Risk and Compliance

The Australian Prudential Regulation Authority (APRA) has released for consultation a new draft licensing framework for locally-incorporated Authorised Deposit-taking Institutions (ADIs).

The consultation package follows APRA’s 2025 discussion paper on improving the licensing framework for ADIs. When finalised later this year, the changes will implement Action 6 of the Council of Financial Regulators’ Review into Small and Medium-sized Banks – that APRA update its ADI licensing framework to make the application process more transparent and efficient.

Written submissions should be sent to Licensing@apra.gov.au by 31 July 2026.

The consultation paper, draft ADI Licensing Criteria, draft ADI Licensing Guidelines, and non-confidential submissions to APRA’s 2025 consultation are available on the APRA website at: APRA consults on more efficient and transparent bank licensing framework

Ashley Arandez of Hoppers Crossing in Victoria has been sentenced to 5 years and 6 months imprisonment in the County Court of Victoria, after pleading guilty to offences involving dishonest conduct, carrying on an unlicensed financial services business, and recklessly dealing with the proceeds of crime.

View the full media release.

The Federal Government has announced plans to strengthen the annual superannuation performance test, with a new consultation process aimed at ensuring the framework continues to protect members without unnecessarily constraining long-term investment opportunities.

The review follows concerns raised during last year’s Economic Reform Roundtable that elements of the current performance test may discourage super funds from investing in sectors capable of delivering strong long-term returns and supporting broader economic productivity.

Importantly, the Government stressed the performance test is “here to stay” and that any reforms will not weaken member protections. Instead, the proposed changes are intended to modernise the framework, better align it with the evolving superannuation landscape, and ensure coverage keeps pace with market developments.

Treasury has been working with industry participants and technical experts since 2025 to assess potential reforms, building on earlier public consultation. The latest consultation paper explores targeted options to remove unnecessary investment barriers while maintaining a robust accountability regime for trustees.

The review will also examine whether the performance test should be expanded to cover a broader range of superannuation products, particularly in light of recent market failures including the collapse of Shield and First Guardian.

The Government said the reforms recognise the growing importance of Australia’s $4.5 trillion superannuation sector in supporting capital flows, innovation and economic growth, while continuing to prioritise improved retirement outcomes for members.

Submissions can be made through the Treasury Consultation Hub and close on 19 June 2026.

ASIC is calling on all licensees and market participants to urgently strengthen their cyber resilience measures, as frontier artificial intelligence (AI) intensifies the global cyber risk environment.

In an open letter to industry ASIC has urged entities to act now and not wait for advanced AI tools to uplift their cyber security fundamentals and ensure their systems can withstand AI-accelerated threats.

View the full media release.

ASIC has permanently banned property developer Trent Simon Giumelli, of Noosa, Queensland, from providing financial services after finding that he demonstrated serious incompetence and irresponsibility, a disregard for the law, and a lack of fairness, professionalism and trustworthiness.

View the full media release.

The Australian Prudential Regulation Authority (APRA), as part of its ongoing regular review of the standards and guidance that form its prudential framework, has temporarily withdrawn its Guidelines on the Recognition of an External Credit Assessment Institution (the Guidelines).

The Guidelines were last updated in 2013. APRA will provide a further update once the review of the Guidelines is complete.

In the meantime, any questions may be directed to: Questions or complaints

Former NSW director, Mark Barnes, who dishonestly obtained $2,478,624 by deception, has been sentenced in the District Court of New South Wales to a term of imprisonment of one year and ten months.

View the full media release.

The Australian Prudential Regulation Authority (APRA) has revised the Frequently Asked Questions (FAQs) for Prudential Standard APS 221 Large Exposures (APS 221) to clarify APRA’s expectations on how exposures to structured vehicles should be calculated and reported using the stored value look through methodology.

It has also removed FAQs that are no longer required and updated references to the prudential standards.

An ADI needs to ensure it reports in accordance with the revised FAQ for ARF 221 by 31 December 2026 at the latest. Whilst the FAQs have been revised to assist industry with complying with APS 221, APRA does not expect resubmission of previous returns reflecting the updated FAQs.

