💼 2 An APRA-regulated entity would typically select cryptographic techniques based on the nature of the activity and the sensitivity and criticality of the data involved. The cryptographic techniques would typically be reviewed on a regular basis to ensure that they remain commensurate with vulnerabilities and threats.