What Counts as “Adequate” Financial Resources & Risk Management Under the ACL?

Jump to...

Introduction

Adequate financial resources and effective risk management systems are fundamental obligations for holders of an Australian Credit Licence (ACL) under the National Consumer Credit Protection Act 2009 (Cth). These requirements ensure that credit licensees can operate their credit services responsibly, comply with regulatory standards, and maintain consumer confidence in the financial system.

This guide focuses on when financial resources and risk management are considered adequate under the ACL, highlighting the importance of ongoing compliance with Australian Securities and Investments Commission (ASIC)’s licence conditions. Understanding these standards helps licensees meet their obligations efficiently, honestly, and fairly while managing the risks inherent in providing credit services in Australia.

Understanding Financial Resources & Risk Management Obligations for ACL Holders

General Conduct Obligations Under the ACL Relevant to Financial Resources & Risk Management

Holders of an ACL are subject to several general conduct obligations designed to ensure the proper operation of their credit business. Among these, a key requirement is to have adequate resources, which explicitly includes financial, technological, and human resources. This obligation is directly linked to the necessity of having elaborate risk management systems in place.

These general conduct obligations also mandate that an ACL holders must:

  • Act efficiently, honestly, and fairly in all dealings.
  • Maintain competence to engage in credit activities and ensure their representatives are also competent.
  • Take steps to ensure clients are not disadvantaged by any conflicts of interest.
  • Ensure compliance with all relevant credit legislation.
  • Implement appropriate dispute resolution systems, including membership with the Australian Financial Complaints Authority (AFCA).
  • Have suitable compensation arrangements, which may include professional indemnity insurance for some licensees.
  • Establish and maintain appropriate arrangements and systems to ensure overall compliance with licence conditions and legislative requirements.

Specific Financial Resource Requirements for ACL Holders

A core obligation for ACL holders is to maintain adequate financial resources. This requirement ensures that licensees can consistently meet their financial commitments and conduct their credit activities in a stable and compliant manner. While detailed financial thresholds and calculations are often guided by regulatory documents like ASIC Regulatory Guide 166 (RG 166), the overarching principle is continuous financial adequacy.

Specifically, ACL holders must demonstrate:

RequirementDescription
Sufficient financial capabilityApplicants must show they have the financial capacity to support their credit operations, which involves proving they can meet their obligations as they fall due.
Minimum net assetsMaintaining a minimum level of net assets is a common expectation to ensure a baseline of financial stability, though specific figures can vary based on the scale of credit activities.
Cash flow capabilitiesLicensees must manage cash flow effectively to cover operational expenses and other financial obligations, ensuring business continuity and uninterrupted client service.

ASIC expects that the financial resources held by a licensee are sufficient to cover any risks their business faces that could reasonably affect their cash position.

Risk Management Systems Required Under the ACL

ACL holders are obligated to establish and maintain adequate risk management systems. This is a critical component of the general conduct obligations and is essential for identifying, assessing, and mitigating risks associated with the licensee’s credit activities, including those related to financial resources and overall compliance. ASIC Regulatory Guide 104 (RG 104) provides general guidance on meeting this obligation, emphasising a structured and systematic approach.

Effective risk management systems for an ACL licensee should typically involve:

ComponentDescription
A structured processImplementing a systematic approach to risk management that is tailored to the nature, scale, and complexity of the licensee’s business.
Risk identification and evaluationProactively identifying potential financial, operational, and compliance risks, and evaluating their likelihood and potential impact.
Control mechanismsEstablishing and maintaining appropriate controls and procedures to manage or mitigate identified risks to an acceptable level.
Monitoring and reviewContinuously monitoring the effectiveness of risk management systems and controls, and regularly reviewing and updating them to adapt to changes.
Financial risk managementSpecifically addressing the risk that the licensee’s financial resources may become inadequate, ensuring the business can operate compliantly or manage an orderly wind-up.

Embedding risk management into the strategic and operational planning of the business helps ensure that potential issues are identified and managed proactively, contributing to the overall stability and integrity of the credit services provided.

