APRA Calls for Balance Between Resilience & Efficiency Amid Rising Risks

Key Takeaways

• Rising Geopolitical Uncertainty: APRA warned that conflicts, trade frictions, and foreign interference are heightening risks for Australia’s open, globally connected financial system.
• Cybersecurity as a Priority: Politically motivated cyberattacks and reliance on common third-party providers were identified as systemic vulnerabilities that could cascade across the industry.
• AI Oversight Intensifying: APRA will review how large institutions manage AI risks, but no new regulations are planned for now, with the existing framework deemed sufficient.
• Pressure to Ease Compliance Costs: Following a request from the Federal Treasurer, APRA outlined measures to streamline licensing, modernise standards, and reduce reporting burdens.
• Balancing Act: While open to cutting red tape, APRA stressed that financial resilience remains non-negotiable and that lessons from past crises must guide supervisory vigilance.

Deep Dive

Australia’s prudential regulator is warning that while financial stability has long been the bedrock of the nation’s prosperity, it cannot be taken for granted in a world increasingly defined by conflict, technological disruption, and mounting cyber threats. Addressing the RMA CRO Conference in Sydney on Thursday, APRA Executive Director of Cross-Industry Risk Chris Gower sketched out a landscape fraught with “severe but plausible” risks, while also pledging to pare back regulatory burdens that risk stifling competition and growth.

Gower’s message was at once cautionary and conciliatory. He stressed that APRA’s mandate (to safeguard deposits, superannuation savings, and insurance claims, and to preserve international confidence in Australia’s financial system) remains unchanged. But he acknowledged that how the regulator fulfills that mandate must evolve.

“Our latest plan has been forged in an uncertain and volatile operating environment,” he said, pointing to conflicts, great power rivalries, and shifting trade policies abroad, as well as the domestic debate over whether regulation has become a drag on productivity.

The external risks are not abstract. Russia’s invasion of Ukraine, he noted, sent shockwaves through commodity markets and inflation, while sanctions had to be imposed by Australian firms almost overnight. Cyber espionage and politically motivated attacks, meanwhile, are no longer confined to national security agencies; they spill over into financial services with the potential to disrupt operations at scale. Gower cited recent warnings from ASIO and the Australian Signals Directorate describing “relentless” foreign interference campaigns and the growing risk of deepfake and AI-driven attacks. The increasing reliance of banks, insurers, and funds on common third-party providers only magnifies that danger, raising the specter of a single breach cascading across the industry.

Artificial intelligence itself was a focal point. APRA, Gower said, will ramp up its monitoring of how large institutions are using the technology, assessing the adequacy of risk management and oversight. While the regulator does not see the need for new rules at this stage, the pace of adoption means vigilance is required.

“We remain of the view that our existing regulatory framework is sufficient to capture the use of AI by banks, insurers and super funds, and have no new regulations planned,” he said, though he added that supervisors must “keep a close eye on developments and an open mind” as AI reshapes financial services.

Even as the regulator leans into emerging risks, Gower acknowledged the growing calls to cut red tape. In July, the Federal Treasurer asked APRA and other agencies to set out measurable steps to reduce compliance costs. APRA responded with proposals ranging from streamlining bank licensing and modernising prudential standards to trimming data reporting obligations and easing capital requirements in certain areas. The goal, Gower explained, is to free up capital for more productive purposes without undermining resilience.

But if industry hoped for a deregulatory wave, Gower tempered expectations. He reminded his audience of risk officers that resilience is not optional, recounting the lessons of the 2008 global financial crisis and warning against complacency. Australia’s enviable run of financial stability, he argued, is underpinned by a prudential framework ranked among the strongest globally, a reputation that cannot be squandered.

“The only way banks can avoid credit risk is not to lend, and the only way a super fund can remove investment risk is not to invest,” he said. “For the financial system to function and support the economy, we need our banks, insurers and super funds to take risk, backed by a strong risk management framework.”

The task ahead, then, is to strike a balance, preserving the system’s hard-won resilience while ensuring that regulation does not become a handbrake on competition, efficiency, and innovation. APRA’s new Corporate Plan, Gower suggested, attempts to do just that.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.