AI governance: ASIC and APRA letters to industry on emerging AI risks

The Australian Securities and Investments Commission (ASIC) has issued an open letter to all AFS licensees and market participants calling for urgent action to strengthen cyber resilience in response to the evolving threat posed by artificial intelligence models (the ASIC Letter).  

ASIC joins a growing chorus of Australian regulators, including the Australian Transaction Reports and Analysis Centre (AUSTRAC), the Australian Prudential Regulation Authority (APRA), the Australian Communications Media Authority (ACMA) and the Australian Competition and Consumer Commission (ACCC), which have commented on the emerging risks as businesses increasingly rely on AI systems within their day-to-day operations. This follows announcements from Anthropic that the AI model, Mythos, cannot be released to the wider public as it is so effective in finding and exploiting previously unknown security and cyber vulnerabilities. 

These developments reinforce an increasingly clear sentiment: even without standalone AI legislation, businesses and executive management are on notice to properly interrogate AI systems and demonstrate robust governance arrangements over these systems and the risks they present.

Practical takeaways for GCs and executive management

The emerging regulatory position necessitates a re-evaluation of the systems and processes governing AI implementation. General Counsel and risk officers should note the following:

• AI literacy: Directors and compliance officers often lack the technical literacy to properly interrogate the AI systems they rely upon. Businesses will need to demonstrate they have turned an inquiring mind to their AI systems, understanding how they operate and their limitations.
   
• Board-level influence: If Boards are using AI in unsanctioned ways or without a clear framework, the prevailing culture may be to use AI without consideration of strategic goals or risks.
   
• Governance frameworks: Reporting lines and escalation triggers are critical in ensuring Boards are informed of risk, and their importance will only increase as new AI risks emerge at more frequent intervals.
   
• Risk evaluation: Regulated entities will need to assess AI risk against existing CPS 230 and CPS 234 requirements, ensuring business continuity plans account for AI-dependent systems and greater oversight of the AI supply chain proportional to the business's risk and size. 
   
• Regulatory engagement: ASIC has directed the ASIC Letter be tabled and discussed at Board and risk governance committees, and considers that entities should be ready to adopt the latest technical guidance on cyber resilience. 

Regulatory Supervision of AI

The recent guidance from ASIC, APRA, ACMA and the ACCC highlight an increasingly apparent regulatory imperative, that Boards should be on notice that regulatory supervision is turning to how businesses implement and govern AI.

The ASIC Letter

ASIC’s message in its letter is direct: businesses should “not wait for perfect clarity to address the threat posed by new AI models”. The ASIC Letter reinforces, by reference to ASIC's case against FIIG Securities Limited, that cyber risk management must be “demonstrably effective and proportionate to the size, nature and complexity of a business”. This enforcement precedent signals that ASIC will hold licensees to account where cyber risk management, including AI-related risks, falls short of this standard. 

The APRA and ASIC Letters

APRA’s recent Letter to Industry on Artificial Intelligence (APRA Letter) outlines APRA's observations from targeted engagement with large banks, insurers and superannuation trustees in late 2025. It sets out APRA's minimum expectations for Boards and executive management on governance arrangements, cyber security, supplier reliances and AI literacy. APRA found maturity related to governance, risk management, and operational resilience greatly varied across industry, with technical literacy lagging behind the scale and speed of AI deployment.  

Similarly, in April ACMA published sector-specific reports examining AI adoption across telecommunications, media and interactive gambling. The ACMA reports reveal a common theme across all three sectors: AI is being rapidly embedded across operations, yet governance frameworks and technical literacy have not kept pace with the scale and speed of deployment.

The APRA prudential framework is technology agnostic, and APRA has warned it will apply its supervisory focus to how entities adopt AI and manage its risks.

The ASIC and APRA Letters set out a number of expectations:

• Board-level expectations: APRA observed that many Boards are still developing the technical literacy required to effectively interrogate and oversee AI risk, with an overreliance on presentations from AI vendors without sufficiently questioning underlying risks such as the unpredictability of AI models and their effect on business continuity.
  
  APRA has highlighted its minimum expectations that Boards maintain sufficient understanding and technical literacy to appropriately challenge and set a proactive AI strategy; and that they are able to oversee an AI strategy consistent with the entity's risk appetite and supported by continuous monitoring.
   