Financial Resource Adequacy Under ASIC Regulatory Guide 166 for ACL Holders

The Base Level Financial Requirements

All Australian credit licence (ACL) holders—including AFSL holders, except those exempted (such as bodies regulated by the Australian Prudential Regulation Authority (APRA))—must meet the base level financial requirements set out in RG 166. These requirements ensure licensees have sufficient financial resources to operate in compliance with the Corporations Act 2001 (Cth).

The base level requirements comprise three key components:

RequirementDescription
Solvency and Positive Net Assets RequirementLicensees must remain solvent (able to pay debts as they fall due) and ensure total assets exceed total liabilities. An alternative test may apply if liabilities exceed assets, particularly when relying on an undertaking from an eligible provider.
Cash Needs RequirementLicensees must hold sufficient resources to meet anticipated cash flow expenses over a specified period. This can be satisfied by choosing one of five options, depending on the business structure.
Audit RequirementLicensees must include information about their compliance with financial requirements in their annual audit report under section 989B(3) of the Corporations Act 2001 (Cth). Limited AFS licensees may be exempt under certain conditions.

Together, these base level requirements provide a financial buffer to reduce the risk of a non-compliant or disorderly wind-up and incentivise owners to maintain compliance through the risk of financial loss.

Options for Meeting the Cash Needs Requirement

To demonstrate adequate cash resources under the cash needs requirement, licensees (except those with tailored requirements) may choose from five options, each reflecting different business circumstances and levels of financial support:

OptionDescription / Key Requirements
1: Reasonable Estimate Projection Plus Cash BufferPrepare a cash flow projection for at least three months based on reasonable estimates, and hold a cash buffer of 20% of projected or recent actual outflows. Suitable for larger businesses.
2: Contingency-Based ProjectionPrepare a detailed projection for at least three months that accounts for various commercial contingencies, documenting all assumptions. Ideal for small businesses without consistent cash reserves.
3: Financial Commitment by an Australian ADIRely on an enforceable, unlimited, on-demand commitment from an Australian ADI or comparable foreign institution that is expected to remain effective for at least three months.
4: Expectation of Support from an Australian ADIRely on a reasonable expectation of financial support from a parent Australian ADI or comparable institution, even without an enforceable commitment. The expectation must be documented.
5: Parent Entity Prepares Consolidated ProjectionsFor corporate groups, the parent entity prepares projections compliant with Option 1 or 2, and the licensee relies on the parent’s commitment or reasonable expectation of support.

Licensees must meet all requirements of their chosen option and update projections or documentation when material changes occur.

Additional Financial Requirements for Licensees Holding Client Money or Transacting as Principal

Certain ACL holders face additional financial requirements to address the increased risks associated with holding client money or transacting as principal:

RequirementDescription
Surplus Liquid Funds (SLF) RequirementLicensees holding client money or property valued at $100,000 or more must maintain at least $50,000 in SLF to prevent client assets from being used for the licensee’s own obligations.
Adjusted Surplus Liquid Funds (ASLF) RequirementLicensees transacting with clients as principal must comply with a scalable liquidity measure: $50,000 plus 5% of adjusted liabilities ($1M-$100M) and 0.5% of liabilities over $100M (capped at $100M).

Licensees must monitor Adjusted Surplus Liquid Funds (ASLF) levels and report when trigger points are reached. The ASLF requirement does not apply if total relevant liabilities are under $100,000 or limited to certain types, such as debentures under Chapter 2L of the Corporations Act 2001 (Cth).
Foreign exchange dealers may choose to comply with the ASLF requirement or maintain $10 million in Tier 1 capital, as defined by APRA standards.

Definitions and Calculations Relevant to Financial Resource Requirements

Key definitions underpinning these requirements include:

