Amid a flurry of recent developments, Australian financial regulation has reached something of a turning point. APRA’s long-awaited CPS 230 standard has officially taken effect, raising the bar for operational resilience across banking, insurance, and superannuation. In parallel, ASIC has finalised guidance for mandatory sustainability disclosures, while the federal government’s new BNPL regime is now in force, closing long-standing gaps in consumer credit oversight.
Behind the headlines, AUSTRAC has begun laying the groundwork for a sweeping reform of anti-money laundering laws. Meanwhile, Australia has become the first country to legislate a coordinated scam prevention framework, signalling a more aggressive cross-sector stance on digital fraud.
Through it all, regulators have continued to consult, recalibrate, and test accountability frameworks across financial services.
Let’s unpack each of these developments and what they mean for regulators, policymakers, and the sector.
CPS 230 takes effect and operational risk enters the spotlight
APRA’s new cross-industry standard on operational risk management (CPS 230) came into force on 1 July. The milestone caps years of consultation and signals a significant expansion of expectations for how banks, insurers and superannuation funds handle disruption, outsourcing, and third-party risk.
Under the new framework, regulated entities must now identify their “important business services” and set formal tolerance levels for disruptions. They must also develop service continuity plans, test those plans regularly, and manage material service providers through contractual and monitoring obligations. The rules aim to improve resilience in the face of cyberattacks, system outages, and other emerging operational threats.
To support implementation, APRA released new incident notification forms in late June. These will be used by entities to report operational risk events, breaches of tolerance levels and changes in material arrangements.
More updates are expected in the coming months as APRA begins to assess early compliance.
BNPL enters the credit law arena
Buy now, pay later (BNPL) products are now formally regulated under Australian credit laws. Since 10 June, providers have been required to hold an Australian credit licence, conduct credit checks, and comply with hardship and dispute resolution rules, bringing them into line with other low-cost credit products.
The changes stem from the Treasury Laws Amendment (Responsible Buy Now Pay Later and Other Measures) Act 2024, which was passed earlier this year and came into force last month. The reform closes a significant regulatory gap in the consumer credit system and marks a shift in how credit-like products are supervised.
ASIC has released Regulatory Guide 281 to help providers understand and meet their new obligations. Late BNPL payments will now impact credit scores, and all providers must register with the Australian Financial Complaints Authority.
Industry players have generally welcomed the clarity but expressed concerns about operational readiness and compliance costs.
Australia sets global precedent with Scams Prevention Framework
Australia’s new Scams Prevention Framework has officially taken effect, setting a global benchmark in coordinated fraud regulation. The law, which passed Parliament in February, gives the ACCC, ASIC, and ACMA joint responsibility for enforcing new obligations on banks, telcos and digital platforms to detect, prevent, and respond to scams.
The legislation imposes record penalties of up to $50 million for non-compliance and, for the first time, allows victims to seek compensation from businesses that fail to meet their obligations. It also empowers regulators to develop mandatory industry codes and intervene when systemic weaknesses are identified.
The ACCC has described the framework as “world-first”, pointing to its integrated and proactive structure. Next steps include the drafting of enforceable standards and early-stage enforcement preparation.
With reported scam losses totalling $2 billion in 2024 (a 25.9% drop from 2023) the framework arrives amid renewed public and political momentum to crack down on digital fraud.
AUSTRAC sharpens focus while AML/CTF reform expectations set
The country’s financial intelligence agency, AUSTRAC, has released its regulatory expectations for implementing expanded anti-money laundering and counter-terrorism financing (AML/CTF) reforms. The new laws will take effect in March next year for currently regulated entities and in July for newly captured sectors, including legal, accounting, real estate and jewellery businesses.
The agency’s expectations, published this month, clarify the timeline for compliance and signal a strong focus on risk-based implementation. AUSTRAC will issue a regulatory priorities statement and detailed implementation plan later this month.
In parallel, the Second Exposure Draft of the AML/CTF Rules closed for consultation on 27 June. Key updates include changes to customer due diligence, suspicious matter reporting, the ‘travel rule’, and registration requirements for remitters and digital asset providers.
Taken together, these steps mark the start of a comprehensive uplift in Australia’s financial crime defences.
Climate disclosures: ASIC finalises guidance for a new reporting era
Although released earlier this year, ASIC’s finalised guidance on sustainability reporting is now taking on added urgency as entities prepare their first climate-related disclosures. Regulatory Guide 280 clarifies directors’ duties, outlines how scenario analysis and scope 3 emissions should be reported, and introduces temporary liability protections for forward-looking climate statements.
The regulator says it will take a “pragmatic and proportionate” approach to enforcement during the transition but expects entities to move quickly to meet the new standards.
We’ve been tracking this closely. See our May story on the second wave of climate disclosure compliance for deeper context and what’s next.
APRA moves to retire risky bank capital instruments
APRA has launched a consultation on phasing out Additional Tier 1 (AT1) capital instruments. Under the proposed changes, AT1 would no longer count toward minimum capital requirements, and existing instruments would be reclassified as Tier 2 until their first call date, no later than 2032. In other words, APRA is phasing out a complex form of bank capital that has raised concerns about transparency and loss-absorption in times of crisis.
The reforms align with global shifts in prudential capital standards following concerns over the complexity and effectiveness of AT1 instruments.
FAR rollout expands with spotlight on super funds
As part of the ongoing rollout of the Financial Accountability Regime (FAR), APRA and ASIC met with superannuation CEOs in April to test readiness and clarify expectations. Participants acknowledged solid progress but flagged the need for clearer accountabilities and simpler regulatory interactions.
With the regime already in force for banks and now extended to insurers and super trustees, regulators are continuing to provide implementation support and conduct scenario testing ahead of full enforcement.
ASIC eases reportable situations regime
In other ASIC news – yes, there’s been a lot – the regulator has granted limited relief to licensees under its reportable situations regime. Changes include extending investigation timelines from 30 to 60 days, exempting certain misleading conduct breaches, and clarifying overlaps with APRA breach reporting.
The updates reflect ongoing industry concerns about duplication, complexity and the cumulative weight of compliance obligations.
Life insurance premium review shows mixed progress
A joint APRA–ASIC review of life insurance premiums found improvements in repricing practices and marketing materials, but little progress on product redesign to prevent premium volatility. Individual companies have been urged to lift their efforts.
Council of Financial Regulators flags macro threats
The Council of Financial Regulators met in June to discuss global risks and crisis preparedness. The group warned of rising geopolitical tensions and market instability, underscoring the need for strong capital buffers and operational resilience.
APRA earns high marks, with room to improve
APRA’s latest stakeholder survey found 97% of respondents believe its supervision benefits their industry, and 93% said it improves their organisation’s strength. But concerns remain around regulatory complexity and engagement.
Looking ahead: resilience, recalibration and regulatory reach
As regulatory priorities tilt toward prevention and accountability, financial institutions face mounting pressure to embed resilience and integrity into their operations. With CPS 230 now active, FAR expanding, and scam and AML laws taking shape, the agenda is increasingly preventive, data-driven, and outcome-focused.
The challenge for regulators will be sequencing implementation without diluting expectations. For industry, success will hinge on proactive alignment, not just compliance. The second half of the year will be defined by how well the sector navigates these transitions.
Want to stay ahead of the next wave of regulatory change? Subscribe to The Modern Regulator for expert analysis, sector snapshots and policy developments, straight to your inbox.
