Voice AI and APRA CPS 230: Operational Resilience Requirements for AI Vendors
APRA CPS 230, effective July 1, 2026, classifies voice AI vendors as material service providers for regulated financial institutions, requiring formal service provider registers, business continuity planning, operational resilience testing, and enforceable contractual accountability. Financial institutions using voice AI for customer-facing operations must ensure their vendor meets CPS 230 obligations or risk regulatory action from APRA.
For Australian banks, insurers, and superannuation funds that already use voice AI in contact centers, CPS 230 changes the compliance landscape fundamentally. The previous standards, CPS 231 (Outsourcing) and CPS 232 (Business Continuity Management), treated third-party technology vendors as outsourcing arrangements with relatively narrow governance requirements. CPS 230 consolidates and expands these into a single operational resilience framework that holds both the institution and its material service providers to explicit, testable standards.
The deadline is not theoretical. Pre-existing service provider contracts must comply by July 1, 2026. Institutions that have not reclassified their voice AI vendor relationships and updated contractual terms face non-compliance exposure in fewer than 80 days.
For voice AI deployment with APRA CPS 230 compliance mapping, on-premise data residency, and financially guaranteed uptime SLAs, contact the Trillet Enterprise team.
What Is APRA CPS 230 and Why Does It Replace CPS 231/232?
APRA CPS 230 (Operational Risk Management) replaces CPS 231 (Outsourcing) and CPS 232 (Business Continuity Management) with a unified standard that covers operational risk, business continuity, and service provider management under one framework.
The consolidation reflects APRA's recognition that operational risk in 2026 does not fit neatly into the categories defined a decade ago. Modern financial institutions rely on interconnected technology vendors, including AI platforms, that span multiple risk categories simultaneously. A voice AI vendor is both an outsourcing arrangement (CPS 231) and a business continuity dependency (CPS 232). Separating governance across two standards created gaps.
CPS 230 addresses this by introducing three integrated pillars:
Operational risk management: Institutions must identify, assess, and manage operational risks, including those introduced by AI systems, with board-level oversight and documented risk appetite.
Business continuity: Critical operations must be maintained through disruptions, with tolerance levels defined for maximum acceptable downtime and data loss.
Service provider management: Material service providers, including voice AI vendors, must be formally registered, contractually bound to resilience requirements, and subject to ongoing monitoring.
According to APRA's final prudential standard document published in July 2023, the regulator specifically noted that "the standard is designed to ensure that APRA-regulated entities can continue to deliver critical operations through severe disruptions." Voice AI platforms handling inbound customer calls, outbound collections, and account servicing clearly fall within this scope.
Why Voice AI Vendors Are Material Service Providers Under CPS 230
Under CPS 230, a service provider is "material" if its failure or disruption could cause a significant operational impact, financial loss, or harm to beneficiaries. Voice AI platforms used for customer-facing operations in financial services meet this threshold.
Consider the operational dependency: when a bank routes 40% of its inbound call volume through a voice AI platform, that platform's availability directly determines the bank's ability to serve customers. A prolonged outage does not merely inconvenience. It disrupts a critical operation. Under CPS 230, this dependency triggers material service provider classification and the governance requirements that follow.
Material Service Provider Obligations
Once classified as material, a voice AI vendor relationship requires:
CPS 230 Requirement | Voice AI Vendor Obligation |
Formal service provider register | Institution must maintain a register listing the voice AI vendor, services provided, and risk assessment |
Contractual resilience terms | Contracts must include availability commitments, data handling requirements, and termination provisions |
Business continuity alignment | Vendor must demonstrate continuity capabilities aligned with the institution's tolerance levels |
Fourth-party risk disclosure | Vendor must disclose sub-contractors and downstream dependencies (cloud providers, telephony carriers) |
Substitutability assessment | Institution must evaluate how quickly it could replace the voice AI vendor if needed |
Ongoing monitoring | Regular review of vendor performance against contractual and resilience commitments |
The substitutability requirement deserves particular attention. APRA expects institutions to assess whether a material service provider can be replaced within a reasonable timeframe. For voice AI, this depends heavily on architecture: proprietary platforms with custom integrations are harder to substitute than platforms built on open standards with documented APIs.
CPS 230 Compliance Mapping: What Voice AI Vendors Must Demonstrate
Financial institutions evaluating voice AI vendors for CPS 230 compliance should assess against five specific capability areas.
