Holding the role of a Responsible Manager (RM) under an Australian Financial Services Licence (AFSL) or Australian Credit Licence (ACL) is a significant undertaking. Responsible Managers serve as the cornerstone of regulatory compliance and governance within licensed financial services firms. They are the people identified by the licensee to ASIC as having the necessary competence and authority to ensure the business complies with its obligations. In practice, this means RMs are senior individuals – often directors or executives – who lead the organization’s compliance efforts and make the day-to-day decisions that keep the business within the bounds of financial regulations. With regulators globally placing increasing emphasis on individual accountability for misconduct, the RM role carries substantial personal accountability alongside the organisation’s obligations.
In Australia, the importance of RMs is underscored by law. Every AFSL holder must “maintain the competence to provide” the financial services covered by its licence (Corporations Act s912A). ASIC has made it clear that the primary way a licensee meets this obligation is by appointing Responsible Managers with appropriate skill and knowledge to oversee its financial services business. In other words, RMs embody the competence of the organisation – they are the nominated people who collectively have the experience and expertise to run the financial services or credit business compliantly. Because of this critical role, regulators hold RMs to high standards. An RM who fails to discharge their duties can expose themselves to regulatory enforcement (such as banning orders) in addition to exposing their firm to penalties or licence cancellation. By contrast, an effective RM provides strong regulatory leadership: ensuring compliance, fostering an ethical culture, and implementing robust governance so that the firm not only meets minimum legal requirements but strives for best practice in serving clients.
This paper provides a comprehensive overview of what it means to exercise regulatory leadership as a Responsible Manager. It will examine the Australian legislative framework governing RMs, the specific governance, reporting, and compliance oversight duties of the role, and ASIC’s expectations. It will also compare how equivalent accountability roles function in other jurisdictions (such as the UK and US) to glean global best practices. Key topics include risk management responsibilities, setting a culture of compliance, and the importance of continuous professional development to maintain one’s capability as an RM. Case studies of recent enforcement actions will illustrate the consequences of getting it wrong – and the lessons to be learned. By the end, it should be clear how Responsible Managers can effectively discharge their obligations while promoting a culture of compliance and professionalism across their organisations, consistent with continuing professional development (CPD) standards for financial planning in Australia.
Legislative and Regulatory Framework in Australia
Australia’s financial services laws provide the foundation for the Responsible Manager role and its obligations. The Corporations Act 2001 (Cth) sets out general obligations that every AFSL holder must meet. Key among these is the requirement in s912A(1)(e) to “maintain the competence to provide the financial services” authorized by the licence. This is known as the organisational competence obligation, and it underpins the RM concept. ASIC’s Licensing Regulatory Guides have established that an AFSL applicant or licensee demonstrates organisational competence by appointing Responsible Managers who meet certain criteria of experience, knowledge, and good fame and character. Notably, “Responsible Manager” is not a term explicitly defined in legislation; it is a creation of ASIC policy to ensure firms have human expertise at the helm. Initially ASIC used the term “Responsible Officer” in the law, but this was later replaced with “Responsible Manager” to clarify that an RM need not be a formal officer (director) of the company. Nonetheless, as we will see, many RMs are officers of their companies, which can carry additional legal duties.
For AFSL holders, ASIC’s Regulatory Guide 104 (“Licensing: Meeting the general obligations”) and Regulatory Guide 105 (“Organisational competence”) set out detailed expectations. RG 104 covers the broad suite of licensee obligations under s912A(1), including having adequate compliance measures, governance, resources, risk management, and dispute resolution systems in place. RG 105 focuses specifically on how to satisfy the competence obligation through RMs. According to RG 105, at minimum a licensee must nominate responsible managers who:
In addition, licensees are expected to have arrangements to maintain their competence continuously – meaning RMs’ knowledge and skills should be kept up-to-date over time. This ongoing aspect is often implemented via training and CPD (which will be discussed later).
