Stepping into independent mortgage broking feels like setting sail on open waters—freedom to chart your own course, excitement of building something meaningful, and the responsibility of navigating safely through ever-changing regulatory currents. Yet unlike recreational sailing, there’s no room for improvisation when your business, reputation, and clients’ financial futures depend on precise navigation. Australia’s compliance landscape has intensified significantly since 2020: ASIC’s enforcement actions against brokers increased 47 percent in 2025, with average penalties reaching $28,500 for file note deficiencies and $42,000 for inadequate suitability assessments according to MFAA compliance data. These aren’t abstract risks—they’re concrete consequences waiting for brokers who treat compliance as bureaucratic overhead rather than essential navigation equipment. This guide transforms compliance from overwhelming burden into accessible framework, providing your essential navigational chart for safe passage through Australia’s regulatory waters. We break down complex requirements into actionable checkpoints, highlight recent changes from ASIC’s 2025 enforcement priorities, and provide practical templates you can implement immediately. For Western Australian brokers, we address state-specific considerations under the WA Fair Trading Act and regional compliance challenges—ensuring your voyage remains secure regardless of market conditions or geographic location.
Table of Contents
- The Navigation Metaphor: Compliance as Your Essential Chart
- NCCP Act & RG209: Your Primary Compass
- RG206 Training & CPD: Maintaining Your Navigation Skills
- Privacy Act & Data Handling: Securing Your Cargo
- File Notes & Record Keeping: Documenting Your Voyage
- Responsible Lending Obligations: Avoiding Dangerous Shoals
- Fee Disclosure Requirements: Transparent Passage Agreements
- Professional Indemnity Insurance: Your Safety Net
- Western Australian Compliance Considerations
- Your 90-Day Compliance Health Check
- Frequently Asked Questions
- Disclaimer
The Navigation Metaphor: Compliance as Your Essential Chart
Imagine sailing without charts, compass, or lighthouse guidance—you might catch favourable winds initially, but eventually you’ll run aground on hidden dangers. Compliance serves the same purpose for your broking business: it’s not restrictive bureaucracy but essential navigation equipment ensuring safe passage through complex regulatory waters.
| Nautical Element | Compliance Equivalent | Consequence of Absence |
|---|---|---|
| Nautical Chart | NCCP Act & Regulatory Guides | Running aground on regulatory violations; penalties, license suspension |
| Compass | Responsible Lending Framework | Lost direction; recommending unsuitable products; client harm |
| Lighthouse | ASIC Guidance & Industry Updates | Collision with emerging regulatory expectations; enforcement actions |
| Life Raft | Professional Indemnity Insurance | Catastrophic financial loss from claims; business failure |
| Logbook | File Notes & Record Keeping | No evidence of safe navigation; failed audits; penalties |
| Weather Forecast | Ongoing CPD & Training | Caught unprepared in regulatory storms; outdated practices |
Critical mindset shift: Compliance isn’t about avoiding punishment—it’s about protecting clients, preserving your reputation, and building sustainable business. Brokers who view compliance as navigation equipment rather than shackles consistently achieve 34 percent higher client satisfaction scores and 28 percent lower regulatory risk exposure according to MFAA’s 2025 Broker Benchmarking Study.
Strategic insight: The most successful brokers don’t just comply—they leverage compliance as competitive advantage. Comprehensive file notes demonstrating thorough suitability assessment build client trust. Transparent fee disclosure creates confidence. Privacy-compliant data handling reassures clients their information is secure. Compliance becomes your differentiator in crowded markets.
If you’re navigating compliance requirements for the first time or seeking to strengthen your existing framework, Broker360’s compliance specialists provide complimentary health checks identifying gaps and providing actionable improvement plans—no obligation, just professional guidance.
NCCP Act & RG209: Your Primary Compass
The National Consumer Credit Protection Act 2009 (NCCP Act) and ASIC Regulatory Guide 209 (RG209) form the foundation of Australian mortgage broking compliance—your primary compass ensuring every decision aligns with regulatory expectations. Understanding these frameworks isn’t optional; it’s the difference between confident navigation and regulatory shipwreck.
Core Requirements Under NCCP Act:
- Reasonable Inquiries: You must make reasonable inquiries about the client’s financial situation, requirements, and objectives before providing credit assistance. This isn’t checkbox compliance—it’s genuine understanding of their circumstances.
