When ASIC conducts a targeted review of your brokerage, they want to see a complete record of every client interaction: when advice was given, what was discussed, which documents were exchanged, and how the loan recommendation was reached. Brokerages that can produce this evidence quickly pass reviews smoothly. Those that can't face remediation orders, enforceable undertakings, or worse.
What ASIC actually asks for
ASIC's review scope typically includes: client file completeness (needs assessment, financial verification, credit guide delivery), evidence of 'not unsuitable' determination, records of ongoing communications, and evidence that the broker considered multiple product options. Your audit trail needs to answer 'who did what, when, and why' for every step.
Automatic vs manual audit logging
Manual audit logging, where brokers type notes after each interaction, is unreliable. Brokers under time pressure skip notes, backdate entries, or summarise insufficiently. Automatic audit logging captures every system action (record created, field changed, document uploaded, email sent) with timestamps, user IDs, and before/after values. This creates an immutable, complete record without broker effort.
Configuring your CRM for audit readiness
Enable audit logging on all client record types, not just the main contact. Document uploads, pipeline stage changes, email and SMS communications, and internal notes should all be logged. Configure retention to exceed ASIC's requirement (currently 7 years from date of advice). And test your audit exports quarterly, don't discover your reports are broken during an actual review.
Frequently asked questions
How long must broker audit records be retained?
What if my CRM doesn't have automatic audit logging?
Ready to see it in action?
CRMandGo is built for Australian brokers. Start your free trial, no credit card, no lock-in.
Start free trial