Regulatory Intelligence
March 2026ASIC CP 377 and the Future of Managed Accounts
How ASIC's evolving position on managed discretionary accounts reshapes platform obligations and what infrastructure providers must prepare for.
Read
Back to Insights
Regulatory Update
APRA CPS 234 Information Security Update
Turing Dynamics
Regulatory Intelligence
October 20253 min readAPRA
Jurisdiction
Australia
Regulator
APRA
Firms need a clearer operating picture of security controls, third-party dependencies, and evidence that key security responsibilities are being discharged.
CPS 234 continues to reinforce that information security in regulated environments is a governance problem as much as a technical one. Controls need owners, evidence, and operational accountability across internal teams and external providers.
For technology vendors, the challenge is being able to demonstrate how identity, access, operational change, and evidence retention support the client's security obligations rather than sit adjacent to them.
That is why security posture and governance posture increasingly converge. The more a platform can make its control model explicit, the easier it becomes for regulated clients to assess and evidence their own responsibilities.
Related Reading
Regulatory Intelligence
January 2026AI Governance in Regulated Finance: A Framework
A structured approach to governing AI-assisted decision making in financial services.
Read
Regulatory Intelligence
November 2025APRA CPS 230 Operational Resilience Requirements
Analysis of APRA's operational resilience standard and implications for wealth management technology infrastructure.
Read