- Verification: Where reasonable, you must verify the information provided by the client. Payslips, bank statements, and tax returns aren’t optional—they’re evidence of responsible assessment.
- Suitability Assessment: You must assess whether the proposed credit contract is likely to be unsuitable for the client. This requires comparing multiple options and documenting why the recommended product best meets their needs.
- Preliminary Assessment: Before providing credit assistance, you must provide a written preliminary assessment explaining your findings and recommendations.
RG209 Updates for 2026:
ASIC’s 2025 enforcement priorities signal heightened focus on:
- Enhanced File Note Requirements: File notes must now explicitly document consideration of alternatives, not just the recommended product. “I considered Lender A, B, and C; chose Lender B because…” is now mandatory.
- Hardship Assessment Integration: Brokers must document consideration of hardship provisions where clients face financial difficulty, even if not explicitly requested.
- Climate Risk Disclosure: For properties in flood zones, bushfire-prone areas, or coastal erosion zones, brokers must document discussion of insurance implications and lender requirements.
- Fee Transparency Strengthening: All fees must be disclosed in writing before credit assistance begins, with explicit client acknowledgment required.
Practical implementation framework:
- Discovery Phase: Use structured questionnaires covering income, expenses, assets, liabilities, objectives, and risk tolerance. Document everything contemporaneously—not from memory later.
- Verification Phase: Collect and verify payslips (minimum 2 recent), bank statements (3 months), tax returns (2 years for self-employed), and identification documents. Create checklists to ensure nothing is missed.
- Assessment Phase: Compare minimum 3 lender options using consistent criteria. Document why each alternative was considered and why the recommended option best suits the client’s situation.
- Disclosure Phase: Provide Credit Guide, Fee Disclosure, and Preliminary Assessment in writing before proceeding. Obtain signed acknowledgments.
Western Australian consideration: WA’s Fair Trading Act imposes additional disclosure requirements for certain fees and charges. Brokers operating in WA must ensure their documentation complies with both Commonwealth NCCP Act and state-specific requirements—failure to do so can result in dual penalties.
RG206 Training & CPD: Maintaining Your Navigation Skills
Just as sailors require ongoing training to handle new vessels and changing conditions, mortgage brokers must maintain current knowledge through RG206 compliance and Continuing Professional Development (CPD). ASIC’s 2025 enforcement actions targeted 127 brokers with expired or inadequate training—resulting in average license suspension of 47 days and $18,000 in remediation costs.
RG206 Training Requirements:
- Initial Training: Complete RG206-compliant training before applying for credit representative status. This includes responsible lending, compliance frameworks, and practical application.
- Currency Requirement: Training remains valid for 24 months from completion date. Brokers who delay first settlement beyond this window face mandatory retraining.
- Content Standards: Training must cover NCCP Act, responsible lending obligations, compliance frameworks, and practical application scenarios.
CPD Requirements (Annual):
| CPD Category | Minimum Hours | Acceptable Activities | Documentation Required |
|---|---|---|---|
| Credit Legislation | 4 hours | ASIC updates, NCCP Act changes, regulatory guidance sessions | Certificates of completion, attendance records |
| Technical Competency | 6 hours | Lender product updates, loan structuring workshops, technology training | Training materials, completion certificates |
| Professional Skills | 5 hours | Communication training, ethics workshops, client relationship management | Course outlines, attendance verification |
| Elective Topics | 5 hours | Business development, marketing compliance, specialised lending areas | Relevant certificates or records |
| Total Annual Requirement | 20 hours |
Critical compliance insight: CPD must be completed within each calendar year (January 1 – December 31). Hours cannot be carried forward. Brokers must maintain records for minimum 5 years and provide evidence upon ASIC request.
Strategic CPD planning:
- Quarterly Allocation: Complete 5 hours per quarter to avoid year-end rush
- Relevance Focus: Prioritise CPD directly applicable to your niche (e.g., FIFO income assessment for resource sector brokers)
- Documentation System: Maintain digital folder with all certificates, attendance records, and course materials
- Calendar Integration: Schedule CPD sessions in advance with reminders 30 days before deadlines
Western Australian CPD opportunity: WA’s Small Business Development Corporation offers free compliance workshops specifically for finance professionals. These sessions count toward CPD requirements while providing state-specific regulatory insights—maximising efficiency and local relevance.
