ASIC Guidance on Use of AI in Financial Services
|
|
| Regulator |
ASIC |
| Jurisdiction |
AU |
| Status |
live |
| Applicability |
Platform |
ASIC's guidance on artificial intelligence in financial services (including INFO 271 and related
regulatory guidance) sets out how existing obligations under the Corporations Act, ASIC Act,
and National Credit Code apply when financial services are delivered using AI systems. ASIC's
position is that AI does not create new obligations but that existing obligations around fairness,
disclosure, advice quality, and consumer protection apply fully to AI-driven processes.
ASIC's FATE principles — Fairness, Accountability, Transparency, Explainability — are the
operative framework for evaluating AI deployment in financial services. Key areas of concern
include model bias in credit decisions, the quality of robo-advice outputs, AI-generated product
disclosures, and the accountability chain when an automated system causes consumer harm.
The guidance does not have the same legal force as a legislative instrument but represents
ASIC's supervisory expectations and will inform how ASIC exercises its powers when reviewing
AI-related incidents or breaches.
Compliance register
This register maps every material obligation arising from ASIC AI guidance to the platform
control or institutional process that satisfies it.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Fairness — no model bias in credit or product decisions
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| AI models used in credit assessment must not produce discriminatory outcomes on protected characteristics; bias testing required before deployment and on a periodic basis |
📊 Evidenced |
DT-009 |
MOD-150 (GATE) — model inventory and validation gate blocks any AI model from promotion to production without a closed validation case; bias testing is a required component of the validation report |
🔨 |
| Where an AI model produces an adverse credit decision, human review must be available and the basis of the decision must be explainable to the affected customer |
🏛 Institutional |
DT-009 |
Human credit officer review of adverse AI decisions is an institutional process; the credit officer role has override authority in MOD-064 work queue. MOD-048 (LOG) — AI decision inputs and model version logged against every automated decision, providing the explainability evidence base for the reviewer |
🔨 |
Accountability — clear ownership of AI decisions
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| A responsible person must be designated for each AI system; accountability cannot be diffused across automated systems |
🏛 Institutional |
DT-009 |
AI governance committee and nominated model owners are an institutional governance structure. MOD-150 (LOG) — model inventory records the designated model owner and the validation approver for every production model |
🔨 |
| AI systems that produce regulated financial advice outputs must be owned by an AFS licence holder and meet the same quality obligations as human advice |
🏛 Institutional |
DT-009 |
Robo-advice product design and AFS licence accountability are institutional. Platform does not currently deliver a financial advice product; this obligation applies if a digital advice product is added. |
— |
Transparency — customers must know AI is being used
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| Customers must be informed when AI is used in decisions that materially affect them (credit decisions, product recommendations, account restrictions) |
📊 Evidenced |
DT-009 |
MOD-048 (LOG) — AI decision events logged with model identity and version; disclosure content is part of product disclosure templates. Disclosure wording design is institutional |
🔨 |
| AI-generated product disclosures and PDS documents must meet the same accuracy and clarity standards as human-authored disclosures |
🏛 Institutional |
DT-009 |
Disclosure content review and sign-off is an institutional compliance process. MOD-050 (GATE) — disclosure enforcement gate ensures the correct disclosure version is presented and acknowledged; it does not validate content quality |
🔨 |
Explainability — decisions must be understandable
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| AI models used in credit scoring, fraud detection, and conduct monitoring must produce explainable outputs — the basis for a decision must be reconstructable for regulatory review |
📊 Evidenced |
DT-009 |
MOD-048 (LOG) — AI/ML decisions are explainable: inputs and model version logged against every automated decision |
🔨 |
| Model documentation must be maintained and available for ASIC examination — architecture, training data provenance, validation results, champion/challenger history |
📊 Evidenced |
DT-009 |
MOD-150 (LOG) — model inventory auto-maintained from CI/CD deployment events; scheduled accuracy monitoring runs nightly; model validation gate enforced before production promotion |
🔨 |
| Obligation |
Owner |
Platform evidence input |
| AI governance committee — oversight of all model deployments, periodic review of model performance, sign-off on new use cases |
Chief Risk Officer / Chief Technology Officer |
MOD-150 model inventory and validation records feed the governance committee review pack |
| Human review process for adverse AI credit decisions — credit officer role with override authority |
Head of Credit |
MOD-064 work queue routes adverse decisions for human review; MOD-048 provides the decision audit trail |
| ASIC regulatory engagement — notification of material AI-related incidents or consumer harm events |
Chief Compliance Officer |
MOD-150 and MOD-048 provide incident reconstruction data; notification decision is institutional |
| Robo-advice AFS licence compliance (if applicable) |
Chief Compliance Officer |
Not currently applicable — no digital advice product in scope |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| Fairness |
2 |
0 |
1 |
1 |
0 |
| Accountability |
2 |
0 |
0 |
2 |
0 |
| Transparency |
2 |
0 |
1 |
1 |
0 |
| Explainability |
2 |
0 |
2 |
0 |
0 |
| Total |
8 |
0 (0%) |
4 (50%) |
4 (50%) |
0 |
All platform obligations have attributed controls. All attributed modules are currently
build_status: Not started — the compliance position will update as modules are built and deployed.
| Policy |
Title |
| DT-009 |
AI & algorithm policy |
Official documentation
Policies referencing this standard
- DT-009 — AI & algorithm policy
Compiled 2026-05-22 from source/entities/regulations/au-asic-ai-guidance.yaml