APRA CPS 234 Compliance for AI Systems
A comprehensive guide to meeting APRA's prudential standard on information security when deploying AI in Australian financial services. Understand the requirements, identify the gaps, and implement compliant AI with confidence.
What is APRA CPS 234?
Prudential Standard CPS 234 — Information Security — is APRA's mandatory framework for managing information security in regulated financial services entities. It has been in force since July 2019 and applies to every APRA-regulated entity in Australia.
Who Must Comply
CPS 234 applies to all APRA-regulated entities, regardless of size:
- Authorised deposit-taking institutions (banks, credit unions, building societies)
- General insurers and life insurance companies
- Registrable superannuation entity (RSE) licensees
- Holding companies of banking and insurance groups
Core Objective
The standard requires entities to:
- Maintain information security capability commensurate with threats
- Implement controls to protect information assets
- Detect and respond to incidents in a timely manner
- Notify APRA of material incidents within 72 hours
CPS 234 Requirements for AI Systems
Each requirement of CPS 234 has specific implications for AI deployments. Here is how each requirement applies and how Custom LLM addresses it.
Information Asset Identification
CPS 234 Para 15-17
The Requirement
APRA-regulated entities must identify all information assets, including those managed by third parties. AI systems that process, store, or transmit information are information assets that must be identified, classified, and recorded in the entity's information asset register.
How Custom LLM Addresses It
Our platform provides a complete inventory of all data processed by the AI system, including data sources, processing flows, and storage locations. This inventory maps directly to your entity's information asset register requirements.
Information Asset Classification
CPS 234 Para 18-19
The Requirement
Information assets must be classified by criticality and sensitivity. The classification must reflect the potential impact of a compromise on the entity, its customers, and the financial system. AI training data, model weights, and inference outputs all require appropriate classification.
How Custom LLM Addresses It
The platform enforces classification-appropriate security controls automatically. Data ingested into the AI system inherits the classification of the source, and the platform applies controls commensurate with the highest classification of data it processes.
Security Controls
CPS 234 Para 20-23
The Requirement
Security controls must be commensurate with the size and extent of threats to information assets, the criticality and sensitivity of information assets, the stage of the information asset lifecycle, and the potential consequences of a security incident.
How Custom LLM Addresses It
Multi-layered security controls including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, network segmentation, continuous monitoring, and Essential Eight implementation at Maturity Level Three.
Incident Management
CPS 234 Para 24-28
The Requirement
Entities must have mechanisms to detect and respond to information security incidents in a timely manner. Material information security incidents must be notified to APRA within 72 hours. AI-specific incidents — such as data exfiltration through prompts or model manipulation — must be covered.
How Custom LLM Addresses It
Comprehensive incident response procedures aligned with the 72-hour notification requirement. AI-specific threat detection including prompt injection monitoring, data exfiltration attempts, and anomalous access patterns. Automated alerting with severity classification.
Testing Program
CPS 234 Para 29-33
The Requirement
Entities must maintain a systematic testing program to test the effectiveness of security controls. Testing must be performed by appropriately skilled and independent specialists. For AI systems, this includes penetration testing of the AI inference layer.
How Custom LLM Addresses It
Regular penetration testing by independent CREST-certified assessors covering the full AI stack: inference APIs, data ingestion pipelines, access controls, and network perimeter. Testing reports are provided in a format suitable for APRA examination.
Third-Party Management
CPS 234 Para 34-36
The Requirement
Where information assets are managed by a third party, the entity must assess the information security capability of the third party commensurate with the potential consequences of a breach. Audit rights and ongoing assurance must be maintained.
How Custom LLM Addresses It
Our contractual framework includes the audit rights, security assurance reporting, and incident notification provisions that CPS 234 requires. We provide SOC 2 Type II reports, regular penetration test summaries, and support direct audit by your entity's assessors.
Board & Senior Management Obligations
CPS 234 places specific obligations on the board and senior management of APRA-regulated entities. When AI is deployed, these obligations extend to the governance of AI systems.
Board Responsibilities
- Ensure the entity maintains an information security capability commensurate with the size and extent of threats (including AI-related threats)
- Approve the entity's information security policy framework, including AI governance
- Receive reporting on material information security incidents and the status of AI risk management
Management Responsibilities
- Implement the information security policy framework with AI-specific controls
- Maintain a register of AI-related information assets with appropriate classification
- Ensure AI vendor third-party arrangements include audit rights and incident notification
Path to CPS 234 Compliant AI
A structured approach to achieving and maintaining CPS 234 compliance for your AI deployment.
Gap Assessment
We assess your current AI usage against CPS 234 requirements, identifying gaps in information asset classification, security controls, third-party management, and incident response procedures.
Architecture Design
A CPS 234-compliant AI architecture is designed, addressing every requirement: sovereign hosting, access controls, encryption, audit trails, incident management, and board reporting.
Implementation
The compliant AI platform is deployed with all security controls active, integrated with your entity's security monitoring, and documented to the standard required for APRA examination.
Ongoing Assurance
Continuous monitoring, regular penetration testing, and periodic compliance reviews ensure ongoing adherence to CPS 234 as both the standard and your AI usage evolve.
Related Resources
Custom LLM for Financial Services
See how our full financial services AI solution meets APRA requirements across compliance, credit, and risk management.
View financial services solution →Data Sovereignty Guide
Understand the broader data sovereignty landscape in Australia, including the CLOUD Act, Privacy Act, and sovereign cloud options.
Read sovereignty guide →On-Premises Deployment
For maximum control, deploy your AI entirely within your entity's own infrastructure.
Explore on-premises options →Frequently Asked Questions
Common questions about APRA CPS 234 compliance for AI systems in Australian financial services.
Deploy AI with CPS 234 Confidence
Book a compliance assessment to understand exactly where your current AI usage stands against CPS 234 requirements, and get a clear roadmap to fully compliant AI deployment.