APRA embeds geopolitical risks management ground rules

APRA has inserted geopolitical risks into its regulatory priorities, expecting superannuation trustees to manage it well, as their traditional risk frameworks may no longer be adequate in the current environment.

Penning a letter to super funds and insurers, APRA defined geopolitical risks as "the potential for adverse impacts on the financial system from international tension, including trade restrictions, sanctions, grey-zone activities and conflicts."

But unlike previous economic or market shocks, geopolitical shocks "can build gradually, escalate quickly and be transmitted through multiple channels simultaneously."

APRA cautioned a single geopolitical event could trigger a cascading impact across institutions.

This can impact offshore investments or operations and interrupt claims, administration or member services - ultimately undermining customer and market confidence.

"Entities therefore need to be able to identify interdependencies early, escalate issues quickly, make clear decisions under stress, and coordinate responses across business areas and with public sector partners," APRA said.

The prudential regulator also urged trustees to focus on emerging risks, including foreign interference and disinformation, as well as the operational implications of sanctions and shifting international policy settings. Technological developments, particularly in artificial intelligence, could further amplify geopolitical risks by accelerating cyber and information threats.

At the base level, APRA expects super funds to incorporate geopolitical risk into their enterprise risk management frameworks, governance structures, practices and culture.

They must also actively monitor the geopolitical environment to identify emerging threats and to ensure decision-making processes are agile and coordinated, particularly during crisis scenarios.

Operational resilience is another key focus. APRA expects super funds to demonstrate that geopolitically driven operational risks are identified, assessed and managed through robust controls, monitoring and remediation practices.

The regulator emphasised expectations should be applied proportionately, depending on an entity's size, complexity and business model.

However, boards remain ultimately accountable for ensuring their organisations are prepared to respond to an increasingly complex and interconnected risk environment.

APRA is working with the Council of Financial Regulators on system-wide resilience and public-private coordination on this initiative. APRA's 2026-27 Corporate Plan previously flagged the regulator will focus on lifting geopolitical risk readiness.

"Entities also need to act now through their own governance, risk management and crisis preparedness practices," APRA chair John Lonsdale said.

"Entities should remain adaptable in an operating environment in which geopolitical shocks are likely to be more frequent, more complex and more consequential. Where APRA identifies heightened exposure, weak governance, or inadequate crisis preparedness, we will take appropriate supervisory action to address these gaps."