AI governance consulting built for APRA, ASIC, and Privacy Act scrutiny.
We help Australian organisations build governance frameworks that satisfy regulators and manage AI risk in production. With ASIC REP 798 finding governance gaps across 23 licensees and APRA CPS 230 in force from 1 July 2025, the gap between AI adoption and the governance structures required to manage it is now a board-level question.
Built for
What you walk away with.
Full engagement methodologyGovernance framework
Committee charters, RACI matrix, and three lines of defence model. Sized to fit your existing risk function.
Policy suite
Acceptable use, risk assessment, vendor due diligence, and incident response. Generative AI included.
Regulatory mapping
Controls mapped against APRA CPS 230, ASIC REP 798, FAR, and the Privacy Act ADM amendments.
Board reporting pack
Reporting templates, KPIs, and escalation routes that hold up in front of directors and regulators.
Why Australian businesses need governance now.
78% of organisations use AI but only 11% have fully implemented responsible AI capabilities. The gap between adoption and governance maturity is now a regulatory and board-level exposure that accelerates with every new deployment.
- 01In force
ASIC REP 798 exposed governance gaps in 23 licensees.
ASIC reviewed 624 AI use cases across 23 licensees and found that nearly half lack policies addressing consumer fairness or algorithmic bias. Even fewer have guidelines for disclosing AI use to consumers. Adoption is moving faster than the risk and compliance frameworks needed to manage it.
Map your obligations - 02In force
CPS 230 and FAR put personal accountability on the line.
APRA CPS 230 brings AI systems inside the operational risk framework for regulated entities. The Financial Accountability Regime holds directors and senior executives personally accountable, with penalties up to $1.565 million for individuals and $210 million for corporations. Governance is no longer optional for APRA-regulated organisations.
Build a CPS 230-aligned framework - 03Active
Shadow AI and generative AI compound the exposure.
70% of organisations using generative AI report they need outside help to manage it responsibly. Without an inventory, an acceptable use policy, and data controls, generative AI proliferates across teams unsupervised. The data privacy, intellectual property, and disclosure risks accumulate quietly until a board or regulator surfaces them.
Develop generative AI policies - 04Dec 2026
Privacy Act automated decision-making transparency starts December 2026.
From 10 December 2026, APP entities using automated decision-making in decisions affecting individuals must update privacy policies to disclose the kinds of personal information used and the decisions made. Internal documentation, model cards, and notice copy all need to be ready before the date arrives.
Prepare for the December 2026 deadline
Our AI governance consulting services.
End-to-end consulting from strategy through implementation and advisory support. Engagements typically run 12 to 16 weeks for framework design, with a defined evidence pack at close.
Track A
Framework & operating model
Governance structures, committee charters, RACI matrices for AI ownership, and three lines of defence models aligned to APRA, ASIC, and Australia's 8 AI Ethics Principles.
- AI governance framework design
- Operating model and transformation
- Committee charters and terms of reference
- RACI and decision-rights mapping
Track B
Risk, controls & compliance
AI risk taxonomies and assessment methodologies covering bias, fairness, model validation, and third-party AI vendor due diligence. Mapped to CPS 230, ASIC REP 798, FAR, and the Privacy Act ADM amendments.
- AI risk assessment and management
- Regulatory compliance strategy
- Generative AI governance
- Third-party AI vendor due diligence
Track C
Board reporting & assurance
Reporting templates, governance KPIs, and reporting cadences that keep directors informed and demonstrate AI governance maturity to regulators, internal audit, and external reviewers.
- Board reporting and dashboards
- Governance KPIs and metrics
- Escalation and incident reporting
- Implementation roadmap
How we deliver AI governance.
Practical implementation, not theoretical frameworks. We design governance that integrates with how your business already operates, then stay through implementation until governance is embedded in day-to-day operations.
- 01
Discovery and AI inventory.
We map your AI landscape: what models exist, who owns them, how they were approved, what data they use, and what risks they present. This includes identifying shadow AI across the organisation and assessing current maturity against ASIC's 11-question framework.
- 02
Framework and operating model design.
We design your governance framework, operating model, and compliance strategy. For APRA-regulated entities, this means mapping to CPS 230 and FAR. For everyone, we align to Australia's AI Ethics Principles and the Voluntary AI Safety Standard.
- 03
Policy development and ethics implementation.
We create policies covering acceptable use, risk assessment and approval, vendor management, incident response, data governance, and AI ethics. Each policy is calibrated to Australian regulatory requirements and your organisation's risk appetite.
- 04
Implementation and transformation.
We embed governance into operations: training teams, integrating processes into existing workflows, establishing monitoring and reporting cadences, and supporting the change management that turns frameworks into working governance.
Sectors we serve.
Engagements are scoped against the prudential, sectoral, and statutory frameworks that apply to each industry, from APRA-regulated entities to TGA-overseen healthcare and Commonwealth public-sector deployers.
Related AI governance services.
Build a governance programme that holds up in front of APRA, ASIC, and your board.
Schedule a consultation to discuss your organisation's AI governance requirements, regulatory obligations, and how we can help you manage risk while building a programme that scales with your AI adoption.