Regulator guidance index

RG 1

Australian Financial Services Licence Kit

ASIC's primary guidance on AFSL applications + obligations.

RG 78

Breach reporting by AFS licensees and credit licensees

30-day reportable situations regime under s 912DAA Corporations Act + s 50A NCCP.

RG 104

AFSL general obligations

s 912A obligations: efficient, honest, fair conduct; risk management; resourcing.

RG 126

Compensation and insurance arrangements for AFSL holders

Mandatory PI insurance for AFSL holders dealing with retail clients.

RG 146

Training of financial product advisers

Minimum education + training standards for retail product advisers.

RG 165

Licensing: Internal and external dispute resolution

Historic dispute resolution guidance — superseded by RG 271 (IDR) + RG 267 (AFCA).

RG 175

Financial product advice — Conduct and disclosure

Best interests duty, FSG, SOA, hawking + scaled advice obligations.

RG 181

Licensing: Managing conflicts of interest

Conflicts management framework requirements for AFSL holders.

RG 205

Credit licensing: General conduct obligations

Section 47 NCCP general conduct obligations for ACL holders.

RG 209

Credit licensing: Responsible lending conduct

Section 130 NCCP responsible lending inquiries + verification.

RG 244

Giving information, general advice and scaled advice

Distinguishing general from personal advice; scaled advice options.

RG 251

Derivative transaction reporting

ASIC's DTR Rules — OTC derivative reporting to trade repositories.

RG 267

Oversight of the Australian Financial Complaints Authority

AFCA scheme oversight + member obligations.

RG 270

Whistleblower policies

Mandatory whistleblower policy content for public + large proprietary companies.

RG 271

Internal Dispute Resolution

Binding IDR standards: 24h acknowledgement, 30d response, complaint definitions.

RG 273

Mortgage brokers: Best interests duty

Best interests duty + conflicts management for mortgage brokers (s 158LA NCCP).

RG 274

Product design and distribution obligations

DDO — TMDs, distribution monitoring + significant dealings reporting.

RG 275

The deferred sales model for add-on insurance

4-day deferral for add-on insurance sales (Hayne RC reform).

RG 276

Hawking of financial products

Anti-hawking prohibition (unsolicited offers) + carve-outs (Hayne RC reform).

RG 277

Consumer remediation

ASIC expectations for consumer remediation programs by AFSL + ACL holders.

CPS 220

Risk Management

Board-approved Risk Management Framework + annual board attestation for ADIs, insurers + RSE licensees.

CPS 230

Operational Risk Management

Outsourcing + business continuity + material service providers (in force 1 July 2025).

CPS 232

Business Continuity Management

Superseded by CPS 230 from 1 July 2025.

CPS 234

Information Security

APRA-regulated entities must maintain info security capability + report breaches within 72 hours.

CPS 510

Governance

Board composition + governance framework standards.

CPS 511

Remuneration

Remuneration framework + variable pay deferral + clawback.

CPS 520

Fit and Proper

Fit + proper assessments for accountable persons + responsible persons.

SPS 515

Strategic Planning and Member Outcomes

RSE licensee annual member-outcomes assessment per cohort.

SPS 530

Investment Governance

Investment governance framework for RSE licensees.

APS 110

Capital Adequacy

ADI capital adequacy requirements + Basel III implementation.

APS 220

Credit Risk Management

ADI credit risk management framework.

APS 330

Public Disclosure

Basel III pillar 3 disclosure requirements.

CPS 900

Resolution Planning

Resolution planning for systemically important institutions.

SWA Code

How to manage work health and safety risks

Foundational risk management code under model WHS Regulations.

SWA Code

Confined spaces

Working in confined spaces.

SWA Code

Managing electrical risks in the workplace

Electrical risk management code.

SWA Code

How to manage and control asbestos in the workplace

Asbestos register, control, removal + air monitoring.

SWA Code

Managing risks of hazardous chemicals in the workplace

Hazardous chemicals register, SDS, labelling, storage + handling.

SWA Code

Managing noise and preventing hearing loss at work

Noise exposure limits + hearing protection.

SWA Code

Managing psychosocial hazards at work

Psychosocial hazards (workload, bullying, harassment, exposure to traumatic events).

SWA Code

Sexual and gender-based harassment

Eliminating sexual + gender-based harassment in the workplace.

SWA Code

Hazardous manual tasks

Manual handling risk assessment + control.

SWA Code

Managing the risk of falls at workplaces

Working at heights — risk assessment + fall prevention.

SWA Code

Managing the risk of falls in housing construction

Housing construction-specific fall risk code.

SWA Code

Construction work

General construction site safety code.

SWA Code

Excavation work

Trenches + excavations safety code.

SWA Code

Demolition work

Demolition site safety code.

SWA Code

Spray painting and powder coating

Spray painting + powder coating safety + air quality.

SWA Code

Welding processes

Welding + cutting + brazing safety code.

SWA Code

Traffic management for road work

Roadwork traffic management plans.

