Corporations Act 2001
|
|
| Regulator |
ASIC |
| Jurisdiction |
AU |
| Status |
live |
| Applicability |
Platform |
The Corporations Act 2001 (Cth) is the primary Australian corporate and financial services statute.
For a licensed ADI operating as a financial services business, the most material obligations arise
from: Chapter 7 (financial services and markets), including the Australian Financial Services
Licence (AFSL) obligations under s.912A; the Design and Distribution Obligations (DDO) under
Part 7.8A; Product Disclosure Statement (PDS) requirements; financial advice licensing (Chapter 7
Part 7.7A); whistleblower protections (Part 9.4AAA); related party transactions (Chapter 2E);
and financial reporting and auditing obligations (Chapter 2M).
ASIC is the primary regulator. Penalties for serious contraventions are civil penalties up to
AU$1.565M for individuals and AU$15.65M (or 3x benefit or 10% annual turnover) for bodies
corporate; criminal penalties apply to dishonest contraventions.
Compliance register
This register maps every material obligation under the Corporations Act to the platform control or
institutional process that satisfies it. It is the static traceability layer for the Totara
compliance report — dynamic data (module build status, test evidence, control test dates) is
overlaid at runtime.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Chapter 7, Part 7.6 — AFSL obligations (s.912A)
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| S.912A(1)(a) |
Do all things necessary to ensure financial services are provided efficiently, honestly and fairly |
🤖 Automated |
CON-001, CON-006 |
MOD-105 (GATE) — product eligibility matrix ensures products are not offered to unsuitable customers; MOD-109 (GATE) — agent deal terms validated against product floor/ceiling rules; MOD-108 (AUTO) — offer generation monitored for fairness; MOD-047 (LOG) — all agent actions auditable |
🔨 |
| S.912A(1)(d) |
Maintain adequate resources (financial, technological, human) to provide the financial services |
🏛 Institutional |
— |
Adequacy of financial and human resources is a board and executive governance obligation. Platform provides operational capacity data as evidence input. |
— |
| S.912A(1)(f) |
Maintain competence to provide the financial services |
🏛 Institutional |
— |
Staff competency is an HR and training obligation. Platform does not own this process. |
— |
| S.912A(1)(g) |
Ensure representatives are adequately trained and competent |
🏛 Institutional |
— |
Representative training and competency assessment is institutional. |
— |
| S.912A(1)(h) |
Have adequate arrangements for managing conflicts of interest |
🏛 Institutional |
GOV-009 |
Conflicts management framework is institutional. MOD-147 (CALC, ALERT) — related party exposure monitoring provides a platform control input for financial conflicts; board and policy governance is institutional. |
— |
| S.912A(1)(aa) |
Maintain IDR and EDR arrangements |
🤖 Automated |
CON-002 |
MOD-053 (ALERT) — IDR SLA enforcement and case management; MOD-083 (AUTO) — IDR obligations surfaced to agent. See au-asic-rg-271 and au-afca-rules for full IDR/EDR obligation registers. |
🔨 |
| S.912A(1)(ca) |
Have adequate risk management systems |
📊 Evidenced |
CON-006 |
Platform's risk management modules (MOD-033, MOD-035, MOD-032, MOD-150) provide systematic risk measurement and monitoring; adequacy of the overall risk management system is a board governance determination. See individual risk domain registers. |
🔨 |
| S.912B |
Have arrangements for professional indemnity insurance |
🏛 Institutional |
— |
Insurance arrangements are a finance and legal obligation. Platform does not own this process. |
— |
Chapter 7, Part 7.8A — Design and Distribution Obligations (DDO)
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| S.994B |
Make a Target Market Determination (TMD) for each in-scope retail product |
🤖 Automated |
CRE-008, CON-006 |
MOD-155 (GATE) — no AU retail product distributable without an approved, current TMD; MOD-105 (GATE) — eligibility matrix enforces target market scoping. See au-asic-rg-274 for full DDO obligation register. |
🔨 |
| S.994F |
Report significant dealings (out-of-target-market distribution) to ASIC within 10 business days |
🤖 Automated |
CRE-008 |
MOD-155 (AUTO) — significant dealing detection and ASIC notification auto-generated. See au-asic-rg-274. |
🔨 |
Chapter 7, Part 7.9 — Product Disclosure Statements
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| S.1012A |
Give a PDS to retail clients before issuing or recommending a financial product |
🤖 Automated |
CON-005, CON-006 |
MOD-050 (GATE) — PDS disclosure gate enforced before any product issuance; no retail product can be activated without confirmed PDS delivery and acknowledgement on record |
🔨 |
| S.1013C |
PDS must contain prescribed content (key features, fees, risks, complaints process) |
🏛 Institutional |
CON-005 |
PDS content authorship and ASIC lodgement is institutional. MOD-050 enforces delivery; content is produced and maintained outside the platform. |
— |
| S.1017G |
Supplementary PDS on material change |
🏛 Institutional |
CON-005 |
Supplementary PDS preparation is institutional. MOD-063 (AUTO) dispatches updated disclosure materials to affected customers on product change. |
