Log In

Simplicity + Certainty = Confidence
monitor screenshots
Secure

Secure

Your information is securely held, communications are safely encrypted. Our fully encrypted backups occur often and regularly. Flexible and secure user password security.

Fast

Fast

Fast interfaces, user experience and reporting through the latest database design and web technology. User management tools aide efficient processes

Simple

Simple

Uncluttered user interfaces, multiple browser tab access, effortless data links. Our user-friendly and easy to learn user interface means no steep learning curve. Logical data entry flow with what you expect where you expect.

Customisable

Customisable

You select the modules you use and customise to your needs. You control your reports' content, you tailor your installation to suit your businesses needs

Standardised

Standardised

We support the global standards on Risk Management (ISO 31000) and Compliance (ISO 19600) and APRA SSP 220

Centralised

Centralised

One stop for all of your risk and compliance office needs. View completed and incomplete controls. Retain all your controls and records in the one accessable data base

How it Works

Feature diagram

CRS Certus becomes your record of your risks, risk profile, risk mitigators, obligations, responsible managers and staff, policies and procedures. It holds your proof of control execution. It facilitates recording and managing issues, incidents and complaints. CRS Certus can be interrogated to deliver reports on all data it holds in a format your audience needs.

Risks

Full risk management system. Customisable risk register. Multiple entity ratings support. Links to mitigating controls and issues register. Risk appetites tied to strategic objectives. Risk tolerance triggers and questionnaire system.

Obligations

Record obligations. Link to legislative or regulatory sources. Reconcile obligations with business controls

Controls

Document business controls. Link to risks and obligations. Assign responsibilities to managers. Automatically generate controls self-assessment questionnaires. Managers alerted when questionnaires are ready, complete within CRS Certus

Assessments

Controls response assessment navigation. Record testing results. Full audit records of resolution and further action. Directly load adverse responses into Issues Register.

Incidents

Capture incidents originating from within CRS Certus and reported by your business. Customise incident categories. Workflow management. Assign activities. Capture reportability assessment, related documents and developments.

Complaints

Customise complaint categories. Seamless flag as incidents, breaches or risk mitigation controls failures.

Registers

Breach register with regulator reporting assessments. Personal dealing approvals and register, gifts & benefits, training, conflicts of interest, relatedy party, legal documents, administrative documents, publications, office holder registers amongst others.

Alerts

Email alerts issued out of the system directed to your defined positions. Customisable email content and triggers. Email service log validates that communications are sent.

Policies & Procedures

Policies and procedures library. Alert users to new content to review within CRS Certus. Capture user confirms of access and understanding of policies and procedures. The library becomes your single point of truth.

Reporting

Flexible reporting to PDF and XLS(X). Customisable report content, period and presentation, tailored and relevant for the audience. Reports returned immediately. Aides regulatory enquiry, annual audit, demonstrates the control you have over your business

Consultancy and Outsourced Management

In addition to providing CRS-Certus as a software service, we provide consulting and outsourced management services. These services are available separately from CRS-Certus.

We can help to:

  • Operationalise your risk and compliance management system.
  • Workshop your risks.
  • Build Controls.
  • Document your regulatory obligations.
  • Implement incident/complaints reporting.
  • Document your policies & Procedures

Compliance & Risk Services Pty Ltd has been providing risk and compliance management solutions for businesses for over 10 years.

Our speciality in financial expertise

We have particular experience with financial Australian financial institutions such as Australian Financial Services Licensee, APRA regulated entities, Australian Credit licensees and AUSTRAC reporting entities.

  • Australian Financial Services ('AFS') Licence applications and licence variations
  • RSE licence applications
  • AFS Licence compliance reviews
  • Managed investment scheme registrations
  • Draft compliance plans
  • Draft Product Disclosure Statements ('PDS')
  • PDS due diligence
  • MDA contracts
  • Provide outsourced compliance management
  • Anti-money laundering & counter terrorism financing ('AML/CTF') programs
  • Independent reviews of AML/CTF programs
  • External Compliance Committee members
  • Temporary compliance staff placements
  • Risk management frameworks
  • Local agent for foreign licensees
  • Technical and product advisory services
  • Responsible manager training

Our values and ideals

Experience

We are experienced risk and compliance management practitioners experienced in developing and operating risk and compliance management systems.
CRS-Certus is developed through our experience as risk and compliance management practitioners.

