APRA has imposed additional licence conditions on NGS Super over its lack of cyber controls.  

The additional licence conditions follow an internal report prepared by NGS’ internal auditor in August 2022, an independent tripartite review undertaken at APRA’s request and delivered in April 2023, and a cyberattack in March 2023. 

NGS is now required to use an independent third party to: 

  • Provide assurance regarding NGS’ remediation activities and to address the recommendations contained in the internal audit and tripartite review reports; and 
  • Conduct an operational effectiveness review of the CPS 234 Prudential Standard (which it breached) controls and frameworks. 

NGS is the trustee of NGS Super, which has 114,000 members and $14 billion in assets under management.