Similarly, for Australian Credit Licence holders (e.g. mortgage broker businesses), parallel obligations exist under the National Consumer Credit Protection Act. ASIC’s Regulatory Guide 206 (“Credit licensing: Competence and training”) mirrors many RG105 principles for credit licensees. Credit licensees must appoint RMs who have appropriate qualifications and experience managing credit activities. One notable difference in the credit regime is a specific CPD requirement: ASIC imposes a licence condition that each responsible manager of a credit licensee completes at least 20 hours of continuing professional development per year. (By contrast, AFSL RMs are required to undertake “adequate” ongoing training, but no fixed hours are prescribed for them.) The credit licence RMs, like their AFSL counterparts, must be fit and proper persons, a term which encompasses honesty, integrity, competence, and sound judgment. Both the Corporations Act and Credit Act empower ASIC to refuse or revoke a licence if responsible managers (or controllers of the business) are not fit and proper or of good character.
In summary, Australian financial services law establishes that every licensed firm must have capable, knowledgeable people in charge of its financial services operations. ASIC gives effect to this by requiring the nomination of Responsible Managers in AFSL/ACL applications and by supervising whether those RMs continue to keep the firm competent. The legal framework makes RMs central to a licensee’s governance: if a licensee fails to meet its obligations, very often it reflects a failure in the oversight or actions of its Responsible Managers. This framework is reinforced by the threat of personal liability – ASIC can and does take enforcement action against RMs (including banning individuals from the industry) when significant compliance breaches occur on their watch. The following sections explore the responsibilities that RMs must fulfill to uphold these laws and to mitigate the risk of enforcement against both the firm and themselves.
Governance and Oversight Responsibilities of Responsible Managers
Responsible Managers are, in essence, governance agents within a financial services business. They are expected to provide leadership in establishing and overseeing the structures that ensure compliance and sound risk management. A fundamental responsibility of RMs is to make sure the licensee has adequate resources, systems, and controls to meet all its regulatory obligations (financial, legal, and ethical). ASIC’s guidance notes that compliance is not just a back-office function – it must be embedded in the way the business is run. As such, RMs often either lead or actively participate in the firm’s compliance governance bodies (e.g. compliance committee, risk committee, or board meetings dealing with compliance). They should be overseeing the compliance measures in place and regularly reporting to the governing body (directors or partners) about the state of compliance.
One key governance duty is ensuring that the firm’s internal controls and policies are aligned with its regulatory obligations. ASIC expects RMs to assess business strategies and policies to confirm they are consistent with the financial services laws and the licence conditions. For example, if an advisory firm introduces a new advice process or product offering, the RM must question: Does this comply with our obligation to act efficiently, honestly and fairly? Does it meet disclosure requirements? Does it serve clients’ best interests? A real-world case illustrates this duty. In 2023, ASIC banned two RMs of a licensee (National Advice Solutions) after the firm adopted a “layered advice” model that segmented advice into pre-set pieces irrespective of client needs. ASIC found the RMs failed to properly supervise and challenge this flawed strategy, which led to poor client outcomes. The lesson is that RMs share responsibility for systemic compliance failures arising from company policy – they cannot just rubber-stamp business initiatives. Good RM governance means being an internal critic when needed, pressing the organisation to do things right.
Beyond policies, RMs must ensure human and technological resources are sufficient for compliance. This includes having enough qualified staff in compliance and supervision roles, appropriate IT systems for monitoring transactions, and adequate financial resources to sustain the business safely. If a firm is understaffed or underfunded such that it cannot meet obligations (for instance, failing to lodge financial reports or monitor representatives), that is a governance failure that RMs should prevent. In a mid-2025 enforcement case, ASIC cancelled the AFSL of Financial Services Group Australia (FSGA) and cited, among multiple failures, that the company did not have adequate human and financial resources to carry out its licensed activities and supervise its representatives. Notably, ASIC also banned that company’s Responsible Manager, in part because he allowed these deficiencies to persist while only nominally acting as RM. This underscores that RMs are expected to speak up and take action if the business is not resourced to comply – including informing the Board or owners that more investment is needed in compliance personnel, training, or systems.
Another crucial governance responsibility is to ensure key licensee obligations are adhered to at all times. Section 912A of the Act lists several core obligations, often called “the 11 commandments” for licensees. They include: doing financial services efficiently, honestly and fairly; having conflict of interest arrangements; maintaining competence; having dispute resolution systems; safeguarding client money; and complying with licence conditions and financial services laws. An effective RM should be broadly familiar with each of these obligations and verify that the firm has arrangements in place for each. For example, RMs should ensure the company has an up-to-date conflicts of interest policy and that all staff are trained on it (fulfilling the conflicts obligation), or that if the firm handles client funds, there are proper trust account procedures (fulfilling the client money obligation). If the firm provides personal financial advice to retail clients, RMs need to confirm that advisers understand and follow the Best Interests Duty and related obligations introduced under FOFA reforms. While RMs are not expected to memorize every law, they must not be ignorant of major legal requirements affecting the business. In fact, an RM’s failure to appreciate a key obligation could be seen as a lack of competence or diligence on their part.