View the updated FAQs at: Large exposures – frequently asked questions

The Australian Prudential Regulation Authority (APRA) has revoked in1Bank Limited’s (in1Bank) authorised deposit-taking institution (ADI) licence under the Banking Act 1959. in1Bank completed its return of deposits process in March, after announcing in January that it intended to exit the banking industry.

An updated list of ADIs can be found on the APRA website at: List of registered authorised deposit-taking institutions.

The Australian Prudential Regulation Authority (APRA) has called for a step-change in how banks, insurers and superannuation trustees manage AI-related risks as the technology continues to rapidly evolve.

In a letter to industry published today, APRA warned that governance, risk management, assurance and operational resilience practices are not keeping pace with the scale, speed, and complexity of AI adoption.

The letter outlines the findings of a targeted supervisory review APRA undertook late last year across all its regulated industries examining how AI was being deployed and governed. The review noted that the expanded use of advanced AI is introducing a range of new financial and operational vulnerabilities for entities, but that information security practices are struggling to keep up with the pace of change.

It also warns that frontier AI models such as Anthropic’s Claude Mythos, which could enhance the discovery of vulnerabilities by bad actors, are expected to further increase the probability, speed and scale of cyber attacks.

Other key observations include:

• AI use is accelerating across all APRA-regulated industries with entities moving from experimentation towards more operationally embedded and customer-facing applications. However, governance arrangements have not matured at the same pace.
• Boards have strong interest for AI’s potential benefits but many lack the technical literacy required to provide effective challenge to management on AI related risks and oversight.
• Heightened concentration risk was noted with some entities heavily dependent on a single provider for multiple AI use cases and gaps in contingency planning.
• AI functionality is often embedded within broader software platforms or developer tooling, reducing transparency over where and how models are trained, updated or constrained and limiting entities’ ability to completely assess and manage risks.
• AI risks can cut across multiple domains, such as operational resilience, cyber and information security, privacy and procurement. Existing change and assurance management approaches are often fragmented and may not effectively provide sufficient assurance for AI.

APRA Member Therese McCarthy Hockey said regulated entities needed to constantly adjust cyber practices to lift resilience and protect assets in a fast-moving threat environment.

“The AI revolution presents tremendous opportunities for banks, insurers and superannuation trustees to deliver improved efficiency and enhanced customer services. We are already beginning to see these benefits materialise. But we cannot be blind to the risks of such powerful technology – whether in our own hands or the hands of those with malign intent.

“What we’ve observed from our supervisory engagement is that while AI adoption is continuing apace, the systems and processes required to safely govern its use aren’t keeping up. Likewise, the speed at which entities can identify and patch vulnerabilities needs to operate much faster, commensurate with the AI-accelerated threat.

“The findings outlined in today’s letter emphasise our expectations for how entities should be managing these risks in alignment with our prudential standards in areas such as information security, operational risk management, governance and data risk.

“While we are not proposing to introduce additional requirements at this stage, we expect to see a significant improvement in how entities are closing the gaps between the power of the technology they are using and their ability to monitor and control it.

“In the meantime, APRA will continue engaging with government agencies, entities and peer regulators, domestically and overseas, to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system.”

Today’s letter to industry is available on the APRA website at: APRA Letter to Industry on Artificial Intelligence (AI).

The Australian Prudential Regulation Authority (APRA) has finalised targeted amendments to prudential standard CPS 230 Operational Risk Management, prudential practice guide CPG 230, and the corresponding Material Service Provider Register template.

The amendments introduce limited exemptions from specific contractual requirements in CPS 230 for material arrangements with certain categories of non-traditional service providers (NTSPs), like central banks and clearing and settlement facilities, where contractual compliance is not practicable.

Developed in response to industry feedback, these changes aim to provide targeted, administratively efficient solutions for regulated entities that maintain material arrangements with NTSPs, while preserving the core objectives of operational risk management.

