Compliance for Private health insurers
Insurers regulated by APRA under the Private Health Insurance Act.
Published obligations that apply to private health insurers (6)
- criticalCWLTHComply with APRA CPS 220 (Risk Management)
APRA-regulated entities must have a comprehensive risk management framework.
- criticalCWLTHComply with APRA CPS 230 (Operational Risk Management)
APRA-regulated entities must manage operational risk including a comprehensive third-party / outsourcing register from 1 July 2025.
- criticalCWLTHComply with APRA CPS 234 (Information Security)
APRA-regulated entities must maintain information security capability commensurate with the size and extent of threats.
- criticalCWLTHComply with Financial Accountability Regime (FAR) accountability obligations
Banking entities from 15 March 2024; insurers and super trustees from 15 March 2025.
- highCWLTHComply with Private Health Insurance Act 2007 + APRA rules
Private health insurers regulated by APRA + PHIO; community rating, complaints + claims rules apply.
- mediumCWLTHMandatory AI guardrails for high-risk AI (in development)
Australian Mandatory Guardrails for High Risk AI Settings — Treasury consultation in 2024/2025.