CPS 230 Agentic Governance
Aligning autonomous AI operations to APRA's operational risk requirements
APRA's CPS 230 standard requires regulated entities to manage operational risk across all material operational processes. Where agentic AI systems handle material decisions, workflows, or services, they must be governed as operational risk. Our OIA framework and EAB platform are designed to meet that obligation.
The CPS 230 Challenge for Agentic AI
CPS 230 establishes the operational risk management standard for APRA-regulated entities. Agentic AI systems — operating autonomously, interfacing with enterprise systems, and making decisions at machine speed — present operational risk exposures that existing frameworks were not designed to govern.
The standard requires regulated entities to identify, assess, and manage operational risks across all material operational processes. It mandates operational resilience, third-party risk management, business continuity planning, and board accountability for operational risk outcomes.
When agentic systems become operational infrastructure — handling compliance workflows, case management, risk monitoring, or core process orchestration — they are not AI experiments. They are operational risk exposures requiring the same governance rigour as any other material process.
The gap most organisations face: AI policies govern intent. CPS 230 governs outcomes. Agentic systems operate in between — at machine speed, with limited human visibility.
Closing this gap requires governance embedded at the system architecture level, not layered on via policy documents after deployment.
How OIA and EAB Address CPS 230 Requirements
OIA and EAB provide architecture-level governance that maps directly to CPS 230's operational risk management obligations.
Operational Risk Identification
OIA's intent modelling explicitly maps what each agentic system is authorised to do, the risks it carries, and the controls in place. This produces structured operational risk documentation aligned to your existing risk taxonomy.
Material Process Governance
EAB enforces governance at the platform layer for every material process an agent handles. Decision boundaries, escalation triggers, and compliance checkpoints are non-bypassable architectural constraints — not policy guidelines dependent on agent behaviour.
Operational Resilience by Design
CPS 230 requires entities to maintain the continuity of critical operations during disruption. EAB's failure-safe defaults, human escalation protocols, and graceful degradation architecture are designed to CPS 230's operational resilience requirements.
Audit and Accountability
Every agent action, decision, and escalation is logged via AWS CloudTrail with full attribution to the intent model that authorised it. Where agents retrieve enterprise knowledge through governed RAG pipelines, retrieval events are logged alongside decisioning outcomes — providing an unbroken audit trail from knowledge access through to operational action. CPS 230 requires board accountability for operational risk outcomes — this audit trail supports that accountability.
Third-Party Risk Management
Where foundation models (AWS Bedrock) are used as third-party services within agentic workflows, OIA defines the operational boundaries that constrain their use. EAB enforces those boundaries, addressing CPS 230's service provider management obligations.
Change and Incident Management
OIA provides the baseline intent specification against which system changes are assessed. EAB's operational monitoring detects deviation from sanctioned behaviour. Both are required inputs to CPS 230-compliant change and incident management processes.
Who This Applies To
CPS 230 applies to APRA-regulated entities: authorised deposit-taking institutions (ADIs), general and life insurers, and private health insurers. RSE licensees are subject to SPS 230, which mirrors CPS 230's approach.
Chief Risk Officer / CRO
OIA produces the operational risk documentation and control framework required to bring agentic AI systems within your formal risk management architecture. EAB provides the enforcement mechanism.
Chief Compliance Officer
Audit-ready evidence that agentic operations comply with sanctioned intent and regulatory obligations. Structured for board reporting and APRA engagement.
CIO / CTO
Architecture-level governance that meets CPS 230 obligations without preventing operational AI deployment. Governance by design, not by restriction.
Board / Audit Committee
A structured accountability model connecting board-approved risk appetite to agent-level operating parameters — with full audit trail coverage of operational outcomes.
Frequently Asked Questions
Does APRA have specific guidance on AI or agentic systems?
APRA has published guidance on the prudential management of model risk (CPG 234 information security, SPG 234 management of information security). CPS 230 is the primary operational risk standard. As agentic AI becomes material to regulated entities' operations, it falls within the scope of CPS 230's operational risk management requirements — APRA has not created a separate standard for AI. We engage with the CPS 230 framework as it applies to agentic operational infrastructure.
Is deploying agentic AI on AWS Bedrock compatible with CPS 230?
Yes, when appropriately governed. AWS is an accredited cloud service provider with Australian data residency options. The key CPS 230 obligation is third-party service provider risk management — OIA defines the operational boundaries for foundation model use, and EAB enforces them. The combination creates the governance structure required for CPS 230-compliant deployment.
At what point does an agentic AI system become a "material" process under CPS 230?
CPS 230 defines materiality in terms of impact on the entity's ability to deliver critical operations, financial position, or reputation. An agentic system becomes material when its failure, compromise, or misbehaviour could cause disruption to critical operations. For most enterprise agentic deployments handling compliance, case management, or core process orchestration, materiality should be assumed and governance designed accordingly.
How do you handle model updates and the risk of behavioural drift?
OIA defines a fixed intent specification that is independent of the underlying model. EAB enforces governance at the platform layer — constraints that hold regardless of model updates. This architectural separation means foundation model updates do not automatically change agent behaviour outside authorised boundaries. Model updates require re-validation against the OIA specification before deployment.
Can you work alongside our existing legal, risk, and compliance teams?
Yes. OIA and EAB engagements are designed to work alongside your existing legal, risk, and compliance functions — not replace them. We provide the technical architecture and governance framework; your teams provide the regulatory interpretation and organisational context. We produce artefacts designed for use by risk and legal teams, not just technology teams.
Schedule an Architecture Briefing
Briefings cover OIA design, EAB architecture, CPS 230 alignment approach, and how the framework maps to your organisation's operational risk management obligations. Attended by CIO, CTO, CRO, and enterprise architecture teams.
Contact UsRelated
Organisational Intent Architecture (OIA)
The governance framework that translates risk appetite into machine-executable operational constraints.
Enterprise Agentic Bus (EAB)
The AWS-native platform that enforces OIA policy constraints at the execution layer.