Log in
Sign up
Back to all insights
A futuristic, transparent glass dome containing a swarm of tiny, glowing drones, each with a unique pattern of lights, hovering in a controlled yet dynamic formation.

Sections

Regulators Flag Gaps in AI Agent Governance

AI Agent Governance Under Scrutiny by Australian Regulators

Regulatory Concerns and Findings

The Australian Prudential Regulation Authority (APRA) has highlighted significant gaps in AI agent governance within financial firms. A targeted review of large regulated entities in late 2025 revealed that while AI is widely deployed, the maturity of risk management and operational resilience varies considerably.

Key Governance Shortcomings

APRA identified several critical issues:

  • Insufficient board oversight: Boards often rely on vendor presentations without adequate scrutiny of risks such as unpredictable model behaviour and the impact of AI failures on core operations.
  • Lack of dedicated risk frameworks: Many institutions treat AI risk similarly to other technologies, ignoring model-specific biases and behaviour.
  • Missing controls: Gaps were found in model-behaviour monitoring, change management, decommissioning procedures, and the maintenance of comprehensive AI tool inventories with clear ownership.
  • Human-in-the-loop deficiencies: High-risk decisions frequently lack required human involvement, raising compliance concerns.

Cybersecurity Implications

AI adoption introduces new attack vectors, including prompt injection and insecure integrations. Identity and access management (IAM) practices have not fully adapted to non-human actors, leading to potential vulnerabilities in privileged access, configuration, and patching processes.

Industry Practices and Risks

Entities are trialling AI across software engineering, claims triage, loan processing, fraud detection, and customer interaction. However, reliance on a single AI provider is common, and few firms have formulated exit or substitution strategies.

Regulatory Recommendations

APRA advises boards to develop a deeper understanding of AI to align strategy with risk appetite, implement robust monitoring, and establish clear procedures for error handling. Specific recommendations include:

  • Develop AI risk inventories with named-person ownership.
  • Implement human-in-the-loop controls for high-risk decisions.
  • Strengthen IAM to accommodate AI agents, including privileged access management and secure configuration.
  • Adopt security testing for AI-generated code and enforce change-release controls.

Standard-Setting Initiatives

The FIDO Alliance has formed an Agentic Authentication Technical Working Group to create specifications for agent-initiated commerce, addressing the mismatch between traditional authentication models and delegated software actions.

Vendors such as Google (Agent Payments Protocol) and Mastercard (Verifiable Intent framework) are contributing solutions, while the Centre for Internet Security provides AI security companion guides mapping CIS Controls v8.1 to large language models, AI agents, and Model Context Protocol environments.

Conclusion

APRA’s review underscores the urgent need for comprehensive AI governance frameworks within the Australian financial sector. By addressing identified gaps—particularly in risk monitoring, IAM, and human oversight—institutions can better manage the evolving threats and operational challenges posed by AI integration.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More