Introduction
Adequate financial resources and effective risk management systems are fundamental obligations for holders of an Australian Credit Licence (ACL) under the National Consumer Credit Protection Act 2009 (Cth). These requirements ensure that credit licensees can operate their credit services responsibly, comply with regulatory standards, and maintain consumer confidence in the financial system.
This guide focuses on when financial resources and risk management are considered adequate under the ACL, highlighting the importance of ongoing compliance with Australian Securities and Investments Commission (ASIC)’s licence conditions. Understanding these standards helps licensees meet their obligations efficiently, honestly, and fairly while managing the risks inherent in providing credit services in Australia.
Understanding Financial Resources & Risk Management Obligations for ACL Holders
General Conduct Obligations Under the ACL Relevant to Financial Resources & Risk Management
Holders of an ACL are subject to several general conduct obligations designed to ensure the proper operation of their credit business. Among these, a key requirement is to have adequate resources, which explicitly includes financial, technological, and human resources. This obligation is directly linked to the necessity of having elaborate risk management systems in place.
These general conduct obligations also mandate that an ACL holders must:
- Act efficiently, honestly, and fairly in all dealings.
- Maintain competence to engage in credit activities and ensure their representatives are also competent.
- Take steps to ensure clients are not disadvantaged by any conflicts of interest.
- Ensure compliance with all relevant credit legislation.
- Implement appropriate dispute resolution systems, including membership with the Australian Financial Complaints Authority (AFCA).
- Have suitable compensation arrangements, which may include professional indemnity insurance for some licensees.
- Establish and maintain appropriate arrangements and systems to ensure overall compliance with licence conditions and legislative requirements.
Specific Financial Resource Requirements for ACL Holders
A core obligation for ACL holders is to maintain adequate financial resources. This requirement ensures that licensees can consistently meet their financial commitments and conduct their credit activities in a stable and compliant manner. While detailed financial thresholds and calculations are often guided by regulatory documents like ASIC Regulatory Guide 166 (RG 166), the overarching principle is continuous financial adequacy.
Specifically, ACL holders must demonstrate:
| Requirement | Description |
|---|---|
| Sufficient financial capability | Applicants must show they have the financial capacity to support their credit operations, which involves proving they can meet their obligations as they fall due. |
| Minimum net assets | Maintaining a minimum level of net assets is a common expectation to ensure a baseline of financial stability, though specific figures can vary based on the scale of credit activities. |
| Cash flow capabilities | Licensees must manage cash flow effectively to cover operational expenses and other financial obligations, ensuring business continuity and uninterrupted client service. |
ASIC expects that the financial resources held by a licensee are sufficient to cover any risks their business faces that could reasonably affect their cash position.
Risk Management Systems Required Under the ACL
ACL holders are obligated to establish and maintain adequate risk management systems. This is a critical component of the general conduct obligations and is essential for identifying, assessing, and mitigating risks associated with the licensee’s credit activities, including those related to financial resources and overall compliance. ASIC Regulatory Guide 104 (RG 104) provides general guidance on meeting this obligation, emphasising a structured and systematic approach.
Effective risk management systems for an ACL licensee should typically involve:
| Component | Description |
|---|---|
| A structured process | Implementing a systematic approach to risk management that is tailored to the nature, scale, and complexity of the licensee’s business. |
| Risk identification and evaluation | Proactively identifying potential financial, operational, and compliance risks, and evaluating their likelihood and potential impact. |
| Control mechanisms | Establishing and maintaining appropriate controls and procedures to manage or mitigate identified risks to an acceptable level. |
| Monitoring and review | Continuously monitoring the effectiveness of risk management systems and controls, and regularly reviewing and updating them to adapt to changes. |
| Financial risk management | Specifically addressing the risk that the licensee’s financial resources may become inadequate, ensuring the business can operate compliantly or manage an orderly wind-up. |
Embedding risk management into the strategic and operational planning of the business helps ensure that potential issues are identified and managed proactively, contributing to the overall stability and integrity of the credit services provided.
Speak with an AFSL Lawyer Today
Request a Consultation to Get Started.
