ChatGPT out of bounds for APRA staffers

ChatGPT GenAI

The Australian Prudential Regulation Authority (APRA) says its staff are not allowed to use ChatGPT or other generative artificial intelligence (AI) on the APRA network.

The regulator has also told a Parliamentary committee that inputting APRA’s information into public generative AI such as ChatGPT is a breach of APRA’s Code of Conduct and a breach of the IT Acceptable Use Policy.

“ChatGPT is blocked for use on the APRA network,” the regulator told Senate Estimates.

Answering questions from Queensland Liberal Senator, James McGrath APRA said its use of AI “is currently very limited” and that while it participated in the Copilot for Microsoft 365 run by the Digital Transformation Agency it had retained only a small number of licenses.

“There are also, narrower, AI ‘proof of concepts’ underway in APRA using in-house models. Usage of these models is restricted to a very small number of APRA staff with a high level of expertise in the targeted use case,” it said.

“Use of ChatGPT and other Generative AI is not allowed for use on the APRA network. APRA has employed the DTA’s Interim Guidance in its messaging to staff around the use of public generative AI. Staff are not allowed to utilise public generative AI tools, and the use of such tools is a breach of APRA’s IT Acceptable Use Policy and Code of Conduct,” APRA said.

The regulator also reassured that it was keeping outside contractors on a tight leash.

“As with all Commonwealth agencies, third-party contractors are engaged in accordance with the Commonwealth Procurement Guidelines and are generally governed under the whole-of-government policies and frameworks,” it said.

“The terms of the contracts include requirements in relation to acting in compliance with the Privacy Act 1988, not to disclose confidential information without the consent of the vendor and to report any data breaches.

“These contracts also include APRA’s own secrecy and data breach clauses that apply to third-party contractors engaged by APRA. These include requirements to ensure that all protected information and protected documents (as defined by the Australian Prudential Regulation Authority Act 1998) are subject to the secrecy obligations under Commonwealth laws.”