The amendments will come into effect on 1 July 2026. The full letter to industry and the detailed changes are available on the APRA website at: Operational risk management

ASIC and the Australian Accounting Standards Board (AASB) will host a series of free in-person workshops in May to help companies prepare for the new mandatory sustainability reporting requirements.

The workshops provide a practical starting point for smaller and mid-size companies at the start of their sustainability reporting journey, particularly those preparing to commence reporting for financial years commencing on or after 1 July 2026.

They will be most relevant for preparers, finance teams and directors of entities.

This follows the release of ASIC’s Sustainability reporting educational modules on the core concepts underpinning the sustainability reporting requirements.

The requirements are part of ASIC’s efforts to support report preparers and advisors to build their understanding of sustainability concepts and to improve investor decision making.

Workshops will be held across Melbourne, Brisbane, Sydney and Perth, and will be delivered by the University of Technology Sydney (UTS).

To attend a workshop, please register your interest by clicking on the relevant link below.

Event details:

More information about the modules and workshops is available on ASIC’s website:

• ASIC and AASB team up to help smaller companies get ready for sustainability reporting (news item)
• Sustainability reporting educational modules.

Over the last two months, the following enforcement outcomes were recorded:

Federal Court dismisses ASIC’s continuous disclosure case against Nuix

The Federal Court has dismissed ASIC’s case against intelligence software provider, Nuix Limited (Nuix).

The Court found Nuix did not breach its continuous disclosure obligations and did not mislead investors when reaffirming its financial forecasts in early 2021, following its initial public offering (IPO) in December 2020.

The Court also dismissed ASIC’s claims against the Nuix board for alleged breaches of their directors’ duties by failing to take reasonable steps to prevent Nuix from making misleading statements and breaching its continuous disclosure obligations.

For further detail and the judgment read the media release.

Former Big Un chief executive officer pleads guilty in insider trading case

Richard Evans (formerly Evertz), the former chief executive officer of collapsed ASX-listed technology company Big Un Limited (Big Un), has pleaded guilty to one charge of communicating inside information in the Sydney District Court.

Mr Evans communicated inside information about Big Un to a shareholder around 10 January 2017, when he ought reasonably to have known the shareholder would be likely to trade Big Un shares and options.

The trial has been vacated with a sentencing hearing set down for 21 August 2026.

The matter is being prosecuted by the Office of the Director of Public Prosecutions (Cth) (CDPP) following a referral from ASIC.

Since 2009, 46 people have been criminally convicted of insider trading following ASIC investigations, including senior executives and company chairs.

Read the supporting media release.

Binance Australia Derivatives ordered to pay $10 million penalty for onboarding failures

The Federal Court ordered Oztures Trading Pty Ltd (trading as Binance Australia Derivatives) (Binance) to pay a $10 million pecuniary penalty after misclassifying more than 85% of its Australian client base over a nine-month period, resulting in more than $12 million in losses and fees.

Binance is part of the Binance Group, the operator of the world’s largest digital crypto exchange by trading volume.

In a Statement of Agreed Facts, Binance admitted it exposed 524 retail investors to high-risk crypto derivative products without the required consumer protections between July 2022 to April 2023, due to their misclassification as wholesale clients.

The penalty comes in addition to approximately $13.1 million in compensation paid to the affected clients, which ASIC oversaw in 2023 (23-298MR).

Read the accompanying media release.

Supreme Court orders Macquarie Securities to pay $35 million penalty in short sale misreporting case

In March, the New South Wales Supreme Court ordered Macquarie Securities (Australia) Limited (MSAL) to pay a $35 million penalty for multiple systems-related failures that caused the misreporting of tens of millions of short sales over several years.

The Court also found that MSAL engaged in misleading conduct in relation to its misreporting.

MSAL failed to correctly report at least 73 million short sales between 11 December 2009 and 14 February 2024. It is estimated that between 298 million and 1.5 billion short sales were misreported during that period.

Short sale data plays a critical role in informing investors, regulators and governments about market sentiment and potential investment risks.

For further detail on the case and the Court’s orders, read the media release.