Banks employ different IT sourcing strategies to reduce IT costs. Australian banks are highly regulated by the Australian Prudential Regulatory Authority (APRA). We selected the two largest Australian banks, Westpac Banking Corporation (WBC) and Commonwealth Bank of Australia (CBA), to show the complexity of their IT multi-sourcing models and associated risks. We analysed public documents to reveal the IT sourcing trends from 2009 to 2013, and compared the alignment of the banks’ risk frameworks with the APRA risk framework. Finally we reviewed APRA’s risk management at the finance industry level and identified that neither risk management nor governance is performed and/or reported by APRA to the Reserve Bank of Australia. Therefore to ensure the cumulative effect of the banks’ IT sourcing strategies are measured and reported at the industry level, it is recommended that APRA develop and implement an industry-level risk framework mirroring standard APS 115.