— |
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| S.208 |
Member approval required for financial benefits to related parties (subject to exceptions) |
🏛 Institutional |
GOV-009 |
Board and shareholder approval is institutional. MOD-147 (CALC, ALERT) — related party exposure monitoring provides continuous financial position data for governance decisions. |
— |
| S.210–216 |
Exceptions to member approval (arm's length, remuneration) |
📊 Evidenced |
GOV-009 |
MOD-147 (LOG) — related party transactions and exposures recorded continuously; MOD-047 (LOG) — agent actions on related party accounts are auditable |
🔨 |
Part 9.4AAA — Whistleblower protections
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| S.1317AB |
Establish a whistleblower policy; make available to officers and employees |
🏛 Institutional |
GOV-008, PPL-006 |
Policy design and publication is institutional. |
— |
| S.1317AC |
Protect identity of whistleblowers; prohibition on victimisation |
📊 Evidenced |
GOV-008 |
MOD-151 (GATE) — whistleblower submissions received through an isolated intake channel with no management routing; identity protection enforced at the data layer; cases delivered directly to Board Audit Committee role |
🔨 |
Chapter 2M — Financial reporting
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| S.292 |
Prepare annual financial statements in accordance with accounting standards (IFRS) |
📊 Evidenced |
REP-004 |
MOD-001 (AUTO) — statutory P&L and balance sheet sourced directly from ledger; MOD-080 (AUTO) — financial statements produced from Snowflake analytical layer; MOD-005 (AUTO) — IFRS 9 interest accrual automated; MOD-030 (AUTO) — IFRS 9 provisioning automated |
🔨 |
| S.295 |
Directors must declare that financial statements comply with accounting standards |
🏛 Institutional |
REP-004 |
Director declaration is institutional. Platform provides the underlying financial data via MOD-001 and MOD-080. MOD-132 (LOG) — loan variation events logged as immutable records for audit. |
— |
| S.301 |
Financial statements must be audited |
🏛 Institutional |
REP-004 |
External audit is an institutional engagement. Platform provides the audit evidence base through MOD-002 (immutable transaction log), MOD-022 (payment audit trail), and MOD-047 (agent action logger). |
— |
| S.319 |
Lodge annual report with ASIC within prescribed timeframes |
🏛 Institutional |
REP-001 |
ASIC lodgement is institutional. MOD-036 (AUTO) — regulatory returns produced automatically; MOD-080 (AUTO) — statutory financials produced on schedule. |
— |
The following Corporations Act obligations are the responsibility of the institution, not the platform.
The platform does not own these processes but provides material evidence inputs.
| Obligation |
Owner |
Platform evidence input |
| AFSL application and maintenance; ASIC notifications within 10 business days of significant change |
General Counsel / Chief Compliance Officer |
— |
| Financial advice licensing (if providing personal advice) |
Chief Compliance Officer |
— |
| Director appointment, remuneration, and governance requirements (Chapter 2D) |
Company Secretary / Board |
— |
| Continuous disclosure obligations (if listed) |
Company Secretary |
N/A — private company |
| ASIC breach reporting (within 30 days of awareness) |
Chief Compliance Officer |
MOD-047, MOD-053 provide audit evidence |
| AFSL competency (RG 105) |
Chief Compliance Officer |
— |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| AFSL obligations |
8 |
2 |
1 |
5 |
0 |
| DDO (Part 7.8A) |
2 |
2 |
0 |
0 |
0 |
| Product Disclosure |
3 |
1 |
0 |
2 |
0 |
| Related party |
2 |
0 |
1 |
1 |
0 |
| Whistleblower |
2 |
0 |
1 |
1 |
0 |
| Financial reporting |
4 |
0 |
1 |
3 |
0 |
| Total |
21 |
5 (24%) |
4 (19%) |
12 (57%) |
0 |
The high institutional proportion reflects that the Corporations Act contains primarily governance,
licensing, and auditing obligations that are structural rather than system-deliverable. Platform
controls focus on the operational obligations where automation is possible (DDO, IDR, product
disclosure, financial statement generation).
All attributed modules are currently build_status: Not started — the compliance position will update as modules are built and deployed.
| Policy |
Title |
| CON-001 |
Customer Fairness & Conduct Policy |
| CON-002 |
Complaints & Internal Dispute Resolution Policy |
| CON-005 |
Fee & Pricing Transparency Policy |
| CON-006 |
Product Suitability and Governance |
| CRE-008 |
Product Design & Distribution Policy |
| GOV-008 |
Whistleblower Protection Policy |
| GOV-009 |
Related Party Transactions Policy |
| REP-001 |
Regulatory Reporting Policy |
| REP-004 |
Financial Statements Policy |
See au-asic-rg-271 for the full IDR register and au-asic-rg-274 for the full DDO register.
Official documentation
Policies referencing this standard
- CON-006 — Product suitability and governance
- GOV-008 — Whistleblower Protection Policy
- GOV-009 — Related Party Transactions Policy
- PPL-006 — Whistleblower & Protected Disclosure Policy
- REP-001 — Regulatory Reporting Policy
- REP-004 — Financial Statements Policy
Compiled 2026-05-22 from source/entities/regulations/au-corporations-act.yaml