In-house programming team

Our programming team is retained in-house. We believe that the partnership of practitioner and programmer provides a strength that few competitors may match.

Secure IT architecture and backups

Our system uses contemporary database design, programming languages, and hardware. We have implemented a constant backup regime using offsite encrypted storage.

Trust

We have provided services to over 200 clients over the globe. We have acted as topic experts under ASIC enforceable undertakings, engaged as experts in litigation and ASX disciplinary reviews.

Articles

First Tranche of Privacy Reforms Passed
By Christina Barlow at 27/02/2025
No Change to Wholesale Client Test Thresholds
By Gerald O'Byrne at 17/02/2025
Sanlam agrees to an ASIC initiated Court Enforceable Undertaking (CEU)
By Adam Bold at 16/01/2025
ASIC sues HSBC, failure to act Efficiently Honestly and Fairly
By Adam Bold at 09/01/2025
ASIC warns governance gap could emerge in first report on AI adoption by licensees
By Vicki Guo at 06/11/2024
ASIC Media Release - ASIC cancels two AFSLs and 11 ACLs
By Christina Barlow at 14/10/2024
AML/CTF Law reform in Australia
By Vicki Guo at 08/10/2024
Monitoring business communications
By Adam Bold at 03/09/2024
Compensation Scheme of Last Resort
By Gerald O'Byrne at 14/08/2024
First court ruling for ASIC on non-cash payment facility involving cryptocurrency assets
By Vicki Guo at 06/05/2024
First Tranche of Privacy Reforms Passed

The Privacy and Other Legislation Amendment Bill 2024 (Cth) has been passed by both Houses of Parliament.

Key takeouts

  • The Privacy and Other Legislation Amendment Bill 2024 (Cth) has been passed by both Houses of Parliament. The Bill now awaits the Royal Assent.
  • The Bill implements 23 of the 25 proposals directed at legislative change to the Privacy Act 1988 (Cth) that were ‘agreed’ to by the Government in its 2023 response to the Attorney-General’s Privacy Act Review Report.
  • Key changes to the Bill since it was first introduced include changes to the tort for serious invasions of privacy, and the introduction of new OAIC powers to issue compliance notices.

The Privacy and Other Legislation Amendment Bill 2024 (Cth) (Bill) was passed by both Houses of Parliament on 29 November 2024. It is the first tranche of long-awaited reforms to the Privacy Act 1988 (Cth) (Privacy Act) following the Attorney-General’s Privacy Act Review Report of February 2023 (Report) and the Government’s response to that Report of September 2023 (Response). 

In the Government’s Response, it ‘agreed’ to 38 of the 116 proposals, with a further 68 ‘agreed in-principle’. The Bill implements 23 of the 25 ‘agreed’ proposals that were specifically directed at legislative change. Key reforms which have been passed include:

  • a new cause of action in tort for serious invasions of privacy;
  • a new criminal offence of ‘doxxing’ – that is, releasing personal data using a carriage service in a manner that would reasonably be regarded as menacing or harassing;
  • a requirement for the OAIC to develop a Children’s Online Privacy Code addressing online privacy for children;
  • new civil penalty provisions for interfering with the privacy of individuals and new OAIC powers to issue infringement notices and compliance notices;
  • new Ministerial powers to ‘white list’ countries that provide substantially similar privacy protections, in order to assist entities disclosing personal information overseas;
  • a new requirement for privacy policies to include information about automated decision-making; and
  • clarifying that taking ‘reasonable steps’ to protect the security of personal information includes implementing ‘technical and organisational measures’.

There have been some changes to the Bill since it was first introduced, in particular, to the tort for serious invasion of privacy, and the introduction of new OAIC powers to issue compliance notices, which we explore below.

The key amendments commence the day after the Bill receives the Royal Assent, except for:

  • updating privacy policies to include automated decision-making – which will commence 24 months after the Royal Assent; and
  • the provisions relating to the tort of serious invasions of privacy – which will commence on a day to be fixed, but within 6 months after the Royal Assent.

 

Contact Us

Feel free to drop us a message if you have any questions or requests.

Or give us a call at

P: 03 9663 4456

and post us at

P.O. Box 18009
Collins Street East
Melbourne, VIC 8003

We're located at

Suite 2, Level 47, 80 Collins Street (North Tower)
Melbourne, VIC, 3000

Privacy Policy