In performing their oversight, RMs also have a duty to keep the Board or owners informed about compliance. This internal reporting role means RMs should escalate significant issues – for instance, if a serious breach has occurred or if a systemic weakness is identified. ASIC has indicated it expects the compliance function (often led or overseen by an RM) to have direct and ready access to the firm’s governing body. That way, compliance concerns cannot be ignored at upper management levels. RMs may provide regular compliance reports, highlighting any incidents, regulatory changes, and progress on compliance initiatives. By ensuring transparent reporting upwards, RMs enable the governing body to exercise proper oversight and address problems proactively, which is a hallmark of good corporate governance.
In summary, the RM’s governance responsibilities encompass establishing a compliant operating framework and ensuring active oversight. RMs act as the link between day-to-day operations and the company’s highest accountability level. They must keep one eye on whether the business has the right frameworks (policies, controls, resources) and another eye on whether those frameworks are actually working – and then inform leadership of any gaps. This leadership role within the organisation is what we term “regulatory leadership”: the RM champions compliance in management decisions and guards the integrity of the firm’s processes, thereby protecting clients and the firm’s licence.
Compliance Systems and Monitoring
A core aspect of an RM’s remit is building and maintaining an effective compliance management system for the organisation. ASIC uses the term “compliance measures” to describe the processes, procedures and arrangements a licensee uses to comply with its obligations. Responsible Managers are often the architects or overseers of these measures. In practice, this means RMs should ensure the firm has a documented Compliance Program or Framework that covers all relevant obligations. According to RG 104, ASIC expects a licensee’s compliance measures to cover all of its obligations and to be tailored to the size and complexity of the business. For a smaller financial planning practice, the compliance system might be fairly simple (e.g. an annual compliance calendar, a few key checklists and an external audit); whereas a large institution will have multiple layers of controls, compliance software, and dedicated staff. Regardless of scale, the RM must be confident that the compliance system in place is appropriate and effective for the business.
Key components of a compliance system that RMs should implement and monitor include: written policies and procedures, training programs, monitoring and supervision processes, incident and breach reporting processes, and record-keeping systems. For example, an AFSL holder will need policies on how advice is provided (to ensure Best Interest Duty compliance), how complaints are handled, how gifts and benefits are managed (to address conflicts of interest), etc. The RM should either draft these policies or approve them, making sure they align with regulatory requirements. Once policies are in place, staff (representatives and employees) must be trained to understand and follow them. RMs should oversee regular training and communication on compliance matters – not just as a one-off, but continuously, so that compliance expectations are ingrained in the business’s day-to-day activities.
Monitoring and supervision are equally critical. RMs need to set up processes to check that policies are being followed and are working as intended. This could involve periodic compliance audits or reviews, file sampling (e.g. reviewing a sample of client advice files for quality and compliance), surveillance of calls or transactions, and obtaining attestations from staff. ASIC explicitly expects that compliance measures account for the specific compliance risks of the business and include controls to mitigate those risks. For instance, if a financial planning firm specializes in retirement advice, one compliance risk is inappropriate investment of retirees’ money – so the RM might implement additional review of high-risk recommendations (like gearing or complex products) before they’re executed. If outsourcing is used (say, an external paraplanning or compliance consultant is involved), the RM must adjust compliance measures accordingly and not assume the third-party will handle everything. Independence of the compliance function is also highlighted in RG 104: the compliance area (which could be the RM themselves in a small firm) should have sufficient authority and independence to do its job properly. In practice, that means RMs should be able to carry out compliance monitoring and raise issues without undue influence or conflict of interest from purely commercial managers.
