Australia’s financial watchdog is rethinking how it regulates the sector, as businesses face mounting challenges from cyber attacks, geopolitical tensions, and operational disruptions.
Speaking to Business Council of Australia (BCA) at a boardroom lunch, Australian Prudential Regulation Authority (APRA) chair John Lonsdale emphasised the need for closer engagement between the regulator and industries beyond its traditional remit of banking, insurance, and superannuation.
The call comes amid heightened global instability, which Lonsdale said now exceeds levels seen during the Global Financial Crisis, Brexit, and the pandemic, citing the World Uncertainty Index. Even so, he noted that Australia’s financial institutions have remained robust, he said, thanks to decades of capital strengthening and risk mitigation.
Still, Lonsdale acknowledged the concerns many businesses have about the burden of regulation.
“We agree that regulation is important but it’s true that it comes with a cost,” he said, noting 97% of APRA-regulated entities said in a recent survey the regulator’s supervision benefited them, but only two-thirds believed it struck the right balance between safety and competition.
“Finding that sweet spot isn’t easy to do, yet it lies at the core of APRA’s mandate: to balance financial safety and stability with other considerations including competition, efficiency and contestability.”
As APRA finalises its next Corporate Plan, which will set out priorities for the next 12 to 18 months, Lonsdale said the regulator is increasing its efforts to simplify its framework and reduce unnecessary compliance burdens – especially for smaller institutions. However, he made clear that the agency is not prepared to roll back key financial safeguards.
“When APRA considers where we might ease our requirements or make them more proportionate, we don’t believe there is a sound case to wind back the financial resilience we have built-up over several decades,” he said.
Instead, there may be greater flexibility in how APRA approaches non-financial risks, which have become a top concern for many organisations. According to its survey, regulated entities are most worried about cyber security, followed by geopolitical and operational risks.
“Interestingly, when we asked APRA’s regulated entities in our stakeholder survey about which business risks most concerned them, some of these types of risks topped the list. The number one concern was cyber risk. Number two was geopolitical risk. Third was operational risk,” Lonsdale said.
He pointed to the regulator’s recent actions in this space, including the introduction of its first prudential standard on information and cyber security in 2019 and a new standard on operational risk management set to take effect soon – both aimed at ensuring the financial system remains secure and resilient in an increasingly volatile environment.
