AFSL Obligations: A Practical Guide for Small Financial Services Providers

Getting your Australian Financial Services Licence is a significant milestone. But the AFSL is not a one-time achievement — it's an ongoing permission that comes with continuous conditions, and ASIC has the power to revoke, suspend, or impose conditions on licences that fall short.

For small financial services businesses — advisory practices, insurance brokerages, credit businesses — understanding the full scope of AFSL obligations is essential. For your full checklist, see our financial services compliance checklist. Here's what you need to maintain.

The Core Licence Conditions

Every AFSL is subject to conditions, both those set out in the Corporations Act and those specific to your licence. The main obligations under the Act are:

Efficiently, Honestly, and Fairly

Section 912A requires AFSL holders to do all things necessary to ensure the financial services covered by the licence are provided efficiently, honestly, and fairly. This is a broad, principles-based obligation that has been interpreted expansively in ASIC enforcement action.

"Efficiently, honestly, and fairly" encompasses:

• Not charging for services not provided
• Providing advice that genuinely serves clients' interests
• Having adequate systems and people to deliver services properly
• Being transparent with clients about fees, conflicts, and service limitations

Adequate Resources

You must have adequate financial resources, human resources, and technological resources to provide your licensed services effectively and to comply with your obligations. For small practices, this means:

• Maintaining adequate professional indemnity insurance
• Ensuring your key people have the skills and qualifications required
• Maintaining compliance systems appropriate for your business size and complexity
• Not taking on more clients or services than your resources allow you to manage properly

Risk Management Systems

You must have adequate risk management systems to manage the risks involved in providing financial services. For a small advisory practice, this includes:

• Systems for managing conflicts of interest (conflicts register, escalation procedures)
• Compliance monitoring processes
• Data security measures
• Record-keeping systems
• Complaints management

Compensation Arrangements

Most AFSL holders must maintain adequate arrangements for compensating retail clients — specifically, professional indemnity (PI) insurance. The PI insurance must:

• Cover claims made against you for losses suffered by clients due to your financial services activities
• Meet minimum requirements set by ASIC (see Regulatory Guide 126)
• Remain current — a lapsed PI policy means you are not maintaining compensation arrangements

PI insurance renewal is one of the most important AFSL-related compliance deadlines.

Dispute Resolution

AFSL holders must be a member of an approved external dispute resolution scheme — which for most financial services businesses is the Australian Financial Complaints Authority (AFCA).

AFCA membership must remain current. Beyond membership, you must have a functioning internal dispute resolution (IDR) process that:

• Is accessible to retail clients
• Responds to complaints within the timeframes specified in ASIC's Regulatory Guide 271 (generally 45 calendar days for most financial services complaints)
• Is documented and followed consistently

A complaint that is not acknowledged and responded to correctly creates AFCA risk, ASIC risk, and client relationship risk.

Breach Reporting

AFSL holders must notify ASIC of significant breaches (or likely significant breaches) of their licence obligations within 30 calendar days of becoming aware of the breach.

A breach is "significant" if it involves:

• Conduct that constitutes an offence or contravenes civil penalty provisions
• Significant loss to retail clients or loss of a specified kind
• A serious risk to the health, safety, or welfare of the public
• Other conduct that constitutes a breach of a licensee obligation and is material in nature and/or repeated

The 30-day clock starts when you become aware of the breach — not when it's fully investigated. You can notify based on reasonable grounds that a breach has occurred, and update ASIC when more information is available.

Not reporting a significant breach is itself a breach. ASIC has taken enforcement action against licensees specifically for failure to report.

Maintaining Competence

You must take reasonable steps to ensure that your representatives (including authorised representatives who are financial advisers) are adequately trained and competent to provide the financial services they deliver.

This includes:

• Ensuring advisers meet the education standards (qualifying degree, exam)
• Monitoring CPD completion
• Supervising advice quality
• Maintaining training records

Managing Authorised Representatives

If you have authorised representatives — individuals or entities that provide financial services under your AFSL — you have additional obligations:

• You must authorise them before they provide services on your behalf
• You must supervise their conduct in providing financial services
• You are responsible for their conduct — if an authorised representative breaches their obligations to clients, you as the licensee can be held accountable
• You must maintain the ASIC registers (authorised representatives register) accurately

Supervision is not passive. ASIC has been clear that "set and forget" arrangements for authorised representatives do not meet the supervision standard. Active monitoring of advice quality, fee structures, and client outcomes is expected.

Record-Keeping Obligations

AFSL holders must maintain records of:

• Financial services provided (advice files, records of transactions)
• Client documents (FSGs, SOAs, ongoing fee arrangements, fee consents)
• Training records (qualifications, CPD)
• Compliance records (compliance monitoring results, breach investigations, complaints)
• Financial records demonstrating compliance with financial requirements

Records must generally be retained for 7 years from when they are created. Specific requirements vary — check the relevant regulatory guide for your activities.

ASIC's Supervisory Approach

ASIC takes a risk-based approach to supervision of AFSL holders. Higher-risk indicators — complaints, self-reported breaches, poor audit results — increase scrutiny. ASIC conducts:

• Targeted reviews — typically following complaints or reports of misconduct
• Data analytics — ASIC monitors industry data for patterns of concern (e.g., concentrated use of certain products, high rates of switching)
• Surveillance — including review of advice files, fee arrangements, and authorised representative conduct

If ASIC contacts you for information or commences a review, responding promptly and cooperatively is essential. Non-cooperation or misleading ASIC is a serious additional risk.

How Reguladar Helps

AFSL condition compliance — alongside privacy, employment, and tax obligations — is an ongoing, multi-dimensional challenge for small financial services businesses. Reguladar gives financial services practice owners a single dashboard tracking all their compliance deadlines and obligations in one place.

Start your free compliance check at Reguladar →