ASIC · Published 29 October 2024
ASIC REP 798.
ASIC’s read on AI governance gaps, and how it will judge AI use against existing AFS licensee obligations.
What it is
REP 798 (“Beware the gap: Governance arrangements in the face of AI innovation”) is an ASIC report, not a new standard. It examines AI governance arrangements at 23 AFS and credit licensees, names the gaps it found, and signals how ASIC will read AI use against the existing AFSL general obligations (s912A of the Corporations Act, RG 105, RG 245). Eight findings sit across two themes: Use of AI, and Risk management and governance. Fydis treats the report as a guide to what auditable AI governance has to look like, and produces the evidence chain a licensee would point to when ASIC asks the questions in Appendix 2.
Who it affects
AFS licensees and credit licensees using AI in customer-facing or risk-bearing processes. The report scoped 23 institutions but ASIC has said its findings apply across the licensee population.
Regulators ask for specifics: the cell, the row, the captured-at hash, the named approver, and the clause a figure answers. Fydis returns those for every figure under REP 798.
Coverage by stage
REP 798 Finding 4, Risk management adequacy. Fydis produces the evidence chain a licensee needs to demonstrate AI outputs are bound to source data and method.Per-output evidence pack with cited inputs, model version, captured-at hash, and decision rationale.
REP 798 Finding 5, Risk assessment gaps. Fydis binds every AI-derived figure to the source rows the calculation drew from.Citation drawer with source navigation. Opens at the cell, row, or paragraph the figure was drawn from.
REP 798 Finding 6, Governance arrangements varied widely. Fydis captures named approver sign-off on every output, written to tamper-evident storage.Sign-off log with named approver, timestamp, and policy version in force. Append-only storage, 7-year retention.
REP 798 Finding 7, Governance lagged AI use. Fydis exports the audit pack ASIC’s Appendix 2 questions can be answered against, on demand.Audit pack · PDF + JSON · includes source documents, sign-off log, decision rationale, and the clause map against the AFSL s912A general obligations.
Example artefact
What Fydis produces on a real analysis:
Frequently asked
Is REP 798 a regulation?
No. REP 798 is an ASIC report. It signals how ASIC will read AI use against existing AFS licensee obligations under s912A of the Corporations Act and adjacent regulatory guides. The report itself is not enforceable; the obligations it references are.
Where does the customer remediation story sit?
ASIC’s instrument on consumer remediation is RG 277 (updated September 2022), not REP 798. Fydis covers both surfaces, but as distinct regulator instruments, RG 277 governs remediation submissions; REP 798 signals AI governance posture.
Why is Evidence stage coverage partial?
Named per-output approver sign-off is in production today. Per-feature approver sign-off (vs per-output) is on roadmap. We mark this honestly partial rather than claiming full.
Before the briefing
Score your current outputs against the 12-question audit-readiness checklist. Most teams find a few gaps the first time through. Bring them to the briefing and we will work the REP 798 clauses directly.
Open the audit-readiness checklist →
See REP 798 on a real analysis.
The live demo runs the pipeline on sandboxed data. No signup. The same chain runs on your data when you book a briefing.