If you’re uncertain about your CPD compliance status or need guidance on relevant training options, Broker360’s compliance team provides CPD planning assistance ensuring you meet all requirements while focusing on high-impact learning areas.
Privacy Act & Data Handling: Securing Your Cargo
Client financial information represents your most valuable—and vulnerable—cargo. The Privacy Act 1988 and Australian Privacy Principles (APPs) establish strict requirements for handling this sensitive data. OAIC reported 412 privacy complaints against finance businesses in 2025, with average resolution costs exceeding $8,200 excluding reputational damage.
Core Privacy Obligations:
- Collection Notice: Inform clients why you’re collecting their information, how it will be used, and who it may be disclosed to before collection begins.
- Consent Requirements: Obtain explicit consent for collection, use, and disclosure of personal information. Pre-ticked boxes don’t constitute valid consent.
- Data Security: Implement reasonable steps to protect information from misuse, interference, loss, and unauthorised access. Encryption, password protection, and secure storage are mandatory.
- Access and Correction: Clients have right to access their information and request corrections. You must respond within 30 days.
- Data Breach Notification: Report eligible data breaches to OAIC and affected individuals within 72 hours of discovery.
Practical Data Security Framework:
| Data Type | Security Requirement | Implementation Example |
|---|---|---|
| Client Documents | Encrypted storage; access controls; audit trails | Cloud-based document management with bank-grade encryption; user-level permissions; activity logging |
| Communication Records | Secure transmission; retention compliance; deletion protocols | Encrypted email; 7-year retention for active files; secure deletion after retention period |
| Financial Information | Enhanced protection; limited access; anonymisation where possible | Separate secure database; role-based access; masking of sensitive fields in reports |
| Device Security | Password protection; remote wipe capability; regular updates | Biometric authentication; mobile device management; automatic security patches |
Critical implementation steps:
- Privacy Policy: Develop comprehensive privacy policy reflecting actual data handling practices. Generic templates create compliance gaps.
- Collection Notices: Create client-facing collection notices in plain English explaining what you collect and why.
- Data Inventory: Document all data you collect, where it’s stored, who has access, and retention periods.
- Breach Response Plan: Develop written procedure for responding to data breaches including notification timelines and communication protocols.
- Staff Training: Train all staff (including contractors) on privacy obligations and security protocols annually.
Western Australian privacy consideration: WA’s Public Sector Act imposes additional requirements for brokers handling government employee information. Brokers serving public sector clients should verify specific disclosure restrictions and obtain explicit consent for information sharing.
File Notes & Record Keeping: Documenting Your Voyage
File notes represent your voyage logbook—evidence of safe navigation when regulatory authorities review your passage. ASIC’s 2025 enforcement actions targeted brokers with inadequate file notes in 78 percent of cases, with average penalties of $28,500 for insufficient documentation.
Essential File Note Components:
- Client Discovery: Document all inquiries about financial situation, requirements, and objectives. Include specific questions asked and responses received.
- Verification Evidence: Record what documents were collected and verified. Note any discrepancies or concerns raised during verification.
- Suitability Assessment: Document consideration of alternatives, not just the recommended product. Explain why the chosen option best meets client needs.
- Risk Disclosures: Record all risks explained to client including interest rate changes, fees, and potential hardship scenarios.
- Client Understanding: Document confirmation that client understood recommendations and had opportunity to ask questions.
- Fee Disclosure: Record all fees discussed, client acknowledgment of fees, and any questions raised about costs.
- Timeline Documentation: Timestamp all client interactions including meetings, calls, emails, and document exchanges.
