Opening Statement to Senate Economics Legislation Committee – February 2026

John Lonsdale, Chair - Australian Prudential Regulation Authority
 

Thank you for the opportunity to appear before you once again today. 

Let me begin by assuring the Committee that Australia’s financial system remains strong, stable and resilient. Australians can be confident in the financial and operational resilience of the banks, insurers and superannuation funds that APRA supervises. However, uncertainty and risks in the global financial system are at heightened levels. 

Developments impacting the global financial system have continued apace in recent months. In particular, we see geopolitical risks, amplified by disruptions from cyber-attacks and operational outages, and the risk of regulatory fragmentation across the international financial system, adding to the potential for shocks to the Australian financial system. 

In response to these risks, APRA is taking action. Alongside our fellow agencies on the Council of Financial Regulators (CFR), we are working with entities to ensure they are resilient to a broad range of geopolitical scenarios. We are progressing work with entities to deliver resilience action plans; expanding and testing the CFR crisis response playbook with stronger intelligence sharing; strengthening system infrastructure through payment backups and broader contingencies; progressing industry surge capacity for sanctions; and establishing the crisis powers that may be required. 

With the frequency and intensity of cyber-attacks across the financial system remaining elevated, lifting cyber security policies and practices across our regulated industries is another top priority. Within the superannuation sector, we are requiring several trustees to bring forward actions to harden their cyber controls. By April this year, the seven superannuation funds impacted by the last year’s “credential-stuffing” attacks will have uplifted their authentication controls. This follows our work requiring impacted trustees to have independent assessments of the effectiveness of their authentication controls. Across all industries, we are working with entities to assess potential risks from concentrations of third-party service providers. This will inform CFR work to develop more effective oversight arrangements for mitigating these risks. 

Another substantial risk that is frequently front of mind for APRA is Australian household indebtedness and its interaction with the residential mortgage market. Earlier this month, APRA’s new limit on high debt-to-income (DTI) lending for new home loans came into effect. Although current levels of lending at DTIs of six or above are well below the 20 per cent limits for both owner-occupiers and investors, they are trending up. By activating a DTI limit now, APRA aims to pre-emptively contain risks building up from this type of lending and strengthen banking and household sector resilience. 

In summary, APRA is seeing heightened and rising risks across the banking, insurance and superannuation sectors we regulate. None of the risks we are facing are going down in importance, which is challenging choices on where resources should be prioritised. 

Since we last appeared before this Committee in December, APRA has taken a number of significant enforcement actions aimed at holding our regulated entities to account for meeting our prudential standards and protecting the community. 

I note this Committee’s understandable concern about the collapse of the First Guardian and Shield managed investment schemes, which has had a devastating financial impact on thousands of Australians. APRA recently answered a significant number of Questions on Notice from this Committee and I want to reinforce some points from those answers. 

As the prudential regulator, APRA is responsible for ensuring superannuation trustees adhere to the requirements in the SIS Act and prudential standards relating to onboarding, ongoing due diligence and monitoring of investment options. It is the trustee’s responsibility to determine whether or not options are suitable for them to offer and monitor accordingly against the rules that are set. 

Trustees are the only part of the chain of involvement in the Shield and First Guardian situation that APRA has the power to regulate. To be clear, APRA does not regulate and could not have regulated Shield and First Guardian, which were managed investment schemes subject to regulation by ASIC. 

APRA oversees around 56 superannuation trustees who collectively have 81 superannuation funds. Combined, they have over $3 trillion in APRA-regulated assets ($417 billion via platforms). This covers more than 23 million member accounts across 901 products with almost 27,000 investment options across the industry. 

We note that the way the Australian superannuation system is designed, members have the ability to exercise choice. Members may enter platform products for a variety of reasons. These considerations are beyond our regulatory remit. 

Over the past year, APRA undertook a substantial review of the major platform trustees who, collectively, represent approximately 95 per cent of funds under management for platform products. The scope of that review was broader than only First Guardian and Shield. The review identified weaknesses in the practices of some trustees. The gaps were in areas such as onboarding practices, monitoring of investment options, and remedial action where member outcomes are not being delivered. 

APRA required trustees to review their practices, address weaknesses, and report breaches of the prudential standards to us, as a matter of urgency. APRA also undertook individual assessments of trustees. As a result of this, APRA took strong enforcement action to hold trustees to account for breaches of APRA standards or poor practices. In December 2025, APRA accepted a court enforceable undertaking from Netwealth and imposed licence conditions on Diversa Trustees and Equity Trustees to address investment governance-related concerns. 

There are a number of actions ASIC has taken against trustees which are now before the courts. The outcomes and the facts about what happened will take some time to be determined by the courts. 

APRA continues to coordinate closely with ASIC on the regulatory response to the unacceptable community outcomes resulting from the collapses of these schemes, and the actions already taken are not necessarily the end of APRA’s enforcement response. 

In banking, we imposed a $50 million risk capital add-on on Bendigo Bank in response to money laundering risk management, non financial risk management practices and risk culture at the bank. We have also required Bendigo Bank to undertake a root cause analysis to understand the extent of non-financial risk management issues at the bank, going beyond money laundering and terrorism financing. We continue to engage with AUSTRAC on these matters and do not rule out further actions down the track. 

In general insurance, extreme weather continues to place pressure on insurers and affected communities. Last year was the costliest claims year since 2022, with almost $3.5 billion in losses due to natural disasters such as bushfires, floods and cyclones. This year has already seen major bushfires in Victoria, record heat in several states and significant flooding in North Queensland. 

Climate related risks can have financial consequences for banks, insurers and superannuation trustees. One of APRA’s contributions to developing greater understanding of these impacts is through our Climate Vulnerability Assessments. Our general insurance Climate Vulnerability Assessment, which is due for release in the next few months, will provide valuable insights into how insurance affordability may change over the medium term as climate risks evolve. 

More broadly across APRA, 2026 will see us will continue the important work to deliver against our “getting the balance right” strategic objective. This means pursuing efficient, right-sized regulation that supports safety, stability and good community outcomes while also enabling competition and innovation. 

In banking, we continue to progress our consultations on a series of recommendations emerging from the CFR Review of Small and Medium Sized Banks. These include introducing a third tier to our prudential framework for banks to increase proportionality and reduce regulatory burden; and better communicating to banks our decisions on minimum capital requirements under Pillar 2 of the Basel framework. We also remain engaged with Treasury on a proposal to create a fourth tier in our prudential framework for the very smallest banks. 

Other actions include reducing capital requirements for annuities, promoting access to cost-effective reinsurance in general insurance and exploring opportunities to share data with other regulators, which should help to reduce duplicative requests on entities. 

With that, my colleagues and I are happy to take your questions.