In a speech to the Australian Banking Association Conference, APRA Chair John Lonsdale set out how the Australian Prudential Regulation Authority plans to ease compliance costs for banks without lowering prudential standards, while signalling increased vigilance on cyber, operational and geopolitical risks. The remarks follow a request from the Australian Treasurer for specific, measurable actions to reduce compliance costs and APRA’s work under the Council of Financial Regulators review of small and medium banks. APRA plans to formalise a three-tier proportionality approach for banking, differentiating requirements and supervision across large banks, medium banks that are significant financial institutions and small non-significant financial institutions. It also intends to streamline and clarify the internal-ratings based accreditation process, improve how it communicates the basis for Pillar 2 minimum capital adjustments and what is required for them to be reduced or removed, and amend the bank licensing framework to make expectations more transparent and the process more efficient. Lonsdale also cited APRA’s 2024 authorised deposit-taking institution stress test, where a severe downturn scenario plus a cyber incident at a selected service provider reduced the industry aggregate common equity tier 1 ratio to a minimum of 9.3%, with banks remaining able to meet capital and liquidity obligations. Macroprudential settings were kept on hold on 23 July 2025, with APRA planning discussions with entities on implementation aspects of its tools, including potential limits on riskier mortgage lending, so they can be activated quickly if needed. An interim update on APRA’s governance review consultation is due in the next few months. With CPS 230 now in effect, APRA will start prudential reviews of compliance with significant financial institutions before extending to non-SFIs, and further reviews will assess how entities are meeting CPS 234 information security requirements, including authentication controls highlighted by credential stuffing attacks on superannuation funds in April.
Australian Prudential Regulation Authority 2025-07-24
Australian Prudential Regulation Authority outlines banking proportionality reforms and increased cyber and operational risk supervision
At the Australian Banking Association Conference, APRA Chair John Lonsdale announced plans to cut banks' compliance costs while upholding prudential standards, focusing on cyber, operational, and geopolitical risks. APRA will adopt a three-tier proportionality approach, streamline internal-ratings based accreditation, and amend the bank licensing framework. The 2024 stress test confirmed banks' ability to meet obligations despite downturns and cyber incidents. Macroprudential settings remain unchanged, with discussions on riskier mortgage lending limits planned. APRA will start prudential reviews under CPS 230 and assess compliance with CPS 234.