The latest round of APRA guidance and prudential standard updates places renewed emphasis on three areas that have consistently been under-invested by many funds: operational risk management, data governance, and the demonstrable measurement of member outcomes. For funds that have treated these as compliance exercises rather than strategic capabilities, the regulatory direction is becoming harder to ignore.
This article summarises what Desda is seeing in the market and offers a practitioner's perspective on what funds should be doing now to prepare — not just for the next compliance deadline, but for an operating environment in which regulatory expectations will only continue to rise.
Operational risk: from documentation to demonstration
APRA's guidance on operational risk has shifted its emphasis from the existence of frameworks to the evidence of their effectiveness. Funds are increasingly expected to demonstrate — through data, through testing, and through incident response — that their operational risk management actually functions as described in their governance documents.
The practical implication is that funds need to invest in the tooling and processes that generate the evidence APRA is looking for, not just the policies that describe the intent. For many funds, this means a meaningful investment in risk monitoring infrastructure and in the capability to analyse and report on operational risk events in close to real time.
Data governance: from aspiration to architecture
Data governance has appeared on fund board agendas for a decade. What is changing is the specificity of what APRA now expects to see: defined data ownership, documented data lineage, measurable data quality standards, and evidence that data governance frameworks actually influence operational decisions rather than sitting in a policy document.
Funds that have invested in enterprise data platforms over the past five years are better positioned here — but platform investment alone is not sufficient. The governance layer — the people, processes, and accountability structures that determine how data is managed — remains the gap for most funds.
Member outcomes: from reporting to accountability
The member outcomes framework has required funds to assess and report on whether they are delivering outcomes in the financial interests of their members. What is evolving is the expectation that this assessment is genuinely analytical — based on real data, using sound methodology, and capable of withstanding scrutiny from both APRA and the fund's own trustee board.
Funds that are building genuine analytical capability around member outcomes — rather than producing outputs that satisfy the reporting requirement without driving action — are creating a competitive and regulatory advantage that will compound over time.
What to do now
- Assess your data governance maturity honestly. Not against your framework, but against what APRA's examiners will find when they look at how decisions are actually made.
- Invest in operational risk monitoring infrastructure. The expectation is moving from annual reviews to continuous visibility.
- Build your member outcomes analytical capability. This is a multi-year investment — funds that start now will be demonstrably ahead of those that wait for the next compliance push.
- Engage with your administrator on data access. Many of the data quality and governance challenges funds face are partly the result of limited access to and visibility of the data their administrator holds on their behalf.
Regulatory compliance in superannuation has always been a moving target. The funds that manage it well are those that treat regulatory requirements as a signal about what good looks like — and invest accordingly, rather than doing the minimum to pass the next assessment.