--- title: "APRA Has Named Four AI Governance Failures. Every Regulated Entity in Australia and New Zealand Is in Scope." description: "APRA has named four AI governance failures across Australian financial services. Every regulated entity is in scope. Insicon Cyber breaks down the findings and what boards need to do next." type: blog version: 2 version_id: "ee492bee-e212-41ca-b617-978c0c7cc35b" generated_at: "2026-05-01T05:22:54.271Z" author: "Insicon Cyber" date_published: "2026-05-01T03:52:42.000Z" date_modified: "2026-05-01T03:52:42.248Z" language: en reading_time: "9 min" word_count: 1613 keywords: ["What APRA found"] url: "https://insiconcyber.com/blog/apra-ai-governance-letter-2026" --- # APRA Has Named Four AI Governance Failures. Every Regulated Entity in Australia and New Zealand Is in Scope. > APRA has named four AI governance failures across Australian financial services. Every regulated entity is in scope. Insicon Cyber breaks down the findings and what boards need to do next. ## Key Takeaways - What APRA found - The enforcement signal - What Australian and New Zealand organisations should do now - Where Insicon Cyber stands - The starting point ## Contents - [What APRA found](#what-apra-found) - [The enforcement signal](#the-enforcement-signal) - [What Australian and New Zealand organisations should do now](#what-australian-and-new-zealand-organisations-should-do-now) - [Where Insicon Cyber stands](#where-insicon-cyber-stands) - [The starting point](#the-starting-point) 4 min read # APRA Has Named Four AI Governance Failures. Every Regulated Entity in Australia and New Zealand Is in Scope. [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber) : May 1, 2026 [Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [ISO 27001](https://insiconcyber.com/blog/tag/iso-27001) [Governance](https://insiconcyber.com/blog/tag/governance) [Essential Eight](https://insiconcyber.com/blog/tag/essential-eight) [CPS 230](https://insiconcyber.com/blog/tag/cps-230) [APRA](https://insiconcyber.com/blog/tag/apra) [AI](https://insiconcyber.com/blog/tag/ai) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber) [ISO 42001](https://insiconcyber.com/blog/tag/iso-42001) APRA Has Named Four AI Governance Failures. Every Regulated Entity in Australia and New Zealand Is in Scope. 8:57 On 30th April 2026, [APRA published a letter to all regulated entities on artificial intelligence](https://www.apra.gov.au/apra-letter-to-industry-on-artificial-intelligence-ai). It is not a discussion paper. It is not a consultation. It is a statement of observed failure and a formal declaration of supervisory intent. Read it carefully. Every APRA-regulated organisation in Australia needs to. The letter documents findings from a targeted engagement APRA conducted across a group of large banks, insurers and superannuation trustees in late 2025. What it found was not a technology problem. It was a governance problem. Four of them, to be specific. * * * ## What APRA found ### Boards are not ready APRA was direct. Many boards are still developing the technical literacy required to provide effective challenge on AI-related risks. They are pursuing AI's benefits and accepting vendor briefings at face value. They are not asking the hard questions. That is not a criticism of boards. AI moves fast. Most directors did not come up through technology. But APRA has now set a formal minimum expectation: boards must maintain sufficient understanding of AI to set strategic direction and provide effective challenge and oversight. That expectation is live as of 30 April 2026. For organisations in regulated Australian financial services, that is not a future concern. It is a present gap. ### Information security has not caught up The attack surface has changed. AI systems introduce attack pathways that conventional security controls were not designed to detect. Prompt injection. Data exfiltration through model interfaces. Multi-agent privilege escalation. Autonomous agents operating outside access management frameworks built for human users. APRA observed that identity and access management capabilities have not yet adjusted to non-human actors such as AI agents. It found gaps in the scope and coverage of security testing for AI implementations. It found remediation timelines out of step with an accelerated threat environment. A firewall does not protect you from prompt injection. A web application firewall does not catch jailbreak chaining. A conventional penetration test does not assess an AI agent's attack surface. The tools and testing programmes that protected your environment yesterday are not sufficient for the environment you are operating in today. ### Governance frameworks are not