ASIC Chair Joe Longo has outlined 11 key risks facing Australian businesses in 2026, including retail exposure to private credit markets, AI-powered cybercrime and superannuation operational failures.
What’s happening: ASIC Chair Joe Longo has identified 11 critical risks facing Australia’s financial system in 2026, including expanding retail access to private credit markets, operational failures by superannuation trustees, and AI-powered cybercrime.
Why this matters: With nearly three million Australians set to access superannuation over the next decade and more than $750 billion moving from accumulation into retirement, operational resilience, transparency and consumer protection have become regulatory priorities that will directly impact how financial services firms operate and comply.
Australia’s financial regulator has outlined 11 critical flashpoints it expects to dominate the business landscape in 2026, with private credit markets, superannuation operational failures and AI-powered cybercrime topping the list.
ASIC Chair Joe Longo released the annual Key Issues Outlook, warning that continued cost-of-living strains for vulnerable Australians, rising debt and ongoing geopolitical tensions are adding volatility and uncertainty across the financial system.
“In 2026, continued cost‑of‑living strains for vulnerable Australians, rising debt and ongoing geopolitical tensions are adding volatility and uncertainty,” said Mr Longo. “At the same time, rapid advances in AI are transforming financial services—and fuelling a surge in AI‑powered cybercrime that is testing the resilience of companies and undermining public trust in AI‑driven decisions.”
The assessment marks a shift in regulatory focus toward emerging risks that cut across all sectors ASIC regulates, from banking and insurance to superannuation and capital markets.
Private credit expands
Retail access to private credit and other private market products is expanding rapidly, with investment thresholds as low as $2,000 now available through investment platforms including superannuation funds.
Australia’s private credit market has grown to an estimated $200 billion in assets under management over the past 18 months, according to ASIC Report 820 released in November 2025. The growth has been driven by increasing Australian superannuation savings focused on investment diversification and yield, moderation in bank lending to higher-risk real estate ventures, and increased retail investor participation through evergreen and exchange-traded investment products.
However, ASIC’s surveillance of 28 private credit funds from October 2024 to August 2025 identified significant concerns. The regulator found inconsistent practices including weak governance, poorly managed conflicts of interest, poor valuation practices impacting entry and exit prices, and inadequate practices in key risk areas indicating poor preparedness for stress scenarios.
“This raises risks of mis‑selling, unsuitable product selection, and decision‑making without adequate disclosure,” said Mr Longo. “As ASIC identified in November, private markets are opaque, and Australia has limited regulatory reporting outside superannuation, meaning constrained supervision and potential heightened risks for investors.”
ASIC has already issued stop orders on several target market determinations due to poor disclosure and distribution of retail private credit funds, and has commenced enforcement investigations for more serious conduct.
The regulator has flagged that in 2026, it will focus surveillance on fees, margin structures and conflict of interest management in wholesale private credit funds, as well as distribution of private credit funds to retail clients through direct and advised channels.
Super fund pressures
Operational failures by superannuation fund trustees represent another major concern, with member services problems including delays in processing claims, inadequate support for customers, poor IT infrastructure and cyber resilience, and escalating risks of fraud and scam activity.
With nearly three million Australians set to become eligible to access their superannuation over the next decade and more than $750 billion expected to move from accumulation into retirement, ASIC has emphasised that operational challenges could result in significant financial losses and erode trust in the system.
The regulator’s focus extends to consumers losing retirement savings through investments in high-risk products, often as a result of high-pressure sales tactics and inappropriate financial advice. Aggressive marketing, lead-generation and cookie-cutter advice models have been driving switches of superannuation into complex, high-risk investments that are often unsuitable for average consumers, particularly through certain managed investment schemes.
ASIC currently has 12 court cases underway related to the Shield and First Guardian matters to hold people and organisations to account, although the pathway to compensation remains uncertain when these schemes collapse.
AI accelerates fraud
Advanced technology harming consumers, including agentic AI, has emerged as a critical risk category. ASIC notes that consumers increasingly face risks from automated decisions, AI-driven interactions, and scams amplified by technology.
“The rapid adoption of technology enables new forms of conduct that exploit issues like behavioural bias,” said Mr Longo. “As ASIC has found in research, there is variable maturity in how businesses manage AI governance risks. While agentic AI can help people shop around for deals and avoid loyalty penalties, it can also compound risk given its capability to independently plan and act.”
Financial services emerged as the most targeted industry for AI-powered cyberattacks in 2025, experiencing 33 per cent of all AI-driven incidents, according to industry research. Agentic AI, which can plan, reason and take multi-step actions without explicit instructions, is expected to accelerate attack speeds and sophistication.
Reporting shows increases in calls to the Australian Cyber Security Hotline, incident responses and threat notifications, reinforcing the need for vigilance across sectors. Digitisation, legacy systems, reliance on third parties and evolving threat actor capability continue to elevate cyber risk in ASIC’s assessment.
“ASIC is urging directors and financial services license holders to maintain robust risk management frameworks, test their operational resilience and crisis responses, and address vulnerabilities with their third-party service providers,” said Mr Longo.
Cyber attacks, data breaches and inadequate operational resilience and crisis management could undermine market confidence and harm consumers, particularly as threat actors deploy AI tools to enhance tactics and evade detection.
Banking takes risks
ASIC has flagged increased risk appetite in the banking sector in response to competitive pressures that could result in consumer harm. The regulator notes that historically low net interest margins may be driving parts of the sector towards riskier strategies.
Competitive dynamics at play in Australia could incentivise relaxed credit assessments, larger or unsuitable loans, product changes for lower-margin customers, and aggressive marketing that steers consumers towards higher-risk products.
“ASIC is alert to conduct that pushes regulatory boundaries to circumvent the application of the law that would lead to unfair investor losses and consumer harm,” said Mr Longo.
The warning comes as small and medium businesses continue to navigate cash flow pressures, with insolvency practitioners reporting increases in businesses experiencing financial distress not primarily driven by tax debt but by reduced consumer discretionary spending.
Additional risks identified by ASIC include poor insurance claims handling following extreme weather events, with recent disasters in Victoria and Queensland underscoring pressures insurers face during concurrent and severe events that can lead to delays, errors and poor communications.
The potential failure or significant outage resulting from CHESS replacement or due to ongoing use of aging infrastructure also ranks among key concerns. CHESS is critical national infrastructure fundamental to orderly markets, and the December 2024 outage demonstrated the urgency of completing the replacement project.
Poor quality financial reporting, sustainability reporting and audit quality remains a priority, with ASIC finding evidence in superannuation financial reports of inconsistent investment disclosures, limited transparency on certain expenses and insufficient audit evidence for valuations. As mandatory sustainability and climate reporting expands, risks of misleading or incomplete disclosures increase.
Regulatory gaps related to emerging financial sector participants, particularly in digital assets, payments and AI users, continue to create risks including unlicensed advice, misleading conduct and exploitation of unclear regulatory boundaries. Rapid innovation by people unfamiliar with financial services contributes to perceived regulatory uncertainty, making clarity on licensing requirements and effective perimeter oversight ongoing priorities for ASIC.
The outlook document does not rank the issues, reflecting that risks are interconnected and cut across all sectors ASIC regulates. For businesses, staying compliant with evolving regulatory requirements remains essential to avoiding penalties and maintaining operations.
For more information about ASIC’s work, see the ASIC Corporate Plan 2025-26.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