Financial Resource Adequacy Under ASIC Regulatory Guide 166 for ACL Holders
The Base Level Financial Requirements
All Australian credit licence (ACL) holders—including AFSL holders, except those exempted (such as bodies regulated by the Australian Prudential Regulation Authority (APRA))—must meet the base level financial requirements set out in RG 166. These requirements ensure licensees have sufficient financial resources to operate in compliance with the Corporations Act 2001 (Cth).
The base level requirements comprise three key components:
| Requirement | Description |
|---|---|
| Solvency and Positive Net Assets Requirement | Licensees must remain solvent (able to pay debts as they fall due) and ensure total assets exceed total liabilities. An alternative test may apply if liabilities exceed assets, particularly when relying on an undertaking from an eligible provider. |
| Cash Needs Requirement | Licensees must hold sufficient resources to meet anticipated cash flow expenses over a specified period. This can be satisfied by choosing one of five options, depending on the business structure. |
| Audit Requirement | Licensees must include information about their compliance with financial requirements in their annual audit report under section 989B(3) of the Corporations Act 2001 (Cth). Limited AFS licensees may be exempt under certain conditions. |
Together, these base level requirements provide a financial buffer to reduce the risk of a non-compliant or disorderly wind-up and incentivise owners to maintain compliance through the risk of financial loss.
Options for Meeting the Cash Needs Requirement
To demonstrate adequate cash resources under the cash needs requirement, licensees (except those with tailored requirements) may choose from five options, each reflecting different business circumstances and levels of financial support:
| Option | Description / Key Requirements |
|---|---|
| 1: Reasonable Estimate Projection Plus Cash Buffer | Prepare a cash flow projection for at least three months based on reasonable estimates, and hold a cash buffer of 20% of projected or recent actual outflows. Suitable for larger businesses. |
| 2: Contingency-Based Projection | Prepare a detailed projection for at least three months that accounts for various commercial contingencies, documenting all assumptions. Ideal for small businesses without consistent cash reserves. |
| 3: Financial Commitment by an Australian ADI | Rely on an enforceable, unlimited, on-demand commitment from an Australian ADI or comparable foreign institution that is expected to remain effective for at least three months. |
| 4: Expectation of Support from an Australian ADI | Rely on a reasonable expectation of financial support from a parent Australian ADI or comparable institution, even without an enforceable commitment. The expectation must be documented. |
| 5: Parent Entity Prepares Consolidated Projections | For corporate groups, the parent entity prepares projections compliant with Option 1 or 2, and the licensee relies on the parent’s commitment or reasonable expectation of support. |
Licensees must meet all requirements of their chosen option and update projections or documentation when material changes occur.
Additional Financial Requirements for Licensees Holding Client Money or Transacting as Principal
Certain ACL holders face additional financial requirements to address the increased risks associated with holding client money or transacting as principal:
| Requirement | Description |
|---|---|
| Surplus Liquid Funds (SLF) Requirement | Licensees holding client money or property valued at $100,000 or more must maintain at least $50,000 in SLF to prevent client assets from being used for the licensee’s own obligations. |
| Adjusted Surplus Liquid Funds (ASLF) Requirement | Licensees transacting with clients as principal must comply with a scalable liquidity measure: $50,000 plus 5% of adjusted liabilities ($1M-$100M) and 0.5% of liabilities over $100M (capped at $100M). |
Licensees must monitor Adjusted Surplus Liquid Funds (ASLF) levels and report when trigger points are reached. The ASLF requirement does not apply if total relevant liabilities are under $100,000 or limited to certain types, such as debentures under Chapter 2L of the Corporations Act 2001 (Cth).
Foreign exchange dealers may choose to comply with the ASLF requirement or maintain $10 million in Tier 1 capital, as defined by APRA standards.