1. Data Residency and Sovereignty Controls
CPS 230 requires institutions to manage operational risks from service provider arrangements, including jurisdictional risks. For voice AI, this means knowing exactly where call data is processed, stored, and potentially transmitted.
Most voice AI platforms route audio through cloud infrastructure that may span multiple jurisdictions. Under CPS 230, a regulated Australian institution must ensure that its operational risk framework accounts for cross-border data flows, and that contractual terms give the institution control over data location.
Trillet Enterprise addresses this through configurable data residency with APAC, North American, and EMEA options. For institutions requiring absolute data sovereignty, on-premise deployment via Docker ensures call data never leaves the institution's own infrastructure. This eliminates jurisdictional risk entirely, a significant simplification for CPS 230 compliance.
2. Business Continuity and Failover Architecture
CPS 230 requires institutions to define tolerance levels for critical operations, specifically the maximum duration and extent of disruption they can absorb. Voice AI vendors must demonstrate continuity capabilities that meet these tolerances.
In practice, this means financial institutions need to verify:
Uptime commitments: What is the vendor's SLA, and is it financially backed or merely aspirational?
Failover architecture: Does the platform support active-active or active-passive redundancy?
Recovery time: How quickly can the platform recover from infrastructure failure?
Degradation strategy: What happens during a partial outage: do calls drop, or do they route to human agents?
Trillet Enterprise provides a financially guaranteed 99.99% uptime SLA, translating to a maximum of 52 minutes of downtime per year. The platform's disaster recovery and failover architecture supports automatic failover with graceful degradation to human agent queues, ensuring that a platform disruption does not result in dropped calls or dead air.
3. Audit Trails and Operational Transparency
CPS 230 governance requires ongoing monitoring of material service providers. This is only possible if the voice AI vendor provides sufficient operational transparency.
Financial institutions should require:
Comprehensive audit logging: Every system access, configuration change, and data handling event must be logged with timestamps and user attribution.
Incident reporting: The vendor must contractually commit to incident notification timelines aligned with the institution's APRA reporting obligations (72 hours for material incidents under CPS 234).
Performance reporting: Regular reporting on SLA adherence, call volumes, error rates, and system health.
Audit access: The institution, and APRA, must have the right to audit the vendor's operations, either directly or through independent assessors.
Trillet Enterprise supports security audit preparation with audit-ready documentation, access logging, and support for third-party assessment. Independent penetration testing is conducted by CREST-certified assessors, with reports available to clients and their auditors.
4. Vendor Accountability and Contractual Safeguards
CPS 230 raises the bar on what must appear in service provider contracts. Generic terms of service are insufficient for material service provider relationships.
Glia, a digital customer service platform serving banks and credit unions, recently set a new compliance benchmark by launching a contractual AI hallucination guarantee for its banking clients. This guarantee contractually binds Glia to accuracy standards, with defined remedies if their AI generates factual errors in customer interactions. Whether or not Glia's specific approach becomes an industry standard, it signals a broader shift: financial regulators and institutions increasingly expect AI vendors to accept contractual liability for AI-specific risks, not just infrastructure availability.
For voice AI specifically, CPS 230-aligned contracts should address:
AI accuracy commitments: Defined thresholds for speech recognition accuracy, intent classification, and response correctness.
Data handling obligations: Explicit terms on data retention, deletion, and prohibition on using client data for model training without consent.
Termination and transition: Provisions for data portability and transition assistance if the relationship ends.
Sub-contractor disclosure: Requirements to notify the institution of changes to downstream service providers.
Regulatory cooperation: Commitment to cooperate with APRA inquiries and on-site inspections.
5. Operational Resilience Testing
CPS 230 expects institutions to test their operational resilience, including the resilience of material service providers, through scenario-based testing. For voice AI, this means the vendor must participate in or support:
DR testing: Simulated failover events to verify recovery capabilities.
Load testing: Verification that the platform can handle peak call volumes under stress conditions.
Scenario planning: Joint exercises addressing plausible disruption scenarios (cloud provider outage, telephony carrier failure, cyber incident).
Penetration testing: Regular security testing by independent assessors.
Trillet Enterprise supports operational resilience testing through its fully managed service model, including 24/7 onshore Australian proactive monitoring. The platform undergoes independent penetration testing by CREST-certified third parties, and disaster recovery tests are conducted as part of the ongoing managed service relationship.
