CPS 230, CPS 234, AML/CTF Act, ASIC IDR, Consumer Law — Australian financial services firms answer to three regulators with overlapping but distinct requirements. AuditDSS maps every obligation across all three.
6,089
AU financial services obligations
3
Regulators
320+
Regulatory frameworks
146,445+
Scored obligations
Australian financial services firms live under the most heavily overlapping regulatory environment in any industry. APRA sets prudential standards — CPS 230 for operational resilience, CPS 234 for information security. ASIC enforces market conduct, consumer protection, and internal dispute resolution. AUSTRAC mandates AML/CTF programs with penalties demonstrated by CBA's $1.3 billion fine. Each regulator runs independent examinations, expects distinct evidence, and enforces separately.
But the underlying controls overlap significantly — a single incident response capability satisfies CPS 230 business continuity, CPS 234 security incident management, and AUSTRAC's suspicious matter reporting simultaneously. AuditDSS maps every overlap.
That's what AuditDSS does.
6,089 obligations across 6 frameworks from 3 regulators, scored and ready. AuditDSS is the only platform that decomposes ALL of them and shows how they connect.
Updated March 2026 — new frameworks added regularly
Operational risk management. Business continuity, third-party risk, material service provider obligations. Effective July 2025.
Information security. Security capability commensurate with threats to information assets. Board notification requirements.
AML/CTF program obligations. Tranche 2 expanding scope to real estate agents, lawyers, accountants, and precious metals dealers.
Detailed compliance rules — customer due diligence, transaction monitoring, suspicious matter reporting, record keeping.
Australian Consumer Law. Unfair contract terms, consumer guarantees, product safety, misleading conduct.
Australian Privacy Principles. Financial services have additional obligations for credit reporting and health information.
Determine which APRA, ASIC, and AUSTRAC obligations apply based on your licence type, entity size, and regulated activities.
Score compliance across all three regulators simultaneously. See where a single control gap creates exposure with multiple regulators.
Generate compliant policies, procedures, and board reporting documentation. Every clause traced to specific prudential standard, AML/CTF rule, or ASIC requirement.
Map existing controls, incident logs, and compliance records to obligations across all three regulators. One evidence vault, three regulators satisfied.
Business continuity plans, third-party risk assessments, service provider registers, and incident response documentation. Maps to CPS 230 operational resilience obligations and AUSTRAC business continuity requirements simultaneously.
Security policies, vulnerability assessments, penetration test results, and incident logs. Direct evidence for CPS 234 information security requirements and AUSTRAC cybersecurity obligations.
Transaction monitoring alerts, suspicious matter reports, CDD records, and AML program documentation. Maps to AUSTRAC compliance rules and ASIC conduct obligations.
IDR records, complaint handling data, product governance documentation, and consumer outcomes analysis. Evidence for ASIC IDR requirements and ACL consumer protection obligations.
You don't need separate GRC systems for APRA, ASIC, and AUSTRAC. You need one platform that maps your existing controls to obligations across all three regulators — showing where one piece of evidence satisfies multiple requirements. That's what AuditDSS does.
Most compliance platforms tell you what you must do to avoid penalties. AuditDSS also tells you what you gain by complying.
Unified compliance view across APRA, ASIC, and AUSTRAC. Know your position with every regulator at all times.
AUSTRAC penalties — CBA's $1.3B fine. APRA directions. ASIC enforceable undertakings. Know your exposure before regulators find it.
Operational resilience deadline July 2025. Map your third-party risk and BCP obligations now.
One security control can satisfy CPS 234, AUSTRAC, and ASIC requirements simultaneously. AuditDSS shows every overlap.
Obligation-level compliance scoring for board and risk committee reporting across all three regulators.
Pre-mapped evidence for APRA prudential reviews, AUSTRAC compliance assessments, and ASIC examinations.
Score compliance across APRA prudential standards, AUSTRAC AML/CTF, and ASIC conduct obligations simultaneously. See gaps before the regulator does.
APRA prudential requirements, claims handling obligations, and member protection rules. One dashboard for general insurance, life insurance, and RSE licensee compliance.
Manage three regulatory relationships from one workspace. Generate board-ready reports with obligation-level scoring and evidence mapping across APRA, ASIC, and AUSTRAC.
AML/CTF, consumer protection, and privacy obligations as you scale. Understand your regulatory surface area before AUSTRAC asks.
Answer a few questions, discover every regulation that applies to your business
Not just 'you need CPS 230' but 58 specific obligations decomposed, scored by risk
See exactly where you're compliant and where you're exposed across all three regulators
Deterministic document generation for compliance policies, BCP plans, and AML/CTF programs. Every clause traced to specific prudential standards and AML/CTF rules.
Company Mode for your own compliance. Advisor Mode for consultants managing multiple clients.
Discover which frameworks apply to your business in minutes — or book a walkthrough to see AuditDSS in action.
Building financial technology? AuditDSS provides the compliance intelligence layer for core banking, payment processing, risk management, and regulatory reporting platforms. Contact us about integration partnerships