Navigating the evolving regulatory and risk landscape for ADIs

To position your business for resilience and success as we approach a new financial year, it’s important to consider key trends impacting the banking sector to help you navigate the evolving regulatory and risk landscape.

Staying ahead of regulatory changes

In the current regulatory environment, ADIs must stay vigilant to avoid risks and penalties associated with non-compliance to standards. This means keeping a close eye on ASIC’s increased focus on enforcement actions related to financial product distribution, greenwashing, high-cost credit practices and more. Alongside this, measures need to be implemented in line with APRA’s prudential standards on operational and cyber resilience, aiming to enhance customer protection and ensure financial system stability. 

To navigate these complexities, institutions should continue to uplift their risk management framework and focus on data risk governance in particular. Taking proactive measures and establishing strong compliance frameworks will be crucial to mitigate potential risks effectively.

Integrating sustainability reporting

Sustainability reporting has become a crucial component of business practices. ADIs should be aware of the upcoming Australian Sustainability Reporting Standards (ASRS), mandatory sustainability reporting which will require – in a phased manner depending on size thresholds – a sustainability report to be prepared as part of the annual reporting package. ADIs should also consider incorporating broader, robust metrics to enhance transparency and accountability in environmental, social, and governance (ESG) practices. 

The ASRS will require a thorough consideration of climate-related risks and opportunities, and disclosure of material information about those risks and opportunities. Directors will be required to make a declaration on the sustainability report, which will ultimately be subject to external assurance. However, by looking beyond the purely compliance aspect of sustainability reporting, ADIs can build trust and demonstrate their commitment to sustainable practices.

Aligning with the ATO's banking and finance strategy

The ATO is increasingly focusing on the banking and finance sector, ensuring compliance with tax obligations, enhancing transparency, and promoting fair market practices. It also stresses the importance of robust governance and risk management frameworks, especially around new financial products and services. 

To align with the ATO's strategic priorities, ADIs should document their processes thoroughly and establish strong governance frameworks. This will help you navigate regulatory changes more smoothly and support compliance, ultimately improving your institution's financial stability.

Embracing the future with GenAI

Generative AI (GenAI) holds transformative potential for the banking sector, from improving customer service to detecting fraud. The future with GenAI in banking involves leveraging AI to enhance operational efficiency and decision-making processes. However, it also presents challenges in detecting complex fraud and ensuring data security. 

To harness the benefits of GenAI, ADIs must invest in these technologies responsibly, establishing strong ethical frameworks and governance to mitigate risks and ensure regulatory compliance. By doing so, they can enhance operational efficiency and better serve their customers while managing potential risks.

Combatting investment scams and fraud

Investment scams and fraud are becoming more complex, causing significant financial harm to businesses and consumers alike. In fact according to Scamwatch, the most losses incurred by the Australian community in 2024 were due to investment scams. 

Banks and financial institutions have a crucial role in reducing this. Alongside this, regulatory bodies are increasing their efforts to combat scams by establishing frameworks and policies, enhancing staff training and customer education. 

For ADIs, implementing strong risk management frameworks and leveraging advanced technologies for fraud detection and prevention is crucial. Prioritising customer education and strengthening internal controls are essential to effectively prevent financial crime. Continuous vigilance and adaptive strategies to disrupt, detect and respond to risks are necessary to stay ahead of increasingly sophisticated scams.

Strengthening security with CPS 234 and CPS 230

APRA’s prudential standards CPS 234 Information Security and CPS 230 Operational Risk Management form a comprehensive operational risk framework, where CPS 234 focuses on information security practices while CPS 230 provides a broad perspective to handle operational risks. Compliance with these standards requires upgrading risk management and operational strategies, emphasising stronger cyber defences, effective third-party risk management, and robust recovery plans to maintain continuity of critical operations. 

APRA has also shown its increased focus on remediation. To ensure measures implemented are up to standard, it’s important to consider and assess control weaknesses, map out actions for remediation and conduct a root cause analysis based on a well-defined, documented, and tested methodology involving people, processes, and systems. In addition to following regulatory guidance, this process will help your organisation achieve long term strategic outcomes.

To thrive in today's financial landscape, ADIs must navigate regulatory changes, integrate sustainability practices, leverage GenAI responsibly, combat fraud, and enhance cybersecurity. Our team is well positioned to support you through strategic insight, help implement proactive measures in an increasingly complex financial environment, meet stakeholders’ heightened expectations and ensure you maintain a competitive edge.