Definitions and Calculations Relevant to Financial Resource Requirements
Key definitions underpinning these requirements include:
| Term | Definition |
|---|---|
| Adjusted Assets and Adjusted Liabilities | Total assets and liabilities adjusted for exclusions like intangible assets, certain receivables, trust-related items, encumbered assets, and eligible undertakings. |
| Net Tangible Assets (NTA) | Calculated as adjusted assets minus adjusted liabilities. Specific NTA thresholds apply to certain licensee categories. |
| Eligible Provider | An entity (e.g., an Australian ADI, government body, or approved foreign institution) that can provide enforceable financial commitments or undertakings. |
| Eligible Undertaking | A commitment from an eligible provider that is enforceable, unqualified, and remains in force until ASIC consents to its cancellation. |
| Cash and Cash Equivalents | Includes cash on hand, demand deposits, short-term highly liquid investments, and certain commitments from eligible providers. |
| Surplus Liquid Funds (SLF) and Adjusted Surplus Liquid Funds (ASLF) | Calculated by subtracting adjusted liabilities from adjusted assets, with further adjustments for risk exposure, to ensure licensees can meet obligations. |
| Notifiable Events and Reporting Triggers | Licensees must notify ASIC if they fall below required NTA or ASLF levels and take appropriate action, including notifying clients and restricting transactions. |
| Licensees must notify ASIC if they fall below required NTA or ASLF levels, then take appropriate action—including notifying clients and restricting certain transactions until compliance is restored. |
Speak with an AFSL Lawyer Today
Request a Consultation to Get Started.
Adequacy of Risk Management Systems for ACL Licence Holders
Regulatory Expectations for Risk Management Systems
Under section 912A(1)(h) of the Corporations Act 2001 (Cth), AFS licensees, including responsible entities, must maintain adequate risk management systems unless regulated by APRA. ASIC’s RG 104 provides guidance on what is expected for these systems.
ASIC expects risk management systems to be:
- Structured and systematic, taking into account the licensee’s obligations under the Corporations Act 2001 (Cth).
- Tailored to the nature, scale, and complexity of the licensee’s business and risk profile.
- Capable of identifying and evaluating risks that may adversely affect consumers or market integrity, including risks of non-compliance with financial services laws.
- Designed to establish and maintain controls to manage or mitigate those risks.
- Fully implemented and monitored to ensure effectiveness.
These systems should be embedded within the licensee’s business operations and adapt as the business evolves or as its risk profile changes. For licensees using external providers for functions related to their licence, risk management measures should reflect the different risks associated with outsourcing.
Key Elements of Effective Risk Management Systems
Effective risk management systems involve several core components:
| Element | Description |
|---|---|
| Risk Identification | Recognising sources of risk, areas of impact, potential events, and their causes and consequences. |
| Risk Evaluation | Assessing the likelihood and impact of risks, combining these factors to prioritise risks that require attention. |
| Risk Treatment | Implementing controls and measures to reduce the probability or impact of risks to acceptable levels within the licensee’s risk appetite. |
| Monitoring and Review | Continuously overseeing the effectiveness of controls and adapting to emerging risks or changes in the business environment. |
Many responsible entities adopt a ‘three lines of defence’ model, which includes:
| Line of Defence | Role / Responsibility |
|---|---|
| First line | Management implements controls and ensures compliance in day-to-day operations. |
| Second line | Compliance and risk management functions monitor adherence to policies and provide training. |
| Third line | Independent audit functions review and test the effectiveness of risk management systems. |
Some licensees use electronic compliance and risk management systems to track obligations and require attestations from business managers. However, ASIC cautions against systems that encourage mere ‘boxticking’ without substantive review and oversight, especially where external consultants are heavily relied upon without sufficient internal governance.
Common Challenges and Areas for Improvement in Risk Management
ASIC’s review of selected responsible entities identified several challenges, particularly among smaller entities not part of APRA-regulated groups:
| Challenge | Description |
|---|---|
| Key Person Risk | Reliance on one or two individuals with critical skills, which can threaten business continuity and risk management effectiveness without adequate succession planning. |
| Overreliance on External Consultants | Heavy dependence on external consultants may hinder a licensee’s ability to independently assess and manage risks, especially without sufficient internal governance. |
| Lack of Board Oversight | Insufficient independent review of risk management processes and outcomes, with limited involvement of the board or risk committees. |
| Inadequate Documentation and Review | Failure to adequately document risk management systems or regularly review and update them to reflect business or regulatory changes. |
| Limited Stress Testing | Not conducting sufficient stress testing or scenario analysis of investment and liquidity risks, which is critical for market volatility preparedness. |
ASIC encourages licensees to:
- Embed risk management in all levels of the organisation.