TermDefinition
Adjusted Assets and Adjusted LiabilitiesTotal assets and liabilities adjusted for exclusions like intangible assets, certain receivables, trust-related items, encumbered assets, and eligible undertakings.
Net Tangible Assets (NTA)Calculated as adjusted assets minus adjusted liabilities. Specific NTA thresholds apply to certain licensee categories.
Eligible ProviderAn entity (e.g., an Australian ADI, government body, or approved foreign institution) that can provide enforceable financial commitments or undertakings.
Eligible UndertakingA commitment from an eligible provider that is enforceable, unqualified, and remains in force until ASIC consents to its cancellation.
Cash and Cash EquivalentsIncludes cash on hand, demand deposits, short-term highly liquid investments, and certain commitments from eligible providers.
Surplus Liquid Funds (SLF) and Adjusted Surplus Liquid Funds (ASLF)Calculated by subtracting adjusted liabilities from adjusted assets, with further adjustments for risk exposure, to ensure licensees can meet obligations.
Notifiable Events and Reporting TriggersLicensees must notify ASIC if they fall below required NTA or ASLF levels and take appropriate action, including notifying clients and restricting transactions.
Licensees must notify ASIC if they fall below required NTA or ASLF levels, then take appropriate action—including notifying clients and restricting certain transactions until compliance is restored.

Adequacy of Risk Management Systems for ACL Licence Holders

Regulatory Expectations for Risk Management Systems

Under section 912A(1)(h) of the Corporations Act 2001 (Cth), AFS licensees, including responsible entities, must maintain adequate risk management systems unless regulated by APRA. ASIC’s RG 104 provides guidance on what is expected for these systems.

ASIC expects risk management systems to be:

  • Structured and systematic, taking into account the licensee’s obligations under the Corporations Act 2001 (Cth).
  • Tailored to the nature, scale, and complexity of the licensee’s business and risk profile.
  • Capable of identifying and evaluating risks that may adversely affect consumers or market integrity, including risks of non-compliance with financial services laws.
  • Designed to establish and maintain controls to manage or mitigate those risks.
  • Fully implemented and monitored to ensure effectiveness.

These systems should be embedded within the licensee’s business operations and adapt as the business evolves or as its risk profile changes. For licensees using external providers for functions related to their licence, risk management measures should reflect the different risks associated with outsourcing.

Key Elements of Effective Risk Management Systems

Effective risk management systems involve several core components:

ElementDescription
Risk IdentificationRecognising sources of risk, areas of impact, potential events, and their causes and consequences.
Risk EvaluationAssessing the likelihood and impact of risks, combining these factors to prioritise risks that require attention.
Risk TreatmentImplementing controls and measures to reduce the probability or impact of risks to acceptable levels within the licensee’s risk appetite.
Monitoring and ReviewContinuously overseeing the effectiveness of controls and adapting to emerging risks or changes in the business environment.

Many responsible entities adopt a ‘three lines of defence’ model, which includes:

Line of DefenceRole / Responsibility
First lineManagement implements controls and ensures compliance in day-to-day operations.
Second lineCompliance and risk management functions monitor adherence to policies and provide training.
Third lineIndependent audit functions review and test the effectiveness of risk management systems.

Some licensees use electronic compliance and risk management systems to track obligations and require attestations from business managers. However, ASIC cautions against systems that encourage mere ‘boxticking’ without substantive review and oversight, especially where external consultants are heavily relied upon without sufficient internal governance.

Common Challenges and Areas for Improvement in Risk Management

ASIC’s review of selected responsible entities identified several challenges, particularly among smaller entities not part of APRA-regulated groups:

ChallengeDescription
Key Person RiskReliance on one or two individuals with critical skills, which can threaten business continuity and risk management effectiveness without adequate succession planning.
Overreliance on External ConsultantsHeavy dependence on external consultants may hinder a licensee’s ability to independently assess and manage risks, especially without sufficient internal governance.
Lack of Board OversightInsufficient independent review of risk management processes and outcomes, with limited involvement of the board or risk committees.
Inadequate Documentation and ReviewFailure to adequately document risk management systems or regularly review and update them to reflect business or regulatory changes.
Limited Stress TestingNot conducting sufficient stress testing or scenario analysis of investment and liquidity risks, which is critical for market volatility preparedness.

ASIC encourages licensees to:

  • Embed risk management in all levels of the organisation.
  • Establish clear risk appetite statements and risk metrics.
  • Develop and monitor detailed risk treatment plans for residual risks.
  • Conduct regular reviews and updates of risk management systems.
  • Ensure effective governance and oversight of both internal and outsourced risk management functions.

By addressing these challenges, licensees can strengthen their risk management systems, better comply with their ACL obligations, and enhance consumer and market confidence.

