Depending who you ask, definitions of Governance vary wildly. Some see governance as something that Boards do, others as reporting or even as an administrative function that adds no value. To us at PX Partners, governance is at the heart of the organisation. It as is the linchpin that connects strategy with planning with risk management, obligations, reporting, and accountability. It is the mechanism through which organisations demonstrate their integrity, resilience, and compliance – especially under the weight of new regulatory expectations like APRA’s CPS 230 and the Financial Accountability Regime (FAR).
The Australian Institute of Company Directors (AICD) defines governance as “the systems that direct and control – or govern – an organisation.” It is fundamentally about relationships between the board, management, and stakeholders and the mechanisms by which authority is exercised and accountability is enforced. As the Hon. Justice Neville Owen described during the HIH Royal Commission, governance is “the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations”.
This framing is particularly relevant in the current regulatory environment, where governance is not just a structural concept but a dynamic enabler of compliance, performance, and trust. Whether through formal board oversight or embedded operational controls, governance is the thread that weaves together the obligations and expectations placed on financial services entities.
Licensing Obligations: The Foundation of Governance
At its core, governance ensures that entities meet their general licensing obligations under the Corporations Act and ASIC’s Regulatory Guides. These obligations require financial services providers to:
- Maintain adequate risk and compliance frameworks.
- Deliver services efficiently, honestly, and fairly.
- Manage conflicts of interest and ensure appropriate oversight of representatives.
Governance is the structure that ensures these obligations are not only met but embedded in day-to-day operations. It defines who is responsible, how oversight is exercised, and how breaches are identified and addressed. As noted in <Email>Re: PX Partners | Lonsec ODD ‘mock-up’ and revised ODD questionnaire – Feedback Session</Email>, governance also plays a critical role in how entities assess and report on their service providers, particularly in the context of due diligence and ongoing monitoring.
CPS 230: Governance in Operational Resilience
CPS 230 elevates governance from a compliance function to a strategic imperative. It requires regulated entities to:
- Map critical operations and define tolerances for disruption.
- Establish governance frameworks that ensure Board and Executive oversight of operational resilience.
- Formalise service provider arrangements with clear performance metrics, audit rights, and remediation protocols.
Governance under CPS 230 is not just about structure—it’s about action. Boards must receive regular reporting on risk exposure, service performance, and compliance. Executives must ensure that SLAs, risk assessments, and control testing are not only in place but actively monitored.
FAR: Personal Accountability in Focus
The Financial Accountability Regime (FAR) introduces a new layer of governance by making accountability personal. It requires entities to:
- Identify Accountable Persons and assign clear responsibilities.
- Maintain accountability maps and statements.
- Ensure that governance frameworks support the oversight of these responsibilities.
This means that governance is no longer just about committees and policies—it’s about traceability. As seen in <File>[DRAFT] State Super CPS 230 Support – PX Partners – v1.0 – 310125</File>, aligning reporting lines from General Managers to Board Committees is now a regulatory expectation, not a best practice.
APRA’s Governance Review: Raising the Bar
In March 2025, APRA released a discussion paper (INSERT LINK – https://www.apra.gov.au/governance-review-discussion-paper) proposing eight key reforms to its core governance standards (CPS 510, SPS 510, CPS 520, SPS 520, and SPS 521). The review reflects APRA’s view that while governance practices have improved, significant weaknesses remain—particularly in areas such as director capability, board performance assessment, and conflict management.
The proposals aim to:
- Strengthen expectations around board skills, tenure, and independence.
- Introduce more prescriptive requirements for fitness and propriety assessments.
- Improve transparency and rigour in board performance evaluations.
- Clarify and tighten rules around conflicts of interest.
APRA’s message is clear: governance is not a “tick-the-box” exercise. It is a live, evolving discipline that must be embedded in the culture and operations of every prudentially regulated entity.
Governance as the Integrator
Governance connects the dots between:
- Risk Management: Ensuring that risk frameworks are embedded and aligned with Board and Executive oversight.
- Reporting and Oversight: Defining the cadence, content, and escalation pathways for risk and compliance reporting.
- Accountability: Mapping responsibilities under FAR and ensuring traceability of decisions and actions.
The Governance Imperative
In our work with clients across the financial services industry, we’ve seen that the most successful CPS 230 and FAR programs are those that treat governance not as a compliance obligation, but as a strategic enabler. Governance is what allows organisations to:
- Translate regulatory expectations into operational reality.
- Connect Board-level oversight with frontline execution.
- Demonstrate resilience, transparency, and accountability to regulators, customers, and stakeholders.
As the regulatory bar continues to rise, governance is no longer optional—it is the key that unlocks sustainable compliance and long-term trust.
Jon O’Keeffe is the author of this article. Jon provides regulated entities with pragmatic advice on governance anchored in more than 20 years of practitioner experience.