APRA sharpens expectations on AI governance and risk management

6 Minute read 08.05.2026 Ashley Rockman, Jason McQuillen, Mark Teys, Siobhan Doherty, Paul Kallenbach, Sam Burrett, Chelsea Gordon

APRA's April 2026 letter signals that AI governance at most regulated entities is lagging adoption — and that traditional risk frameworks aren't built for the way AI behaves. Stronger supervision is coming.

Key takeouts

AI adoption is accelerating across financial services, but governance, risk management, assurance and security practices are not keeping pace. APRA has identified material gaps that increase operational, cyber and compliance risk exposure.

Boards and executives are expected to strengthen AI competency, align AI strategy with risk appetite and explicitly measure the impact of AI on every risk class, while ensuring robust oversight across the full AI lifecycle, including third-party dependencies and critical operations.

APRA will increase supervisory scrutiny of AI risks. Every aspect of the governance model from the Board to accountable executives and each of the three lines of defence will need to understand how AI changes the risk profile and develop urgent response approaches to ensure risks continue to be managed within appetite. Failure to do so will inevitably lead to regulatory intervention or enforcement.

Introduction

APRA's 30 April 2026 letter to industry is the clearest signal yet that AI governance at most regulated entities isn't keeping pace with adoption - and that APRA is prepared to act on it.

For boards, executives, and the those accountable for enterprise risk management and assurance at regulated entities, the letter makes clear that greater emphasis must be placed on uplifting governance, risk management and assurance to account for the unique risks and opportunities of AI.

In our view, this is likely to mark a transition from principle-based guidance to active supervision of AI risk. Entities must treat AI as a specific risk domain – not just another technology - to meet regulator expectations in 2026 and beyond.

Critically, AI must also be integrated into the risk management framework given its impact on most risk classes. This is a position consistent with broader regulatory signals. ASIC’s Beware the Gap report (REP 798), for example, identified a similar ‘governance gap’ across financial services, and other regulators, including the OAIC, have moved to clarify how existing laws apply to AI and the obligations that follow for organisations across the economy.

In this article, we examine what APRA's observations mean in practice and identify the priority actions that boards and executives should be taking now to demonstrate proportionate, defensible governance of AI.

"Where entities fail to adequately identify, manage or control AI risks in a manner proportionate to their size, scale and complexity, we will take stronger supervisory action and, where appropriate, pursue enforcement." - Therese McCarthy Hockey, APRA Member

Board Expectations and Director's Duties

APRA’s clear expectation is that Boards take a leading role overseeing AI Strategy and risk management, enabled by fit for purpose AI Governance. While APRA observed strong interest in the strategic potential of AI, many Boards are still developing the technical literacy required to provide effective oversight. APRA expects Boards, at a minimum, to:

maintain sufficient understanding and literacy with respect to AI to set strategic direction and provide effective challenge and oversight;
oversee an ‘AI strategy’ which is consistent with the ‘entity’s risk appetite and tolerance settings’;
oversee effective monitoring and reporting (including for third party risk); and
ensure clearly defined triggers aligned to resilience objectives to enable ‘timely action’ when AI is when not operating as expected.

For many entities this will require an uplift in board capability and literacy not just about the use of AI, but also about how it changes the risk profile across the organisation, relative to the Board approved Risk Appetite Statement.

The letter warns against a tendency to rely on vendor materials without sufficient independent challenge, noting that low AI literacy creates a risk that key issues, such as model unpredictability and impacts on critical operations, are not fully understood.

The gap in AI capability at Board level was identified by APRA as an AI governance and control risk. The implication is that APRA views AI oversight as a core accountability and part of discharging existing director duties, including to act with due care and diligence and in the best interests of the organisation.

For superannuation trustees, board oversight of AI carries an additional dimension – trustees are required to exercise certain discretions personally (ie with human involvement) and are not permitted to fetter these discretions. Although AI may be useful for administrative or supportive functions (eg, collecting and collating information), superannuation trustee boards face limitations in their ability to approve the deployment of AI as a substitute for human involvement in key discretions.

Those responsible for briefing boards should avoid presenting commercially optimistic narratives about AI's benefits without equally addressing the risks AI poses and how those risks can be managed or mitigated effectively through clear controls. In turn, boards should ensure any consideration of AI issues addresses the associated risks. For further discussion about overseeing AI Agentic risk from the board table see latest insights.

FAR Accountability

APRA’s observations similarly raise critical considerations for executives under the Financial Accountability Regime (FAR). Clarity of executive ownership and accountability across the AI lifecycle is a clear regulatory expectation. AI changes the risk profile across most key functions and critical operations, and accountable executives need to understand on an ongoing basis how their functions are impacted and the response required.

In practice, this means that accountable persons must understand how AI is used within their remit and the particular risks that use introduces, and ensure those risks are monitored and managed within the Board approved risk appetite and in compliance with the regulatory framework. Without this, effective risk management and assurance, and compliance with FAR accountability obligations, will be difficult to demonstrate.

This points to the need for an AI governance framework that references the relevant artefacts – including the risk management framework, AI use policy, and AI system register - sets over-arching structures and principles, and makes clear how they fit together. We unpack this in our recently updated AI governance guide: March 2026.

Even with that framework in place, however, its effectiveness ultimately rests on implementation – including whether the three lines of defence are quipped to operationalise it.

Risk Management, Assurance and the 3 Lines of Defence Model.

