In June 2025, ASIC released a sobering review of compliance plans across Australia’s managed fund sector. The message was clear: far too many responsible entities are falling short.
After reviewing 50 responsible entities covering nearly half of all registered funds and fund assets, ASIC found systemic weaknesses in how key obligations are documented, owned, and monitored. The review focused on three areas: breach reporting (RG 78), internal dispute resolution (RG 271), and product design and distribution obligations (RG 274).
The results? Widespread deficiencies. Poor structure. Missing obligations. Inadequate monitoring. Outdated plans. And a recurring reliance on vague policy references or static documents that simply aren’t doing the job.
If your obligations are scattered, your records inconsistent, and your oversight reactive, now is the time to act. Download our free Compliance and Compliance Risk Management eBook now:
What's going wrong and why it matters
ASIC’s findings highlight a deeper problem than just poorly written documents. They reveal a disconnect between compliance intent and execution.
Some of the most critical issues ASIC identified include:
- Obligations missed entirely – with many plans failing to address even well-established requirements like RG 271 reporting.
- Poor accountability – with the same individual listed as both control implementer and monitor.
- Unclear monitoring – where plans lacked detail on how or how often controls would be tested or reported on.
- No board oversight – leaving senior leaders in the dark on complaint trends or breach patterns.
- Lack of record-keeping – with minimal or inconsistent data capture on incidents and outcomes.
This isn’t just a compliance documentation problem, it’s a governance risk. Weak compliance plans not only increase regulatory exposure but also undermine investor confidence and internal accountability.
What managed funds need to do now
To meet ASIC’s expectations and build real trust with investors, boards, and regulators, responsible entities need to go beyond static plans and adopt a proactive, systemic approach to compliance.
That means two things:
1. A culture shift in compliance planning
Responsible entities must treat compliance planning as an active governance function, not a once-a-year documentation task. That includes:
- Clearly identifying every obligation, including RG 78 and RG 271.
- Assigning separate roles for implementing and monitoring controls.
- Documenting how performance will be measured and reported.
- Setting specific frequencies for control activities.
- Ensuring board-level visibility and escalation pathways.
- Keeping records that demonstrate traceability and accountability.
2. The right systems to support it
Culture alone isn’t enough. These requirements demand tools that can support real-time tracking, structured record-keeping, and transparent reporting: capabilities that traditional spreadsheets, documents, or outdated systems can’t deliver.
To operationalise ASIC’s expectations, organisations need a governance, compliance and risk (GRC) platform that makes compliance controls tangible, testable, and visible.
How Protecht helps close the gap
Protecht’s off-the-shelf Marketplace packages for RG 78 and RG 271 are designed to do exactly what ASIC is calling for, by turning obligations into structured workflows, tracked outcomes, and board-ready insights.
RG 78 Reportable Situations and Breaches
Stay on top of breach identification, investigation, and reporting with:
- Centralised registers aligned with ASIC’s RG 78 specifications.
- Workflow rules for consistent investigation and escalation.
- Real-time dashboards showing breach status, root causes, and trends.
- API integration with ASIC’s regulatory portal for faster, more accurate submissions.
RG 271 Internal Dispute Resolution
Ensure no complaint slips through the cracks and every obligation is met with:
- Comprehensive complaint registers for logging, tracking, and documenting each case.
- Automated notifications and deadline tracking to meet 24-hour and 30-day timeframes.
- Board and management dashboards for visibility into complaint types, trends, and systemic issues.
- Compliant CSV export for streamlined ASIC reporting.
Monitoring, record-keeping, and real-time visibility
Whether you're managing breaches, complaints, or broader GRC obligations, Protecht enables:
- Clear separation of responsibilities between control owners and reviewers.
- Verifiable monitoring methods, with metrics, frequencies, and audit trails.
- Dashboards and reports tailored for compliance committees and boards.
- Structured records that track every action, escalation, and resolution — in line with ASIC’s guidance.
Conclusions and next steps for your organisation
ASIC’s 2025 review is a wake-up call for the managed fund sector. The shortcomings it uncovered, from outdated documentation to missing obligations, unclear responsibilities, and lack of oversight, all point to one thing: the gap between compliance on paper and compliance in practice.
If your current plan relies on generic policy references, siloed tools, or inconsistent record-keeping, it’s time to rethink your approach. Regulatory expectations have moved on. Your systems and processes need to move with them.
That means shifting from:
- Vague commitments to clearly mapped obligations
- Static plans to dynamic workflows
- Reactive reporting to real-time oversight
- Manual effort to automated assurance
Protecht’s GRC platform – including our purpose-built RG 78 and RG 271 Marketplace packages – is built to support this transformation. We help you embed compliance into your operations, generate the evidence ASIC expects, and deliver the visibility your board demands.
So don’t just update your compliance plan: bring it to life with tools that make obligations measurable, risks traceable, and assurance demonstrable.
Request a demo to see how Protecht can help you operationalise ASIC’s expectations and build lasting confidence in your compliance program:
