§22 · Lane 7 — Australian Regulatory Primary Instruments
ASIC Report 798 — Beware the Gap gap analysis for AFS and credit licensees
ASIC (2024) · ASIC REP 798
Bibliographic data
- Title
- ASIC Report 798 (October 2024) — Beware the gap: Governance arrangements in the face of AI innovation
- Authors / Issuing body
- Australian Securities and Investments Commission (ASIC)
- Venue / Publisher
- Australian Securities and Investments Commission
- Year
- 2024
- Designation
- Regulatory
- Licence
- Stable URL — refer to publisher for full licence terms.
How to cite
ASIC (2024). ASIC Report 798 (October 2024) — Beware the gap: Governance arrangements in the face of AI innovation. Australian Securities and Investments Commission. https://www.asic.gov.au/regulatory-resources/find-a-document/reports/rep-798-beware-the-gap-governance-arrangements-in-the-face-of-ai-innovation/.
ASIC's landmark AI-in-financial-services report. Documents how 23 AFS and credit licensees were using and planning to use AI, how they were identifying and mitigating associated consumer risks, and the governance arrangements applied. The named regulator artefact behind the "governance lag" framing in the AICD/HTI Director's Guide and Karen Lee's AGIS A3.5 commentary.
Why it matters for NETEVO
REP 798 is the Australian regulator's own account of the gap between AI deployment and AI governance at the licensees it supervises — the gap NETEVO's Law-to-Code Methodology is built to close. Three operational consequences follow.
Empirical evidence of the governance gap. ASIC found that governance frameworks at many licensees had not kept pace with AI deployment, that monitoring was uneven, and that consumer-risk identification was inconsistent. The report therefore supplies regulator-issued, Australian-specific evidence for the proposition that governance attestation without executable controls is the exposure being measured.
A directly bound population. REP 798 examines the AFS and credit licensee cohort specifically. An organisation holding an AFS or credit licence is reading the stated expectations of its own conduct regulator, not guidance translated from another jurisdiction; the report records both what ASIC observed across the 23 licensees and the expectations it states for governance arrangements.
The conduct side of the dual-regulator regime. REP 798 pairs with APRA's CPS 230 (operational risk management) and CPS 234 (information security) to complete the Australian prudential-and-conduct mapping. ASIC supervises conduct and disclosure; APRA supervises prudential resilience and information security. With REP 798, both sides of the dual-regulator regime have a directly citable AI-specific regulator output, so a financial-services AI governance mapping can be assembled entirely from Australian instruments rather than from overseas surrogates.
Where NETEVO applies this
- AI Governance in ANZ Whitepaper — central AU regulator citation for financial-services section
- Listed Leaders ICP — AFS / credit licensee boards read REP 798