Xinja is an independent, 100% digital neobank for Australians. Designed for mobile and made for people.
Xinja’s purpose is to help people make more out of their money, and get out of debt faster. Xinja is designed to be easy, and even fun. You can set up accounts in seconds, with zero paperwork, all on your phone and Xinja offers friendly fast support with in-app chat. Security is a major priority and not only is the bank account covered by the Government guarantee, but being 100% digital with the latest technology means Xinja have built state of the art security in from day 1. It also means low costs for Xinja & therefore competitive rates & low or no fees for customers.
You can learn more about Xinja at Xinja.com.au.
The challenge
As an APRA-regulated authorised deposit-taking institution (ADI), Xinja must comply with the APRA prudential standards.
For background, APRA, or the Australian Prudential Regulation Authority, is Australia’s financial services industry regulator. APRA establishes and enforces prudential standards designed to ensure that, under all reasonable circumstances, financial promises made by the institutions it supervises are met within a stable, efficient, and competitive financial system.
Xinja needed a cybersecurity tool to help them reduce the operational overhead of complying with APRA Prudential Standard CPS 234 Information Security which aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyberattacks) by maintaining an information security capability commensurate with information security vulnerabilities and cyber threats.
This includes information assets managed by related or third-parties.
The solution
Xinja uses UpGuard platform to help with three aspects of CPS 234 compliance:
- Continuous monitoring of related and third-parties who manage information assets: UpGuard Vendor Risk provides Xinja with always up-to-date, third and fourth-party security ratings and monitoring capabilities.
- Increased rigor in vendor procurement and assessment: Beyond security ratings, UpGuard Vendor Risk’s security questionnaire library provides Xinja with the tools they need to assess not only the external security posture of current and potential vendors but also internal security controls.
- An understanding of Xinja’s own external security posture: UpGuard BreachSight provides continuous monitoring and first-party security ratings, as well as data leak and leaked credential detection for Xinja, giving them a clear understanding of their own external security posture.
UpGuard’s team spent time at Xinja to help them onboard onto the platform and provided training so Xinja’s team could get up to speed in a matter of days.

Chief Information Security Officer (CISO)
Xinja