Skip to main content

APRA clarifies expectations on use of multi-factor authentication

Friday 26 May 2023

The Australian Prudential Regulation Authority (APRA) has written to all APRA-regulated entities on the importance of using multi-factor authentication (MFA) as one of the most effective tools to prevent unauthorised access to sensitive information.

The letter outlines APRA’s observations on gaps in the implementation of MFA across its regulated industries, and notes APRA’s expectation that entities review the coverage of MFA in their operating and technology environments.

The letter is available on the APRA website at: Use of multi-factor authentication (MFA).

Media enquiries

Contact APRA Media Unit, on +61 2 9210 3636

All other enquiries

For more information contact APRA on 1300 558 849.

The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding $8.6 trillion in assets for Australian depositors, policyholders and superannuation fund members.