A good RM will adopt a proactive, continual improvement approach to compliance systems. ASIC and international standards encourage using the “Plan-Do-Check-Act” cycle for compliance management. In this approach, RMs would plan by identifying obligations and compliance risks and designing controls; do by implementing policies/training; check by testing and monitoring outcomes; and act by fixing problems and updating the program as needed. On an ongoing basis, RMs should review whether any breaches or incidents have occurred – and if so, analyze why and improve controls to prevent re-occurrence. Indeed, RG 104 asks licensees to consider whether they regularly review compliance measures and past breaches to strengthen the system. If, for example, the firm experienced a breach where an adviser failed to provide an FSG (Financial Services Guide) to a client, the RM might respond by enhancing training on disclosure obligations and adding a checklist item before advice is delivered.
Documentation and evidence are important elements of compliance systems that RMs oversee. ASIC expects licensees to keep records demonstrating how they comply. RMs should ensure that compliance activities – such as training attendance, monitoring results, breach reports – are well documented. Not only is this legally required in some cases, but it also protects the firm and the RM if there is ever an audit or investigation. Having clear evidence that “we did X and Y to stay compliant” can be the difference between a regulator taking a lenient view versus alleging that compliance was inadequate. Responsible Managers should foster a discipline of thorough record-keeping within their teams.
It’s worth noting that global best practice frameworks exist to guide compliance system design. For instance, the international standard ISO 37301:2021 (Compliance Management Systems) provides a benchmark for what a robust compliance program entails. It emphasizes that a compliance system should be built on principles of good governance, integrity, transparency, accountability, and other values. An RM aiming for best practice might align their firm’s compliance framework with such principles – ensuring top management support, identifying all compliance obligations, implementing controls, and establishing effective monitoring and whistleblowing procedures. Many Australian licensees use the former Australian Standard AS 3806 or ISO standards as a reference for structuring compliance programs. While not mandatory, following these frameworks can help RMs demonstrate a commitment to above-minimum standards in compliance oversight.
In sum, Responsible Managers are the custodians of their organisation’s compliance program. They must design it carefully, implement it diligently, and watch over it continuously. By doing so, RMs help prevent breaches before they happen and ensure that if issues do arise, they are detected and remedied promptly. This aspect of the RM role is hands-on and ongoing: it’s not enough to set up a compliance manual and forget it – active monitoring and adaptation are required. ASIC’s actions have shown that if compliance systems are found lacking, they will look to the RMs to ask “why didn’t you ensure this was fixed?” A well-run compliance system, championed by an engaged RM, is the best defense against such regulatory scrutiny.
Risk Management Duties
Risk management is closely linked to compliance in financial services, and Responsible Managers are expected to take an active role in the firm’s risk management framework. In fact, one of the general obligations under s912A for many licensees is to have adequate risk management systems (this is explicitly required for certain licensees, particularly those not regulated by APRA). Even where it’s not strictly required, regulators view risk management as good business practice. For an RM, managing risk means identifying potential events or conditions that could lead to regulatory breaches or harm to clients, and ensuring there are controls in place to mitigate those risks.
An effective RM will work to integrate compliance into the broader enterprise risk management of the firm. ASIC notes that many licensees’ compliance measures are (and should be) integrated into their risk management systems. For example, non-compliance with laws is itself a risk – often termed “compliance risk” or “regulatory risk” – that should be on the company’s risk register with assigned mitigations. RMs should ensure that the firm identifies and assesses risks across its operations: What could go wrong in our advice process? What conflicts of interest need to be managed? Could our remuneration structures create risk of inappropriate advice? By asking these questions, RMs help create a risk profile for the business. ASIC expects that compliance measures should take into account the specific risks of the business, especially those that could materially affect consumers or market integrity. So if a particular risk (say, advisers recommending in-house products over better alternatives) is identified, the RM should see that appropriate controls (e.g. oversight on product recommendations, independent review of related party product advice) are implemented.
Risk management duty also includes establishing a risk management system or plan. Many licensees document a Risk Management Strategy (RMS) or plan that outlines how they identify, evaluate, and mitigate risks. While in smaller firms this might be informal, RMs in larger or more complex firms often oversee formal risk management committees or working groups. They might use risk matrices, maintain risk registers, and set risk appetite statements. The RM’s role is often to make sure non-financial risks (like compliance, conduct, operational risks) get due attention, not just commercial or market risks. The financial planning industry learned from the 2018 Royal Commission that neglecting conduct and compliance risks (for example, the risk of advisors charging fees for no service, or mis-selling products) can lead to enormous damage. A Responsible Manager should champion recognition of these risks and drive efforts to control them – such as regular client file audits (to catch poor advice or fee issues early) and monitoring of adviser behavior.
