For years, trustees have focused their energy on the visible levers of performance: fees and returns. Yet lurking beneath the surface are inefficiencies that may be doing just as much damage to member outcomes: the operational drag of outdated technology.
Many super funds still rely on legacy systems. These outdated platforms need manual workarounds, introduce processing errors, and slow the rollout of new products. Every unnecessary intervention represents both a cost and a risk, and those costs compound at scale to chip away at members’ returns.
This is not a marginal issue. In a $4 trillion industry acting as custodian of Australians’ retirement security, even small inefficiencies accumulate into significant losses. The question for trustees is whether they can afford to let technology lag and whether members can afford the consequences.
The regulatory hammer is falling
This issue is now coming into the light via increased scrutiny from APRA, in the form of its CPG 230 Prudential Practice Guide[1] on operational risk management. In this guidance, the regulator warns that “effective operational risk management is essential to ensure the resilience of an entity, and its ability to maintain critical operations through disruptions”.
The message was reinforced in the regulator’s letter to RSE licensees in early June 2025[2] urging stronger cybersecurity measures, emphasising that “the obligation of superannuation entities to ensure the safety and security of members’ retirement savings and member data is non-negotiable”. Excuses around ageing infrastructure won’t wash. Boards and executives are now firmly accountable for proving their systems can withstand cyberattacks and compliance shocks in real time.
And the risks are not theoretical. Earlier this year, an attack on several funds saw one lose around $500,000[3], including a retiree who lost more than $400,000 before the breach was detected[4]. Other funds reported no direct financial losses but did see the exposure of personal data affecting thousands of members. The average cost of a cyber incident in Australia’s financial sector now sits above A$4 million per event[5]; a figure that should focus trustee minds on the scale of exposure.
Innovation on hold
But compliance is only one side of the ledger. Outdated systems also lock funds out of innovation. Integrating new retirement income products, personalising insurance, or delivering seamless digital experiences all become harder when technology foundations are brittle.
The industry’s ambition to deliver better retirement outcomes hinges on the ability to adapt quickly. Without flexible platforms, even well-designed strategies stall.
What good looks like
According to Deloitte’s 2024 Media & Entertainment Consumer Insights report, 68% of Australians expect seamless digital experiences from their financial providers – a standard increasingly applied to superannuation funds. Yet, That might feel manageable in the short term, but it leaves organisations exposed to operational risk and unprepared for growth.
By contrast, funds already shifting to flexible platforms are showing they can bring new retirement products to market faster, simplify compliance reporting, and prove their systems can recover from disruption in real time.
Importantly, the industry is moving in this direction. A recent report found that 73% of Australian super funds are investing in data transformation, and 70% are focusing on automation to drive efficiency and innovation[6]. Funds already adopting smarter platforms are demonstrating both cost discipline and member-focused innovation, proving that resilience and growth can go hand in hand.
The strategic test for trustees
The conversation about fees and returns is not going away. But the real test for trustees may be whether they treat technology modernisation as a compliance obligation or as a strategic enabler.
The choice is stark. Either super funds continue to absorb the hidden costs of inefficiency – at members’ expense – or they seize the opportunity to set a global standard for operational resilience and innovation.
Ultimately, every dollar lost to outdated systems is a dollar less for retirement. That is the benchmark against which technology decisions must now be judged.
Rob DeDominicis is GBST’s Group CEO, driving the global corporate strategy for the firm.
_____________________________________
[1] https://handbook.apra.gov.au/ppg/cpg-230
[2] https://handbook.apra.gov.au/letter/1089/letter-rse-licensees-information-security-obligations-and-critical-authentication
[3] https://www.theguardian.com/australia-news/2025/apr/04/australian-super-funds-compromised-cybersecurity-data-breach-hack
[4] https://www.theaustralian.com.au/business/financial-services/australiansuper-sixday-delay-on-cyber-scam/news-story/dd964f193560d80d32652d0355b6f128
[5] https://www.learningpeople.com/au/resources/blog/australian-pension-superfunds-hacks-highlight-cyber-skills-shortage/
[6] https://tecala.com.au/ebooks/emerging-technology-in-australias-superannuation-industry/
Posted in:
