On 12 November 2025, the Australian Prudential Regulation Authority (APRA) published the remarks made by Executive Director Carmen Beverley-Smith at the ASFA Conference 2025.

The speech frames recent cyber incidents, operational disruptions and the high-profile collapse of two managed investment schemes offered through trustee-provided platforms as a stress test of public confidence. Trustees must focus on achieving three “baseline capabilities”: strong leadership and governance, operational resilience, and acting in members’ best financial interests. The message is candid: trust is not static, and funds must continuously strive to maintain member confidence in their super as the stewards of it.

On strong leadership, APRA is currently engaging with the industry to uplift board governance standards relating to board member fitness and propriety, tenure and capabilities and skills, among other things. APRA foreshadowed that these draft governance standards and guidance will be released in the second quarter of next year.

On operational resilience, APRA highlights the commencement of CPS 230 Operational Risk Management (launched in July) and the introduction of the Financial Accountability Regime for super this year. APRA expects trustees to intimately understand their key processes that deliver on commitments to members and to manage the risks and vulnerabilities in those processes regardless of who physically performs them.

In parallel, APRA reiterates its message that multi-factor authentication is expected as a baseline. APRA requires trustees to review information security controls, including authentication, and to submit breach notifications where material weaknesses are identified. APRA also comments that compliance with CPS 234 Information Security represents minimum obligations, rather than an aspirational level of information security governance for well-managed funds.

On member best financial interests, APRA has intensified scrutiny of discretionary expenditure. Using fund-level expenditure data, APRA reviewed spending on sponsorships, marketing, conferences, entertainment and related-party arrangements across 14 trustees. APRA has provided examples of better practice and areas for improvement and has made clear it will use the full range of powers where legal requirements are not met.