Another aspect is incident and breach management, which sits at the intersection of risk and compliance. When something does go wrong – a regulatory breach or a client complaint about misconduct – the RM needs to ensure that it is treated as a serious risk event. The RM should oversee a thorough investigation into the root cause and implement changes to prevent recurrence. For instance, if an RM discovers that an adviser in the firm has been providing advice outside the scope of their authority (unlicensed advice), this represents both a compliance breach and a risk management failure (controls didn’t prevent a rogue activity). The RM should respond on both fronts: ensure the breach is corrected and reported (compliance response) and also strengthen internal controls or training (risk management response).
RMs also play a role in business continuity and financial risk management insofar as those impact clients or compliance. While a dedicated risk officer might handle technical financial risks, an RM in a smaller licensee might have to pay attention to things like: does the firm have adequate professional indemnity insurance? Are there contingency plans if a key adviser leaves or if there’s a systems outage that affects record-keeping? These areas, though operational, feed into the firm’s ability to meet regulatory obligations consistently (e.g. maintaining proper records is both a compliance duty and a resilience issue).
In regulated financial firms globally, a common mantra is the “Three Lines of Defense” model: operational management is the first line (they own the risks), the compliance/risk function is the second line (they oversee and advise on risks), and internal audit is the third line (independent assurance). In many AFSL organizations, the RM straddles the first and second lines – they may have direct business responsibilities and oversight responsibilities. It is crucial that RMs ensure that risk controls are implemented at the first-line level (e.g. advisers following checklists) and that there is independent second-line monitoring (e.g. someone checking those checklists). If the firm is too small for separate staff, the RM might wear both hats but should be conscious when they are acting in a business capacity versus a control capacity.
In recent times, Australian regulators (ASIC and APRA) have increasingly stressed risk culture – the general attitude and behaviors toward risk management within an organization. Although culture will be discussed more in the next section, it ties into risk duties: the RM should promote a culture where identifying and addressing risk is valued, not suppressed. Employees should feel responsible for managing risks in their own roles (taking ownership as the “first line”) and feel comfortable escalating risks or incidents to the RM. An RM can encourage this by not “shooting the messenger” when issues are reported and by rewarding proactive risk management efforts.
Finally, it’s important to mention that the Australian regulatory landscape is moving toward stronger individual accountability for risk management similar to the UK. The planned Financial Accountability Regime (FAR) (successor to the Banking Executive Accountability Regime) will impose direct obligations on senior executives, including potentially those overseeing compliance and risk, to take reasonable steps to prevent prudential and conduct breaches in their area. While initially applied to banks and insurers, FAR is expected to extend to more sectors in time. This reflects the global trend that those in charge of managing risk (like RMs) could face penalties if they fail to properly manage those risks. In essence, Responsible Managers should already act as if they are personally accountable for the key risks of their business – because in the eyes of ASIC, they are.
In conclusion, the RM’s duty in risk management is to ensure that risks to compliance and good client outcomes are systematically identified, monitored, and controlled. By embedding risk thinking into the firm’s processes and by championing strong risk controls, RMs not only protect their firm from regulatory trouble but also contribute to a more stable and trustworthy financial service for clients.
Fostering a Culture of Compliance
Regulatory leadership is not only about rules and systems; it is also very much about culture. ASIC has explicitly stated that it expects Responsible Managers to “play an active role in fostering a compliance culture” within their business. Culture can be described as the values, norms, and behaviors that characterize an organization. A strong compliance culture means that doing the right thing is ingrained in how people act, even when no one is watching. RMs, as leaders, are key influencers of this culture.
How can an RM foster a compliance-focused culture? First and foremost, by setting the “tone at the top.” This means demonstrating through one’s own actions and decisions that compliance and ethical behavior are non-negotiable priorities. If a Responsible Manager consistently emphasizes client best interests and integrity – for example, by turning down a potentially lucrative business opportunity because it poses a conflict of interest – it sends a powerful message to staff. Conversely, if an RM appears to tolerate cutting corners or is only concerned with profits at the expense of compliance, that message will also filter down. People take cues from leadership. Therefore, RMs must embody the standards they expect others to follow. This includes adhering meticulously to professional ethics, treating customers fairly, and abiding by both the letter and spirit of the law.
