Compliance & Risk Services

Simplicity + Certainty = Confidence

Secure

Your information is securely held, communications are safely encrypted. Our fully encrypted backups occur often and regularly. Flexible and secure user password security.

Fast

Fast interfaces, user experience and reporting through the latest database design and web technology. User management tools aide efficient processes

Simple

Uncluttered user interfaces, multiple browser tab access, effortless data links. Our user-friendly and easy to learn user interface means no steep learning curve. Logical data entry flow with what you expect where you expect.

Customisable

You select the modules you use and customise to your needs. You control your reports' content, you tailor your installation to suit your businesses needs

Standardised

We support the global standards on Risk Management (ISO 31000) and Compliance (ISO 19600) and APRA SSP 220

Centralised

One stop for all of your risk and compliance office needs. View completed and incomplete controls. Retain all your controls and records in the one accessable data base

How it Works

CRS Certus becomes your record of your risks, risk profile, risk mitigators, obligations, responsible managers and staff, policies and procedures. It holds your proof of control execution. It facilitates recording and managing issues, incidents and complaints. CRS Certus can be interrogated to deliver reports on all data it holds in a format your audience needs.

Risks

Full risk management system. Customisable risk register. Multiple entity ratings support. Links to mitigating controls and issues register. Risk appetites tied to strategic objectives. Risk tolerance triggers and questionnaire system.

Obligations

Record obligations. Link to legislative or regulatory sources. Reconcile obligations with business controls

Controls

Document business controls. Link to risks and obligations. Assign responsibilities to managers. Automatically generate controls self-assessment questionnaires. Managers alerted when questionnaires are ready, complete within CRS Certus

Assessments

Controls response assessment navigation. Record testing results. Full audit records of resolution and further action. Directly load adverse responses into Issues Register.

Incidents

Capture incidents originating from within CRS Certus and reported by your business. Customise incident categories. Workflow management. Assign activities. Capture reportability assessment, related documents and developments.

Complaints

Customise complaint categories. Seamless flag as incidents, breaches or risk mitigation controls failures.

Registers

Breach register with regulator reporting assessments. Personal dealing approvals and register, gifts & benefits, training, conflicts of interest, relatedy party, legal documents, administrative documents, publications, office holder registers amongst others.

Alerts

Email alerts issued out of the system directed to your defined positions. Customisable email content and triggers. Email service log validates that communications are sent.

Policies & Procedures

Policies and procedures library. Alert users to new content to review within CRS Certus. Capture user confirms of access and understanding of policies and procedures. The library becomes your single point of truth.

Reporting

Flexible reporting to PDF and XLS(X). Customisable report content, period and presentation, tailored and relevant for the audience. Reports returned immediately. Aides regulatory enquiry, annual audit, demonstrates the control you have over your business

Consultancy and Outsourced Management

In addition to providing CRS-Certus as a software service, we provide consulting and outsourced management services. These services are available separately from CRS-Certus.

We can help to:

Operationalise your risk and compliance management system.
Workshop your risks.
Build Controls.
Document your regulatory obligations.
Implement incident/complaints reporting.
Document your policies & Procedures

Compliance & Risk Services Pty Ltd has been providing risk and compliance management solutions for businesses for over 10 years.

Our speciality in financial expertise

We have particular experience with financial Australian financial institutions such as Australian Financial Services Licensee, APRA regulated entities, Australian Credit licensees and AUSTRAC reporting entities.

Australian Financial Services ('AFS') Licence applications and licence variations
RSE licence applications
AFS Licence compliance reviews
Managed investment scheme registrations
Draft compliance plans
Draft Product Disclosure Statements ('PDS')
PDS due diligence
MDA contracts
Provide outsourced compliance management
Anti-money laundering & counter terrorism financing ('AML/CTF') programs
Independent reviews of AML/CTF programs
External Compliance Committee members
Temporary compliance staff placements
Risk management frameworks
Local agent for foreign licensees
Technical and product advisory services
Responsible manager training

Our values and ideals

Experience

We are experienced risk and compliance management practitioners experienced in developing and operating risk and compliance management systems.
CRS-Certus is developed through our experience as risk and compliance management practitioners.

In-house programming team

Our programming team is retained in-house. We believe that the partnership of practitioner and programmer provides a strength that few competitors may match.

Secure IT architecture and backups

Our system uses contemporary database design, programming languages, and hardware. We have implemented a constant backup regime using offsite encrypted storage.

Trust

We have provided services to over 200 clients over the globe. We have acted as topic experts under ASIC enforceable undertakings, engaged as experts in litigation and ASX disciplinary reviews.

Articles

Lessons Learnt from the Lanterne case

By Christina Barlow at 18/04/2024

New parliamentary inquiry into the wholesale investor and wholesale client tests

By Gerald O'Byrne at 26/03/2024

Rollover of Class Orders relating to Managed Investment Schemes

By Terry Dalziel at 31/01/2024

AUSTRAC Compliance Report ✅

By Hannah Deuk at 16/01/2024

Understanding ASIC's Focus in 2024 and Enforcement Priority!

By Hannah Deuk at 29/11/2023

Money Laundering Maze: Dodging AML/CTF Programs with Style 😉

By Hannah Deuk at 01/11/2023

ASIC releases second publication on insights from the reportable situations regime

By Vicki Guo at 01/11/2023

Review of the regulatory framework for managed investment schemes

By Gerald O'Byrne at 08/08/2023

ASIC invites Australian entities to assess their cyber resilience

By Vicki Guo at 20/06/2023

Changes to Privacy Requirements

By Sharman Grant at 11/04/2023

Lessons Learnt from the Lanterne case

On the 10th April 2024, the Federal Court of Australia released a judgement on the case - Australian Securities and Investments Commission vs Lanterne Fund Services Pty Ltd [2024] FCA 353.