- Establish clear risk appetite statements and risk metrics.
- Develop and monitor detailed risk treatment plans for residual risks.
- Conduct regular reviews and updates of risk management systems.
- Ensure effective governance and oversight of both internal and outsourced risk management functions.
By addressing these challenges, licensees can strengthen their risk management systems, better comply with their ACL obligations, and enhance consumer and market confidence.
Practical Steps for ACL Licence Holders to Ensure Adequacy of Financial Resources & Risk Management
Preparing and Updating Cash Flow Projections
ACL holders must prepare reasonable cash flow projections to demonstrate their ability to meet liabilities as they fall due. These projections should cover at least the next three months, or 12 months for certain tailored requirements.
When preparing cash flow projections, licensees should base them on reasonable estimates that account for:
- Expected cash inflows and outflows
- Assets available to pay liabilities
- Anticipated income
- Borrowings
- Financial support from eligible providers
Key aspects of effective cash flow projection management include:
| Aspect | Description |
|---|---|
| Documentation | Clearly document all calculations, assumptions, and rationale, with a level of detail proportionate to the business’s nature, scale, and complexity. |
| Regular Updates | Projections must be updated when they no longer cover the required period, a material change occurs, or there is reason to suspect an updated projection would show non-compliance. |
| Board Approval | For certain tailored requirements, the governing body must approve cash flow projections at least quarterly. |
ACL holders may choose from five options to meet the cash needs requirement, including preparing projections with a cash buffer, using contingency-based projections, or relying on financial commitments or support from eligible providers or parent entities.
Well-documented and current cash flow projections enable ACL holders to effectively plan for financial obligations while demonstrating compliance with licence requirements.
Ensuring Solvency and Positive Net Asset Position
ACL holders must continuously monitor their solvency to ensure they can pay debts as they fall due and maintain total assets exceeding total liabilities. While continuous monitoring of net assets isn’t strictly required, licensees should review their net asset position if there’s reason to doubt adequacy.
Key considerations for maintaining financial stability include:
| Consideration | Description |
|---|---|
| Solvency Requirement | Licensees must remain solvent at all times, meaning they can meet financial obligations when they are due. |
| Net Assets | Total assets should exceed total liabilities based on the most recent annual balance sheet lodged with ASIC. An alternative test may apply if this is not met. |
| Monitoring | Regularly assess financial statements and other indicators to identify any signs of financial distress. |
| Reporting | Promptly notify ASIC of any material adverse changes to the licensee’s financial position as required under regulatory obligations. |
Maintaining both solvency and a positive net asset position is fundamental to ensuring ongoing compliance with ACL licence obligations and sustaining business operations.
Establishing and Maintaining Risk Management Controls
ACL holders must establish and maintain adequate risk management systems that are structured, systematic, and tailored to the nature, scale, and complexity of their business. These systems should identify, evaluate, and manage risks, including the risk of insufficient financial resources.
Effective risk management controls involve:
| Control Element | Description |
|---|---|
| Risk Identification | Recognise sources of risk, potential events, and their consequences, focusing on risks that may affect consumers or market integrity. |
| Risk Evaluation | Assess the likelihood and impact of risks to prioritise those requiring attention. |
| Risk Treatment | Implement controls and measures to reduce risks to acceptable levels within the licensee’s risk appetite. |
| Monitoring and Review | Continuously monitor the effectiveness of controls and update risk management systems to adapt to changes. |
| Embedding in Operations | Integrate risk management into strategic and operational planning to make it part of everyday decision-making. |
| Governance | Assign clear responsibilities for risk management, with oversight by senior management or the governing body. |
| Addressing Residual Risk | Develop plans to manage residual risks that remain after controls are applied. |
Licensees should avoid overreliance on external consultants without sufficient internal governance and ensure that risk management systems are more than mere ‘box-ticking’ exercises.
Engaging Qualified Personnel and Training
Having competent personnel and providing ongoing training are essential components of maintaining adequate financial resources and risk management systems under the ACL.
