Compliance‑native, by construction.

APRA's prudential standard for managing operational risk. Sets requirements for critical operations, third‑party arrangements, and business continuity.

• Critical operations register
• Notifiable operational risk events (§ 36)
• Third‑party risk assessment
• Business continuity planning
• Operational risk control testing

APRA's prudential standard requiring information security capability commensurate with the size and extent of threats to information assets.

• Information asset register
• Information security capability
• Implementation of controls
• Incident detection and response
• Notification and internal audit

Australian sustainability‑related financial disclosure standards. Aligns Australian reporting with IFRS S1 and S2 climate disclosure rules.

• Sustainability‑related financial risks
• Climate‑related risks and opportunities
• Scope 1, 2 & 3 emissions tracking
• Transition plan documentation
• Governance and strategy disclosures

AUSTRAC's anti‑money laundering and counter‑terrorism financing regime. Customer due diligence, ongoing monitoring, and reporting obligations.

• Customer due diligence (CDD / ECDD)
• Ongoing customer monitoring
• Suspicious matter reporting (SMR)
• Sanctions screening
• International funds transfer instructions

Australian Privacy Principle 11 under the Privacy Act 1988, the security obligation for personal information held by an APP entity.

• Personal information inventory
• Reasonable security steps
• Privacy impact assessments
• Notifiable Data Breach scheme (Pt IIIC)
• Access and rectification rights

ASIC's Regulatory Guide 271 setting standards for internal dispute resolution by financial firms.

• Complaint registration
• Acknowledgement timeframes
• Response and resolution
• Final response (RG 271 standard)
• IDR data reporting