CPS 230 vs. CPS 234: How the Standards Interact for Voice AI
Financial institutions already meeting CPS 234 (Information Security) requirements for their voice AI vendor may assume CPS 230 compliance follows naturally. It does not.
CPS 234 and CPS 230 address different, though overlapping, risk domains:
Dimension | CPS 234 (Information Security) | CPS 230 (Operational Risk Management) |
Primary focus | Protecting information assets from security threats | Ensuring operational continuity through disruptions |
Vendor scope | Third-party information security capabilities | Material service provider resilience and substitutability |
Testing | Security control effectiveness | Operational resilience scenarios |
Board reporting | Information security incidents | Operational risk appetite and tolerance breaches |
Incident trigger | Security breaches | Any material operational disruption |
Trillet Enterprise is already APRA CPS 234 compliant, along with SOC 2 Type II, HIPAA, and IRAP certifications. CPS 234 compliance provides a strong foundation for CPS 230, particularly around third-party risk management and incident reporting, but CPS 230 adds requirements around business continuity tolerance levels, substitutability assessment, and operational resilience testing that CPS 234 does not cover.
A Realistic Assessment: What CPS 230 Compliance Cannot Guarantee
Honest disclosure: CPS 230 compliance, whether from Trillet or any other vendor, does not eliminate operational risk. It creates a structured framework for managing it.
Several limitations deserve acknowledgment:
No voice AI platform can guarantee zero disruption. A 99.99% uptime SLA still permits approximately 52 minutes of annual downtime. For a financial institution processing thousands of calls daily, even a brief outage during peak hours affects customers. CPS 230 requires tolerance levels, not zero-risk guarantees.
Regulatory interpretation remains evolving. CPS 230 is effective July 1, 2026, but APRA's enforcement approach and interpretation of specific requirements, particularly around AI-specific risks, will develop over time. Institutions should expect guidance updates and potentially additional requirements as APRA observes how organizations implement the standard.
Contractual AI guarantees are nascent. While Glia's hallucination guarantee represents an important step, the industry has not yet converged on standardized contractual frameworks for AI-specific risks in financial services. Institutions should negotiate AI-specific terms with their voice AI vendor, but should also recognize that these contractual structures are still maturing.
On-premise deployment adds operational burden. While on-premise deployment via Docker eliminates data residency risk, it shifts infrastructure management responsibility to the institution (or its managed service provider). Institutions choosing on-premise deployment should ensure their internal teams, or their vendor's managed service, can maintain the platform to CPS 230 continuity standards.
Timeline: Preparing Your Voice AI Vendor Relationship for July 1, 2026
With fewer than 80 days until the CPS 230 compliance deadline, financial institutions should prioritize the following steps:
Immediate (April 2026):
Classify your voice AI vendor as a material or non-material service provider under CPS 230
Review existing contracts against CPS 230 requirements. Identify gaps in resilience terms, audit rights, and termination provisions
Request your vendor's business continuity documentation and disaster recovery test results
May 2026:
Update your material service provider register to include voice AI vendor classification and risk assessment
Negotiate contractual amendments to address CPS 230 gaps, particularly around operational resilience testing, sub-contractor disclosure, and APRA cooperation
Conduct a substitutability assessment for your voice AI vendor
June 2026:
Execute updated contracts with CPS 230-compliant terms
Conduct joint operational resilience testing with your voice AI vendor
Document tolerance levels for voice AI disruption as part of your broader operational resilience framework
July 1, 2026:
CPS 230 effective date. All pre-existing service provider contracts must comply
Ensure board-level reporting includes voice AI vendor as part of operational risk governance
For a detailed framework on evaluating voice AI vendors against compliance and operational criteria, see our enterprise vendor evaluation framework.
How Trillet Enterprise Maps to CPS 230 Requirements
CPS 230 Requirement | Trillet Enterprise Capability |
Material service provider register | Full documentation package with service descriptions, risk profiles, and dependency maps |
Data residency controls | Configurable residency (APAC, North America, EMEA) or on-premise Docker deployment |
Business continuity | 99.99% financially guaranteed uptime SLA with automatic failover |
Operational resilience testing | CREST-certified independent penetration testing; DR testing supported through managed service |
Audit trail and transparency | Comprehensive audit logging, incident reporting, and APRA cooperation commitments |
Fourth-party disclosure | Full disclosure of infrastructure dependencies and sub-processor arrangements |
Information security (CPS 234 overlap) | APRA CPS 234 compliant, SOC 2 Type II, HIPAA, IRAP certified |
Ongoing monitoring | 24/7 onshore Australian proactive monitoring with dedicated support |
Integration compatibility | ViciDial, Avaya, Cisco CUCM, Mitel, Asterisk PBX integration, zero engineering lift |
For organizations already evaluating voice AI for financial services compliance, CPS 230 adds an operational resilience layer on top of existing security and privacy requirements. The standards are complementary, not duplicative.