operational APRA found that most regulated entities recognise existing prudential standards apply to AI risk. Few have operationalised governance in practice. The gap is specific. AI systems are being deployed without inventory. Lifecycle ownership is unclear. Post-deployment monitoring is weak. Model behaviour monitoring is weaker. Decommissioning processes are largely absent. Governance documentation exists at the policy level. At the operational level, there is very little. This matters because CPS 234 and CPS 230 apply to AI. They have always applied. APRA is now telling the sector that AI governance is not an emerging expectation. It is a current obligation with current gaps. ### Assurance is running behind deployment AI models learn, adapt, and degrade over time. A point-in-time penetration test tells you what the attack surface looked like on the day it was conducted. It tells you nothing about model drift, emerging bias, or control breakdowns that develop as the model is used. APRA found that most regulated entities are relying on exactly that: point-in-time, sample-based assurance methods that are structurally ill-suited to probabilistic AI systems. Internal audit functions lack the specialist skills and tools to independently assess AI. Assurance is lagging behind deployment. The practical consequence is that organisations are running AI systems in production environments with no continuous view of whether those systems are behaving as intended, are under active exploitation, or are drifting from their original risk parameters. * * * ## The enforcement signal This is where the letter shifts tone. > APRA states clearly: where entities fail to adequately identify, manage or control AI risks in a manner proportionate to their size, scale and complexity, APRA will take stronger supervisory action and, where appropriate, pursue enforcement. That is not boilerplate. APRA has a track record of following through. The sector should read this as a signal that AI governance will now be a feature of entity prudential reviews, not a footnote. * * * ## What Australian and New Zealand organisations should do now There is a practical path through this. It is not complicated. It requires decision and action. **First, test what you have.** If your organisation is running AI systems in production, you need to know what the attack surface looks like. That means AI-specific adversarial testing, not conventional penetration testing. Prompt injection, jailbreak chaining, data exfiltration scenarios, and assessment of agentic workflows. You cannot govern what you have not assessed. **Second, build a governance framework that regulators can audit.** [ISO/IEC 42001:2023](/iso-42001-compliance), the international standard for AI Management Systems, is how organisations demonstrate structured AI governance to boards, regulators, and clients. For APRA-regulated entities, ISO 42001 maps directly to [CPS 234 and CPS 230](/blog/apra-cps-230-cps-234) obligations. It provides the documented evidence base that a supervisory review will look for. **Third, move from point-in-time to continuous.** AI systems change after deployment. Assurance needs to keep pace. Continuous testing and runtime protection, combined with ongoing compliance management and board-ready reporting, is the operating model APRA is implicitly describing in its expectations. **Fourth, brief your board properly.** Not a vendor presentation. Not a summary from your technology team. A structured, regulator-aware briefing on AI risk that enables your board to provide effective challenge and set AI risk appetite. APRA has named board literacy as a minimum expectation. That expectation needs to be met. * * * ## Where Insicon Cyber stands Insicon Cyber's [AI Security and Governance practice](/ai-security-governance) contains three connected services built for Australian and New Zealand organisations operating in regulated environments. [AI Assurance](/ai-assurance) provides expert-led adversarial testing of AI systems, powered by F5 AI Red Team, with findings feeding into F5 AI Guardrails for runtime protection. Available as a one-off assessment or as a continuous subscription. [ISO 42001](/iso-42001-compliance) implementation guides organisations through gap assessment, AI Management System development, policy and process design, and certification readiness. Built on the same methodology as our ISO 27001 practice. Mapped to APRA CPS 234, CPS 230, the Australian Privacy Act 1988, and the New Zealand Privacy Act 2020. [Managed Compliance](/managed-compliance) covers Essential Eight, ISO 27001, ISO 42001, and NZISM under one programme. Continuous evidence management. Regulatory change monitoring. Board-ready