Australian Securities and Investments Commission Act 2001¶
| Regulator | ASIC |
| Jurisdiction | AU |
| Status | live |
| Applicability | Platform |
The Australian Securities and Investments Commission Act 2001 establishes ASIC as the corporate, markets, and financial services regulator. For a bank holding an Australian Financial Services Licence (AFSL), the primary operative obligations are in Part 7.6 of the Corporations Act 2001 (which the ASIC Act underpins) — in particular S.912A, which requires AFS licensees to do all things necessary to ensure the financial services covered by the licence are provided efficiently, honestly, and fairly; maintain adequate resources; manage conflicts of interest; have adequate risk management systems; and maintain dispute resolution arrangements.
The ASIC Act itself confers ASIC's enforcement powers (examinations, banning orders, enforceable undertakings) and sets the governance framework within which ASIC operates. For most banks, ASIC Act obligations are satisfied through the AFSL conditions framework and documented as governance obligations rather than system controls.
Section references below are indicative — refer to the Act and its current instruments for precise statutory language.
Compliance register¶
This register maps every material obligation under the Act to the platform control or institutional process that satisfies it. It is the static traceability layer for the Totara compliance report — dynamic data (module build status, test evidence, control test dates) is overlaid at runtime.
Scope legend¶
| Symbol | Meaning |
|---|---|
| 🤖 Automated | Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced | Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional | Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A | Obligation does not apply to this deployment configuration. |
Build legend¶
| Symbol | Meaning |
|---|---|
| ✅ | Module built and deployed |
| 🔨 | Module planned — not yet built (build_status: Not started) |
| ❌ | Uncontrolled gap — no module attributed |
S.912A — General obligations of AFS licensees¶
| Ref | Obligation | Scope | Policy | Platform controls | Build |
|---|---|---|---|---|---|
| S.912A(1)(a) | Do all things necessary to ensure financial services are provided efficiently, honestly, and fairly | 📊 Evidenced | CON-004 | MOD-050 (GATE) — product disclosure obligation enforced before every product acceptance; MOD-027 (GATE) — repayment and total cost disclosure gated before credit acceptance; MOD-006 (ALERT) — rate change triggers notification obligation flag | 🔨 |
| S.912A(1)(b) | Have in place adequate arrangements for the management of conflicts of interest | 🏛 Institutional | — | Board conflicts policy and declaration register are institutional governance processes. The platform does not own conflicts management. | — |
| S.912A(1)(d) | Maintain the competence to provide the licensed services | 🏛 Institutional | — | Competence obligations are met through institutional training, hiring, and licensing processes. Not platform scope. | — |
| S.912A(1)(e) | Ensure that representatives are adequately trained and competent | 🏛 Institutional | — | Training compliance is managed through the LMS and HR function. Not platform scope. | — |
| S.912A(1)(f) | Have adequate resources to provide the financial services and carry out supervisory arrangements | 🏛 Institutional | — | Resource adequacy is assessed and evidenced institutionally. The platform provides operational capacity but the licensing obligation is institutional. | — |
| S.912A(1)(h) | Have a dispute resolution system for retail clients — internal dispute resolution (IDR) and external dispute resolution (EDR) | 🤖 Automated | CON-002 | MOD-053 (ALERT) — IDR SLA enforcement automated; cases cannot be ignored past SLA without triggering escalation; AFCA membership is an institutional obligation | 🔨 |
| S.912A(1)(i) | Have adequate risk management systems | 📊 Evidenced | GOV-002 | MOD-150 (AUTO) — operational risk events auto-classified and written to the risk register; MOD-150 (CALC) — RAF dashboard continuously computed; risk management programme evidence is platform-generated | 🔨 |
| S.912A(1)(j) | Have a compensation arrangement (professional indemnity insurance) | 🏛 Institutional | — | Insurance procurement and maintenance is an institutional finance and legal obligation. Not platform scope. | — |
Institutional obligations (not platform scope)¶
The following obligations under the Act are the responsibility of the institution, not the platform. The platform may generate evidence inputs but does not own these processes.
| Obligation | Owner | Platform evidence input |
|---|---|---|
| Maintenance and renewal of the AFSL | Company Secretary / General Counsel | Institutional licensing process |
| Annual compliance reporting to ASIC (compliance certificate obligations) | Company Secretary | MOD-150 provides risk dashboard data; MOD-047 provides action audit logs |
| Financial Services Guide (FSG) preparation and distribution | Head of Product | Product governance process; platform enforces FSG disclosure at point of sale via MOD-050 |
| Product Disclosure Statement (PDS) preparation and currency | Head of Product / General Counsel | Platform enforces current PDS version is displayed before acceptance |
| ASIC examination responses and correspondence | General Counsel | MOD-047 (LOG) and MOD-048 (LOG) provide audit trail extracts for examination |
| Banning order and licence condition compliance | Board / CEO | Institutional governance; platform does not own licensing status |
| Breach reporting to ASIC (significant breach reporting under S.912DAA) | Chief Compliance Officer | MOD-150 (ALERT) auto-escalates material incidents; breach determination and report are institutional |
Coverage summary¶
| Area | Total obligations | Platform automated 🤖 | Platform evidenced 📊 | Institutional 🏛 | N/A |
|---|---|---|---|---|---|
| S.912A general obligations | 8 | 1 | 2 | 5 | 0 |
| Total | 8 | 1 (13%) | 2 (25%) | 5 (63%) | 0 |
The licensing relationship between the bank and ASIC is an institutional obligation. The platform's
role is to provide the risk management, dispute resolution, and disclosure infrastructure that
supports S.912A compliance. All attributed modules are currently build_status: Not started.
Related policies¶
| Policy | Title |
|---|---|
| CON-002 | Internal Dispute Resolution Policy |
| CON-004 | Product Disclosure & Sales Practice Policy |
| GOV-002 | Risk Appetite Framework Policy |
Official documentation¶
- ASIC Act 2001 — Australian Legislation
- AFS licensing — ASIC guidance
- RG 104 — Licensing: Meeting the general obligations
Policies referencing this standard¶
- CON-004 — Product Disclosure & Sales Practice Policy
Compiled 2026-05-22 from source/entities/regulations/au-asic-act.yaml