Australian Prudential Regulation Authority outlines heightened-risk supervisory actions including high DTI mortgage cap and AUD 50 million Bendigo Bank capital add-on

The Australian Prudential Regulation Authority has set out to a parliamentary committee how it is intensifying supervision and enforcement across banking, insurance and superannuation in response to elevated geopolitical, cyber and operational risks and rising concerns around household leverage. Key measures highlighted include the commencement of a new limit on high debt-to-income home lending, targeted cyber-security uplifts for superannuation trustees, and recent enforcement actions in both superannuation and banking. APRA described joint work with the Council of Financial Regulators to strengthen system resilience, including resilience action plans, testing and expanding the crisis response playbook with stronger intelligence sharing, payment backup and broader contingency arrangements, industry surge capacity for sanctions, and establishing crisis powers that may be required. In cyber security, it is requiring several superannuation trustees to bring forward actions to harden controls, with the seven funds affected by credential-stuffing attacks to uplift authentication controls by April 2026 following independent assessments. On household leverage, APRA confirmed its new cap on high debt-to-income lending for new home loans is now in effect, with a 20 per cent limit on lending at debt-to-income ratios of six or above for both owner-occupiers and investors. In superannuation, APRA said a review of major platform trustees covering around 95 per cent of platform funds under management found weaknesses in onboarding, monitoring and remedial action, leading to urgent remediation, breach reporting and enforcement including a court-enforceable undertaking from Netwealth and licence conditions on Diversa Trustees and Equity Trustees in December 2025. In banking, it imposed an AUD 50 million risk capital add-on on Bendigo Bank and required a root cause analysis of non-financial risk management issues, while continuing engagement with AUSTRAC. Next steps flagged include publication of APRA’s general insurance Climate Vulnerability Assessment in the next few months and continued consultations arising from the Council of Financial Regulators review of small and medium-sized banks, including proposals for a third tier in the bank prudential framework and improved communication of Pillar 2 capital decisions, alongside engagement with Treasury on a possible fourth tier for the very smallest banks.