What Is an AFSL and
What Are Your Obligations as a Licence Holder?
According to ASIC's 2024-25 Annual Report, $799.6 million in total civil penalties were imposed by the courts over the five years from 2020-21 to 2024-25. In the second half of 2025 alone, that figure reached a record $349.8 million. Many of those outcomes share the same pattern: documented compliance frameworks that were not translated into consistent, systematic practice. This article covers what an AFSL requires of your brokerage day-to-day, the five areas where it has the most practical impact, and what ASIC looks for when it reviews a business.
What Holding an AFSL Actually Means Operationally
An AFSL gives your business the legal right to provide financial services in Australia. For insurance brokers, the relevant authorisations typically cover the core activities of the business: arranging cover, advising clients on their options, and dealing with insurers on their behalf.
What the licence does not do is stay current on its own. The obligations attached to it apply every day the business is operating, across every client interaction your team has. ASIC reviews firms without waiting for a complaint to arrive, and enforcement activity across the sector has been increasing steadily. See ASIC's AFS licensee obligations guidance for a full overview of what the licence requires.
The practical question for most principals is not whether they hold a licence. It is whether their day-to-day operations consistently meet the standard that licence requires. Any business providing financial services needs either an AFSL or authorised representative status under another firm's licence, unless a specific exemption applies. If you are unsure whether your current authorisations accurately reflect your activities, ASIC's guidance on who needs an AFS licence covers the full range of activities and exemptions.
Total civil penalties imposed by courts, 2020-21 to 2024-25 (ASIC Annual Report 2024-25)
Record court-ordered civil penalties in the second half of 2025 alone (ASIC enforcement update)
Minimum period personal advice records must be retained and accessible (ASIC RG 175)
Five Areas That Shape How a Compliant Brokerage Operates
Getting these five areas right is primarily an operational exercise. Policies and frameworks matter, but what ASIC looks for is evidence they are being applied consistently. The obligations are set out in the Corporations Act and detailed in ASIC Regulatory Guide 104.
Each area requires active, documented systems. A well-written compliance framework that sits on a shelf provides limited protection if there is no operational record behind it.
Consistent conduct across every client interaction
s.912A — Efficient, honest and fair
Every client interaction carries the same standard of conduct, regardless of which adviser handles it or whether a manager is present. A single inconsistency does not automatically create a firm-level issue, but patterns that go undetected and uncorrected can.
Keeping pace with regulatory requirements
Ongoing licence obligation
Legislation is updated, instruments are replaced, and ASIC's guidance evolves. A compliance programme built on requirements from two years ago may not reflect the current standard. Keeping pace means having someone actively monitoring regulatory developments.
Having the resource to supervise effectively
RG 104 — General obligations
Running a supervision programme that genuinely covers your team takes people, time and tools. Resource gaps in this area can limit how effectively a business demonstrates its supervisory arrangements are working.
A risk process that is active, not archived
Risk management obligation
Many brokerages have a risk register or risk document. The question is whether it is being actively maintained. A risk register created at licence application and not updated since reflects where the business was, not where it is now.
Knowing what your team is saying to clients
Supervision and monitoring obligation
Visibility across your team's client conversations is the foundation of effective supervision. Without it, coaching is harder to ground in evidence, issues can take longer to surface, and demonstrating to ASIC that your supervision programme is working becomes more difficult. Reviewing a sample of calls each month may be a useful starting point. It is rarely enough on its own to give management a complete picture of what is happening across the team.
| Area | What it means for your brokerage | Where gaps can arise |
|---|---|---|
| Consistent conduct | The same standard applies across all advisers and all interactions | Conduct varying across the team with limited visibility to management |
| Staying current | Processes reflect today's requirements, not last year's | No clear ownership of monitoring regulatory updates |
| Adequate resource | The compliance function has capacity to genuinely supervise the team | Call volume that outpaces available review capacity |
| Active risk management | The risk process is live, maintained and regularly reviewed | Risk documents created at licence application and not revisited |
| Supervising your team | Management has a systematic record of monitoring representative conduct | Monitoring based on periodic sampling with limited documentation |
Your calls are already being recorded. Put them to work.
Callyx.ai automatically reviews 100% of your recorded calls against your AFSL obligations, giving your firm a deeper and more consistent supervisory record.
Advice Records Need to Be Accessible
Where personal advice is provided to retail clients, the advice record needs to be retained and accessible. Those records may include call recordings alongside file notes, Statements of Advice and correspondence, and need to be kept for at least seven years.
Retaining recordings and using them as part of the supervision process are two different things. Recordings that sit in storage without forming part of the supervisory workflow represent a missed opportunity to build a stronger operational record.
Records of advice given to clients must be kept for at least seven years after the advice is provided and must remain accessible throughout that period. Records may include file notes, correspondence, working papers and audio recordings.
— ASIC Regulatory Guide 175: AFS Licensing: Financial product advisers — Conduct and disclosure
Reviewing a meaningful proportion of recorded calls manually can be resource-intensive. For a 10-person team generating 50 calls per day, manual review at scale requires more compliance capacity than many firms carry. Callyx.ai reviews 100% of recorded calls automatically, flagging issues the same week they occur rather than when they escalate.
ASIC Regulatory Guide 175 covers what records are expected and the forms they may take. Read ASIC RG 175
Systematic call monitoring gives your compliance programme real operational depth.