Practical Steps for ACL Licence Holders to Ensure Adequacy of Financial Resources & Risk Management

Preparing and Updating Cash Flow Projections

ACL holders must prepare reasonable cash flow projections to demonstrate their ability to meet liabilities as they fall due. These projections should cover at least the next three months, or 12 months for certain tailored requirements.

When preparing cash flow projections, licensees should base them on reasonable estimates that account for:

  • Expected cash inflows and outflows
  • Assets available to pay liabilities
  • Anticipated income
  • Borrowings
  • Financial support from eligible providers

Key aspects of effective cash flow projection management include:

AspectDescription
DocumentationClearly document all calculations, assumptions, and rationale, with a level of detail proportionate to the business’s nature, scale, and complexity.
Regular UpdatesProjections must be updated when they no longer cover the required period, a material change occurs, or there is reason to suspect an updated projection would show non-compliance.
Board ApprovalFor certain tailored requirements, the governing body must approve cash flow projections at least quarterly.

ACL holders may choose from five options to meet the cash needs requirement, including preparing projections with a cash buffer, using contingency-based projections, or relying on financial commitments or support from eligible providers or parent entities.

Well-documented and current cash flow projections enable ACL holders to effectively plan for financial obligations while demonstrating compliance with licence requirements.

Ensuring Solvency and Positive Net Asset Position

ACL holders must continuously monitor their solvency to ensure they can pay debts as they fall due and maintain total assets exceeding total liabilities. While continuous monitoring of net assets isn’t strictly required, licensees should review their net asset position if there’s reason to doubt adequacy.

Key considerations for maintaining financial stability include:

ConsiderationDescription
Solvency RequirementLicensees must remain solvent at all times, meaning they can meet financial obligations when they are due.
Net AssetsTotal assets should exceed total liabilities based on the most recent annual balance sheet lodged with ASIC. An alternative test may apply if this is not met.
MonitoringRegularly assess financial statements and other indicators to identify any signs of financial distress.
ReportingPromptly notify ASIC of any material adverse changes to the licensee’s financial position as required under regulatory obligations.

Maintaining both solvency and a positive net asset position is fundamental to ensuring ongoing compliance with ACL licence obligations and sustaining business operations.

Establishing and Maintaining Risk Management Controls

ACL holders must establish and maintain adequate risk management systems that are structured, systematic, and tailored to the nature, scale, and complexity of their business. These systems should identify, evaluate, and manage risks, including the risk of insufficient financial resources.

Effective risk management controls involve:

Control ElementDescription
Risk IdentificationRecognise sources of risk, potential events, and their consequences, focusing on risks that may affect consumers or market integrity.
Risk EvaluationAssess the likelihood and impact of risks to prioritise those requiring attention.
Risk TreatmentImplement controls and measures to reduce risks to acceptable levels within the licensee’s risk appetite.
Monitoring and ReviewContinuously monitor the effectiveness of controls and update risk management systems to adapt to changes.
Embedding in OperationsIntegrate risk management into strategic and operational planning to make it part of everyday decision-making.
GovernanceAssign clear responsibilities for risk management, with oversight by senior management or the governing body.
Addressing Residual RiskDevelop plans to manage residual risks that remain after controls are applied.

Licensees should avoid overreliance on external consultants without sufficient internal governance and ensure that risk management systems are more than mere ‘box-ticking’ exercises.

Engaging Qualified Personnel and Training

Having competent personnel and providing ongoing training are essential components of maintaining adequate financial resources and risk management systems under the ACL.

Key considerations for effective staffing and training include:

ConsiderationDescription
Adequate StaffingEnsure sufficient human resources to comply with all obligations, carry out monitoring and supervision, and meet operational needs.
Recruitment and Succession PlanningImplement processes for recruiting qualified staff and planning for continuity in key roles to mitigate key person risk.
Training ProgramsIdentify required knowledge and skills for representatives and ensure they receive appropriate initial and ongoing training.
Monitoring CompetenceMaintain records of training and competence, and regularly assess whether staff meet required standards.
Compliance with ASIC ProtocolWhen employing financial advisers, comply with ASIC’s Reference Checking and Information Sharing Protocol to verify representative suitability.
Supervision and MonitoringEstablish measures to monitor representatives’ compliance with financial services laws and internal policies, including mechanisms to address breaches.

