Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

A comprehensive guide to managing your compliance requirements

With a litany of financial scandals in recent years, ASIC has been focusing its attention on AFSL holders and the policies and procedures they have in place to protect their clients and investors. 

Insights Sophie Gerber 18 July 2016
— 4 minute read

The legal and regulatory environment has become increasingly complex and can be overwhelming, particularly if you are new to the AFSL regime.


ASIC can audit your business at any time, unannounced, and you need to be prepared. The incidence of heavy fines, licence suspension and revocation continues to rise, along with ASIC and client expectations.

While the cost of compliance has become significant, the costs and ramifications of non-compliance are enormous. Good compliance is essential for the survival of your business when you move into the AFSL regime. Compliance must be embraced and promoted, from the most senior management of an organisation down to its most junior levels.

Since 1 July 2016, accountants have been unable to provide financial product advice without holding a limited AFSL or being an authorised representative of a limited AFSL holder. Accountants previously did not have to be licensed under the AFSL regime, which is why the ongoing compliance requirements for AFSL holders may seem overwhelming. These changes were introduced as part of the much-discussed Future of Financial Advice (FoFA) reforms.

What are the compliance requirements?

It is important for accountants to ensure that the regulatory requirements for financial services are met. Accountants who are AFSL holders have a general obligation to do all things necessary to ensure financial services are provided efficiently, honestly and fairly. AFSL holders also have specific obligations relating to the following:

• Conduct and disclosure;

• Provision of financial services;

• Competence, knowledge and skills of responsible managers;

• Training and competence of representatives;

• Ensuring that representatives comply with financial services laws;

• Compliance;

• Risk and conflict of interest management;

• Adequacy of financial, technological and human resources; and

• Dispute resolution and compensation.

AFSL holders are also required to comply with any conditions on their AFSL, and with the company secretarial requirements set out in the Corporations Act 2001.

How can I comply?

Complying with the ongoing requirements may include implementing some or all of the following:

• Compliance plans and compliance program management framework;

• Periodic compliance reporting;

• Compliance committee membership/external director;

• Compliance procedures and policy documents;

• Compliance training;

• Anti-money laundering/counter-terrorism financing (AML/CTF) framework;

• Corporate governance;

• Independent and external compliance audits;

• Risk management systems;

• Conflicts management systems;

Privacy Act management framework; and

• Code of conduct and code of ethics implementation.

As an AFSL holder, you may also be providing designated services under section 6 of the Anti-Money Laundering and Counter-Terrorism Financing Act. All businesses providing a designated service have additional compliance obligations under this act, including maintaining an AML/CTF compliance program. The AUSTRAC website can provide you with more information.

Accountants should familiarise themselves with the ongoing compliance obligations for AFSL holders, to ensure that they comply. ASIC also provides guidelines for AFSL holders on meeting the ongoing compliance obligations in its regulatory guides and on its website.

What policies do I need?

As part of the ongoing compliance obligations, AFSL holders are required to maintain, implement and document compliance policies and procedures that are tailored to the services provided.

The policies and procedures may include some or all of the following:

• Authorised representatives manual (if required);

• Breaches and incidents: policy and register;

• Conflicts of interest: policy and register;

• Risk management policy and risk assessment and management matrix;

• Dispute resolution processes and complaints register;

• Document retention policy;

• Personal dealing policy;

• Insider trading policy;

• Training policy for employees;

• Outsourcing policy and external service providers register;

• Financial requirements checklist;

• AML/CTF policy and AML/CTF risk assessment and management matrix;

• Privacy policy and privacy statement for use on website;

• Marketing checklist

• Responsible manager policy;

• Representatives policy;

• Compliance calendar (providing a framework around completion of obligations); and

• Compliance plan.

All policy documents must be tailored to your particular business to ensure you comply with the regulatory requirements. Regulators can audit your business at any time, unannounced. You need to be prepared and able to provide these documents on request, and demonstrate that they are an active part of your business operations. Having a dusty folder on the shelf with policies from several years ago, which you have clearly never touched, will not cut it.

How do I comply in practice?

Compliance obligations must be continually satisfied, whether on a monthly, quarterly or yearly basis. While the number and complexity of the compliance requirements can seem overwhelming, complying with them just requires having a clear compliance structure in place.

At an operational level, this can involve, but is not limited to:

• Regular compliance reviews and updating of policies and registers;

• Formation of a compliance committee that meets periodically to assess whether the obligations are being met, and to address any concerns;

• Preparation of regular compliance reporting to the compliance committee or board;

• Creation of a compliance calendar or spreadsheet to identify the specific compliance requirements and make it easier to meet obligations;

• Lodging reports and compliance declarations with regulators as required;

• Responding to all ad hoc compliance queries; and

• Provision of compliance training to employees.

AFSL holders should also regularly review their licence conditions and the authorisations they hold for providing financial services. There are serious penalties and repercussions for operating without an AFSL or without the correct authorisations. An entity may apply to be authorised to provide one or more types of financial services, and/or provide one or more financial product classes to retail and/or wholesale clients. Financial product/service delineations and boundaries are complex and it is easy to overlook or inaccurately define an aspect of your activities.

Sophie Gerber, Sophie Grace

A comprehensive guide to managing your compliance requirements
image intro
accountantsdaily logo
Sophie Gerber

Sophie Gerber

Sophie Gerber has worked with some of Australia’s largest financial services organisations in compliance, legal and operational roles. She has also worked with small businesses to provide tailored solutions with a strong understanding of business practicalities as well as obligations to regulators. Ms Gerber has a Bachelor of Commerce and a Bachelor of Law from the University of Sydney, and has also spent a year studying finance at Boston University. Sophie is admitted as a solicitor in NSW and is currently studying for a Masters of Law from the University of Sydney.