Callyx.ai reviews 100% of your recorded calls automatically, flagging disclosure gaps, conduct issues and coaching opportunities the same week they occur.
Book a DemoWhere Compliance Gaps Can Arise
The distance between having a compliance framework and running it consistently is where risk tends to accumulate. ASIC's published enforcement record points to a handful of patterns that appear across financial services cases.
1. Supervision covering some of the team, not all of it
Sampling-based call monitoring may leave the majority of conversations unreviewed. Patterns that appear across that unreviewed volume can go undetected until they surface through a complaint or a regulatory review. Systematic monitoring across recorded calls can significantly reduce that exposure.
2. Disclosure applied inconsistently in verbal advice
Relevant disclosure obligations apply when advice is given verbally, not only in writing. Remuneration, conflicts of interest and the basis of a recommendation need to be addressed in the required form and at the required point in the advice process. Treating them as paperwork-only obligations can create gaps in the verbal record.
3. Training completion and applied conduct treated as the same thing
Completing a training module establishes a record. It does not confirm how an adviser is conducting themselves in client conversations. Checking both separately gives a more accurate picture of actual performance across the team.
4. Issues identified later than they could be
A supervision process that surfaces issues promptly gives management the opportunity to address them before they compound. By the time a complaint arrives, the same conduct may already have occurred more than once. Earlier visibility allows for earlier correction.
What ASIC Looks for When It Reviews a Firm
ASIC does not assess a compliance programme by reading the framework document. It looks for evidence that the framework is being applied.
Records showing the programme is operating
Monitoring logs, supervision notes, training records and evidence that issues were identified and addressed. A well-written compliance policy without operational records behind it provides limited protection in a review. See ASIC Regulatory Guide 104.
Conduct at the client level
Call recordings, Statements of Advice and client files are assessed to determine whether advice is appropriate and whether disclosure obligations are being met in practice. The question is not what the policy requires — it is what is actually happening in conversations. Callyx.ai provides that visibility.
Timely identification and reporting of issues
When something goes wrong, ASIC expects it to be identified and acted on promptly. Certain situations must be reported to ASIC within 30 days of the firm first becoming aware of them. Delays in identification or reporting can compound the original issue. See ASIC Annual Report.
Your Calls Are Already Being Recorded
Insurance brokerages record their client conversations as a matter of course. Those recordings are already creating a compliance record. The question is whether that record is being actively used to manage the business and demonstrate effective supervision.
Callyx.ai is Australian-owned, built for the Australian financial services sector, and connects directly to your existing call infrastructure. About Callyx.ai
Comply — 100% call coverage
Every recorded advice conversation automatically reviewed against your compliance criteria. Fewer blind spots from sampling. Learn more →
Core — Same-week visibility
Issues flagged the same week they occur, not when they surface through complaints or regulatory reviews. See how it works →
Learn — Training evidence
Call data that shows how advisers are applying their training in real client interactions, not just what they completed in a module. Explore features →
Coach — Evidence-based coaching
Specific examples from each adviser's actual calls, ready for weekly one-on-ones. Coaching grounded in evidence, not impression. Read more →
See what your team's calls are actually telling you.
Book a demo to see how Callyx.ai surfaces compliance gaps and coaching opportunities across 100% of your recorded calls.
Summary
An AFSL is an ongoing operational commitment. The five areas that define how a compliant brokerage runs — consistent conduct, current processes, adequate resource, active risk management and systematic supervision — all require evidence of consistent practice, not just a documented framework.
The supervision of what your team is saying to clients is where many firms find the most room to strengthen their position. A more complete view of recorded client conversations, surfaced regularly and acted on promptly, is the practical foundation of a strong supervisory record.
Callyx.ai reviews 100% of your recorded calls automatically, giving your compliance programme an operational record that reflects what is actually happening across your team.
Where Does Your Brokerage Stand on the Key Obligations?
The obligations attached to an AFSL apply differently depending on the services your firm provides and how those services are delivered. Two key questions determine which operational requirements apply to your business.
Two key questions determine which operational requirements apply to your business.
- If your firm provides personal advice to retail clients over the phone: advice record-keeping and supervision obligations apply. Records of those advice conversations — including call recordings — must be retained for at least seven years and should form part of your supervisory process.
- If your firm provides general advice only: different conduct and record-keeping obligations apply. Supervision of your representatives is still required. See ASIC's AFS licensee obligations guidance for further detail.
Frequently Asked Questions
About the Author
Vincent Keogh
Vincent is an operations specialist on the Callyx.ai team, writing for compliance managers and principals on how to get maximum value from recorded calls: across compliance, staff training, and business performance.
This article provides general information about running an insurance brokerage under an AFSL and is not legal advice. The obligations described are based on publicly available regulatory guidance current at the date of publication. Regulatory requirements change. Seek qualified legal or compliance advice for guidance specific to your business and circumstances. References to legislation include the Corporations Act 2001 (Cth) and ASIC Corporations (Record-Keeping Requirements for Australian Financial Services Licensees when Giving Personal Advice) Instrument 2024/508.
Your calls are already being recorded.
Now make them count.
Recorded advice conversations are reviewed against your compliance criteria, with issues flagged and documented. Less reliance on sampling. Fewer blind spots.