APRA's Model Risk Thematic Review: What to Expect
← GRC

APRA's Model Risk Thematic Review: What to Expect

APRA's model risk thematic review is expected to land in the second half of 2026. The signals from supervisory engagement to date suggest where it will press hardest, and what regulated entities should be doing now.

·10 min read·monthly

GRC content. Written for compliance, risk, and audit professionals in Australian financial services. General information. Not legal or compliance advice.

The model risk picture has changed faster than the standards.

Context for general readers: Model risk is the risk of financial loss, regulatory breach, or reputational harm caused by errors in mathematical models used to make business decisions. In banking, models are used everywhere: deciding who gets a loan, calculating capital requirements, detecting fraud, monitoring transactions for money laundering. APRA has supervised model risk for decades through standards like CPS 220 (Risk Management) and APS 113 (capital adequacy models). What has changed is the type of models in scope. Generative AI, large language models, and machine-learning systems are now deeply embedded in regulated entities, and the existing framework was designed for a different generation of technology.

A thematic review is APRA's deep-dive supervisory tool. It is not an enforcement action; it is a structured study of how a sector is managing a specific risk, with findings that drive expectations forward. APRA's last two thematic reviews on cyber and operational resilience drove material changes in supervisory expectations. Multiple signals across 2025 and early 2026 indicate model risk is next.

This article is an analytical preview. It is not a leak; APRA has not published a terms of reference. It is a synthesis of what APRA has signalled publicly and what the pattern of supervisory engagement to date suggests. Practitioners preparing for what is likely to land in the second half of 2026 should read it as a planning input, not a forecast.

Why now

Three forces are converging.

First, capability change. The frontier models in 2026 (GPT-5, Claude Sonnet 4.5 generation, Gemini 2.5) are materially more capable than the systems APRA's existing supervisory expectations were built around. Use cases have expanded from narrow predictive models to generative tools embedded in customer-facing operations.

Second, deployment scale. Enterprise AI adoption inside Australia's largest regulated entities has crossed the threshold from pilot to production over the last 18 months. Use cases that were not in scope for any model risk framework two years ago (for example, generative drafting of credit memos or compliance assessments) are now operational.

Third, regulatory momentum. The APRA Corporate Plan 2025-26 flagged technology and operational risk as enduring supervisory priorities. The Voluntary AI Safety Standard provides a voluntary baseline. ASIC has signalled active supervision of AI in financial services. The cross-regulator picture is moving in one direction.

What "model risk" likely means in this review

The traditional model risk discipline, codified in standards like APS 113 and the supervisory expectations around the Internal Ratings-Based approach, focuses on quantitative models with stable specifications, validation cycles, and clearly defined input data. The challenge for the thematic review is that AI systems do not fit neatly inside that frame.

Three categories of model are likely to be examined.

The first is traditional models that have been augmented with AI components. A credit risk model that retains its core scoring logic but uses an AI tool to extract features from unstructured documents. The model itself is governed; the AI feature pipeline may not be.

The second is AI-native decision support systems. Generative AI tools used to draft credit memos, compliance assessments, or claims triage decisions. The output influences a material decision, but the system rarely sits inside the formal model inventory.

The third is autonomous or near-autonomous AI systems. Tools that take actions with limited human review, including automated suspicious matter triage in AML monitoring, automated underwriting in some general insurance lines, and customer service chatbots resolving complaints. These are operationally embedded but governance frameworks are inconsistent.

Where supervisory pressure is likely to focus

Six areas are likely to see the sharpest questions.

1. Inventory completeness

The first supervisory question for any model risk thematic review is always inventory. APRA will want a comprehensive list of models in production, with classification by materiality. The challenge for AI tools is definitional: when is a generative AI assistant a model that requires inventory entry, and when is it a productivity tool? Entities that have answered this question consistently and documented the threshold will fare better than those that have not.

2. Validation methodology fit

CPS 220 and APRA's Information Paper on banking system strength expect models to be independently validated. The standard validation methodology for traditional statistical models (back-testing against historical data, sensitivity analysis, performance monitoring) does not transfer cleanly to large language models. The supervisory question: have entities developed AI-appropriate validation methodologies, and are they applied consistently?

3. Human-in-the-loop design

Where AI outputs influence material decisions, supervisory expectation will focus on how human review is designed. The pattern emerging from international supervisors (UK FCA, US OCC) is that nominal human review is insufficient. APRA is likely to ask whether the human reviewer has the time, the information, and the authority to materially change the AI output. The answer in many institutions today is uneven.

4. Third-party AI provider oversight

Most enterprise AI capability is provided by third parties. CPS 230 governs the operational risk dimension of those relationships, but model risk goes further. Supervisory questions are likely to probe transparency on training data, model updates, performance monitoring data made available to the regulated entity, and the entity's own ability to detect quality drift. Where the third party will not provide this transparency, the entity needs a documented compensating control.

5. Bias, fairness, and consumer outcome testing

This is the area with the highest cross-regulator overlap. AHRC, OAIC, and ASIC all have active interests in AI fairness and consumer outcomes. APRA's prudential lens focuses on whether bias creates financial loss or regulatory exposure for the entity, but the testing methodology is largely shared across regulators. Entities that have not embedded fairness testing into their AI model lifecycle will see questions on this front.

6. Documentation of model purpose and scope creep

A traditional model risk framework treats the model's intended purpose as a stable input. The model is built for a defined use case, validated for that use case, and used inside that boundary. AI tools, particularly generative ones, have a tendency to be used beyond their original design intent. A summarisation tool deployed for one workflow gets repurposed by analysts in another workflow because it works reasonably well there too.

