title: "Compliance scorecard automation for an ASIC-licensed financial advisory" dek: "A 2023 build that read 18 months of file-notes and flagged 14 statements of advice that wouldn't survive an ASIC audit. Annual review went from 90 days to 11." sector: "Financial Services" client: "ASIC-licensed financial advisory · ~60 advisors" engagement: "Audit → Pilot" duration: "10 weeks" year: "2023" outcome: "Annual compliance review: 90 days → 11 days · 14 high-risk SoAs flagged before ASIC audit" solution: "GPT-4 file-note classifier with rule-based compliance scoring and supervisor escalation queue." timeSaved: "79 days per annual review · A$1.42 per file scanned" visual: "none" cardFigure: "compliance" timeMetric: "79 days" timeMetricLabel: "saved / year" costMetric: "A$1.42" costMetricLabel: "cost per file" speedMetric: "8×" speedMetricLabel: "faster review" publishedAt: "2023-09-04" keywords:
- ASIC compliance AI
- financial advice review automation
- statement of advice audit
The problem
An ASIC-licensed advisory firm — sixty advisors, around 4,800 ongoing client files — was running its annual statement-of-advice (SoA) compliance review by hand. The Responsible Manager would sample 12% of files, read each one cover-to-cover, and score them against an internal checklist of 27 ASIC obligations. The review took three of her months. The signal she was getting from a 12% sample was, in her words, "the same advisors I already worry about". The unseen 88% was unexamined.
This was 2023. Most consultancies were quoting RPA-bot demos that read PDFs. The Responsible Manager didn't want a demo. She wanted to know which of her 4,800 files would not survive an audit.
What we did
A two-week scoping engagement and an eight-week build. We:
- Ingested 4,800 SoAs, advisor file-notes and client-fact-find documents from the firm's Xplan environment (read-only API access; no data left the firm)
- Built a GPT-4 classifier that read each SoA against the 27-point internal compliance checklist
- Combined the classifier output with a rules layer — hard-coded checks for things that don't need AI (cooling-off disclosure present, FSG version current, conflicted-remuneration flag handled)
- Generated a per-file score (0–100) with reasons
- Routed anything below threshold into a queue for supervisor review
The interesting work was the score reasons. The Responsible Manager needed to be able to defend the score to ASIC if asked. Every score line had the source paragraph cited and the obligation it mapped to. No black-box outputs.
The outcome
| Before | After | |
|---|---|---|
| Files reviewed annually | 576 (12% sample) | 4,800 (100%) |
| Time to complete annual review | ~90 days | ~11 days |
| High-risk files flagged | n/a | 14 (0.3%) — all later confirmed by Responsible Manager |
| Cost per file scanned | n/a | A$1.42 (model + ops) |
| ASIC audit (six months post-deployment) | Sample-based critique | Clean — supervisor was able to point to scored evidence on every file requested |
The Responsible Manager later used the scored evidence in two advisor performance reviews. Both advisors corrected behaviour. Neither needed termination.
The thing I needed wasn't AI for AI's sake. I needed coverage of files I'd never been able to look at. They gave me that.
— Responsible Manager, ASIC-licensed financial advisory
What we'd do differently
Index the file-notes first, separately. SoAs were straightforward. The unstructured file-notes turned out to be the higher-signal artefact, and we treated them as a secondary input.
What we didn't do
We didn't replace Xplan. We didn't propose a CRM migration. We didn't deploy an agent that takes action without supervisor sign-off.
This was 2023. The pattern we proved here — AI as coverage, not replacement — is the pattern we've used in every regulated-industry engagement since.