APRA warns banks and super funds of AI governance gaps

The Australian Prudential Regulation Authority completed a targeted review in late 2025 of major banks and superannuation trustees and found artificial intelligence in use at every entity examined, with wide variation in risk management and operational resilience.

Boards showed strong interest in AI for productivity and customer experience, but many lacked the in-house expertise to assess AI risks and frequently relied on vendor briefings when evaluating technology choices.

The review documented AI use in software engineering, claims triage, loan-application processing, fraud and scam detection, and customer-facing interactions. APRA noted some institutions treated AI risk the same as other technology risk, a practice that can miss issues unique to AI such as unpredictable model behavior and bias.

APRA identified governance gaps including missing inventories of AI tools, absence of named owners for AI instances, weak monitoring of model behavior, and incomplete change management and decommissioning processes.

The regulator found that human oversight had not been defined for many high-risk decisions; several entities had not specified where human intervention is required and where automated decisioning is acceptable.

Some firms had become dependent on a single supplier for multiple AI instances, and few could demonstrate an exit plan or substitution strategy for key vendors. APRA warned that AI functionality can exist in upstream dependencies that organisations may not be aware of.

Cybersecurity risks were highlighted: AI adoption introduced attack pathways such as prompt injection and insecure integrations. Identity and access management practices had not been updated in some cases to account for non-human agents, and increased AI-assisted software development was placing pressure on change and release controls.

APRA recommended applying controls to agentic and autonomous workflows, including privileged access management, secure configuration, patching and security testing of AI-generated code, and defined procedures for responding to model errors.

Standards work and guidance are emerging alongside APRA’s findings. The FIDO Alliance has formed an Agentic Authentication Technical Working Group to develop specifications for agent-initiated commerce. Vendors have presented protocols such as Google’s Agent Payments Protocol and Mastercard’s Verifiable Intent framework for review. The Centre for Internet Security has published guides mapping CIS Controls v8.1 to large language models, AI agents and Model Context Protocol environments.

APRA urged boards to strengthen oversight, align AI strategy with their risk appetite, maintain inventories and named ownership of models, and prepare contingency plans to manage supplier dependencies and AI-related failures.