The Australian Prudential Regulation Authority's CPG 234 provides guidance on managing information security risks within financial institutions. It outlines expectations for maintaining information security capabilities commensurate with the size and complexity of the organization and the sensitivity of its information assets.