The Australian Prudential Regulation Authority is stepping up monitoring of emerging threats such as misuse of artificial intelligence, executive director of cross-industry risk Chris Gower says.

Geopolitical uncertainty correlates with an increase in cyberattacks, and politically motivated attacks can spill over to financial services providers, he told a Risk Management Association conference today.

While bad actors can harness AI, another threat comes from companies and their customers using such technology, Mr Gower said.

He told the gathering of chief risk officers that financial businesses increasingly rely on outside service providers, and cybercriminals target these third parties as a back door to their primary targets, “as we saw in the case of the recent Qantas data breach”.  

“In financial services, as in many other industries, multiple companies often rely on the same third-party service providers, creating the potential for a cyberattack or technology failure to spread across an industry.”

Operational risk management is increasingly important as financial services grow more interconnected and reliant on technology and external service providers.

APRA’s first prudential standard focusing on operational risk management took effect in July and Mr Gower said over the next year the regulator will assess how effectively entities are meeting the new obligations.

APRA’s eight proposals to strengthen governance, released in March, have had more consultation submissions than any in recent memory, he said. There were more than 50 meetings and roundtables with more than 150 stakeholder organisations.  

In the next few months, the regulator will provide an interim update to the proposals.

The government has asked regulators to identify ways to cut compliance costs, and Mr Gower said APRA is promoting access to cost-effective reinsurance for general insurers and working to reduce the data reporting burden.

From the latest Insurance News magazine: Why consumer groups will be "casting an eagle eye" over insurers' code revamp