Communication is another vital tool for shaping culture. Responsible Managers should regularly communicate the importance of compliance and good conduct. This could be through team meetings, internal newsletters, training sessions, or informal conversations. The aim is to keep compliance front-of-mind. For example, an RM might start weekly meetings with a short discussion of a recent compliance development or a reminder about a policy (like “this week, let’s recall our policy on referral fees and why it exists”). They can share real stories (anonymized if needed) of compliance successes or failures to illustrate points. By normalizing discussion about compliance, RMs make it part of business-as-usual rather than an afterthought.
Accountability and incentives are also cultural drivers within an organization. An RM can influence these by helping design performance measures that include compliance outcomes. If staff or representatives are only measured on sales volume, the culture may skew towards “sales at any cost.” Instead, RMs can advocate that performance reviews consider compliance metrics – e.g., quality of advice, client satisfaction, adherence to process, absence of breaches – thereby incentivizing proper behavior. Moreover, if someone violates a compliance requirement, the RM should ensure there are consequences (proportionate and fair, of course). When others see that misconduct or negligence is addressed (and not swept under the rug), it reinforces a culture that rules matter. Conversely, RMs should recognize and praise employees who exhibit ethical conduct, even if it meant forgoing a short-term gain. Positive reinforcement of “doing the right thing” can powerfully shape norms.
Another aspect of compliance culture is encouraging openness and “speaking up.” Employees should feel comfortable raising concerns or admitting mistakes without fear of unreasonable retribution. A Responsible Manager can cultivate this by establishing clear internal escalation paths and possibly a whistleblower policy (which larger firms are required by law to have). ISO 37301 highlights the importance of whistleblowing mechanisms and protections in building a compliance culture. While a small advisory firm might not have a formal whistleblower hotline, the RM can still let staff know: “If you see something that doesn’t seem right, we want to hear about it and we will address it constructively.” When someone does come forward with an issue – say a junior adviser questions a senior’s practice – the RM’s response will either strengthen or weaken the culture. If the RM objectively investigates and fixes any problem, and thanks the person for speaking up, it shows the culture values transparency. If instead the person is ignored or punished, it will create a culture of silence and fear, which is fertile ground for compliance failures.
Cultural leadership also extends to broader industry professionalism. ASIC suggested that RMs should foster compliance culture not just in their firm but “in the financial services industry more broadly”. This can be interpreted as RMs acting as role models in industry groups, sharing best practices with peers, and contributing to raising standards across the board. Many Responsible Managers of financial planning firms are members of professional associations (like the Financial Planning Association or Governance Institute). By being active in these communities, advocating for ethical practices, and supporting industry codes of ethics (such as FASEA’s Code of Ethics for financial advisers), RMs contribute to a healthier overall culture in the sector. This broad perspective is especially important in the post-Royal Commission environment, where society expects the financial industry to restore trust through genuine cultural change.
One challenge is that “culture” can seem abstract. RMs might wonder how to measure or ensure a good culture. While it’s difficult to quantify, culture often manifests in concrete behaviors and attitudes that RMs can observe. Some indicators of a positive compliance culture include: employees willingly attending training and asking questions; front-line staff raising potential issues early; advisers documenting client interactions thoroughly even if it’s extra effort; and decisions being made with reference to “is this right for the client and compliant?” rather than “can we get away with it?”. If an RM observes these kinds of behaviors, it’s a sign the culture is on the right track. Conversely, red flags in culture might be: frequent complaints or breaches that indicate corners are being cut; a blame game environment where people hide issues; or comments like “management only cares about sales”. RMs should treat cultural indicators seriously – they often precede statistical measures. In fact, APRA and ASIC have been known to conduct risk culture surveys and reviews in organizations to gather such insights, reinforcing that culture is now seen as a supervisory priority.
In conclusion, fostering a compliance culture is an ongoing, subtle task that requires consistent leadership by example, clear communication, and alignment of incentives. Responsible Managers need to be champions of the desired culture, ensuring that the organization’s values – such as integrity, client focus, and accountability – are not just words on a mission statement, but lived daily. A strong culture of compliance greatly amplifies the effectiveness of formal systems and procedures. When people instinctively try to do the right thing, fewer breaches occur, and those that do occur are reported and fixed rather than hidden. Thus, by investing effort into cultural leadership, RMs fulfill one of their most important responsibilities: creating an environment where compliance and ethical conduct thrive naturally.