quarterly reporting. Fractional CISO attendance at board risk committees and audit committees. Every engagement is overseen by a CISO-level practitioner. Every service is mapped to ANZ regulatory obligations. Australian data sovereignty is maintained throughout. * * * ## The starting point Matt Miller, co-founder and CEO of Insicon Cyber, put it plainly in a recent interview: > "The honest starting point for most organisations is not a framework. It is a question: do you know where AI is being used inside your business, and do you know what would happen if one of those systems was compromised or manipulated? If you cannot answer that, you are not ready to govern it. And you are definitely not ready to defend it." APRA has now asked that question on behalf of every regulator in the country. The organisations that answer it clearly, and quickly, are the ones that will be in the strongest position when supervisory reviews begin. [Contact Insicon Cyber](https://cta-ap1.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLLkQk3hGJxf%2FqON%2B%2FrI9rEzX7d9yiigIcXm%2BsKOlDN5jXA%2FOcxwRXoWGBU5qLIOKd8f0BgfRkm1gogHVxPpenTZNKl5nbmpTxzHT9ts3TBpl3c3tzKdJp4CblOnUIeXI%2BC%2BUtImgpi4CKyQimduEy2TEwHVddaNaDo3PmlR3KY6V5y%2B&portalId=22526539) * * * **Further reading** - APRA Letter to Industry on Artificial Intelligence (AI), 30 April 2026: https://www.apra.gov.au/apra-letter-to-industry-on-artificial-intelligence-ai - ASD: Frontier models and their impact on cyber security: https://www.cyber.gov.au/about-us/view-all-content/news/frontier-models-and-their-impact-on-cyber-security - Insicon Cyber AI Security and Governance: https://insiconcyber.com/ai-security-governance - Insicon Cyber ISO 42001: https://insiconcyber.com/iso-42001-compliance - Insicon Cyber AI Assurance: https://insiconcyber.com/ai-assurance [](https://insiconcyber.com/blog/apra-ai-governance-letter-2026) #### [APRA Has Named Four AI Governance Failures. Every Regulated Entity in Australia and New Zealand Is in Scope.](https://insiconcyber.com/blog/apra-ai-governance-letter-2026) [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber): 1/05/26 1:52 PM On 30th April 2026, APRA published a letter to all regulated entities on artificial intelligence. It is not a discussion paper. It is not a... [Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [ISO 27001](https://insiconcyber.com/blog/tag/iso-27001) [Governance](https://insiconcyber.com/blog/tag/governance) [Essential Eight](https://insiconcyber.com/blog/tag/essential-eight) [CPS 230](https://insiconcyber.com/blog/tag/cps-230) [APRA](https://insiconcyber.com/blog/tag/apra) [AI](https://insiconcyber.com/blog/tag/ai) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber) [ISO 42001](https://insiconcyber.com/blog/tag/iso-42001) [Read More](https://insiconcyber.com/blog/apra-ai-governance-letter-2026) [](https://insiconcyber.com/blog/blog-anz-recovery-gap) #### [You can see the threat. Can you survive it? The ANZ recovery gap that every board needs to close.](https://insiconcyber.com/blog/blog-anz-recovery-gap) [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber): 21/04/26 11:45 AM Three quarters of organisations across Australia and New Zealand believe they can handle a cyber attack. Fewer than one in three have a formal plan... [Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [Governance](https://insiconcyber.com/blog/tag/governance) [Managed Security Services](https://insiconcyber.com/blog/tag/managed-security-services) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber) [Read More](https://insiconcyber.com/blog/blog-anz-recovery-gap) [](https://insiconcyber.com/blog/what-do-these-organisations-have-in-common) #### [A School. A Court. A Toy Shop. What Do These Organisations Have in Common?](https://insiconcyber.com/blog/what-do-these-organisations-have-in-common) [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber): 13/04/26 11:15 AM We have a question for you. Read this list carefully. Think about what connects these organisations. 1,700 Victorian government schools. Australian... [Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [Governance](https://insiconcyber.com/blog/tag/governance) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber) [Read More](https://insiconcyber.com/blog/what-do-these-organisations-have-in-common) --- ## About This Content **Source:** [APRA Has Named Four AI Governance Failures. Every Regulated Entity in Australia and New Zealand Is in Scope.](https://insiconcyber.com/blog/apra-ai-governance-letter-2026) **Author:** Insicon Cyber **Published:** May 1, 2026 *This content is provided for informational purposes. Please visit the original source for the most up-to-date information.*