The Australian regulatory focus on superannuation trustees: 5 practical implications for global asset managers

Introduction

As at 30 June 2025, the Australian superannuation industry had AUD 4.3 trillion in assets under management, of which AUD 3 trillion was in APRA-regulated funds. This means superannuation funds have become the largest institutional investors in Australia, overseeing substantial pools of capital.

The size and significance of this sector means the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) have a keen focus on the trustees of these Australian superannuation funds.¹ This is illustrated by ASIC and APRA’s high levels of activity in this space, including recent enforcement actions by both regulators against superannuation trustees.

This article outlines 5 key areas of regulatory focus, and the implications for global asset managers who may do business with Australian superannuation funds.

Additional operational risk management requirements

One of the more significant regulatory shifts for the Australian superannuation industry in the last few years has been the introduction of APRA’s Prudential Standard CPS 230 Operational Risk Management (CPS 230) which commenced on 1 July 2025.

CPS 230 aims to ensure that APRA-regulated entities (including superannuation trustees) effectively manage operational risks, maintain critical operations through disruptions and manage the risks arising from service providers. Relevantly, CPS 230 also requires superannuation trustees to comply with minimum content requirements in all material outsourcing agreements.

Asset managers (whether domestic or offshore) will generally be “material service providers” of superannuation trustees under CPS 230. This means that agreements with asset managers must meet these minimum content requirements, including provisions which:

• Ensure the asset manager can meet its legal and compliance obligations.
• Require notification from the asset manager of its use of other material service providers that it materially relies upon in providing the services.
• Require the asset manager to be liable for the failure on the part of its subcontractors.
• Allow APRA access to documentation, data and other information relevant to the services being provided.
• Require the superannuation trustee to be able to terminate where the agreement is no longer in the best financial interests of its members.

These requirements apply to pre-existing contractual arrangements from the earlier of the next renewal date or 1 July 2026.

There are two key practical implications for an asset manager, particularly a foreign asset manager who is not APRA regulated:

• Any investment management agreement, model portfolio agreement, or similar are all likely to be material arrangements for the purposes of CPS 230. In which case, even though the compliance obligations are all imposed on the superannuation trustee, an asset manager can expect a superannuation trustee client to require both the inclusion of additional terms in order to meet the CPS 230 content requirements and additional due diligence before signing, to allow the trustee to comply with its own risk assessment obligations.
• APRA also recently announced, in its Corporate Plan 2025-26, that it will “engage with entities to ensure they are meeting their new obligations”, focusing initially “on the largest entities”. It is therefore likely that trustees of larger funds will be negotiating these agreements with an assumption that they will be reviewed by APRA.

Heightened focus on platform operators and their due diligence

There are also ongoing initiatives by Australian regulators that are likely to be relevant to asset managers hoping for their model portfolio or fund to be added to a superannuation platform’s investment menu. These initiatives stem from two recent superannuation fund collapses, which have led to heightened regulatory scrutiny of superannuation trustees that operate platforms and a focus on how these trustees select their platform investment menus.

This increased focus is highlighted by ASIC’s court proceedings against a superannuation trustee alleging failures in due diligence concerning the fund it runs. While this case involves conduct by alleged bad actors, ASIC views a superannuation trustee as a “gatekeeping for its members’ retirement savings” and initiated these proceedings as part of its broader “message to superannuation trustees: proper due diligence is needed when offering investment options for members”.² Another trustee faced similar allegations and has committed to remediating its affected members.

On 7 October 2025, APRA also wrote to industry calling for stronger action by platform trustees with extensive guidance on what it considers to be “weaker practices” and “current better practices.” This heightened focus, by both ASIC and APRA, therefore appears set to continue for the foreseeable future.

The allegations in ASIC’s court proceedings highlight the dangers for trustees if they do not independently conduct due diligence and engage in deeper assessments of the operational resilience, governance and risk management frameworks of fund managers whose products are listed on their platforms.

The takeaway for asset managers is that superannuation trustees will be scrutinising your processes more closely than ever.