Frequently Asked Questions
Does CPS 230 apply to all voice AI vendors used by APRA-regulated entities?
CPS 230 applies to all service provider relationships, but the depth of governance depends on whether the vendor is classified as "material." A voice AI platform handling customer-facing calls for a bank is almost certainly material. A voice AI platform used for internal-only meeting transcription may not be. The classification depends on whether the vendor's failure could significantly impact the institution's critical operations, financial position, or obligations to beneficiaries.
What happens if our voice AI vendor is not CPS 230 compliant by July 1, 2026?
APRA expects all pre-existing service provider contracts to comply with CPS 230 by the July 1, 2026 effective date. Non-compliance does not trigger automatic penalties, but it exposes the institution to supervisory action during APRA reviews. APRA's enforcement approach ranges from heightened supervision to formal directions and, in severe cases, enforceable undertakings. The institution, not the vendor, bears regulatory accountability.
How does on-premise voice AI deployment simplify CPS 230 compliance?
On-premise deployment via Docker eliminates several CPS 230 risk categories simultaneously. Data residency risk disappears because data never leaves the institution's infrastructure. Fourth-party cloud provider risk is reduced because the platform runs on the institution's own servers. Substitutability improves because the institution controls the deployment environment. However, on-premise deployment shifts continuity responsibility to the institution's infrastructure team. The uptime SLA depends on the institution maintaining its own hardware and network availability, supplemented by the vendor's managed service support.
Does APRA CPS 234 compliance automatically satisfy CPS 230?
No. CPS 234 (Information Security) and CPS 230 (Operational Risk Management) are complementary but distinct standards. CPS 234 compliance addresses information security controls: encryption, access management, incident notification. CPS 230 adds operational resilience requirements: business continuity tolerance levels, service provider substitutability, and operational resilience testing. A voice AI vendor can be fully CPS 234 compliant while lacking the continuity documentation and resilience testing CPS 230 requires.
What contractual terms should financial institutions negotiate with voice AI vendors for CPS 230?
At minimum: financially backed uptime SLAs with defined penalties, APRA audit and cooperation rights, sub-contractor disclosure and approval requirements, data portability and transition provisions, incident notification timelines aligned with APRA requirements (72 hours for material security incidents), and operational resilience testing participation commitments. Institutions should also consider AI-specific terms, such as accuracy guarantees and prohibitions on using client data for model training, following the precedent Glia has set with its contractual hallucination guarantee.
How does CPS 230 affect voice AI integrations with legacy telephony systems?
CPS 230's fourth-party risk requirements extend to the telephony infrastructure that connects voice AI to callers. Institutions must assess the resilience of their complete call chain, from PSTN carriers through PBX systems to the voice AI platform. For institutions running legacy PBX environments, Trillet Enterprise's compatibility with Avaya, Cisco CUCM, Mitel, and Asterisk systems ensures that CPS 230 resilience requirements can be met without replacing existing telephony infrastructure.
Is the July 1, 2026 CPS 230 deadline likely to be extended?
APRA has shown no indication of extending the CPS 230 effective date. The standard was finalized in July 2023, giving institutions a three-year implementation window. APRA has published guidance, conducted industry consultations, and held supervisory meetings throughout this period. Financial institutions should plan on the basis that July 1, 2026 is a firm deadline. Waiting for an extension that may not come creates unnecessary compliance risk.
CPS 230 changes the relationship between Australian financial institutions and their voice AI vendors from a procurement decision to an operational resilience obligation. The July 1, 2026 deadline applies to pre-existing contracts, not just new ones.
For CPS 230-aligned voice AI deployment with on-premise options, financially guaranteed uptime, and full APRA compliance documentation, contact the Trillet Enterprise team. For a broader overview of Trillet's enterprise capabilities, visit our enterprise guide.