SWA Code

First aid in the workplace

First aid risk assessment + provision.

SWA Code

Managing the work environment and facilities

Ventilation, lighting, amenities + facilities standards.

SWA Code

Work health and safety consultation, cooperation and coordination

Worker consultation + multi-PCBU coordination.

PCG 2017/4

ATO compliance approach to taxation issues associated with cross-border related party financing

Risk-rating cross-border related party debt arrangements.

PCG 2018/9

Central management and control test of residency

ATO approach to corporate residency post-Bywater HCA.

PCG 2019/1

Transfer pricing — Inbound distribution arrangements

Risk-rating margins for inbound distributors.

TR 2018/7

Fringe benefits tax — Employer obligations on private use of motor vehicles other than cars

FBT treatment of non-car vehicles + private use rules.

TR 2022/3

PCG 2022 update — Section 109RB amendments

Div 7A administrative practice updates.

PCG 2024/1

ATO compliance approach to common contractor arrangements

ATO risk-rating contractor vs employee classification.

Guidance

AML/CTF Program — Part A + Part B requirements

Risk-based AML/CTF program structure + content expectations.

Guidance

Customer Due Diligence (CDD)

Identifying + verifying customers + beneficial owners.

Guidance

Suspicious Matter Reports (SMRs)

When + how to lodge SMRs with AUSTRAC.

Guidance

Threshold Transaction Reports (TTRs)

$10,000+ cash transaction reporting via TTRs.

Guidance

International Funds Transfer Instructions (IFTIs)

All international funds transfer instructions reportable to AUSTRAC.

Guidance

Tranche 2 reforms (1 July 2026)

Real estate, lawyers, accountants, conveyancers, TCSPs + precious metals from 1 July 2026.

Guidelines

Australian Privacy Principles (APP) Guidelines

OAIC's primary interpretive guide to all 13 APPs.

Guidelines

Notifiable Data Breaches (NDB) scheme

Eligible data breach assessment + 72-hour notification.

Guidelines

Credit reporting under Pt IIIA Privacy Act

Credit reporting body + credit provider obligations including CCR.

Guidelines

Health information privacy

APP application to health information + state health privacy law overlay.

Guidance

Privacy Act 2024 reforms — implementation guidance

Statutory tort, Children's Code, ADM disclosure + small business exemption removal.

Guidance

Children's online privacy

OAIC mandatory Children's Code in force from 10 December 2026.

Guidance

Unfair contract terms guidance

ACCC guidance on UCT — standard form contracts + penalty regime.

Guidance

Consumer guarantees under the ACL

ACL Pt 3-2 Div 1 consumer guarantees + refund/replacement remedies.

Guidance

Product safety guidance

Mandatory safety standards + bans + reporting injuries.

Guidance

Making environmental claims — guidance for businesses

ACCC's 8 principles for non-misleading environmental claims.

Guidance

Consumer Data Right — accreditation guidance

CDR Rules + Privacy Safeguards for accredited data recipients.

Guidance

Spam Act compliance

Commercial electronic messages — consent, identification, unsubscribe.

Guidance

Do Not Call Register

Telemarketing + research call restrictions under DNCR Act 2006.

Guidance

Reducing scam calls + SMS code (C661)

Industry code for carriers to detect, block + report scam calls.

Guidance

Customer Service Guarantee standard

Telco connection + repair maximum timeframes.

Guidance

Basic Online Safety Expectations (BOSE)

eSafety expectations on social media, messaging + designated services.

Guidance

Modern Awards index

121 Modern Awards covering most private sector employees.

Guidance

National Employment Standards

11 NES minimum entitlements for all national system employees.

Guidance

Right to Disconnect (s 333M FWA)

Right to refuse out-of-hours contact unless unreasonable (from 26 Aug 2024).

Guidance

Casual employment + employee choice pathway

Closing Loopholes No. 2 casual definition + choice pathway (Aug 2024).

Guidance

Intentional wage theft criminal offence (s 327A)

Criminal offence from 1 January 2025. Up to 10 years + $7.8M body corporate.

Guidance

Fixed-term contract cap (s 333E)

Cap on consecutive fixed-term contracts (2 years / 2 contracts) from 6 December 2023.

Guidance

Same job, same pay — labour hire orders

FWC regulated labour hire arrangement orders under Closing Loopholes.

Guidance

Australian Register of Therapeutic Goods (ARTG)

ARTG inclusion required for almost all therapeutic goods supplied in AU.

Guidance

Therapeutic Goods Advertising Code

Advertising of therapeutic goods to AU consumers.

Guidance

IVD medical devices — classification + conformity assessment

IVD classification (Class 1-4) + conformity assessment requirements.

Guidance

Critical Infrastructure Risk Management Program (CIRMP)

SOCI Pt 2A: CIRMP development + annual board attestation.

Guidance

SOCI cyber security incident reporting

12-hour critical / 72-hour other cyber incident notification.

Guidance

Systems of National Significance (SoNS)

Enhanced cyber security obligations for declared SoNS.