Look through reporting obligations

APRA’s “Superannuation Data Transformation” (SDT) project has been underway since 2019 to upgrade the breadth, depth and quality of the data which APRA collects from superannuation trustees. The project was intended to make it easier to scrutinise and reliably compare fund and product performance, especially in the choice segment of the market.

A key practical implication of the SDT project has been to significantly expand reporting obligations on superannuation trustees. Importantly, these extend to “look through” reporting requiring service providers, including investment/asset managers, to provide significant data to trustees. For instance, where a trustee invests in a fund of funds and the underlying asset is several vehicles down in a chain, the asset manager may be required to trace through the vehicles and report this information to the trustee.

Importantly, APRA has also made it clear to superannuation trustees that it will “utilise the full range of its powers” to hold trustees accountable where the data collected reveals regulatory failures, in a letter sent to industry in June 2025. APRA has also shown that it is prepared to use its enforcement powers where data is submitted that is incorrect, incomplete or late.

Superannuation trustees are therefore under significant pressure to ensure that data submitted is complete, correct and on time. This pressure is likely to be passed on by trustees to asset managers whose input is critical to ensuring that trustees meet their APRA reporting obligations.

Arrangements in place to manage the risk of using offshore service providers in the investment management sectors

Similar to CPS 230 and APRA’s focus on operational resilience, ASIC is focussing on “offshore outsourcing arrangements”. In the ASIC Corporate Plan 2025-26, ASIC stated in no uncertain terms:

“We will continue reviewing the arrangements that AFS licensees have in place to manage the risk of using offshore service providers in the investment management and financial advice sectors. We will consider management of data sharing and privacy risks. We will review market participants’ compliance with market integrity rules on managing outsourcing arrangements and test reliance on third-party vendors, including those widely used by not regulated as providers of financial services.”

In practice, ASIC is approaching this issue from the perspective of the requirement for a financial services licensee (including a superannuation trustee) to ensure that financial services are provided “efficiently, honestly and fairly” as well as general risk management obligations.

ASIC has recently completed a review of offshore outsourcing for financial services advice licensees³ and responsible entities.⁴  ASIC’s review includes better practice “considerations” when appointing an offshore services provider (including an asset manager). These better practice considerations include due diligence, performance monitoring, service level agreements, SLA breach handling, cyber risk management and business continuity.

Although this review was conducted in the managed investment scheme (rather than superannuation) industry, the underlying point is clear - licensees are expected by both regulators to have sufficient skills and information to identify material risks and assess an offshore service provider’s performance and ongoing suitability. These better practice considerations will increasingly apply to every stage of an engagement, from the onboarding and due diligence process where an asset manager is selected, and ongoing monitoring.

The risk of overlapping, or inconsistent, focus between APRA and ASIC also remains although the regulatory initiatives grid is aimed at minimising this risk.

Deregulation is on the horizon – opportunities to get the balance right with duplicative / burdensome obligations

A silver lining is the deregulatory agenda recently flagged by both APRA and ASIC. APRA recently announced in its Corporate Plan 2025-26 that it is focussing on “getting the balance right” and ensuring that its regulation is “efficient and proportionate”. APRA recently also expanded on this commitment by stating it will engage with industry to identify areas of unnecessary burden from reporting, such as areas of duplication or inconsistencies.⁵

ASIC has adopted a similar approach, focusing on “simpler and better regulation” in its Corporate Plan 2025-26. Last year, ASIC established the “Simplification Consultative Group” to identify areas of regulatory simplification and developed specified “simplification workstreams”.⁶  Among others, ASIC intends to simplify regulatory guidance, introduce sector-based regulatory roadmaps, develop best practice principles to guide the preparation of legislative instruments (and ensure they are clearer and simpler), simplify existing legislative instruments and uplift ASIC’s professional registers.

In this context, there is at least a possibility that burdensome or duplicative reporting obligations will be streamlined.

Both ASIC and APRA will be consulting on specific proposals to achieve their stated deregulatory objectives. It will be critical for all of those impacted by current obligations that they consider to be burdensome or duplicative, including indirectly, to engage in this consultation process to demonstrate the resource burden currently imposed for little (or no) regulatory benefit.