APRA sent a formal letter to the financial sector in April 2026.
It was about artificial intelligence.
Most teams read it as an AI governance problem.
It is also a CPS 230 problem. The same one, in different language.
On 30 April 2026, APRA published a letter to industry on artificial intelligence. The message was direct: AI adoption has accelerated significantly across the sector, but governance has not matured at the same pace.
APRA identified four specific gaps:
- Weak post-deployment monitoring — models deployed into production without ongoing performance tracking or drift detection.
- Poor model behaviour oversight — limited visibility into how models behave on edge cases, distributional shifts, or adversarial inputs.
- Change management gaps — AI system changes proceeding without the same rigour applied to other material operational changes.
- Insufficient human involvement in high-risk decisions — automated decisions affecting customers in significant ways without clear human review and escalation paths.
These are legitimate AI governance problems.
They are also, for any entity that has deployed AI inside a critical operation, a CPS 230 evidence problem.
Disclaimer: This article is for general information and commentary only. It is not legal advice, regulatory advice, or a recommendation to act in any particular way. Regulatory interpretation depends on your entity type, licence, and circumstances. Engage qualified legal and regulatory advisers for compliance decisions.
The convergence that most programs are missing
CPS 230 took effect on 1 July 2025. APRA’s AI governance letter came on 30 April 2026.
In most institutions, these are being treated as separate programs.
The operational resilience team owns CPS 230. A different team — often a combination of enterprise risk, technology risk, and data science — owns AI governance.
That separation made sense when AI was a small experiment running beside critical operations.
It does not make sense when AI is running inside them.
Consider what “post-deployment monitoring” looks like under each lens:
| APRA AI governance lens | CPS 230 lens |
|---|---|
| Is the model performing as expected since deployment? | Is the critical operation staying within approved tolerance levels? |
| Are there distributional shifts or unexpected outputs? | Are there incidents or near misses that should feed the operational risk profile? |
| Who is reviewing model behaviour regularly? | Who owns the recovery path if this component fails? |
| When did we last test it under adverse conditions? | When did we last run a severe-but-plausible scenario that includes this dependency? |
The questions are not identical. But they are asking about the same system, from two different angles.
An entity running them as separate programs is building the same evidence twice — or missing it in one of the two.
What AI inside a critical operation means for CPS 230
A critical operation under CPS 230 is any process that, if disrupted, could have a significant impact on the entity’s customers, counterparties, or ability to meet its obligations.
Payments processing. Lending decisions. Claims handling. Customer authentication. Fraud detection.
If AI is embedded in any of these, it is a dependency of a critical operation.
That means it needs to appear on the service map.
It means a tolerance level must account for what happens when the model is unavailable, degraded, or producing unreliable outputs.
It means recovery paths need to include “what does this operation look like if the AI component falls back to manual processing?” — and that fallback needs to be tested, not just documented.
And if the AI model is delivered by a third-party vendor — a model provider, a platform, a cloud AI service — then the vendor is a service provider for CPS 230 purposes. The material service provider obligations apply: access rights for APRA, service-level controls, exit arrangements, concentration risk visibility.
Most CPS 230 service maps were built before AI was embedded in production.
Most of them have not been updated.
That is the gap APRA will find.
The four APRA AI gaps, translated into CPS 230 language
Here is what each AI governance gap looks like as a CPS 230 evidence problem:
Gap 1: Weak post-deployment monitoring
CPS 230 translation: The critical operation has an AI dependency without an ongoing health signal. If the model drifts or degrades, the entity may not know it is outside tolerance until a customer-visible failure occurs.
Evidence needed: Monitoring logs showing model performance against defined thresholds. An incident trigger that fires when model behaviour deviates materially. A named owner who reviews the signal.
Gap 2: Poor model behaviour oversight
CPS 230 translation: The critical operations register shows the AI component as a dependency, but there is no evidence of how it performs under the severe-but-plausible scenarios APRA expects. The standard explicitly requires testing under conditions that would genuinely stress the operation.
Evidence needed: Scenario test results that include AI component failure, degraded mode, adversarial or unusual inputs, and high-volume conditions. Results with owners and remediation status.
Gap 3: Change management gaps
CPS 230 translation: AI model updates — retraining, fine-tuning, prompt engineering changes, vendor version upgrades — are not being treated as material operational changes. They enter production without the same governance gate applied to other changes affecting critical operations.
Evidence needed: Change management records showing AI model updates go through an approval gate that includes operational risk review, rollback plan, and post-change monitoring window.
Gap 4: Insufficient human involvement in high-risk decisions
CPS 230 translation: The critical operation depends on an AI model making or substantially informing consequential decisions without a defined human escalation path. When the model is wrong, there is no minimum viable manual fallback.
Evidence needed: Runbooks showing how each AI-assisted decision can be escalated to a human reviewer. Manual fallback capacity tested at realistic volumes. Degraded-service targets that do not assume full AI availability.
Why this matters more right now
The service-provider catch-up deadline for CPS 230 is 1 July 2026.
If your AI components are running on third-party model infrastructure — a foundation model provider, a cloud AI service, an embedded vendor model — and those relationships have not been assessed against the CPS 230 material service-provider obligations, that deadline applies.
The APRA AI governance letter and the CPS 230 deadline are arriving in the same week for some entities.
That is not a coincidence. It is a signal that APRA is looking at the same problem from two angles simultaneously.
What a converged program looks like
The answer is not to run two programs. It is to recognise that the evidence base is the same.
A converged AI governance and CPS 230 program looks like this:
| Element | What it covers |
|---|---|
| Critical operations register | Includes AI dependencies, with model names, versions, vendors, and owners |
| Tolerance levels | Include degraded-mode targets — what the operation looks like if AI is unavailable |
| Service map | AI vendor relationships included and assessed against material service-provider obligations |
| Incident classification | AI model failures, degradation events, and near misses feed the operational risk profile |
| Scenario testing | Includes AI-specific failures: model unavailability, adverse outputs, vendor outage |
| Board evidence pack | Shows current AI governance gaps alongside operational resilience gaps — same pack, same cadence |
This is not a new program. It is the CPS 230 program, updated to reflect the reality that AI is now inside critical operations.
The 10-star test for this convergence
If you want a simple quality gate:
- Can engineering show which critical operations have AI dependencies?
- Can risk show which AI vendors are captured as material service providers?
- Can operations show what manual fallback looks like for each AI-assisted decision in a critical path?
- Can the board see AI performance evidence alongside operational resilience evidence — not in a separate deck?
If any of those answers are “we would have to check”, the convergence has not happened yet.
APRA’s AI governance letter and the CPS 230 deadline are not two problems arriving at the same time.
They are the same problem, arriving twice.