An AFSL Guide to Compliance and Admin Duties

Key Takeaways

• You must have a formal process to Control, Avoid, or Disclose any conflicts of interest, as required by s912A(1)(aa).
• Licensees holding client assets (custodians) must meet minimum standards for safeguarding and segregating those assets, including specific good practices for crypto-assets.
• You are legally required to notify ASIC of key changes, such as appointing or ceasing representatives, within 30 business days.
• Specific record-keeping obligations apply, including a minimum seven-year retention period for all personal advice records.
• As a licensee, you have a fundamental duty to assist ASIC with its surveillance and regulatory activities.

Beyond the major pillars of risk management, client advice, and breach reporting lie the essential, everyday duties that keep a licensee’s operations running smoothly and transparently. These key compliance and administrative obligations are the engine room of your framework.

Getting these details right is a hallmark of a well-governed business. It demonstrates a commitment to the principles outlined in your general obligations and ensures your framework is not just a set of policies, but a living, breathing part of your organisation’s culture.

How Must You Manage Conflicts of Interest?

You are required under s912A(1)(aa) of the Corporations Act to have adequate arrangements to manage any actual, potential, or perceived conflicts of interest. A conflict arises when the interests of your clients are inconsistent with, or diverge from, the interests of you or your representatives.

According to ASIC’s Regulatory Guide 181, there are three primary mechanisms for managing conflicts. Often, a combination is required.

1. Controlling the conflict: This involves implementing procedures to control the flow of information and limit the influence of a conflict. A classic example is establishing “Chinese walls” or information barriers between different departments of a business.
2. Avoiding the conflict: Some conflicts are so significant that they cannot be effectively managed. In these situations, you must avoid the conflict entirely, which may mean declining to provide a service or act for a particular client.
3. Disclosing the conflict: Where a manageable conflict exists, you must disclose it to the client. The disclosure must be timely, clear, and provide enough detail for the client to make an informed decision about how it might affect the service they receive.

What Are Your Obligations When Holding Client Assets?

If your licence authorises you to hold client assets, or you use an agent to do so (acting as a custodian), you must meet strict minimum standards to ensure those assets are protected. These are detailed in Regulatory Guide 133: Funds management and custodial services.

The key standards require an asset holder to:

• Have the required organisational competence and capacity to perform their functions.
• Have a documented process for selecting, monitoring, and assessing any sub-custodian they appoint.
• Ensure client assets are clearly identified and held separately from the assets of the business and other clients (unless in a properly structured omnibus account).

Given the unique risks of crypto-assets, ASIC also outlines good practice expectations for holding them, including using multi-signature wallets, having compensation arrangements like insurance, and ensuring cyber security practices are independently verified.

What Key Changes Must You Notify ASIC About?

Maintaining open and timely communication with the regulator is a fundamental part of being a licensee. You must notify ASIC, generally within 30 business days, of certain key events.

These notification events include when you:

• Appoint a new authorised representative or change their details.
• Cease the authorisation of a representative.
• Discover one of your financial advisers has failed to comply with their professional standards.

These notifications and other required reports (like IDR data) must be lodged through the official ASIC Portals.

What Are the Key Record-Keeping Requirements?

Diligent record-keeping is not just good administration; it’s a core compliance obligation. Accurate and accessible records are essential for demonstrating compliance, performing internal monitoring, and resolving any potential client disputes.

While you must keep records that show you are complying with all your obligations, specific retention periods are mandated for certain records:

• Personal Advice: All records relating to personal advice provided to a client must be kept for at least seven years after the advice was given (RG 90).
• Generic Financial Calculators: A copy of any calculator you make available to consumers must be kept for seven years after it is no longer available (RG 167).

What Does It Mean to Assist ASIC?

As an AFS licensee, you have an obligation to cooperate and assist ASIC with its regulatory duties, including any surveillance checks on your compliance.

In circumstances where contraventions of the law have occurred, ASIC may accept a Court Enforceable Undertaking (EU) as an alternative to civil court action. An EU is a public commitment where the licensee agrees to take specific actions to rectify a breach and improve its compliance systems. All EUs are published on the ASIC website, providing transparency on regulatory outcomes (RG 100).