The Australian Prudential Regulation Authority (APRA) is the Australian Government's independent statutory authority for prudential regulation of the financial services industry. Established 1998, APRA supervises authorised deposit-taking institutions (banks, credit unions, building societies, mutuals), insurers (general, life, private health), and superannuation entities — covering more than 90 percent of Australian household assets in regulated institutions.
APRA publishes prudential standards (CPS, SPS, GPS, HPS, LPS) that regulated entities must meet. The standards most relevant to IT and cybersecurity are CPS 234 (Information Security, in force since July 2019) and CPS 230 (Operational Risk Management, in force from July 2025).
APRA conducts thematic reviews, prudential inquiries and on-site supervisory visits. Non-compliance can lead to enforcement action including enforceable undertakings, directions, capital add-ons, and licence conditions — material business consequences that put cybersecurity squarely on the board agenda for APRA-regulated mid-market firms.