Laws or related obligations

Financial Services

ASIC Regulatory Guide 256: Client review and remediation conducted by advice licensees

This regulatory guide sets out our guidance on client review and remediation (review and remediation) that:

is conducted by Australian financial services (AFS) licensees who provide personal advice to retail clients (advice licensees); and
seeks to remediate clients who have suffered loss or detriment as a result of misconduct or other compliance failure by an advice licensee (or its representatives) in giving personal advice.

Review and remediation, which may be large or small scale, generally aims to place affected clients in the position they would have been in if the misconduct or other compliance failure had not occurred: see RG 256.5,ĂÂRG 256.6 and RG 256.13, RG 256.20. The principles in this guide should also be applied to review and remediation that is not related to personal advice, to the extent relevant, although we recognise that:

implementation may differ between the various types of review and remediation; and
licensees may need to consider specific legislative requirements or other guidance that applies: see RG 256.7, ĂÂRG 256.11.

Key considerations for advice licensees include:

when to initiate the process of review and remediation (see Section B);
the scope of review and remediation (see Section C);
designing and implementing a comprehensive and effective process for review and remediation (see Section D);
communicating effectively with clients (see Section E); and
ensuring access to external review (see Section F).

Sector(s):

Financial

Jurisdiction(s):

Australia

ASIC Regulatory Guide 256: Client review and remediation conducted by advice licensees

Risk Library

52 Risks

Jurisdiction: All
Category: Business

Learn More

Assessment

6clicks Essential Controls Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

6clicks Pandemic Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

6clicks Scope Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Acceptable Use

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

APRA CPS 234 Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Assessment

ASD Essential 8 Maturity Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

Australian Energy Sector Cyber Security Framework (AESCSF) Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Risk Library

Board Top Risks

Jurisdiction: All
Category: Business

Learn More

Control

Business Continuity - Control Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Business Continuity

Jurisdiction: All
Category: Business

Learn More

Risk Library

CompLeR Core

Jurisdiction: All
Category: Business

Learn More

Risk Library

CompLeR Sector

Jurisdiction: All
Category: Business

Learn More

Assessment

Consensus Assessments Initiative Questionnaire (CAIQ) Lite

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment Control

Consensus Assessments Initiative Questionnaire v3.0.1

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Cyber and Information Security Framework

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Cyber Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

Cybersecurity Maturity Model Certification (CMMC) Question Set

Jurisdiction: USA
Category: Cybersecurity

Learn More

Risk Library

Environmental Risks

Jurisdiction: All
Category: Business

Learn More

Control

FedRAMP Security Controls

Jurisdiction: USA
Category: Cybersecurity

Learn More

Assessment

Financial Services Sector Cybersecurity Profile (FSSCP) Question Set

Jurisdiction: USA
Category: Cybersecurity

Learn More

Risk Library

General Business

Jurisdiction: All
Category: Business

Learn More

Control

Human Resources Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Identity and Access

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Information Security Issue Management

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

Information Security Manual (ISM) - July 2020 Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Assessment

Information Security Manual (ISM) - March 2020 Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Laws or related obligations

ISO 45001:2018 Occupational Health And Safety Management System (OHMS)

Jurisdiction: All
Category: Workplace Health & Safety

Learn More

Assessment

ISO/IEC 27001:2013 Annex A Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

ISO/IEC 27001:2013 Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

IT Operations Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

MAS 655 Notice on Cyber Hygiene Question Set

Jurisdiction: Singapore
Category: Cybersecurity

Learn More

Control

Network Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NIST Cyber Security Framework (CSF) Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NIST SP800-161 Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NIST SP800-171 r2 Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NSW Cyber Security Policy (NSW CSP) Question Set

Jurisdiction: New South Wales
Category: Cybersecurity

Learn More

Risk Library

OH&S Risks

Jurisdiction: All
Category: Workplace Health & Safety

Learn More

Assessment

OWASP Secure Medical Device Deployment Standard (SMDDS) Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Pandemic Risks

Jurisdiction: All
Category: Business

Learn More

Assessment

PCI-DSS Security Assessment Questionnaire (SAQ) A-EP

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Physical and Environmental Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Project Management

Jurisdiction: All
Category: Business

Learn More

Assessment

Queensland Information Security Policy (IS18:2018) Question Set

Jurisdiction: Queensland
Category: Cybersecurity

Learn More

Assessment

SA Cyber Security Framework (CSF) Question Set

Jurisdiction: South Australia
Category: Cybersecurity

Learn More

Assessment

Secure Controls Framework (SCF) Assessment

Jurisdiction: All
Category: Cybersecurity Privacy

Learn More

Assessment

SOC 2 Trusted Services Criteria Question Set

Jurisdiction: USA
Category: Cybersecurity

Learn More

Risk Library

Startups & New Ventures

Jurisdiction: All
Category: Business

Learn More

Control

Supplier Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

System Acquisition and Development

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

TAS Information Security Framework (ISF) Question Set

Jurisdiction: Tasmania
Category: Cybersecurity

Learn More

Assessment

UAE Information Assurance (IA) Assessment

Jurisdiction: UAE
Category: Cybersecurity

Learn More

Assessment

UK NCSC Cyber Essentials Question Set

Jurisdiction: UK
Category: Cybersecurity

Learn More

Assessment

Victorian Protective Data Security Standards 2.0 (VPDSS) Question Set

Jurisdiction: Victoria
Category: Cybersecurity

Learn More

Assessment

VSA Questionnaire

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

WA Digital Security Policy (DSP) Question Set

Jurisdiction: Western Australia
Category: Cybersecurity

Learn More

Laws or related obligations

Work Health and Safety Act 2011

Jurisdiction: Australia
Category: Legislation Workplace Health & Safety

Learn More

Laws or related obligations

Work Health and Safety Regulations 2011

Jurisdiction: Australia
Category: Workplace Health & Safety

Learn More

Control

Australian Financial Services (AFS) License Control Set

Jurisdiction: Australia
Category: Financial Services

Learn More

Control

COBIT 19

Jurisdiction: All
Category: Cybersecurity

Learn More

Laws or related obligations

Fair Work Act 2009

Jurisdiction: Australia
Category: Workplace Health & Safety

Learn More

Control

SWIFT Customer Security Controls Framework (CSCF)

