For a financial services firm, Section 912A and Directors' Duties are the twin engines of your compliance framework. In the 2026 "Year of Accountability," ASIC is no longer treating these as abstract concepts — they are the primary tools used to regulate the "black box" of AI and automated decision-making (ADM).
To hold an Australian Financial Services Licence (AFSL) is to make a professional commitment to a high standard of conduct. That commitment is codified in Section 912A of the Corporations Act 2001 and reinforced by the fiduciary duties of your company's officers. For AFSL holders deploying AI, these are not background rules — they are your primary regulatory exposure.
Section 912A is "technology neutral" — it applies to your algorithms exactly as it applies to your human advisers. There is no carve-out for automation. If a system touches a client outcome, the obligation attaches.
| Obligation | Statutory Ref | What it means for AI & ADM |
|---|---|---|
| Efficient, Honest & Fair | s912A(1)(a) | Your AI cannot be a "black box." Every automated output must be fair, free from bias, and explainable to the client in plain terms. If you cannot describe why the algorithm reached its conclusion, you are already at risk. |
| Conflicts of Interest | s912A(1)(aa) | A robo-advice or product-screening model must not be programmed — even implicitly through training data — to favour your firm's own products over the client's genuine best interests. Conflicts in code are still conflicts. |
| Adequate Resources | s912A(1)(d) | You must have both the technological infrastructure and the qualified human capability to monitor your AI in real time. Deploying a system you cannot supervise is not a resource gap — it is a licence risk. |
| Trained & Competent | s912A(1)(f) | Your Responsible Managers and representatives must be trained not just to use ADM systems, but to challenge, override, and remediate them when automated outputs are unsuitable for specific clients. |
| Risk Management | s912A(1)(h) | Your risk framework must explicitly name and address AI-specific threats: model drift, data poisoning, and algorithmic bias. A generic risk register is no longer sufficient. |
When an AI system causes client harm, the question ASIC asks is not "what did the algorithm do?" — it is "what did you know, and what did you do about it?" The courts and ASIC now expect directors to bring an enquiring mind to every technology their firm deploys. The legal responsibility for a rogue AI or a failed automated system stops with you.
Directors must inform themselves about the risks of AI adoption. Claiming ignorance of how your automated credit-scoring or advice engine works is not a defence — it is evidence of the breach. The standard demands an enquiring mind, not passive sign-off.
AI implementation decisions must be made in the genuine best interests of clients and the company, not simply to cut costs while degrading service quality. Short-term efficiency gains that sacrifice client outcomes do not satisfy this duty.
The vast datasets used to train your AI are a corporate asset. You must ensure they are not misused — whether for improper commercial gain or in ways detrimental to the firm or its clients. See our full s182–183 resource for a detailed breakdown.
An "AI hallucination" triggering significant client liability, mass remediation, or regulatory penalties can impair a firm's solvency far faster than any traditional compliance failure. Directors carry personal exposure when that financial risk is not proactively governed.
In late 2025, ASIC's action against Interprac Financial Planning served as a stark reminder: manual systems cannot scale to meet s912A obligations in a modern environment. The case is a blueprint for what ASIC will look for in your firm's 2026 ADM Transparency review.
Interprac allegedly auto-included funds on its Approved Product List based solely on an external star rating — no independent due diligence. ASIC argues this reliance on a single automated signal is a direct breach of licensee duties. The lesson applies equally to any AI-driven product screening today.
When clients complained, Interprac allegedly issued template responses that failed to investigate whether the underlying advice was appropriate. This is a direct warning against using LLMs or automated tools to rubber-stamp complaint handling. An automated response that looks like compliance is not compliance.
ASIC alleges Interprac had access to the data — revenue spikes, unusual product flows, identical Statements of Advice issued to unrelated clients — to identify the risk early. They failed to use it. In an AI-enabled environment, not acting on data your systems already hold is itself a governance failure.
As your AI GRC Strategist, Liberate Consulting reads the Interprac case as the blueprint for what ASIC will examine in your 2026 ADM Transparency review:
You cannot outsource your regulatory responsibility to an algorithm or a third-party provider. If your AI makes a recommendation, you must be able to explain why it was in the client's best interest — and demonstrate the human review that confirmed it.
Manual compliance cannot keep pace with the speed of AI. Interprac demonstrated that spreadsheet-based monitoring is structurally broken — it cannot detect systemic patterns before harm crystallises. If you deploy AI, your oversight infrastructure must match its velocity.
ASIC Deputy Chair Sarah Court has stated that a licensee must be "alert and responsive." For AI, this means having Human-in-the-Loop (HITL) protocols that actually function — not ones that exist in a policy document and are never operationalised.
The Interprac case remains before the Federal Court. ASIC is seeking civil penalties and orders to restrain Interprac from carrying on a financial services business. This "existential risk" outcome is why Liberate Consulting prioritises Technical Readiness and GRC Pillars in your strategy — a compliance failure of this magnitude does not offer a second chance.
In 2026, "I didn't know the algorithm did that" is no longer a valid legal defence. ASIC expects your Responsible Managers and Directors to have real-time, data-driven, RegTech-enabled supervision of every automated system touching client outcomes. The Interprac case proves it will act when that standard is not met.
The fastest way to understand your s912A exposure is the 15-minute AI Readiness Scorecard — $97, with a personalised Executive Report delivered immediately.
