On 30 April 2026, APRA published a letter to all regulated entities setting out the findings of a targeted supervisory review of large banks, insurers and superannuation trustees. The letter is measured in tone, but it makes four themes clear, cyber and information security, AI governance, assurance, and third-party and supply chain risk. APRA identifies the widest gap between current practice and regulatory expectations in that last theme. This means that in APRA's view, for many entities, the most material AI risk now sits in the supply chain, embedded in vendor platforms with opaque upstream dependencies that can remain hidden until something breaks.

This is the second in a series examining APRA’s letter. Our first article addressed board governance, FAR accountability and broader risk management expectations. This article focuses on the third-party supply chain, where, in our view, the most immediate and under-managed exposure lies and the one that organisations can take actions on beginning now.

If you are a board member or executive at a bank or insurer, the third-party findings alone warrant immediate attention. If you are in legal, procurement or compliance, they warrant an urgent review of your AI vendor contracts, concentration risk and exit strategies.

APRA has signalled that enforcement may follow where entities fail to manage AI risks proportionately. Regulated entities should read that as a clear statement of supervisory intent, and recognise that unmanaged third-party AI dependencies are among the most likely triggers for regulatory intervention.

Third-party AI: where the legal exposure concentrates

Of the four themes, third-party and supply chain risk is the one that this article devotes the most attention. APRA considers there a gap between commercial practice and regulatory expectation. This is because significant AI risk sits within the third-party supply chain, and AI capabilities are often buried inside vendor platforms with opaque upstream dependencies, the risks tend to sit undetected until something breaks.

Much of this exposure can be mitigated through appropriately structured contractual protections such as approval processes, minimum standards, notification triggers, audit rights, transparency obligations, as well as conducting due diligence on third-party AI suppliers (or those who use AI as part of their supply) before and during the engagement.

Monitoring and enforcement of contractual protections

Having the right contract terms is necessary but not sufficient. APRA expects entities to actively monitor supplier performance against those provisions, not just hold the paper. That means regular reporting on compliance with agreed service levels, audit rights actually exercised, and clear escalation triggers when a vendor falls short. Entities that have signed compliant contracts but left them unmonitored are unlikely to satisfy APRA.

Interestingly, APRA found that several entities were heavily dependent on a single AI system provider across multiple AI use cases, with no substitution or exit strategy that had actually been tested. This dependency creates real operational risk for APRA entities.

Contracts frequently didn’t reflect operational reality and were missing provisions on audit rights, incident notification, model updates and any changes to data handling practices. In addition, where AI sits inside broader software platforms, the upstream dependencies on foundation models and fourth-party providers are often opaque, leaving institutions with limited ability to independently assess what they are actually running.

When vendors won't negotiate

A common concern we hear from clients is that the major LLM providers simply will not negotiate these terms. While it may be difficult to negotiate with AI suppliers who have a vested interest in keeping these things opaque for example, by not providing audit rights, incident notification, information on model updates or changes to data handling practices, this should not stop organisations from pursuing this angle in negotiations rigorously and where these positions are unable to be achieved, putting in place processes to mitigate this opaqueness.

Where a vendor will not move on audit rights, notification obligations or data handling controls, the practical answer is to compensate through your organisations own controls, more human oversight at decision points, robust internal logging, independent model performance monitoring, and documented risk acceptance at board level. You should also build termination provisions that are realistic to exercise, even if you cannot extract full transparency from the vendor.

Sector-specific exposure

This risk applies across insurance, banking and superannuation. Where AI is used in claims triage, credit decisioning or the processing of withdrawal and switching requests, an unnotified update to the underlying foundation model may change system behaviour without the entity's knowledge. That makes it very difficult to demonstrate to APRA, a court, or a customer that a decision was made consistently and on an appropriate basis, and may engage obligations under the Superannuation Industry (Supervision) Act 1993 (Cth) and APRA's broader prudential framework.

In banking, AI-assisted credit decisioning carries equivalent risk where an underlying model is updated without notification. The same applies in superannuation, where AI used to process withdrawals or switching requests could affect beneficiaries.

APRA expects regulated entities to map the full AI supply chain including fourth-party dependencies, ensure contracts provide transparency and auditability, and manage concentration risk by testing whether exit and substitution strategies work in practice. A credible exit strategy requires a documented fallback solution capable of maintaining business continuity if the AI system fails, is withdrawn, or produces unacceptable outputs. For some use cases, the fallback may involve reverting to a traditional non-AI process.

For example, a manual underwriting workflow, a human-reviewed credit assessment, or a rule-based triage approach. The key test is whether the fallback is genuinely executable. Can your team revert to manual processes within 48 hours using existing staff and documented procedures, or would operations simply stop?

Don't forget about CPS 230

For APRA-regulated entities, CPS 230 adds a further dimension. Many AI providers will meet the material service provider threshold, either already or as AI use deepens. Where that is the case, CPS 230's contractual requirements are not optional, and the 1 July 2026 deadline for pre-existing arrangements to be brought into compliance is fast approaching. Entities should map their AI vendor relationships against CPS 230's material service provider criteria now.

Practical steps — third-party ai risk

1. Audit your AI vendor register today. Map every AI system in use (including those embedded in SaaS platforms) against the foundation models and fourth-party providers that underpin them. If your team cannot answer that question, that gap is itself a finding.
2. Stress-test your contracts against APRA’s checklist. Review AI vendor agreements specifically for model update notification obligations, audit and inspection rights, incident notification timelines, data handling change triggers, and termination portability (APRA's checklist). Many standard vendor terms will not pass this review, so institutions should be negotiating these with vendors before signing away on standard supplier terms and conditions.
3. Conduct a genuine concentration risk assessment. For each CPS 230 'critical' AI provider, assess what a sudden loss of service, or a material change in model behaviour, would mean for your operations. Then assess whether your substitution or exit plan is actually executable in that scenario, not just documented.
4. Establish model change notification protocols with key vendors. If a vendor can update the underlying model without triggering a formal notification to an APRA regulated institution, the change management and validation program is incomplete. This is particularly acute for insurers using AI in claims or underwriting decisions.
5. Document what you cannot see. For AI capabilities where upstream opacity is unavoidable, document what you have done to assess the risk and why you have accepted the residual exposure. APRA’s proportionality principle cuts both ways, and it requires entities to demonstrate that their risk management approach is commensurate with the materiality of the use case.

Learn more about CPS 230.

A policy framework is coming: engage now

APRA is finalising a forward supervision plan for AI risk that will include direct engagement with AI suppliers, a notable signal that the regulator intends to look through entities to the vendors themselves. Further policy action may follow, consistent with international developments in the EU, UK and Singapore. Entities should not wait for that framework before acting on the third-party gaps identified in this letter.

The speed of APRA's review-to-publication cycle, from late 2025 engagement to April 2026 findings, underscores the supervisory expectation that gaps will be addressed now, not over a multi-year horizon. The letter specifically invites early engagement with APRA’s Non-Financial Risk Team where AI-related concerns are elevated.

Immediate next steps

For banks and insurers, the most useful immediate response is a rapid assessment of third-party AI exposure including assessing which vendors embed AI, what contractual protections are in place, and whether exit strategies have been tested. This should be supplemented by mapping upstream dependencies and assessing concentration risk against CPS 230 material service provider thresholds. Governance maturity and cyber resilience remain important, but for most entities the third-party supply chain is where the largest unaddressed gap sits.

The letter closes with an invitation to engage early with APRA. We recommend taking it up.