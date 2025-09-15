Newspaper icon
Geopolitics, AI tests prudential regulation: APRA

BY KARREN VERGARA  |  MONDAY, 15 SEP 2025   12:39PM

In addition to "worsening" cybersecurity risks, geopolitical volatility and artificial intelligence (AI) are creating "unacceptable prudential risks" for APRA.

APRA member Therese McCarthy Hockey said geopolitical risk has become a "risk accelerant" that the regulator is trying to keep on top of and expects boards to also be thinking about.

"It plays into things you're already thinking about, like operational risk management and cyber, and this idea that cyber is a weapon of choice," she recently told a FINSIA event.

"There are some other flavours that come into that, like personnel risk, so thinking very carefully about where you operate and the safety of your people. Those are the sorts of things we expect boards to be thinking about... And are you doing the things you need to do accordingly?"

APRA's latest Corporate Plan highlights how heightened geopolitical tensions and policy uncertainty in major economies have the potential to create risks to financial stability.

"In this environment, the importance of a robust prudential framework takes on greater significance. A stable and resilient financial system - one that absorbs shocks and does not amplify them - remains critical to supporting the economy through periods of turbulence," the report said.

Under Prudential Standard CPS 230 Operational Resilience, which came into effect on July 1, super funds must factor in how they address geopolitical risks.

As for AI, APRA sees it as "both a risk and an opportunity."

"There are a whole lot of reasons to be worried about the risk. Cyber bad actors are using AI with glee, without any sense of ethics, and if it works, it works and if it doesn't, they change tact. So, the environment we're facing is really changing, but there is an opportunity in how organisations use it for themselves," she said.

In 2025-26, APRA is prioritising entities' uplift of cyber resilience, focusing on evaluating specific cyber-control areas and identifying potential single points of failure within entity systems, processes and dependencies. Its efforts will first target superannuation trustees, insurers and smaller banks.

"We are on record with the super system that there are some things to improve, like multi-factor authentication (MFA) and so on. And it's pleasing actually; there's some real leaning in happening there and real engagement. So, we stay very firm on getting that industry to where it needs to be..." McCarthy Hockey said.

