All Posts

For non-bank lenders, the date that matters most right now is 13 July 2026. That is when the first future-dated Product Reference Data obligations take effect. The latest implementation call from the Data Standards Body (DSB) and the ACCC confirmed what many of us expected: the tooling, the timelines and the open questions are all converging on that single milestone.

Key takeaways On 30 April 2026, APRA wrote to all regulated entities setting out AI governance expectations, signed by Member Therese McCarthy Hockey. APRA's expectations map directly to workforce management: inventory, named ownership, supervision, escalation, audit, and lifecycle for every AI agent. The framing is decisive: a copilot is a feature; an agent is a colleague. APRA notes that identity and access controls "have not adapted to nonhuman actors." The productivity-ve

Traditional compliance operates on sampling. Teams test a proportion of control instances, typically 1–3%, and accept the rest as a statistical blind spot. Meanwhile, nearly 35–40% of operational staff time is consumed demonstrating compliance to internal controls. The effort is enormous. The coverage is not.

Insights from the AegisIQ AI Horizons 2026 Leadership Survey AI governance is not the brake on innovation. It is the accelerator. That is the single clearest finding from more than 100 face-to-face interviews AegisIQ conducted with Australian leaders over the past year. Every board in Australia is talking about AI. But while ambition is high, the gap between experimentation and lasting value is widening, and the organisations falling into that gap are almost always the ones t

In today’s fast-paced world, the banking sector is undergoing a profound shift. The banking digital evolution is not just a trend; it’s a necessity. As someone deeply involved in financial services, I see firsthand how digital transformation is reshaping the way banks operate, serve customers, and comply with regulations. This transformation is about more than just technology—it’s about rethinking processes, culture, and strategy to stay competitive and relevant.

The reason most CDR programmes miss them is structural. Programme delivery doesn't own compliance interpretation. Compliance doesn't own technology architecture. Technology doesn't own operational process design. The questions that cross those boundaries get deferred, delegated, or simply never asked.