Once accountability is defined, the challenge shifts to execution. APRA’s observations suggest that, for many entities, risk management and assurance frameworks have not kept pace with AI adoption. In particular, APRA noted "a tendency to treat AI risk as 'just another technology'" – a framing that understates AI's distinct characteristics, including adaptive behaviour, probabilistic outputs, bias risk and heightened data and privacy exposure.

These characteristics are giving rise to a significant change in the risk profile across virtually every risk class:

Financial risk: such as the credit risk exposure from automated credit decisioning, algorithmic trading or insurance underwriting.
Operational risk: including cyber, data privacy, model integrity, third party supplier risk management and fraud and scams management (not only within the organisation but across the distribution chain).
Conduct risk: in relation to areas such as fairness, equity and transparency in credit approvals, claims management, superannuation benefit determinations and treatment of vulnerable customers.
Strategic risk: AI is accelerating the pace of change in business models, not only for the financial services organisations themselves, but for the customers and suppliers that are integral to their ongoing success.

Against this reality, APRA notes that risk management and assurance approaches have lagged the pace of adoption. Traditional, "point in time" and sample-based assurance methods, are ill suited to probabilistic models that learn, adapt and degrade over time".

The expectation is clear: Line 1 risk owners must understand how AI changes the risks they are accountable for, and how to ensure that risk management and internal control evolve accordingly. The line 2 risk function must ensure that the risk management framework is able to identify, measure, manage and report the aggregate risk exposure across every risk class, before and after the impact of AI.

With regards to assurance, APRA expects organisations to adopt integrated and continuous assurance approaches, supported by appropriate skills, tools and lifecycle-based risk assessments. This approach is already becoming a reality at some leading global banks, which have deployed AI agents to independently monitor, assure and test the outcomes produced by agentic AI workflows.

All three lines of defence will need to ensure sufficient technical capability and capacity to meet these expectations, and integration and continuous collaboration with those accountable for the AI strategy and governance will be critical.

Cyber and Information Security

A central theme in APRA’s observations is the changing cyber risk landscape. AI is increasing both the number and sophistication of attack pathways, with threats such as prompt injection, data leakage, insecure integrations and the misuse of autonomous agents becoming more prevalent. AI also enables faster and more coordinated attacks, compressing response timeframes.

At the same time, defensive practices are not evolving to keep pace. APRA identified gaps in identity and access management, delays in patching and vulnerability remediation, and insufficient testing of AI systems and AI-generated code. APRA also noted that the use of enterprise AI tools outside approved control frameworks remains a concern. Many entities rely on policy and detective controls, rather than enforceable technical restrictions or preventative controls.

ASIC's 8 May 2026 open letter sharpens this point considerably. Issued in direct response to frontier models such as Anthropic's Mythos, the letter does not posit a new category of risk so much as a change in the operating environment for existing controls – which, in ASIC's words, are now more likely to be tested, more often, and under greater pressure. Lower barriers to sophisticated cyber activity, faster vulnerability discovery and exploitation, and new forms of exploitation previously out of reach for most threat actors all combine to compress the margin for error on the fundamentals. Small weaknesses, ASIC warns, are now more readily chained together into incidents of consequence.

Importantly, ASIC frames the required response not as reinvention but as disciplined execution of well-established controls – proportionate to the size, nature and complexity of the business, as confirmed in the recent FIIG Securities judgment. The expectations are familiar (patching, privileged access management, attack surface reduction, defence-in-depth, third-party risk management, incident response readiness), but the standard against which they will be assessed has shifted. Boards are explicitly directed to receive meaningful reporting on end-to-end control effectiveness rather than just activity, and to evidence assurance through test results, audit findings, incident lessons and independent validation.

Read alongside APRA's observations, the practical implication for regulated entities is that cyber resilience is now a recurring, evidenced board-level conversation – one in which the basics are non-negotiable, and where AI features on both sides of the ledger, as both threat vector and defensive capability.

Third party and supply chain risk

APRA observed that supplier risk is becoming increasingly pronounced. AI capabilities are increasingly embedded within platforms and services, creating complex and often opaque supply chains. Many organisations are dependent on a small number of providers, with limited visibility over upstream models, training data and fourth-party dependencies.

Contractual arrangements often lag practice, compounding the supply chain complexity. In many cases, arrangements do not adequately address issues such as audit rights, model changes or data handling. As a result, there is a risk of a visibility gap that widens as entities increasingly rely on technology providers, most of which are using AI. Organisations may not have sufficient insight into how their providers’ AI systems operate, evolve or fail across the supply chain.

APRA expects entities to strengthen supplier risk management by mapping dependencies, improving contractual protections, maintaining visibility over model behaviour, and actively managing concentration risk, all of which will be required to comply with the explicit operational resilience and supplier risk management requirements of CPS 230.

Where to from here

Taken together, APRA’s observations provide a very clear message to regulated entities. AI presents an unprecedented opportunity, but it also introduces material risk. Entities are expected to manage these risks in a way that is matched to the unique and specific risks of AI systems. Where they fail to do so, APRA has indicated it will increase supervisory scrutiny and, where necessary, pursue enforcement action.

For Boards and executives, the immediate priority is to ensure that governance, security and assurance practices are keeping pace with AI adoption. This includes ensuring both specific accountability for AI risk, its management within appetite across the AI lifecycle, as well as integrating the impact of AI into the existing risk management framework and 3 lines of defence model.

Navigate your AI pathway with confidence and clarity. Contact our industry and AI specialised team to take the next step.