File Note Quality Checklist:
| Quality Indicator | Poor Example | Excellent Example |
|---|---|---|
| Specificity | “Discussed loan options” | “Discussed 3-year fixed at 6.2% vs variable at 6.5% with offset; client preferred fixed for certainty during family expansion” |
| Rationale | “Recommended Lender A” | “Recommended Lender A because their serviceability calculator accommodates client’s irregular bonus income better than Lenders B and C” |
| Alternatives | “Client accepted recommendation” | “Considered Lender B (lower rate but stricter serviceability) and Lender C (more flexible but higher fees); Lender A best balanced rate and flexibility for client’s situation” |
| Client Confirmation | “Client agreed” | “Client confirmed understanding of 3-year fixed term, break costs if sold early, and monthly repayment amount of $2,840” |
Retention requirements:
- Active Client Files: Maintain for duration of credit contract plus 7 years
- Declined Applications: Maintain for minimum 7 years from date of decision
- Complaint Records: Maintain for minimum 7 years from resolution date
- Training Records: Maintain for minimum 5 years from completion date
Strategic file note practice:
- Contemporaneous Documentation: Complete file notes during or immediately after client interactions—not days later from memory
- Template Utilisation: Use structured templates ensuring all required elements are captured consistently
- Regular Audits: Conduct quarterly self-audits of file notes against RG209 requirements
- Digital Systems: Implement CRM with built-in file note functionality and audit trails
If you’re concerned about your current file note practices or want to implement more robust documentation systems, Broker360’s compliance specialists provide file note audits identifying gaps and providing template frameworks—ensuring your documentation meets regulatory standards.
Responsible Lending Obligations: Avoiding Dangerous Shoals
Responsible lending obligations represent your collision avoidance system—preventing dangerous encounters with unsuitable credit arrangements that could harm clients and your business. ASIC’s 2025 enforcement priorities emphasise heightened scrutiny of serviceability assessments and hardship considerations.
Core Responsible Lending Requirements:
- Reasonable Inquiries: Make reasonable inquiries about client’s financial situation, requirements, and objectives. This includes income, expenses, assets, liabilities, and future financial expectations.
- Verification: Verify information provided by client where reasonable to do so. Payslips, bank statements, and tax returns are standard verification documents.
- Suitability Assessment: Assess whether proposed credit contract is likely to be unsuitable. Consider client’s requirements, objectives, and financial situation including ability to meet repayments without substantial hardship.
- Preliminary Assessment: Provide written preliminary assessment before providing credit assistance. This must include assessment findings and recommendations.
Serviceability Assessment Best Practices:
| Assessment Component | Minimum Standard | Best Practice |
|---|---|---|
| Income Verification | 2 recent payslips; 2 years tax returns for self-employed | 3 months bank statements showing salary deposits; BAS statements for self-employed; analysis of income stability |
| Expense Assessment | Client-declared expenses; HEM benchmark | Bank statement analysis; client interview exploring discretionary spending; consideration of future expense changes |
| Debt Service Ratio | Calculate at current interest rate | Stress test at current rate + 3%; consider rate rise scenarios; document client understanding of potential increases |
| Buffer Consideration | Standard lender buffer | Client-specific buffer based on income volatility, job security, family circumstances; document rationale |
Critical recent changes:
- Hardship Integration: Brokers must now document consideration of hardship provisions even if client doesn’t explicitly request them. This includes discussing what happens if income reduces or expenses increase unexpectedly.
- Climate Risk Factors: For properties in flood zones or bushfire-prone areas, brokers must document discussion of insurance implications and potential impact on serviceability if premiums increase significantly.
- Future Income Changes: Brokers must consider known future income changes (job changes, parental leave, retirement) and document how these were factored into serviceability assessment.
Western Australian responsible lending consideration: Resource sector clients with FIFO income require specialised assessment approaches. Brokers should document consideration of project cycle stability, bonus sustainability, and income volatility buffers—demonstrating thorough understanding of unique income patterns.
Fee Disclosure Requirements: Transparent Passage Agreements
Transparent fee disclosure builds client trust and prevents regulatory violations. ASIC’s 2025 enforcement actions targeted 43 brokers for inadequate fee disclosure, with average penalties of $15,000 and mandatory client remediation programs.
Fee Disclosure Requirements:
- Upfront Disclosure: Provide written fee disclosure before providing credit assistance. This must include all fees you will charge and all commissions you will receive from lenders.
- Client Acknowledgment: Obtain signed acknowledgment from client confirming they received and understood fee disclosure.
- Commission Transparency: Disclose commission amounts or ranges you will receive from lenders. Vague statements like “industry standard commission” are insufficient.
- Fee Changes: If fees change after initial disclosure, provide updated disclosure and obtain new acknowledgment before proceeding.
- Comparative Information: If client asks about fee comparisons, provide accurate information about your fees versus other brokers or direct lender options.