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

CERT NZ's Top ten critical controls

Jurisdiction: New Zealand
Category: Cybersecurity

Learn More

Playbook

Ransomware Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Cloud Email Compromise Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Create Account (Backdoor User Accounts) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Credential Access (Password Spraying) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Cyber Blackmail Incident Reponse Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Defense Evasion (Disabling Security Software) Incident Reponse Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Denial of Service (DOS) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Device Theft/Loss Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Malware Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Money Mule Scams (CEO Fraud) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Phishing Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Resource Development (Compromise Accounts) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Scam Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Social Engineering Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Credential Access (Unsecured Credentials) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Drive By Compromise Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Group Policy Modification Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Insider Abuse Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Project

ISO 31000:2009 Risk management

Jurisdiction: All
Category: Risk Management

Learn More

Project

ISO27005:2008 Information Security Risk Management

Jurisdiction: All
Category: Risk Management

Learn More

Project

MEHARI 2010: Processing guide for risk analysis and management

Jurisdiction: All
Category: Risk Management

Learn More

Project

NIST SP 800-30 r1 guide for Conducting Risk Assessments

Jurisdiction: USA
Category: Risk Management

Learn More

Project

NIST Special Publication 800-39: Managing Information Security Risk

Jurisdiction: USA
Category: Risk Management

Learn More

Project

The DREAD Risk Assessment Model

Jurisdiction: All
Category: Risk Management

Learn More

Project

The STRIDE Threat Model

Jurisdiction: All
Category: Risk Management

Learn More

Control

6clicks General Financial Controls

Jurisdiction: All
Category: Financial Services

Learn More

Content Library

Access our comprehensive library of best-practice content and guidance from recognized authorities and industry-leading organizations.

Reimagine risk and experience Hailey AI

ASIC Regulatory Guide 256: Client review and remediation conducted by advice licensees

Sector(s):

Jurisdiction(s):

Filter By:

Filter By:

Filter By:

52 Risks

6clicks Essential Controls Assessment

6clicks Pandemic Assessment

6clicks Privacy Impact Assessment (PIA)

6clicks Scope Assessment

Acceptable Use

APRA CPS 234

APRA CPS 234 Question Set

ASD Essential 8

ASD Essential 8 Maturity Assessment

ASIC Regulatory Guide 270: Whistleblower Policies

Australian Anti Money Laundering and Counter Terrorism Financing Act 2006

Australian Anti Money Laundering and Counter Terrorism Financing Rules Instrument 2007 (No. 1)

Australian Energy Sector Cyber Security Framework (AESCSF)

Australian Energy Sector Cyber Security Framework (AESCSF) Question Set

Australian Privacy Principles (Comprehensive)

Australian Privacy Principles (Simplified)

Board Top Risks

Business Continuity - Control Set

Business Continuity

COBIT 5.0

CompLeR Core

CompLeR Sector

Consensus Assessments Initiative Questionnaire (CAIQ) Lite

Consensus Assessments Initiative Questionnaire v3.0.1

Corporations Act 2001

CSA IoT Security Controls Framework

Cyber and Information Security Framework

Cyber Security

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC) Question Set

Environmental Risks

FedRAMP Security Controls

Financial Services Sector Cybersecurity Profile (FSSCP)

Financial Services Sector Cybersecurity Profile (FSSCP) Question Set

General Business

General Data Protection Regulation (GDPR)

Human Resources Security

Identity and Access

Information Security Issue Management

Information Security Manual (ISM) - December 2020

Information Security Manual (ISM) - July 2020

Information Security Manual (ISM) - July 2020 Question Set

Information Security Manual (ISM) - March 2020

Information Security Manual (ISM) - March 2020 Question Set

Information Security Manual (ISM) - October 2020

ISO 14001:2016 Environmental Management System (EMS)

ISO 22301:2020 Business Continuity Management System (BCMS)

ISO 45001:2018 Occupational Health And Safety Management System (OHMS)

ISO 9001:2016 Quality Management Systems (QMS)

ISO/IEC 27001:2013

ISO/IEC 27001:2013 Annex A

ISO/IEC 27001:2013 Annex A Question Set

ISO/IEC 27001:2013 Question Set

IT Operations Security

Jericho Forum Commandments

MAS 655 Notice on Cyber Hygiene

MAS 655 Notice on Cyber Hygiene Question Set

Modern Slavery Act 2018

Network Security

NIST Cyber Security Framework (CSF)

NIST Cyber Security Framework (CSF) Question Set

NIST SP800 53 r3

NIST SP800 53 r4

NIST SP800-161

NIST SP800-161 Question Set

NIST SP800-171 r2

NIST SP800-171 r2 Question Set

NSW Cyber Security Policy (NSW CSP)

NSW Cyber Security Policy (NSW CSP) Question Set

OH&S Risks