APRA CPS 230 and AI: Operational Resilience Obligations for Australian Financial Institutions

CPS 230 and AI: the operational resilience imperative

APRA's Prudential Standard CPS 230 Operational Resilience, effective 1 July 2025, represents a significant uplift in operational risk management requirements for Australian banks, insurers, and superannuation funds. While the standard addresses operational resilience broadly, its implications for AI governance are substantial and have not been fully worked through by most institutions.

The central concept of CPS 230 is the "critical operation" — a service or process that, if disrupted, would have a material adverse impact on the entity's beneficiaries, customers, or financial soundness. Identifying which operations are critical is the starting point for CPS 230 compliance, and this identification exercise has significant implications for AI governance. Many AI systems in financial institutions support operations that are, or should be, classified as critical: real-time credit decisioning, fraud detection and transaction monitoring, customer authentication, insurance claims processing, and market risk management are all candidates.

What CPS 230 requires for AI systems supporting critical operations

Once an AI system is identified as supporting a critical operation, CPS 230 creates specific requirements. The institution must set a "tolerance level" for the disruption of the critical operation — essentially, how long can the operation be disrupted before there is a material adverse impact? This tolerance must be specific and measurable, and the AI system must be recovered within that tolerance in the event of a failure.

The institution must also maintain "business continuity plans" for critical operations that include AI failure scenarios. For AI systems, this means the institution must have worked through: what happens if the AI model produces systematically incorrect outputs? What is the manual fallback process? How quickly can the institution detect that the AI is failing? What is the escalation pathway? These questions must be answered specifically, not generically, for each AI system supporting a critical operation.

Third-party AI risk under CPS 230

CPS 230 creates explicit obligations for third-party arrangements that support critical operations — including AI vendor relationships. If an institution relies on a third-party AI system (a cloud-based credit scoring model, an AI fraud detection service, a vendor-provided insurance underwriting tool) to support a critical operation, CPS 230 requires the institution to: conduct due diligence on the vendor's operational resilience; include contractual provisions that support the institution's CPS 230 compliance; monitor the vendor's ongoing resilience; and have contingency arrangements if the vendor cannot continue to provide the service. Many existing AI vendor contracts were negotiated before CPS 230 and do not contain the provisions required. Contract remediation is a specific CPS 230 implementation task for institutions using third-party AI in critical operations.