• Governance and accountability: APRA expects entities to establish consistent governance arrangements including frameworks and reporting lines to promote safe, responsible and sustainable AI adoption; ownership and accountability across the AI lifecycle from design through to decommissioning; an inventory of AI tooling and use cases; human involvement for high-risk decisions; and training of staff on AI use, misuse, limitations and secure practices. 
   
• Cybersecurity: Both ASIC and APRA have observed AI adoption has materially altered the cyber threat landscape for regulated entities, meaning cyber attackers can exploit more weaknesses, attack more frequently, and shorten the duration of attacks. 
  
  ACMA similarly observed whilst AI improves network security and threat detection, it simultaneously introduces new attack surfaces and can create dependencies on systems whose resilience under cyber-attack has not been comprehensively tested.
   
• Supplier concentration and opacity: APRA has cautioned against overreliance on a single AI provider, observing few entities demonstrated robust contingency planning. AI is increasingly embedded within software and platforms, meaning upstream dependencies such as foundation models, training data sources and fourth-party service providers are opaque, limiting entities' ability to independently assess model performance, bias, resilience and security.
  
  APRA expects entities to map and maintain visibility over the full AI supply chain and to actively manage these risks through contractual constraints. 
   
• Assurance and AI Literacy: APRA observed many internal audit and risk teams lack the specialist skills and knowledge to appropriately perform their work in the context of increasing AI implementation. This skills deficit is broadly applicable, with ACMA noting few of its regulated entities have systematic processes for vetting AI-assisted material, reinforcing the importance of investing in AI literacy training across the operational workforce. 

Implications for CPS 230 and CPS 234

Whilst the APRA Letter does not change the nature of APRA regulated entities' obligations under CPS 230 (Operational Risk Management) and CPS 234 (Information Security), which are technology-agnostic, what is expected in practice by these standards may change as AI risks emerge.

CPS 230: Operational Risk Management

Under CPS 230, entities must manage operational risks end-to-end, maintain critical operations within defined tolerance levels through severe disruptions, and ensure robust governance over material service providers.

Critically, the APRA letter calls out the importance of maintaining credible fallback options where a business heavily relies on AI systems for critical operations. CPS 230 requires an entity must not rely on a service provider unless it can ensure that in doing so, it can continue to meet its prudential obligations in full. Where AI systems are engaged, an entity that cannot demonstrate clear and controlled management over its full AI supply chain and a clear business continuity playbook will struggle to demonstrate compliance with CPS 230.

CPS 234: Information Security

Under CPS 234, entities must maintain an information security capability commensurate with their threat environment and notify APRA within 72 hours of any material information security incident. Where assets are managed by third parties, the entity must assess that party’s security capability and controls.

The APRA Letter is instructive in identifying the increase in cybersecurity vulnerabilities that arise out of AI systems. Businesses should prioritise APRA’s central concerns, being:

• lagging identity and access management capabilities that have not yet adjusted to non-human actors such as AI agents; and
   
• gaps in the scope and coverage of security testing programs, both in AI implementation and in responding to new and emerging threats.

These concerns are broadly applicable beyond prudential standards and APRA-regulated entities. ASIC makes this point explicit, stating that it expects boards and senior executives to be able to understand their organisation’s position, ask the right questions and be satisfied that their cyber resilience measures are proportionate to their organisation and threat environment.

Regulatory ‘call to action’ 

Both the ASIC Letter and the APRA Letter signal where entities fail to adequately identify, manage, or control AI-related risks, regulators will apply stronger supervisory action and, where needed, pursue enforcement. ASIC and APRA have been clear about their expectations of companies to therefore: 

• assess the implications of AI reliance for operational resilience and business continuity;
   
• consider the impact of new and emerging AI technologies on existing CPS 230 and CPS 234 obligations;
   
• implement security controls and capabilities that effectively address AI‑specific threats and attack paths, including strong privileged access management, timely patching, hardened configurations, automated vulnerability discovery, penetration testing, and controls over agentic and autonomous workflows; 
   
• reassess cyber plans and refocusing efforts on the most critical risks in the current threat environment, including identifying and protecting critical assets and systems in the business;
   
• robust security testing across AI‑generated code, software components and libraries; 
   
• map and maintain ongoing consideration of third-party and concentration implications in relation to common platforms, services, and providers, including systemic exposure; and 
   
• use of AI for defensive purposes, where appropriate, including identifying vulnerabilities and securing software before release.

Where businesses are lax around their AI controls and governance, we expect ASIC and APRA to use existing regulatory and enforcement tools to increase scrutiny of companies that are not managing their AI risks appropriately.