Media Releases

Direct to APRA security update and accelerated decommission
Print

The Australian Prudential Regulation Authority (APRA) has decommissioned its legacy Direct to APRA (D2A) data submission system for entity access. The system was taken offline on Friday 20 March following the identification of security vulnerabilities through a routine penetration test on Thursday 19 March.

APRA is accelerating its program to transition all APRA’s data collections onto the singular interface of APRA Connect.

This action is precautionary and in line with APRA’s low risk tolerance for system vulnerabilities that may expose APRA or regulated entities to attack. APRA is not aware of any security breaches or exploitation on APRA’s systems.

Preventative security action


Organisations that use D2A should take additional measures as a precaution:

  • Immediately uninstall the D2A client. The presence of the D2A program could pose a residual risk. Removal is advised to protect your organisation’s data integrity and security.
  • Review system and data security measures and undertake additional checks as a preventative measure.

Meeting reporting obligations


APRA is expediting its multi-year program to migrate all data collections from D2A to the APRA Connect portal, which includes enhanced user experience, performance and security features.

APRA has also put in place arrangements to ensure continuity and security of the data we collect on behalf of industry, and for other agencies and the public.

For an interim period, organisations with data submissions due are instructed to:

  • Complete their files as per their normal protocols in the lead up to the due date of their submission. XML or XBRL files are preferred.
  • Contact dataanalytics@apra.gov.au for instructions on how to securely submit these files.

APRA will provide further information in due course about the program to move all data collections to APRA Connect.

D2A and APRA Connect enable financial institutions to lodge entity information and regulatory data to APRA. APRA Connect has a superior user interface as well as operational and security characteristics. The move to a singular system for data collection will improve the experience for entities over the long term, while reducing costs and managerial complexity.

FAQ

Q: How do we uninstall the D2A client?

Uninstalling D2A deletes all files in the D2A directory. Should you wish to retain any saved forms, move them to another location.

To uninstall D2A:

  1. Close the D2A application if it is running.
  2. Open File Explorer and navigate to the D2A folder (The default location is C:\D2A).
  3. Open the UninstallerData folder.
  4. Double-click the Uninstall D2A.exe file.
  5. Follow the prompts to uninstall this instance of D2A.
  6. Once uninstall is successful, return to the C drive and delete the D2A folder if it still exists.

Contact Us


For any questions relating to the information and instructions above, please contact dataanalytics@apra.gov.au.

Media enquiries

Contact APRA Media Unit, on +61 2 9210 3636

All other enquiries

For more information contact APRA on 1300 558 849.

The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, mutuals, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding $9.8 trillion in assets for Australian depositors, policyholders and superannuation fund members. 

Subscribe for updates

To receive media releases, publications, speeches and other industry-related information by email
Subscribe