from MinterEllison and Clayton Utz map the expectations to CPS 230 (operational risk management), CPS 234 (information security), CPS 220 (risk management), CPG 235 (data risk) and CPS 510 (governance). APRA has also flagged an active supervisory program, with stronger supervisory action and, where appropriate, enforcement where entities fail to adequately manage AI risks.
This guide is written for CISOs and security leaders who now have to turn that letter into a work program. It covers what APRA actually said, how each observation maps to controls you can implement, and a practical checklist you can take to your next risk committee.
APRA structured its letter around four areas where practice is falling short. Standards mapping per MinterEllison and Clayton Utz analyses of the letter.
APRA observed that AI adoption is materially changing the cyber threat landscape for regulated entities. The letter names prompt injection, data leakage, insecure integrations, exploit injection and the manipulation or misuse of autonomous AI agents as attack pathways. It also found that identity and access management has not yet adjusted to non-human actors such as AI agents, and that security testing programs have gaps in scope and coverage.
The CISO read: Your CPS 234 program now has to cover AI-specific threats, including the data your own employees send to AI tools and the agents acting on their behalf.
Most entities recognise that existing prudential standards apply to AI risk, but few have operationalised governance in practice. APRA called out a tendency to treat AI risk as “just another technology”, missing the distinct characteristics of predictive and adaptive systems, and found weak controls over post-deployment monitoring, model behaviour monitoring, change management and decommissioning.
The CISO read: A policy document alone will not satisfy APRA. Governance needs named owners across the AI lifecycle, from design and deployment through to monitoring and decommissioning.
APRA observed some entities heavily dependent on a single provider for multiple AI use cases, few entities with robust contingency planning, and contractual arrangements that lag actual practice with limited AI-specific provisions. Law firm coverage highlights the expectation to maintain visibility over the full AI supply chain, including material third and fourth-party dependencies.
The CISO read: You need to know which AI providers sit under your critical operations, what happens if one fails or changes its models, and whether your contracts actually cover AI behaviour.
APRA found existing change and assurance approaches often fragmented, with reliance on point-in-time and sample-based methods that are ill-suited to probabilistic models that learn, adapt and degrade over time. Few entities had continuous validation or monitoring to detect model drift, bias, failure modes or control breakdowns in a timely manner, and many internal audit and risk functions lack the specialist skills and tools to assess AI.
The CISO read: Annual reviews and sampled evidence will not stand up. APRA expects continuous, proportionate monitoring, which means always-on visibility and logging rather than periodic snapshots.
Each observation lands on the CISO's desk as one of five control areas. Here is the mapping.
What APRA named
Few entities have operationalised AI governance; assurance relies on point-in-time snapshots.
Your control
Maintain a live inventory of every AI tool in use, sanctioned and unsanctioned, with continuous discovery rather than annual surveys. You cannot govern usage you cannot see.
What APRA named
AI treated as “just another technology”, with governance not operationalised in practice.
Your control
Publish an AI acceptable use policy that names approved tools, prohibited data categories and escalation paths, then enforce it technically at the point of use, not just on paper.
What APRA named
Data leakage, prompt injection and insecure integrations named as attack pathways.
Your control
Apply AI-aware DLP to prompts, file uploads and outputs so customer data, MNPI and internal records cannot reach unapproved AI services. Extend IAM thinking to non-human actors.
What APRA named
Boards must maintain sufficient AI understanding and literacy to provide effective challenge.
Your control
Give the board decision-useful reporting on AI usage, incidents and control effectiveness, independent of vendor material, with audit trails behind every number.
What APRA named
Heavy single-provider dependence, weak contingency planning, contracts lagging practice.
Your control
Map AI supply chain dependencies including fourth parties, assess concentration risk, add AI-specific contract provisions and plan substitution or exit for material dependencies.
Twenty actions across five control areas. Work through them in order: visibility first, because every other control depends on knowing what AI is actually in use.
Item one under policy and governance is an AI acceptable use policy. We publish a free template you can adapt to your organisation's risk appetite and approved tool list.
Get the AI Acceptable Use Policy template →APRA set no fixed compliance deadline in the letter, and stated it will not introduce additional requirements at this stage. That is not a reprieve. APRA said it is finalising its forward plan for supervising AI risks, built on proportionate prudential reviews, thematic activities and engagement with AI suppliers, and it encouraged entities to engage early with its Non-Financial Risk Team via their supervisors.
The letter is also explicit that where entities fail to adequately identify, manage or control AI risks, APRA will take stronger supervisory action and, where appropriate, pursue enforcement. For a CISO, the practical planning assumption is that AI governance questions will start appearing in routine supervisory engagement now, and that you should be able to evidence visibility, policy enforcement and monitoring rather than describe intentions.
Aona's Discover, Govern and Protect platform covers the employee-facing slice of APRA's expectations: who is using which AI tools, under what policy, with what data, and with what evidence.
Continuous shadow AI discovery across the workforce. A live inventory of sanctioned and unsanctioned AI tools, and which teams use them, replacing the point-in-time snapshots APRA criticised.
Shadow AI Discovery →Enforce your AI acceptable use policy at the point of use, coach employees in real time at the moment of a risky prompt, and generate board-ready reporting with full audit trails behind it.
Compliance Reporting →AI-native DLP over prompts, uploads and outputs, so customer data and market-sensitive information cannot reach unapproved AI tools. AI agent oversight is available in limited rollout.
AI Security →To be clear about scope: no tool makes an entity APRA-compliant, and Aona does not claim to. Model risk management, supplier contracts and internal audit capability remain your governance program's job. What Aona provides is the workforce layer of that program: employee AI usage visibility, enforced policy, data protection and the audit evidence supervisors ask for. In an anonymised customer case study, an Australian healthcare organisation cut shadow AI prompts by 92.9 percent in three months after deploying it.
Get visibility of every AI tool your workforce uses, enforce your policy at the point of use, and walk into your next supervisory conversation with audit trails instead of assumptions.