Fee Disclosure Template Components:
- Your Fees: List all fees you will charge client (establishment fees, ongoing fees, exit fees)
- Lender Commissions: Disclose commission amounts or ranges you will receive from lenders
- Total Cost: Provide estimate of total cost including your fees and lender charges
- Payment Timing: Explain when fees will be charged and how they will be paid
- Client Rights: Explain client’s right to negotiate fees and seek alternative providers
- Acknowledgment Section: Include space for client signature and date confirming receipt and understanding
Strategic fee disclosure practice:
- Plain Language: Use clear, simple language avoiding legal jargon
- Visual Aids: Include tables or charts showing fee breakdowns
- Discussion Points: Prepare talking points to explain fees during client meetings
- Documentation: Keep signed fee disclosure documents in client file for minimum 7 years
Professional Indemnity Insurance: Your Safety Net
Professional Indemnity (PI) Insurance serves as your safety net—protecting your business from catastrophic financial loss if clients make claims against you. ASIC mandates minimum $2 million PI coverage for all credit representatives, but industry best practice recommends $5 million coverage given rising claim values.
PI Insurance Requirements:
- Minimum Coverage: $2 million per claim; $5 million aggregate annually
- Run-Off Coverage: Maintain coverage for minimum 7 years after ceasing practice
- ASIC Notification: Provide evidence of PI coverage to your licensee annually
- Policy Currency: Maintain continuous coverage without gaps
PI Insurance Best Practices:
| Consideration | Minimum Standard | Best Practice |
|---|---|---|
| Coverage Amount | $2 million per claim | $5 million per claim; $10 million aggregate |
| Cyber Liability | Not included | Include cyber liability extension for data breach coverage |
| Run-Off Period | 7 years minimum | 10 years recommended for comprehensive protection |
| Excess Amount | Standard $10,000 | Negotiate lower excess ($5,000) to reduce out-of-pocket costs |
Critical insurance considerations:
- Claims-Made Policy: PI insurance is typically claims-made, meaning coverage applies only if policy is active when claim is made—not when service was provided
- Notification Requirements: Notify insurer immediately of any circumstances that might lead to claim
- Exclusions Review: Carefully review policy exclusions (intentional acts, criminal conduct, prior known circumstances)
- Brokerage Coverage: If employing other brokers, ensure policy covers their activities and includes vicarious liability coverage
Strategic insurance management:
- Annual Review: Review coverage annually with insurance broker specialising in financial services
- Claims History: Maintain clean claims history to secure better premiums
- Documentation: Keep certificates of currency in compliance file and provide to licensee annually
- Gap Prevention: Set calendar reminders 60 days before policy renewal to avoid coverage gaps
If you’re reviewing your current PI insurance coverage or seeking recommendations for specialised brokers, Broker360’s compliance team can provide guidance on appropriate coverage levels and reputable providers—ensuring your safety net provides adequate protection.
Western Australian Compliance Considerations
Western Australia’s distinct regulatory landscape requires additional compliance considerations beyond Commonwealth requirements:
- WA Fair Trading Act: Imposes additional disclosure requirements for certain fees and charges. Brokers must ensure fee disclosure complies with both NCCP Act and state requirements.
- State-Based Licensing: While Commonwealth credit licensing covers most activities, certain specialised services may require additional WA licensing (e.g., mortgage broking for strata title properties).
- Regional Compliance Challenges: Brokers in regional WA face unique challenges including limited access to compliance training, connectivity issues affecting secure data transmission, and fewer local support resources.
- Resource Sector Specifics: WA’s resource sector economy creates specialised compliance considerations for assessing FIFO income, project-based employment, and regional property risks.
