File reviews remain one of the most relied-upon compliance controls across AFSL holders, but increasingly, they are failing at their core purpose.
Recent ASIC surveillance activity and advice file reviews indicate a consistent pattern: file review frameworks are in place, reviews are being performed, and yet poor advice is still reaching clients.
This is not a failure of process existence; it is a failure of risk detection capability.
The Core Failure: Reviews Focus on Completion, Not Risk
Most licensees conduct file reviews using structured checklists. These reviews typically focus on:
- Whether key documents are present
- Whether disclosures are included
- Whether templates have been completed
While this ensures baseline compliance, it does not assess whether the advice itself is appropriate.
ASIC’s review of financial advice files has clearly demonstrated this gap. In one recent review, only 38 of 100 files demonstrated compliance with best-interest obligations, despite many licensees having review and pre-vetting processes in place.
This highlights a critical issue:
“File reviews are being performed — but they are not identifying poor advice”.
What Is Actually Failing: Advice Quality Assessment
The core purpose of a file review is to test whether:
- The advice is appropriate for the client
- The recommendation is supported by evidence
- The best interests duty has been met
However, regulatory findings consistently show that reviews are not adequately testing these elements.
Common failures include:
- Weak or absent linkage between client circumstances and recommendations
- Incomplete or generic fact-finding
- Lack of documented reasoning behind advice strategies
- Failure to identify conflicts of interest
- Acceptance of recommendations without challenge
In many cases, advisers are effectively acting on assumptions or generic strategies, and file reviews fail to detect this breakdown.
Why This Matters: False Assurance Risk
When file reviews fail to identify poor advice, they create a false sense of assurance.
Management, boards, and Responsible Managers receive reporting that suggests:
- Advice quality is acceptable
- Compliance frameworks are operating effectively
- Risks are being identified and managed
However, ASIC findings demonstrate that this assurance may be misplaced.
Even where advice files were subject to pre-vetting controls, non-compliant advice continued to pass through review processes, raising serious questions about the effectiveness of internal monitoring systems.
This exposes firms to:
- Undetected client harm
- Large-scale remediation programs
- AFCA complaints and adverse determinations
- Regulatory enforcement
What Regulators Are Actually Testing
Regulators are not assessing whether file reviews exist; they are assessing whether they work.
In practice, ASIC will examine:
- Whether file reviews identified inappropriate advice
- The depth and quality of reviewer commentary
- Whether findings led to escalation or remediation
- Consistency of findings across similar files
- Whether recurring issues were identified and addressed
A file review system that consistently passes non-compliant advice will be viewed as ineffective, regardless of how well it is documented.
The Structural Problem: Checklist-Based Reviews
The root cause for most licensees is overreliance on binary, checklist-driven reviews.
These frameworks:
- Reward document completion
- Do not test judgment or suitability
- Provide a limited scope for critical analysis
- Encourage “tick and flick” behaviour
As a result, reviewers confirm that steps have been followed, but do not assess whether the outcome is correct.
This creates a gap between:
“Was the process completed?”
and
“Was the advice actually appropriate?”
What Good Looks Like
Leading firms are shifting file reviews from compliance confirmation to risk detection frameworks.
Key elements include:
- Risk-based review models, not binary checklists
- Mandatory assessment of advice suitability, not just documentation
- Structured commentary requirements explaining reviewer conclusions
- Second-line quality assurance (review-of-review process)
- Calibration sessions to ensure reviewer consistency
- Escalation triggers for high-risk findings
- Integration of file review outcomes into breach and complaint frameworks
Importantly, file reviews are treated as:
A mechanism for identifying bad advice — not confirming good paperwork.
AICS Perspective
From an AICS standpoint, file review failure is one of the most significant governance risks within AFSL frameworks.
The issue is not that firms lack review processes; it is that those processes are not designed to detect real risk.
ASIC has made it clear through its surveillance outcomes that poor advice can persist even in environments with formal controls, particularly where those controls:
- Are checklist-driven
- Lack of depth of analysis
- Do not challenge the adviser’s judgement
- Fail to escalate issues
Effective file reviews must serve as a front-line risk-detection tool, not a retrospective compliance check.
The standard is no longer whether reviews are completed, but whether they identify and prevent poor advice before it impacts clients.
Call To Action
If your file review framework is not identifying inappropriate advice, it is not functioning as an effective control.
Checklist-driven reviews often confirm document completion without assessing the quality or suitability of the advice. ASIC findings show that poor advice can persist even where review processes exist, creating false assurance for management and boards.
AICS works with firms to implement risk-based advice file review audit frameworks, focused on detecting advice failures, strengthening oversight, and improving control effectiveness.
If you would like to evaluate whether your current advice file review framework is genuinely identifying risk, click here to contact Cheyenne and the team, email [email protected] or call 07 3251 2481.
References
- Australian Securities and Investments Commission (ASIC), ASIC review raises fresh concerns over risks to retirement savings from poor SMSF advice
View media release - Australian Securities and Investments Commission (ASIC), Report 824: Review of SMSF establishment advice
View report PDF