The supervisory expectation likely to emerge: documented model purpose statements, with controls to detect and govern scope expansion. Where a model is used outside its validated scope, the entity should know about it before the supervisor does.

How the supervisory engagement is likely to unfold

Thematic reviews follow a recognisable pattern. APRA typically begins with a survey or information request to a sample of regulated entities, designed to establish a baseline picture of practice. On-site or remote engagement follows, with selected entities subjected to deeper testing. Findings are then synthesised and shared with industry through a public report, supervisory letters, or both.

For model risk specifically, the sample is likely to be skewed toward larger ADIs and insurers, because the AI tooling deployment is most extensive there. Smaller entities may be drawn into the review scope through specific use cases (for example, AI-driven AML/CTF or fraud detection) rather than as primary participants.

The output is unlikely to be a brand-new prudential standard in the short term. APRA's pattern is to begin with practice guides and supervisory letters, with new prudential standards reserved for cases where the existing framework cannot stretch. CPS 220, CPS 230, and APS 113 between them probably reach most of the AI-relevant model risk territory; the practical work is in updated practice guidance.

What the international picture suggests

International regulators have moved at different paces. The UK FCA has issued discussion papers on AI in financial services and continues to develop its approach. The US OCC has issued model risk management guidance with specific applicability to AI components. The EU has the AI Act, which sits alongside its prudential framework. The international picture provides comparators for what supervisory expectations may look like, without binding APRA to any specific path.

The pattern across these regulators is consistent on three points: model inventory is non-negotiable, validation methodology must be fit for the model type, and human oversight quality matters more than human oversight quantity. APRA is likely to land in similar territory.

Practical implications this quarter

For GRC and risk teams in regulated entities, four actions are sensible regardless of when the review actually lands:

  1. Run a model risk inventory completeness check covering AI tools. Apply a clear threshold for what counts as a model. Document the threshold. Be ready to defend it.
  2. Map your validation methodology by model type. Where the methodology was designed for traditional statistical models, identify the gap for generative AI and document the planned remediation. APRA's published guidance signals that a credible plan is likely to be accepted at supervisory review; silence on AI use is unlikely to be.
  3. Document human-in-the-loop adequacy for material AI outputs. Move beyond "a human reviews the output" to evidence that the human has the time, the information, and the authority to override.
  4. Build third-party AI transparency into procurement and ongoing oversight. Standard third-party risk management questionnaires need additional model-specific questions. The major model providers vary considerably in how much they will disclose; pricing your control framework for the disclosure you can actually obtain is the practical task.

How to structure the readiness work

Three structural choices shape the quality of model risk readiness work for the expected review.

The first is whether AI risk is housed inside the existing model risk function or treated as a separate discipline. The argument for separation is that AI capability and model risk capability are different skill sets. The argument for integration is that the supervisory expectations, validation methodology challenges, and governance structures all share substantial common ground. The pattern emerging in the major Australian institutions is integration, with AI specialists embedded in the existing model risk function rather than operating in a parallel structure.

The second is the relationship between the second line model risk function and the first line AI deployment teams. The supervisory expectation under CPS 220 and the pattern from international regulators is robust second-line oversight. Where the second line is under-resourced relative to the first line's deployment cadence, the governance picture is weaker. Practitioners should examine resourcing imbalance honestly.

The third is documentation discipline. Thematic reviews live and die on documentation quality. The institution that can produce, on request, a current model inventory with classification, validation evidence, monitoring metrics, and incident history will fare materially better than the institution that has to compile this on demand.

Direction of travel

The pattern from APRA's cyber and operational resilience thematic reviews is consistent: findings emerge several months after the on-site work concludes, supervisory letters follow, and updated guidance or standards typically arrive 12 to 18 months after the review wraps up. For model risk and AI specifically, the practical path is likely to be a refresh of CPS 220 expectations and possibly a dedicated AI-focused practice guide, rather than a brand-new prudential standard.

For GRC professionals, the work to do does not depend on the timing. The supervisory expectation is forming. The institutions that will be ready are the ones that started the work in the first half of 2026, not the ones that wait for the terms of reference to land.

Content disclaimer: This article is for general educational and informational purposes only. It does not constitute legal advice, regulatory guidance, or a substitute for professional compliance judgement. Regulatory obligations vary by entity type, licence, and circumstance. Always refer to primary source guidance from APRA, ASIC, or the relevant regulatory authority.

TheAICommand. Intelligence, At Your Command.

Context

A thematic review is one of APRA's core supervisory tools. It is not enforcement, and it is not consultation. It is a deep look at how a sector is managing a specific risk, with findings that typically feed into supervisory letters, updated guidance, or new prudential standards. APRA conducted thematic reviews on cyber maturity (2023) and operational resilience (2024). Model risk is widely expected to be next.

AI angle

AI models, including generative AI, are now embedded across credit decisioning, anti-money-laundering monitoring, fraud detection, and claims triage in regulated entities. APRA's existing model risk guidance was written for traditional statistical models. The thematic review will test how well the existing framework stretches to cover modern AI systems.

Primary sources

APRAmodel riskAI governancethematic reviewCPS 230
← Back to GRC

Content disclaimer: This article is for general educational and informational purposes only. It does not constitute legal advice, regulatory guidance, or a substitute for professional compliance judgement. Regulatory obligations vary by entity type, licence, and circumstance. Always refer to primary source guidance from APRA, ASIC, or the relevant regulatory authority.