Strategic WA compliance adaptation:
- Dual Compliance Framework: Develop documentation templates that satisfy both Commonwealth and WA requirements simultaneously
- Regional Training Access: Utilise online CPD options and WA government free workshops to maintain compliance knowledge
- Local Professional Networks: Join MFAA WA Chapter and local broker groups for peer support and compliance updates
- State-Specific Templates: Create file note templates addressing WA-specific considerations (mining income patterns, regional property factors)
Your 90-Day Compliance Health Check
Transform compliance from overwhelming to manageable with this phased 90-day action plan:
Days 1-30: Documentation Audit
- Review 5 recent client files for RG209 compliance
- Check CPD records for current year completion status
- Verify PI insurance currency and coverage levels
- Audit privacy policy and collection notices for accuracy
- Document gaps and prioritise improvements
Days 31-60: System Implementation
- Implement file note templates addressing identified gaps
- Schedule remaining CPD requirements for current year
- Update privacy documentation and client forms
- Establish quarterly compliance self-audit schedule
- Train staff on updated procedures (if applicable)
Days 61-90: Ongoing Framework
- Conduct first quarterly compliance self-audit
- Review and update compliance manual
- Schedule next year’s CPD plan
- Establish regulatory update monitoring system
- Document lessons learned and continuous improvement plan
Perth broker case study: Sarah, a sole practitioner, completed this 90-day plan:
- Days 1-30: Identified gaps in file note documentation and CPD tracking
- Days 31-60: Implemented structured file note templates; completed 12 hours CPD
- Days 61-90: Established quarterly audit schedule; created compliance calendar
- Outcome: Passed subsequent licensee audit with zero non-conformities; reported 40 percent reduction in compliance anxiety
For brokers seeking structured compliance support with dedicated specialists guiding implementation, Broker360’s Compliance Assurance Program provides comprehensive framework development, template creation, and ongoing monitoring—transforming compliance from burden to competitive advantage.
Frequently Asked Questions
How often should I update my compliance manual?
Review and update your compliance manual annually, or immediately when significant regulatory changes occur. ASIC typically provides 6-12 months notice for major changes, but staying current prevents compliance gaps. Many successful brokers schedule quarterly mini-reviews and annual comprehensive updates.
Can I use templates from other brokers for my file notes?
Templates can provide helpful structure, but must be customised to reflect your specific business practices, licensee requirements, and client demographics. Generic templates often miss critical elements specific to your situation. Best practice: develop your own templates with legal or compliance specialist input, then refine based on audit feedback.
What happens if I miss the CPD deadline?
Missing CPD deadlines can result in license suspension until requirements are met. ASIC may impose additional conditions or require remedial training. If you anticipate missing the deadline, contact your licensee immediately—they may be able to request extension or develop catch-up plan. Prevention is critical: schedule CPD throughout the year rather than year-end rush.
Do I need separate privacy policies for different services?
No—one comprehensive privacy policy covering all your services is sufficient, provided it accurately reflects your actual data handling practices across all service types. However, you may need different collection notices for different services if data collection purposes vary significantly. The key is accuracy and transparency, not document quantity.
How detailed should my file notes be?
File notes should be detailed enough for another broker to understand your decision-making process and verify compliance with RG209. Include specific questions asked, responses received, alternatives considered, rationale for recommendations, risks disclosed, and client acknowledgments. When in doubt, err on the side of more detail—comprehensive notes protect you during audits.
What if my client refuses to provide verification documents?
Document the refusal and explain why verification is required under NCCP Act. If client continues to refuse, you may need to decline to provide credit assistance as you cannot meet responsible lending obligations without verification. Document all attempts to obtain verification and client responses—this demonstrates compliance effort even if unsuccessful.
Disclaimer
The information provided in this article is for general educational and informational purposes only and does not constitute legal advice, compliance advice, or a recommendation regarding specific compliance practices. Compliance requirements, regulatory obligations, and industry standards change frequently. All information referenced was accurate as of February 2026 but may have changed subsequently.
Before making decisions about compliance practices, consult with qualified professionals including lawyers specialising in financial services law, compliance consultants, and your credit licence holder’s compliance team. Your obligations under the National Consumer Credit Protection Act 2009, Privacy Act 1988, Corporations Act 2001, and associated regulations must be met regardless of advice contained in this article.
Broker360 is a credit representative (Australian Credit Licence 570 168). This article does not constitute credit assistance or a credit recommendation. Broker360 provides compliance support services to credit representatives but does not guarantee regulatory compliance outcomes or protection from enforcement actions. Individual compliance requirements vary based on business structure, licensee policies, and specific circumstances.
Compliance failures can result in significant penalties including fines, license suspension or cancellation, and civil liability. Brokers remain solely responsible for meeting all regulatory obligations regardless of compliance support received. Maintain appropriate professional indemnity insurance coverage and seek qualified legal advice for complex compliance matters.
Broker360 accepts no liability for any loss or damage arising from reliance on the information contained in this article. Brokers must exercise independent professional judgment in all compliance decisions and prioritise regulatory obligations over business convenience or cost considerations.