Continuous Professional Development and Maintaining Competence
Given the dynamic nature of financial services regulation and the evolving market, a Responsible Manager must commit to continuous professional development (CPD) to maintain their knowledge and skills. Regulatory obligations are not static – laws change, new ASIC regulatory guides are issued, products evolve, and industry standards rise. An RM who was perfectly competent five years ago could be out of depth today if they have not kept learning (for instance, consider the introduction of new regimes like Design and Distribution Obligations or changes like the winding back of exempt status for accountants – keeping up is essential). Recognizing this, ASIC requires licensees to ensure that RMs’ knowledge and skills are maintained and updated over time.
For AFSL RMs, ASIC does not prescribe a set number of CPD hours, but the expectation is that the CPD should be “adequate” and relevant. In practical terms, many AFSL holders treat 20 hours per year as a benchmark for RMs (mirroring the requirement for financial advisers and credit RMs) even though it’s not mandated. The focus is on outcomes: the CPD must help an RM maintain knowledge appropriate for their duties, update on changes, and develop new skills as needed for emerging responsibilities. For instance, if an RM’s firm decides to start offering a new financial product or service, the RM should acquire knowledge about that area (either through formal training or self-study) to effectively oversee it. If the regulatory environment undergoes reform – say ASIC releases new guidance on breach reporting – the RM should promptly educate themselves on the new requirements.
ASIC has imposed a specific condition for ACL (credit licence) RMs: they must complete at least 20 hours of CPD each year. This CPD should cover product knowledge, industry developments, and compliance updates relevant to credit activities. Credit licensees need to keep records of RM training to demonstrate they meet this condition. Although AFSLs don’t have an hours-based condition, it is strongly implied that they should similarly maintain training logs for their RMs as part of evidence of organisational competence. In an AFSL compliance review, ASIC could ask: “How are you keeping your RMs’ skills current?” The RM should be able to show a professional development plan or log of training activities, rather than just a vague assertion that “we stay up to date.”
So what forms can CPD take for a Responsible Manager? There are multiple avenues, and an RM should use a combination to cover all bases:
Crucially, CPD for RMs must be documented. ASIC expects licensees to be able to produce records of training undertaken by their RMs. This could be as simple as a spreadsheet listing activities (dates, topic, hours, provider) and maybe certificates of completion. An RM should not consider their annual CPD complete until they’ve also updated their records. During a licence application or variation process, ASIC may ask what the ongoing training plan is for RMs – demonstrating a robust CPD plan could make the difference in showing “organisational competence.”
Maintaining competence is not only about technical knowledge of laws; it’s also about skills development. For example, an RM might identify that they need to improve their skills in regulatory technology (RegTech) if their firm is implementing new compliance software. Or perhaps negotiation and leadership skills if they are taking on greater management responsibility. Including some “soft skills” or broader management training in one’s CPD can enhance an RM’s effectiveness in the role.
The mindset to adopt is one of lifelong learning and curiosity. A Responsible Manager should always be scanning the horizon for what’s changing: new legislation (e.g. the upcoming Financial Adviser Ethics and Standards Authority’s changes or FAR as mentioned), new risks (cybersecurity in advice businesses, for example), and evolving consumer expectations. The financial advice industry in Australia has been through significant reforms in the last decade (FOFA, Professional Standards, Royal Commission fallout, etc.), and more changes will come. The RM who keeps learning will be able to confidently guide their firm through change; the RM who doesn’t may suddenly find themselves out of their depth and exposing the firm to non-compliance.
In summary, continuous professional development is both an obligation and an enabler for Responsible Managers. It is how they stay competent in a changing environment. ASIC has put structures in place (like CPD requirements for credit RMs) to enforce this, but the truly effective RMs go beyond mere compliance with CPD hours – they actively seek knowledge. By doing so, they maintain the capability to discharge their obligations effectively and uphold high standards of advice and service. In the context of CPD standards for financial planning, this content itself would be part of an RM’s learning: staying informed on regulatory leadership expectations is a form of meta-CPD that helps RMs perform better in their critical roles.