It was declared that pursuant to s21 of the Federal Court of Australia Act 1976 (Cth) (FCA Act) and s1317E of the Corporations Act 2001 (Cth) during the period 13 March 2019 to 5 October 2021, Lanterne Funds Services Pty Ltd (Lanterne) breached its obligations to have adequate risk management systems, and thereby contravened ss912A(1)(h) and 912A(5A) of the Corporations Act.

In summary, Lanterne has breached the Corporations Act through the following:

(a) Failed to identify and assess the risks faced by its business, including the risks related to its corporate authorised representatives (CARs) and authorised representatives (ARs);

(b) Failed to document any identification or assessment of the risks faced by its business, including failing to have a risk management framework and basic risk management tools;

(c) Relied on initial due diligence of directors of potential CARs and pro forma monthly compliance self assessments by the CARs to monitor the CARs and Ars and identify risks associated with their conduct;

(d) Failed to have adequate compliance management systems having regard to the nature, scale and complexity of its business and instead relying on a compliance manual which was out of date, inapplicable to the business and omitted regulatory and compliance obligations of CARs, ARs and Lanterne;

(e) Failed to have sufficient employers or officers with appropriate risk management experience and failing to engage external consultants with risk management expertise;

(f) Failed to have any independent oversight or monitoring of its risk management systems; and

(g) Otherwise failing to have systems, processes and controls in place to manage or mitigate risks, including failing to have an incident management process.

Breach of obligation to do all things necessary to maintain competence to provide financial service covered by its financial service licence

Under s21 of the FCA Act and s1317E of the Corporations Act, it was noted that Lanterne had breached its obligations to all things necessary to maintain competence to provide the financial services covered by its financial services licence. This was through:

(a) Failed to have responsible managers with sufficient time effectively to conduct their roles;

(b) Failed to have a sufficient number of responsible managers with appropriate knowledge and skills across the financial services offered by Lanterne’s CARs and in the industries and businesses operated by Lanterne’s CARs; and

(c) Failed to have any processes for ensuring it had appropriately qualified managers.

Breach of obligation to ensure its representatives were adequately trained and competent to provide financial services covered by its financial service licence

Under s21 of the FCA Act and s1317E of the Corporations Act, it was noted that Lanterne had breached its obligation to ensure its representatives were adequately trained and competent to provide financial services covered by its financial service licence

(a) Failed to assess the skill and competency requirements of its ARs;

(b) Failed to provide or arrange any adequate training, professional development for its CARs and ARs; and

(c) Relied only on monthly self-assessment compliance reports completed by the CARs and ARs to satisfy itself that they had undertaken training, and not requested to see CARs’ or ARs’ training records.

Breach of obligation to take reasonable steps to ensure that its representatives complied with the financial services laws (contravening ss912A(1)(ca) and 912A(5A) of the Corporations Act

a) Failed to have a documented and rigorous due diligence and background check

process for prospective CARs and ARs, and failing to conduct ongoing checks to ensure ARs remained appropriate;

(b) Failed to provide clear and practical guidance to CARs and ARs about the nature, extent and discharge of their obligations under the financial services laws;

(c) Failed to have a systematic and documented audit process, and failing to conduct regular audits of the CARs and ARs;

(d) Failed to document the matters the subject of its informal discussions with the ARs;

(e) Relying on pro forma monthly compliance self-assessments by the CARs to monitor the CARs and ARs and identify risks associated with their conduct;

(f) Failed to record or follow up any exceptions noted in the compliance self assessments;

and

(g) Failed to conduct regular performance reviews of its employees, management or responsible manager.

Breach of obligation to have adequate resources (including technological and human resources) to provide the financial services covered by its service licence (contravened ss 912A(1)(d) and 912A(5A) of the Corporations Act

a) Failed to have adequately trained and skilled compliance and risk management personnel (particularly to undertake audits and reviews of CARs and ARs);

(b) Failed to have an adequate information technology capability and any human resources capability having regard to the nature and scale of Lanterne's business;

(c) Failed to have a human resources plan or process to establish and maintain the adequacy of Lanterne's human resources;

(d) Failed to have staff training, development plans or reviews;

(e) Failed to have plans for the temporary or permanent absence of its only operational responsible manager who also held the position of managing director;

(f) Failed to have a technology resourcing plan or an up-to-date disaster recovery plan, and relying on outdated back up processes;

(g) Failed to update its software to meet the needs of a business of its nature, scale and risk profile; and

(h) Relying on paper files and records and failing to use a suitable software system in its monitoring and supervision of CARs and ARs until September 2020.

The Court Orders that:

(a) Lanterne pay to the Commonwealth of Australia a pecuniary penalty of $1.25 million within 30 days of making this order

(b) Lanterne is required to:

(i) Engage an independent expert within 30 days of the order who will:

Review Lanterne’s systems, processes and controls to determine adequacy
Where any aspect is considered inadequate, make recommendations as to the steps to make adequate.
Prepare a written report setting out the results of the review and deliver a copy of the report to the plaintiff and Lanterne (compliance report).

(ii) Within two months of the compliance report, establish a risk management and compliance program as well as implement any recommendations stemming from the compliance report.

(iii) Engage independent expert to within three months of the receipt of the compliance report, prepare a short written report in regards to the adequacy of the recommendations in the compliance report (implementation report).

Contact Us

Feel free to drop us a message if you have any questions or requests.

Or give us a call at

P: 03 9663 4456

and post us at

P.O. Box 18009
Collins Street East
Melbourne, VIC 8003

We're located at

Suite 2, Level 47, 80 Collins Street (North Tower)
Melbourne, VIC, 3000

Privacy Policy