Simplicity + Certainty = Confidence
monitor screenshots


Your information is securely held, communications are safely encrypted. Our fully encrypted backups occur often and regularly. Flexible and secure user password security.



Fast interfaces, user experience and reporting through the latest database design and web technology. User management tools aide efficient processes



Uncluttered user interfaces, multiple browser tab access, effortless data links. Our user-friendly and easy to learn user interface means no steep learning curve. Logical data entry flow with what you expect where you expect.



You select the modules you use and customise to your needs. You control your reports' content, you tailor your installation to suit your businesses needs



We support the global standards on Risk Management (ISO 31000) and Compliance (ISO 19600) and APRA SSP 220



One stop for all of your risk and compliance office needs. View completed and incomplete controls. Retain all your controls and records in the one accessable data base

How it Works

Feature diagram

CRS Certus becomes your record of your risks, risk profile, risk mitigators, obligations, responsible managers and staff, policies and procedures. It holds your proof of control execution. It facilitates recording and managing issues, incidents and complaints. CRS Certus can be interrogated to deliver reports on all data it holds in a format your audience needs.


Full risk management system. Customisable risk register. Multiple entity ratings support. Links to mitigating controls and issues register. Risk appetites tied to strategic objectives. Risk tolerance triggers and questionnaire system.


Record obligations. Link to legislative or regulatory sources. Reconcile obligations with business controls


Document business controls. Link to risks and obligations. Assign responsibilities to managers. Automatically generate controls self-assessment questionnaires. Managers alerted when questionnaires are ready, complete within CRS Certus


Controls response assessment navigation. Record testing results. Full audit records of resolution and further action. Directly load adverse responses into Issues Register.


Capture incidents originating from within CRS Certus and reported by your business. Customise incident categories. Workflow management. Assign activities. Capture reportability assessment, related documents and developments.


Customise complaint categories. Seamless flag as incidents, breaches or risk mitigation controls failures.


Breach register with regulator reporting assessments. Personal dealing approvals and register, gifts & benefits, training, conflicts of interest, relatedy party, legal documents, administrative documents, publications, office holder registers amongst others.


Email alerts issued out of the system directed to your defined positions. Customisable email content and triggers. Email service log validates that communications are sent.

Policies & Procedures

Policies and procedures library. Alert users to new content to review within CRS Certus. Capture user confirms of access and understanding of policies and procedures. The library becomes your single point of truth.


Flexible reporting to PDF and XLS(X). Customisable report content, period and presentation, tailored and relevant for the audience. Reports returned immediately. Aides regulatory enquiry, annual audit, demonstrates the control you have over your business

Consultancy and Outsourced Management

In addition to providing CRS-Certus as a software service, we provide consulting and outsourced management services. These services are available separately from CRS-Certus.

We can help to:

  • Operationalise your risk and compliance management system.
  • Workshop your risks.
  • Build Controls.
  • Document your regulatory obligations.
  • Implement incident/complaints reporting.
  • Document your policies & Procedures

Compliance & Risk Services Pty Ltd has been providing risk and compliance management solutions for businesses for over 10 years.

Our speciality in financial expertise

We have particular experience with financial Australian financial institutions such as Australian Financial Services Licensee, APRA regulated entities, Australian Credit licensees and AUSTRAC reporting entities.

  • Australian Financial Services ('AFS') Licence applications and licence variations
  • RSE licence applications
  • AFS Licence compliance reviews
  • Managed investment scheme registrations
  • Draft compliance plans
  • Draft Product Disclosure Statements ('PDS')
  • PDS due diligence
  • MDA contracts
  • Provide outsourced compliance management
  • Anti-money laundering & counter terrorism financing ('AML/CTF') programs
  • Independent reviews of AML/CTF programs
  • External Compliance Committee members
  • Temporary compliance staff placements
  • Risk management frameworks
  • Local agent for foreign licensees
  • Technical and product advisory services
  • Responsible manager training

Our values and ideals


We are experienced risk and compliance management practitioners experienced in developing and operating risk and compliance management systems.
CRS-Certus is developed through our experience as risk and compliance management practitioners.

In-house programming team

Our programming team is retained in-house. We believe that the partnership of practitioner and programmer provides a strength that few competitors may match.

Secure IT architecture and backups

Our system uses contemporary database design, programming languages, and hardware. We have implemented a constant backup regime using offsite encrypted storage.


We have provided services to over 200 clients over the globe. We have acted as topic experts under ASIC enforceable undertakings, engaged as experts in litigation and ASX disciplinary reviews.


