On 24 July 2025, the Australian Prudential Regulation Authority (APRA) published its Chair’s speech to the Australian Banking Association Conference 2025. In this speech, APRA Chair John Lonsdale foreshadows amendments to prudential regulation and macroprudential policy tools, reviews of existing prudential standards, and calls banks, insurers and superannuation trustees to have increased vigilance for cyber, operational and geopolitical risks.
Reforms in the pipeline
Mr Lonsdale noted that APRA and other Australian regulators received a letter earlier this month from the Australian Treasurer asking them to identify specific, measurable actions to reduce compliance costs without compromising standards. Mr Lonsdale goes on to outline APRA’s thinking with a particular focus on banking. This includes:
- Formalising a three-tiered approach to proportionality in the framework for banking. APRA will soon move from effectively having two tiers in banking to three which will generally correspond to large banks (the major “significant financial institutions”, or SFIs), medium banks (other banks that are SFIs) and small banks (non-SFIs).
- Streamlining APRA’s accreditation process that allows banks to use the internal-ratings based approach to calculating risk-weighted assets which may result in a slight reduction in capital requirements.
- Improving APRA’s communications to banks on its decisions on minimum capital requirements under Pillar 2 of the Basel framework. APRA has committed to provide clearer explanations of the basis for its decisions and what risks need to be addressed for certain capital adjustments to be removed or lowered.
- Making the bank licensing process as efficient as possible. This includes making APRA’s expectations more transparent.
APRA’s upcoming Corporate Plan will outline further initiatives aimed at reducing the regulatory burden in areas where the regulator feels it is safe to do so.
Macroprudential tools
Mr Lonsdale then discusses macroprudential policy tools, especially in relation to home loans. He notes that Australia has one of the highest levels of household debt relative to income in the world. As a result, Australia’s financial system is uniquely exposed to a shock impacting households’ ability to repay their home loans. Mr Lonsdale explains that using the macroprudential policy tools available to it, including the serviceability buffer, APRA tries to strike a balance to ensure this risk is being adequately managed through sound lending standards, but that credit continues flowing to support the Australian economy. As such APRA has recently announced that it is keeping its current macroprudential settings on hold, after considering factors including household debt levels, credit growth, labour market conditions, as well as instability in the geopolitical environment.
However, Mr Lonsdale notes that one possible concern for the future is that where interest rates are lowered there could be a rise in riskier forms of residential lending and as such it is important for APRA to be forward-looking and prepared for potential risks at future points in the financial cycle. With that in mind, APRA will soon begin discussions with entities around implementing certain aspects of various macroprudential tools to manage lending risks, including limits on some riskier forms of lending.
Governance review
Mr Lonsdale then covers APRA’s governance review which was announced in March noting that the regulator received almost 80 submissions responding to its discussion paper. Mr Lonsdale states that respondents have broadly supported APRA’s proposals but whilst there has been enthusiasm for proposals such as enhancing clarity around board roles, it has also heard caution around the potential impacts of other proposals, including independence within corporate groups and the proposed 10-year tenure limit. APRA continues to reflect on the feedback it has received and will provide an interim update in the next few months. The important takeaway is the announcement that APRA is “not prepared to keep the status quo” and some change will be seen moving forward.
Upcoming reviews on compliance with CPS 230 and CPS 234
MrLonsdale then turns to APRA’s biennial stakeholder survey which was published last month. Of the top three risks noted by survey respondents – cyber risk, operational risk and geopolitical risk – APRA continues to observe vulnerabilities that boards and management teams must get ahead of. On cyber risk, one of the most pressing issues is weaknesses in authentication controls, an issue that was highlighted by the credential stuffing attacks on several superannuation funds that emerged in April. On operational risk, the increasing reliance on third party service providers continues to be a growing vulnerability and APRA’s new prudential standard on operational risk management CPS 230, which commenced on 1July 2025 and emphasises the need for entities to have an end-to-end understanding of their reliance on material third party service providers, set appropriate tolerances for those services and be proactive in scenario planning for potential operational risk events. APRA has announced that it will be carrying out a series of prudential reviews into how entities are complying with CPS 230, starting with SFIs. APRA will also conduct further reviews of compliance with CPS 234.