Compliance Audit Checklist for Financial Services

# Compliance Audit Checklist - Financial Services

## Purpose
Use to prepare for external audits or conduct internal compliance reviews to identify and address gaps before they become issues.

## When to Use
A regulatory compliance checklist covering industry-specific obligations, documentation requirements, policy reviews, and evidence gathering.

## Instructions
1. Review the template below and familiarise yourself with the structure
2. Replace all [bracketed placeholders] with your financial services business details
3. Customise the tone and formatting to match your brand
4. Save in your preferred tool (Notion or Airtable)

---

## Compliance Audit Checklist

### Governance & Policies (Owner: Compliance Officer)
- [ ] All company policies reviewed and updated within the last 12 months
- [ ] Policy register maintained with version history and review dates
- [ ] Board or management meeting minutes documented and filed
- [ ] Organisational chart current and reflecting actual reporting lines
- [ ] Delegations of authority documented and communicated
- [ ] Conflicts of interest register maintained and up to date
- [ ] Whistleblower policy in place and communicated to all staff

### Regulatory Obligations (Owner: Compliance Officer)
- [ ] All required licences and registrations current and valid
- [ ] Licence renewal dates tracked with 90-day advance reminders
- [ ] Industry-specific regulatory requirements identified and mapped
- [ ] Regulatory change monitoring process in place (subscriptions, alerts)
- [ ] Mandatory reporting obligations identified with responsible persons assigned
- [ ] ASIC, APRA, or relevant regulator correspondence reviewed and actioned
- [ ] Annual compliance declarations completed by all relevant staff

### Privacy & Data Protection (Owner: Privacy Officer)
- [ ] Australian Privacy Principles (APP) compliance assessed
- [ ] Privacy policy current and published on website
- [ ] Data collection notice provided at all collection points
- [ ] Consent mechanisms reviewed for marketing and communications
- [ ] Data breach response plan documented and tested
- [ ] Third-party data sharing agreements reviewed and compliant
- [ ] Data retention schedule in place and followed

### Employment Compliance (Owner: HR Manager)
- [ ] Fair Work compliance verified (awards, minimum wage, entitlements)
- [ ] Employment contracts current and compliant with modern awards
- [ ] Payroll records accurate and maintained for required period (7 years)
- [ ] Superannuation guarantee obligations met (correct rate, on time)
- [ ] WHS policies and procedures current and communicated
- [ ] Workers compensation insurance current for all employees
- [ ] Anti-discrimination and harassment policies in place and staff trained

### Financial Compliance (Owner: Finance Manager)
- [ ] BAS lodged on time for all quarters
- [ ] PAYG withholding reconciled and reported correctly
- [ ] Single Touch Payroll (STP) reporting current
- [ ] Anti-money laundering (AML) obligations met (if applicable)
- [ ] Audit trail maintained for all financial transactions
- [ ] Insurance policies current: public liability, professional indemnity, directors and officers

### Evidence & Documentation (Owner: Compliance Officer)
- [ ] Compliance training records maintained for all staff
- [ ] Audit evidence folder organised with supporting documents for each area
- [ ] Previous audit findings reviewed and corrective actions completed
- [ ] Non-compliance incidents logged with root cause analysis and remediation
- [ ] Compliance calendar maintained with all key dates and deadlines

---

**Complexity:** advanced | **Setup time:** 30 minutes | **Tools:** Notion, Airtable, Asana

Note: This template has been tailored for financial services businesses in Australia. Adjust terminology and compliance references to match your specific context.