By investing in qualified personnel and robust training, ACL holders strengthen their capacity to meet licence obligations and manage risks effectively.

Consequences of Inadequate Financial Resources or Risk Management Under the ACL

Regulatory Actions by ASIC

ASIC can take several regulatory actions against ACL holders who fail to maintain adequate financial resources or risk management systems:

ActionDescription
Breach NotificationsLicensees must promptly notify ASIC of any breach or likely breach of their licence obligations, as required under section 912DAA of the Corporations Act 2001 (Cth).
Variation of Licence ConditionsASIC can impose additional or varied conditions on an ACL to address compliance concerns or risks identified in the licensee’s systems.
Suspension or Cancellation of LicenceIn cases of serious or persistent non-compliance, ASIC has the power to suspend or cancel an ACL to protect consumers and maintain market integrity.

These regulatory actions ensure licensees meet their ongoing compliance obligations and maintain the financial stability necessary for responsible credit service provision.

Impact on Business Operations and Client Confidence

When financial resources or risk management are inadequate, a licensee’s business operations and reputation can be profoundly affected.

Key impacts include:

ImpactDescription
Business Continuity RisksInsufficient financial resources may threaten the licensee’s ability to meet obligations, potentially leading to operational disruptions or insolvency.
Loss of Client TrustFailure to maintain adequate resources or risk controls can erode client confidence, resulting in business loss and reputational damage.
Market ReputationInadequate compliance can damage a licensee’s standing among peers, regulators, and consumers, affecting future business opportunities.

Maintaining adequate financial resources and robust risk management systems is therefore critical not only for regulatory compliance but also for sustaining business viability and client relationships.

Legal and Financial Risks

Non-compliance with financial resource and risk management obligations under the ACL exposes licensees to significant legal and financial risks:

RiskDescription
Penalties and Civil LiabilityBreaches of general conduct obligations are civil penalty provisions, with individuals facing penalties up to 5,000 penalty units and corporations facing higher penalties, including up to 10% of annual turnover.
Increased Risk of Business FailureLicensees become more vulnerable to financial distress, insolvency, or disorderly wind-up, which can result in significant losses for clients and stakeholders.
Regulatory Enforcement CostsLicensees may incur substantial costs when responding to ASIC investigations, enforcement actions, and remediation measures.

These risks highlight the importance of ongoing compliance with financial resource and risk management requirements to protect the licensee’s legal standing and financial health.

Conclusion

Financial resources and risk management are considered adequate under the ACL when licensees consistently demonstrate their ability to meet their financial obligations and maintain effective systems that identify, assess, and mitigate risks associated with their credit activities. This includes holding sufficient financial capacity to cover anticipated cash flow needs, maintaining positive net assets, and implementing robust risk management frameworks tailored to the nature, scale, and complexity of their business. Compliance with these requirements is essential for fulfilling general conduct obligations under the National Consumer Credit Protection Act 2009 (Cth) and the Corporations Act 2001 (Cth), as enforced by ASIC.

To ensure ongoing compliance and safeguard your credit business, it is crucial to regularly review and update your financial projections, risk management systems, and compliance measures. Engage with the trusted expertise of ACL lawyers today to receive specialised services tailored to your needs. Don’t miss this opportunity to achieve peace of mind and maintain strong financial services compliance in Australia. Contact AFSL House now to secure your future and simplify your regulatory obligations.

Frequently Asked Questions

Published By
Author Peter Hagias AFSL House
JUMP TO...

Table of Contents

Get Your Free Initial Consultation

Ready to speak with an expert?

Request a Free Consultation with one of our experienced AFSL Lawyers today.

Book a FREE Consultation

Rated 5-Star By Our Clients

Insights Library

Practical AFSL Guides & Insights

Unlock free AFSL guides, checklists, and insights in our regularly updated Insights Library, written by legal experts.

2025 Guide to AFSl Applications: Modern architecture graphic
100% FREE DOWNLOAD

2025 Guide to
AFSL Applications

Ready to apply for an AFSL? Download our practical step-by-step guide to securing your AFSL from ASIC.

Get insider insights on ASIC’s new licensing portal, application trends, approval timelines, and practical steps to fast-track your AFSL application in 2025.