ASIC reference checking and information sharing protocol
By Gerald O'Byrne at 26/07/2021
ASIC email to licensees - reportable situations
By Murray Jones at 25/06/2021
Structural change in Stock Broking
By Adam Bold at 23/06/2021
Ongoing Fee Arrangements - Obligations and Client Consent
By Terry Dalziel at 16/06/2021
Property related AFS Licensees and APRA Connect
By Gerald O'Byrne at 09/06/2021
Change in treatment of leases for calculation of net asset, adjusted surplus liquid funds and surplus liquid funds – no longer an excluded asset
By Terry Dalziel at 02/05/2021
New Compliance Standard replaces ISO 19600
By Murray Jones at 20/04/2021
Consent to Deductions – Ongoing fee arrangements, information to be provided where a fee is to be deducted from a clients account: An updated.
By Terry Dalziel at 30/03/2021
Special Purpose Financial Statements ceasing from 1 July 2021
By Terry Dalziel at 30/03/2021
Disclosure of lack of independence – further disclosure via legislative instrument
By Terry Dalziel at 25/03/2021
Financial Sector Reform (Hayne Royal Commission Response No. 2) Bill 2020 now Law
By Terry Dalziel at 11/03/2021
Claims handling and settlement service and the need to be authorised
By Terry Dalziel at 01/03/2021
Wholesale and Sophisticated Clients can access AFCA
By Adam Bold at 22/01/2021
Financial Sector Reform (Hayne Royal Commission Response No. 2) Act 2020 - Impact on financial advisers
By Terry Dalziel at 16/12/2020
ASIC commences action against the RI Advice Group Pty Ltd
By Terry Dalziel at 24/08/2020
Deferral of mortgage broker reforms and design & distribution obligations
By Murray Jones at 12/05/2020
ASIC amends requirements where COVID-19 related advice is provided
By Terry Dalziel at 16/04/2020
AUSTRAC Industry engagement
By Adam Bold at 02/03/2020
Financial Sector Reform (Hayne Royal Commission Response - Stronger Regulators (2019 Measures) Act 2020
By Gerald O'Byrne at 24/02/2020
Code of Ethics Guide
By Terry Dalziel at 21/10/2019
ASIC reference checking and information sharing protocol

From 1 October 2021 AFS Licensees and Australian credit licensees (collectively 'licensees') must comply with the ASIC Reference checking and information sharing protocol which is set out in ASIC Corporations and Credit (Reference Checking and Information Sharing Protocol) Instrument 2021/429 (ASIC Protocol).

The purpose is to promote better information sharing about the performance of prospective financial advisers and mortgage brokers. 

Who the ASIC protocol applies to

The ASIC Protocol applies to;

  • a 'recruiting licensee', that is, a licensee considering employing or authorising a prospective representative as a financial adviser or mortgage broker; and
  • a 'referee licensee', that is a prospective representative's current and/or former licensee in the last 5 years from whom the reference is sought.

The recruiting licensee is required to request a reference about the prospective representative from the referee licensee.

The referee licensee must then share information with the recruiting licensee by giving a reference.

 Recruiting licensee must take reasonable steps

These include:

  • seeking written consent from a prospective representative to request a reference; and
  • if consent is given - requesting a reference from the referee licensee.

If consent or a reference is refused

While not prohibited from employing or authorising the prospective representative a licensee will need to be able to show it complied with its general conduct obligations if it decides to employ or authorise the prospective representative.  

Who is a referee licensee?

These are current or former licensees of a prospective representative in last five years from whom a reference is sought. 

When to obtain a reference

References can be obtained at the beginning or end of the recruitment process or before the prospective representative commences their new role.  

Recruiting licensee must seek consent

Before requesting a reference you must obtain written consent from the prospective representative for the reference to be obtained. 

A template consent form has been provided with the protocol for this purpose. 

Recruiting licensee must request a reference

A template reference request is provided for this purpose.

The prospective representative's consent must be included with the reference request.

Only minor amendments may be made to the template reference request.

Requesting a clarification or update from a referee licensee

You may request a clarification or update from a referee licensee, such as clarifying or giving further details about information they originally gave you. 

Requesting information outside the ASIC protocol

Nothing in the ASIC protocol limits or prevents you from requesting additional information from a referee licensee, provided you do not reduce the scope of the template reference request. However, the referee licensee is not obliged to share it with you. 

Referee licensee must give a reference

You must respond in writing to a recruiting licensee's request for a reference within 10 business days, unless you both agree to a longer period (up to 30 business days). 

You must include in your written reference all the information you are aware of and reasonably consider to be relevant to answer the template reference request. 

Information provided should be factual (not subjective or an opinion) which can be substantiated and current and complete.

If you cannot answer a question in the template you must explain in writing to the recruiting licensee why you cannot answer them. 

Defence of qualified privilege

A defence of qualified privilege applies to information shared in accordance with the ASIC protocol.  This protects the parties from the risk of defamation action.  It does not apply to any information you share that you were not obliged to give e.g. such as conduct that occurred more than 5 years ago or any additional information to the template reference request. 

The ASIC protocol also contains provisions relating to: 

  • Using agents to collect, use and store personal information
  • Use of information collected
  • Disclosing how the recruiting licensee can contact you for reference checking e.g. website contact.
  • Record keeping
  • Checklists for recruiting licensees and referee licensees

Providing copies of references

The ASIC protocol does not require the recruiting licensee or the referee licensee to give a copy of a reference to the prospective representative.  However, the prospective representative may be able to obtain a copy under Australian Privacy Principle 12 -  Access to personal information.  In certain circumstances, the handling of records relating to current and former employees is exempt from the Australian Privacy Principles under the employee records exemption. 

A referee licensee may voluntarily provide a prospective representative with a copy of a reference they have given to the recruiting licensee. 


Contact Us

Feel free to drop us a message if you have any questions or requests.

Or give us a call at

P: 03 9663 4456

and post us at

P.O. Box 18009
Collins Street East
Melbourne, VIC 8003

We're located at

Level 25, 360 Collins St
Melbourne, VIC, 3000