Oslo financial district representing global GRC regulation

GRC

AI in Governance, Risk & Compliance

Practical intelligence on AI developments across APRA, ASIC, FAR, AML/CTF, DDO, and CPS 230 for compliance and risk professionals in Australian financial services.

APRAASICFARAML/CTF

Intelligence, At Your Command.

Regulatory Frameworks

APRA / CPS 230

Operational Risk Management: AI system governance obligations

FAR

Financial Accountability Regime: accountability for AI-assisted decisions

ASIC

Consumer protection obligations and AI disclosure requirements

AML/CTF

Anti-money laundering and AI-assisted transaction monitoring

DDO

Design and Distribution Obligations: AI in product recommendations

CPS 234

Information Security: cybersecurity governance for AI systems

Analysis

GRC Intelligence

ASIC's AI Supervisory Posture, Decoded
GRC··5 min read

ASIC's AI Supervisory Posture, Decoded

ASIC's posture on AI in financial services is now visible across REP 798, the 2026 Key Issues Outlook, and recent statements from the Chair. Five themes shape supervisory expectation, and three create immediate work for compliance teams.

Read article
FAR and AI: How Accountability Maps to Tooling Decisions
GRC··5 min read

FAR and AI: How Accountability Maps to Tooling Decisions

The Financial Accountability Regime makes specific senior executives answerable for the systems and decisions inside their portfolios. AI tooling decisions sit inside that accountability, whether they are formally documented in the responsibility map or not.

Read article
AML/CTF and Large Language Models: A Compliance View
GRC··5 min read

AML/CTF and Large Language Models: A Compliance View

Large language models are now embedded across AML/CTF programs, from suspicious matter triage to KYC document review. AUSTRAC's posture on these uses is shaping. Reporting entities need a clear governance position now, not later.

Read article
DDO and AI-Driven Personalisation: Where the Boundary Sits
GRC··5 min read

DDO and AI-Driven Personalisation: Where the Boundary Sits

AI personalisation is moving fast inside Australian financial services. The Design and Distribution Obligations were not written with adaptive recommendation engines in mind. The boundary between targeting and personal advice is the line GRC teams need to govern.

Read article
APRA's Model Risk Thematic Review: What to Expect
GRC··5 min read

APRA's Model Risk Thematic Review: What to Expect

APRA's model risk thematic review is expected to land in the second half of 2026. The signals from supervisory engagement to date suggest where it will press hardest, and what regulated entities should be doing now.

Read article
CPS 230 and AI: A Practical Operational Resilience Playbook
GRC··5 min read

CPS 230 and AI: A Practical Operational Resilience Playbook

CPS 230 has been live since 1 July 2025. Nine months in, the practical question for boards and operational risk teams is no longer whether AI tools fall inside the standard. It is how to evidence it.

Read article

More GRC coverage coming. In-depth analysis of ASIC AI guidance, AML/CTF reform implications, DDO and AI-assisted product recommendations, and quarterly GRC talent market reports are in development. Subscribe to be notified.

Subscribe for updates