ASIC Regulatory Guide 271 — Internal Dispute Resolution
|
|
| Regulator |
ASIC |
| Jurisdiction |
AU |
| Status |
live |
| Applicability |
Platform |
ASIC Regulatory Guide 271 (Internal Dispute Resolution, effective 5 October 2021) sets the IDR
standard for all Australian Financial Services Licensees and Australian Credit Licensees. It
replaced RG 165 as the definitive IDR standard and introduced binding timeframe obligations,
specific content requirements for IDR responses, and a systemic issue identification obligation.
RG 271 is given legal force by ASIC's Complaints (Internal Dispute Resolution) Instrument 2020/98,
which is a legislative instrument binding on all licensees. Non-compliance with the Instrument can
result in licence conditions, enforceable undertakings, or civil penalty proceedings. IDR data is
also reportable to ASIC under the IDR Reporting Instrument.
Compliance register
This register maps every material obligation under RG 271 to the platform control or institutional
process that satisfies it. It is the static traceability layer for the Totara compliance report —
dynamic data (module build status, test evidence, control test dates) is overlaid at runtime.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Acknowledgement and recording
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| RG 271.46 |
Acknowledge receipt of a complaint promptly; for credit complaints, acknowledge within 24 hours |
🤖 Automated |
CON-002 |
MOD-053 (AUTO) — complaint intake triggers automatic acknowledgement dispatch within 24 hours; SLA timer starts at complaint creation; no manual step required for acknowledgement |
🔨 |
| RG 271.47 |
Record all complaints in a register with required fields (date, nature, outcome) |
📊 Evidenced |
CON-002 |
MOD-053 (LOG) — all complaints recorded with date, channel, nature, assigned handler, and resolution outcome; register is always current |
🔨 |
Timeframes
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| RG 271.54 |
Respond to credit complaints within 30 calendar days |
🤖 Automated |
CON-002 |
MOD-053 (ALERT) — 30-day SLA timer enforced automatically; escalation alert triggered at Day 20 (warning) and Day 28 (breach imminent); complaint cannot be closed without a final response on file |
🔨 |
| RG 271.55 |
Respond to general banking complaints (non-credit) within 30 calendar days (with limited exceptions up to 45 days for complex matters) |
🤖 Automated |
CON-002 |
MOD-053 (ALERT) — SLA timer calibrated per complaint category; extension to 45 days requires documented justification and customer notification, both enforced by workflow |
🔨 |
| RG 271.63 |
If timeframe cannot be met, notify the complainant and provide updated timeline; inform them of AFCA referral right |
🤖 Automated |
CON-002 |
MOD-053 (AUTO) — SLA breach notification dispatched automatically; AFCA right-to-refer is a mandatory element of the breach notice template; MOD-083 (AUTO) — agent is coached on required disclosures in real time |
🔨 |
IDR response content
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| RG 271.73 |
IDR response must include: outcome decision and reasons; information about the complainant's AFCA right; AFCA contact details; statement that AFCA is free for consumers |
🤖 Automated |
CON-002 |
MOD-053 (AUTO) — final IDR response template enforces all required content elements; system prevents closure without confirming each mandatory element is present; MOD-083 (AUTO) — IDR response obligations surfaced to agent during complaint handling |
🔨 |
| RG 271.76 |
Where complaint is not upheld, reasons must be adequate and not generic |
📊 Evidenced |
CON-002 |
MOD-053 (LOG) — response reasons are recorded as structured text; quality is a human obligation; platform ensures reasons are present and logged but does not validate adequacy |
🔨 |
| RG 271.47 |
Maintain complaint records for 7 years |
📊 Evidenced |
CON-002 |
MOD-047 (LOG) — all complaint records, actions, and outcomes are retained in the immutable audit log; records cannot be deleted |
🔨 |
Systemic issue identification
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| RG 271.85 |
Identify systemic issues from complaint patterns; escalate to management for root cause analysis |
📊 Evidenced |
CON-002 |
MOD-053 (LOG) — complaint categorisation data enables pattern analysis; systemic issue identification requires human review of complaint trends; platform provides the data; analysis and escalation is institutional |
🔨 |
| RG 271.86 |
Where systemic issue identified, proactively remediate affected customers |
🏛 Institutional |
CON-002 |
Remediation programme design and execution is institutional. Platform evidence inputs: MOD-053 identifies affected case cohort; MOD-047 provides audit trail for remediation activity. |
— |
IDR data reporting to ASIC
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| IDR Reporting Instrument 2022 |
Report IDR data to ASIC twice yearly (March and September reporting periods) including complaint volumes, types, timeframes, and outcomes |
📊 Evidenced |
CON-002 |
MOD-053 (LOG) — complaint register provides all data fields required by the ASIC IDR Reporting Instrument; data extraction for ASIC report submission is available but not yet automated; human finance/compliance team prepares submission |
🔨 |
The following obligations under RG 271 are the responsibility of the institution, not the platform.
| Obligation |
Owner |
Platform evidence input |
| Staff training on IDR obligations and complaint handling procedures |
Head of Customer Experience |
MOD-083 provides real-time coaching; formal training is institutional |
| Root cause analysis programme for systemic issues |
Chief Compliance Officer |
MOD-053 provides complaint data for analysis |
| Senior management oversight of IDR performance |
CEO / Chief Compliance Officer |
MOD-053 complaint register provides management reporting data |
| IDR policy documentation and annual review |
Chief Compliance Officer |
— |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| Acknowledgement and recording |
2 |
1 |
1 |
0 |
0 |
| Timeframes |
3 |
3 |
0 |
0 |
0 |
| IDR response content |
3 |
1 |
2 |
0 |
0 |
| Systemic issues |
2 |
0 |
1 |
1 |
0 |
| ASIC reporting |
1 |
0 |
1 |
0 |
0 |
| Total |
11 |
5 (45%) |
5 (45%) |
1 (9%) |
0 |
All attributed modules are currently build_status: Not started — the compliance position will update as modules are built and deployed.
| Policy |
Title |
| CON-002 |
Complaints & Internal Dispute Resolution Policy |
Official documentation
Policies referencing this standard
- CON-002 — Complaints & Internal Dispute Resolution Policy
Compiled 2026-05-22 from source/entities/regulations/au-asic-rg-271.yaml