Key considerations for effective staffing and training include:
| Consideration | Description |
|---|---|
| Adequate Staffing | Ensure sufficient human resources to comply with all obligations, carry out monitoring and supervision, and meet operational needs. |
| Recruitment and Succession Planning | Implement processes for recruiting qualified staff and planning for continuity in key roles to mitigate key person risk. |
| Training Programs | Identify required knowledge and skills for representatives and ensure they receive appropriate initial and ongoing training. |
| Monitoring Competence | Maintain records of training and competence, and regularly assess whether staff meet required standards. |
| Compliance with ASIC Protocol | When employing financial advisers, comply with ASIC’s Reference Checking and Information Sharing Protocol to verify representative suitability. |
| Supervision and Monitoring | Establish measures to monitor representatives’ compliance with financial services laws and internal policies, including mechanisms to address breaches. |
By investing in qualified personnel and robust training, ACL holders strengthen their capacity to meet licence obligations and manage risks effectively.
Consequences of Inadequate Financial Resources or Risk Management Under the ACL
Regulatory Actions by ASIC
ASIC can take several regulatory actions against ACL holders who fail to maintain adequate financial resources or risk management systems:
| Action | Description |
|---|---|
| Breach Notifications | Licensees must promptly notify ASIC of any breach or likely breach of their licence obligations, as required under section 912DAA of the Corporations Act 2001 (Cth). |
| Variation of Licence Conditions | ASIC can impose additional or varied conditions on an ACL to address compliance concerns or risks identified in the licensee’s systems. |
| Suspension or Cancellation of Licence | In cases of serious or persistent non-compliance, ASIC has the power to suspend or cancel an ACL to protect consumers and maintain market integrity. |
These regulatory actions ensure licensees meet their ongoing compliance obligations and maintain the financial stability necessary for responsible credit service provision.
Impact on Business Operations and Client Confidence
When financial resources or risk management are inadequate, a licensee’s business operations and reputation can be profoundly affected.
Key impacts include:
| Impact | Description |
|---|---|
| Business Continuity Risks | Insufficient financial resources may threaten the licensee’s ability to meet obligations, potentially leading to operational disruptions or insolvency. |
| Loss of Client Trust | Failure to maintain adequate resources or risk controls can erode client confidence, resulting in business loss and reputational damage. |
| Market Reputation | Inadequate compliance can damage a licensee’s standing among peers, regulators, and consumers, affecting future business opportunities. |
Maintaining adequate financial resources and robust risk management systems is therefore critical not only for regulatory compliance but also for sustaining business viability and client relationships.
Legal and Financial Risks
Non-compliance with financial resource and risk management obligations under the ACL exposes licensees to significant legal and financial risks:
| Risk | Description |
|---|---|
| Penalties and Civil Liability | Breaches of general conduct obligations are civil penalty provisions, with individuals facing penalties up to 5,000 penalty units and corporations facing higher penalties, including up to 10% of annual turnover. |
| Increased Risk of Business Failure | Licensees become more vulnerable to financial distress, insolvency, or disorderly wind-up, which can result in significant losses for clients and stakeholders. |
| Regulatory Enforcement Costs | Licensees may incur substantial costs when responding to ASIC investigations, enforcement actions, and remediation measures. |
These risks highlight the importance of ongoing compliance with financial resource and risk management requirements to protect the licensee’s legal standing and financial health.
Speak with an AFSL Lawyer Today
Request a Consultation to Get Started.
Conclusion
Financial resources and risk management are considered adequate under the ACL when licensees consistently demonstrate their ability to meet their financial obligations and maintain effective systems that identify, assess, and mitigate risks associated with their credit activities. This includes holding sufficient financial capacity to cover anticipated cash flow needs, maintaining positive net assets, and implementing robust risk management frameworks tailored to the nature, scale, and complexity of their business. Compliance with these requirements is essential for fulfilling general conduct obligations under the National Consumer Credit Protection Act 2009 (Cth) and the Corporations Act 2001 (Cth), as enforced by ASIC.
To ensure ongoing compliance and safeguard your credit business, it is crucial to regularly review and update your financial projections, risk management systems, and compliance measures. Engage with the trusted expertise of ACL lawyers today to receive specialised services tailored to your needs. Don’t miss this opportunity to achieve peace of mind and maintain strong financial services compliance in Australia. Contact AFSL House now to secure your future and simplify your regulatory obligations.
