Issue 09: Issue 09: CPS 230 meets your AI stack

What shipped

APRA confirms CPS 230 thematic review will cover AI-dependent processes

APRA confirmed its 2026 thematic review of operational risk management will examine how regulated entities scope AI-dependent processes within their critical operations register.

Source →

ASIC clarifies AFSL obligations for AI-driven recommendations

ASIC reiterated that AFSL obligations apply regardless of whether a recommendation is generated by AI, with DDO, misleading conduct, and advice obligations all in force.

Source →

Voluntary AI Safety Standard reaches 18-month review

The Department of Industry, Science and Resources opened consultation on whether ten guardrails should remain voluntary or shift to mandatory for high-risk AI.

Source →

Four actions GRC practitioners can take this week.

This week is GRC and compliance. The four actions assume you operate in or near a regulated entity covered by APRA prudential standards. Each takeaway produces an artefact you can table at your next risk committee.

One. Map AI-dependent processes onto your CPS 230 critical operations register. Add a column for AI dependency. Mark each process red, amber, or green.

Two. Update your service provider risk assessment template to capture AI subprocessors. A vendor that uses a foundation model is a sub-processor in everything but name.

Three. Test one CPS 230 tolerance against an AI outage scenario. Pick the slowest tool in your stack and ask what happens if it is unavailable for 24 hours.

Four. Bring the ASIC clarification to your AFSL controls owner. One question. Which customer-facing AI use survives a direct ASIC application of these obligations?

These actions sit inside the operational risk standard you already have. They surface the AI exposure CPS 230 already covers and produce evidence the next thematic review will expect.

Why CPS 230 already governs your AI stack.

Visual 1. Indicative CPS 230 mapping coverage of AI-dependent processes across a sample of regulated entities. Sources: APRA published consultation responses, industry survey returns. Indicative only.

Prompt of the week.

Setup: This prompt produces a CPS 230 gap map for AI-dependent processes. Paste your critical operations register entries (de-identified) and the AI tools they depend on. The model returns a coverage matrix, a tolerance test scenario, and a list of sub-processor questions to send to vendors.

You are a GRC analyst supporting an APRA-regulated entity preparing for the 2026 CPS 230 thematic review. You support a CPS 230 control owner. Inputs I will provide: - Critical operations register entries, with process name, owner, tolerance level, and current third-party dependencies. - AI tools used in or by each process (foundation model, vendor product, internal model). - Known sub-processors disclosed to date. Produce: 1. A coverage matrix mapping each critical operation to its AI dependencies, with a one-sentence note on whether the dependency is captured in the existing register. 2. One tolerance test scenario per critical operation, framed as a 24-hour AI outage scenario, with a suggested mitigation owner. 3. A list of sub-processor due diligence questions to send to each vendor, anchored to CPS 234 and CPS 230 expectations. Do not invent dependencies the inputs do not mention. Where evidence is insufficient, rate amber and state what would be needed to move to green. Flag any item that appears to create a specific APRA, ASIC, or Privacy Act exposure.

How to use it: Paste an extract from your critical operations register with AI dependencies noted. Run the prompt. Review the coverage matrix for accuracy against your existing CPS 230 documentation. Use the tolerance test scenarios as starting points for your next resilience exercise.

Risk: Models will sometimes propose mitigations that sound credible but conflict with your specific licence conditions. Have your AFSL or banking licence owner sign off on any mitigation that touches customer-facing processes. Treat the sub-processor questions as a draft list, not a final one.