Home / Compliance / AU
Compliance · AU

APRA prudential standards for authorised deposit-taking institutions

In short

Authorised deposit-taking institutions (ADIs) — banks, building societies, and credit unions — must comply with a suite of prudential standards issued by APRA under the Banking Act 1959. These standards govern capital adequacy, liquidity, governance, and risk management. Non-compliance can lead to enforceable directions, licence conditions, or revocation. This guide covers 10 core obligations.

Build compliance into your firm — free trial
Who must comply

Coverage

All ADIs authorised under the Banking Act 1959, including banks, building societies, credit unions, and their subsidiaries where APRA applies prudential standards on a group basis.

Legal basis

Banking Act 1959 (Cth), particularly ss 11AF and 11CA (prudential standards). APRA issues binding prudential standards (APS series) and prudential practice guides (APG series).

10 obligations

The obligations

1

Maintain minimum capital adequacy

Hold regulatory capital that meets or exceeds the minimum prescribed ratios — Common Equity Tier 1 (CET1), Tier 1, and Total Capital — as a percentage of risk-weighted assets.

APS 110 Capital Adequacy; Banking Act 1959 s 11AF
2

Meet liquidity requirements

Maintain sufficient high-quality liquid assets to meet the Liquidity Coverage Ratio (LCR) and, for larger ADIs, the Net Stable Funding Ratio (NSFR) under APS 210.

APS 210 Liquidity
3

Establish a sound risk management framework

Implement a risk management framework covering identification, measurement, monitoring, and control of material risks. The framework must be approved by the board and reviewed regularly.

CPS 220 Risk Management
4

Maintain fit and proper governance

Ensure directors and senior management meet fit-and-proper criteria. The board must have independent oversight, appropriate skills, and adequate governance structures.

CPS 510 Governance; CPS 520 Fit and Proper
5

Manage credit risk prudently

Establish policies and processes for credit origination, assessment, monitoring, and provisioning. Apply either the standardised or internal ratings-based approach for calculating credit risk capital.

APS 112 Capital Adequacy: Standardised Approach to Credit Risk; APS 113 Capital Adequacy: IRB Approach
6

Meet operational risk management standards

Maintain a sound framework for managing operational risk, including information security, business continuity, and outsourcing arrangements.

CPS 230 Operational Risk Management; CPS 234 Information Security
7

Comply with large exposure limits

Limit aggregate exposures to any single counterparty or group of related counterparties to no more than the prescribed percentage of the ADI's Tier 1 capital.

APS 221 Large Exposures
8

Prepare and maintain a recovery plan

Develop and keep current a recovery plan setting out credible options for restoring the ADI to financial health in a stress scenario. Submit the plan to APRA on request.

CPS 190 Recovery and Exit Planning
9

Report to APRA accurately and on time

Submit regulatory returns (ARF forms) to APRA by the prescribed deadlines, covering capital, liquidity, credit quality, and other risk metrics.

APS 001 Definitions; APRA Reporting Standards
10

Protect depositors under the FCS framework

Maintain systems and data to support the Financial Claims Scheme so that APRA can make timely payments to depositors in the event the ADI fails. Keep depositor records current and accessible.

Banking Act 1959 Part II Div 2AA; APS 910 Financial Claims Scheme
Penalties

What happens if you do not comply

APRA can issue enforceable directions, impose licence conditions, appoint a statutory manager, or revoke the ADI's authority. The Banking Executive Accountability Regime (BEAR) / Financial Accountability Regime (FAR) adds individual accountability for key personnel with penalties up to $1.05 million for individuals.

Reporting requirements

Quarterly and monthly regulatory returns (ARF forms) covering capital adequacy, liquidity, credit quality, and large exposures. Ad hoc reporting of material incidents, breaches, and changes in key responsible persons.

Practical steps

What firms should do today

  • Map all applicable APS/CPS standards to internal policies and assign owners
  • Conduct an annual Internal Capital Adequacy Assessment Process (ICAAP)
  • Stress-test liquidity under multiple scenarios and report results to the board
  • Review the recovery plan at least annually or after material changes
  • Maintain a register of outsourcing arrangements under CPS 230
  • Ensure board reporting includes a dashboard of prudential metrics against limits
Use with Quillio

Compliance with Quillio

Quillio helps ADIs by mapping prudential standards to internal policies, monitoring regulatory changes, and drafting board papers on compliance status. See /resources/security or start a free trial.

This guide is general information about APRA prudential obligations — not legal, financial, or prudential advice. Always engage qualified prudential compliance specialists for your institution.

Build compliance into your stack.

Quillio is built around AU compliance from the ground up — SOC 2 Type II + ISO 27001 + Australian data sovereignty. The free trial requires no credit card.

Start your free trial