AR Training Program
Version 1.0 · 2026 · Complete all four modules to fulfil your onboarding compliance requirements.
Identity, authorisation, and legal standing as an Authorised Representative.
Disclosure, informed consent, and doing the right thing by the client.
Ongoing obligations, training, monitoring, and administration.
Complaints, breaches, consequence management, and termination.
AR Onboarding Training Program · Version 1.0 · 2026
Theme: Identity, authorisation, and legal standing
An Australian Financial Services Licence (AFSL) is a licence issued by ASIC that permits a person or business to provide financial services in Australia. Sirius Insurance Pty Ltd holds an AFSL that authorises it to advise on and arrange general insurance products.
You do not hold your own AFSL. Instead, you operate as an Authorised Representative (AR) of Sirius, meaning:
Your appointment as an AR is governed by an Authorised Representative Agreement between you (or your company) and Sirius. The Agreement sets out:
Your appointment is notified to ASIC via ASIC Connect, and your name appears on ASIC's public register of ARs. You must not act outside the scope of your authorisation.
ASIC requires all persons who provide financial services to be 'fit and proper'. This means you must:
If your circumstances change in a way that may affect your fit and proper status (for example, if you are charged with an offence, become insolvent, or are banned from a role in financial services), you must notify Sirius immediately.
| Legislation | Key obligation relevant to you |
|---|---|
| Corporations Act 2001 (Cth) | The primary law governing financial services — includes requirements for licensing, disclosure, advice, client money, and conduct |
| ASIC Act 2001 (Cth) – ss 12DA–12DB | Prohibition on misleading or deceptive conduct in connection with financial services |
| Corporations Act 2001 – ss 981A–981H | Financial records and client money rules — you must never commingle client money with your own |
| Insurance Contracts Act 1984 (Cth) – ss 13, 21, 22 | Duty of utmost good faith and duty of disclosure — you and your clients owe duties of honesty to each other |
| Privacy Act 1988 (Cth) | Protection of clients' personal information under the Australian Privacy Principles (APPs) |
Before you commence operating, you must sign a Deed of Acknowledgement. This deed binds you personally to the key obligations in the AR Agreement.
| Clause | What it means in plain English |
|---|---|
| Clause 4 – Compliance, Supervision and Reporting | You agree to comply with all obligations in the AR Agreement, including following Sirius's policies, completing required training, maintaining required qualifications, and only providing services within your scope of authorisation. |
| Clause 13 – Indemnity | If your actions cause Sirius to suffer a loss, you must reimburse Sirius for that loss. This includes legal costs, any regulatory action, AFCA determinations or remediation amounts, and any insurance excess payable under Sirius's policy arising from your conduct. The only exception is loss caused solely by Sirius's own gross negligence or wilful misconduct. |
| Clause 4.2 – Fit and Proper (Warranties) | You are warranting that you are fit and proper — that your qualifications, experience, and character meet the required standard, and that you are not subject to any disqualification or ban. This is an ongoing obligation, not just a one-off confirmation at entry. If anything changes that may affect your fitness and propriety, you must notify Sirius promptly. |
| Clause 8 – Insurance | Sirius holds and maintains the professional indemnity insurance required under its AFSL. You will be invoiced for your proportion of that premium and must pay it. You are also responsible for arranging and maintaining at your own cost all other insurances relevant to your business operations, such as buildings, motor vehicle, and workers compensation insurance. |
| Clause 11 – Privacy and Cyber Security | You must comply with the Privacy Act 1988 and Sirius's privacy requirements when handling clients' personal information. You must also maintain cyber security controls required by Sirius (including multi-factor authentication and secure password management), notify Sirius immediately of any data breach or cyber incident, and not extract or copy client data except as expressly permitted. These obligations continue after the Agreement ends. |
| Clause 12.4 – Individual Authorised Representative Restraints | As an individual Authorised Representative, you are personally subject to the restraints in clause 12 for the Restraint Period. You must not solicit clients or undermine client relationships within Sirius's network. This obligation is separate from your company's obligations and is why you are signing this Deed personally. |
Section 1041H of the Corporations Act 2001 prohibits conduct in connection with a financial product or financial service that is misleading or deceptive, or is likely to mislead or deceive. This is a strict liability — you can breach it even without an intention to mislead.
Examples of potentially misleading conduct include:
Theme: Disclosure, informed consent, and doing the right thing by the client
The Financial Services Guide (FSG) is a legally required document that helps retail clients decide whether to use your services. It explains who you are, what services you provide, how you are remunerated, and how to access the complaints process.
You must give an up-to-date FSG to all actual and potential retail clients as early as possible after they first contact you — before you provide any advice or arrange any insurance on their behalf.
The FSG may be provided in person, by email (to an address the client has nominated), or by directing the client to a link or website where they can download it. If sent electronically, you must be satisfied the client has received it and can save a copy.
If a client instructs that services must be provided immediately and it is not reasonably practicable to give the FSG first, you may instead give a time-critical statement orally. This statement must describe your remuneration and any relevant associations. You must then send the full FSG within 5 days.
From 1 July 2021, every FSG must include a "Lack of Independence" statement on its first substantive page, acknowledging that Sirius receives commissions from insurers and cannot describe itself as 'independent', 'impartial', or 'unbiased'.
From 10 July 2025, as part of the Quality of Advice reforms, you must obtain informed consent from new retail clients before Sirius receives any commission for personal financial product advice on general insurance.
Before asking the client to consent, you must provide:
The level of disclosure and protection required depends on whether a client is classified as 'retail' or 'wholesale'. This is a two-part test.
The client must be either an individual, or a small business (employing fewer than 20 people, or fewer than 100 for manufacturing businesses). Community groups and not-for-profits are generally treated as small businesses.
| Retail products (higher protection applies) | Wholesale products (standard commercial) |
|---|---|
| Motor vehicle insurance | Workers compensation |
| Home building insurance | CTP / compulsory third party |
| Home contents insurance | Marine cargo (other than pleasure craft) |
| Sickness and accident insurance | Most commercial property and liability |
| Consumer credit insurance | Statutory insurance for residential construction |
| Travel insurance | |
| Personal and domestic property insurance | |
| Medical indemnity insurance |
| Personal Advice | General Advice |
|---|---|
| Takes into account the client's specific needs, objectives, or financial situation | A statement of opinion or recommendation in general terms that does not take into account the individual client's circumstances |
| Triggers best interests duty | Triggers a general advice warning obligation |
| Requires file notes documenting advice and the basis for recommendations | Does not require file notes, though a general advice warning must be given |
| Informed consent to receive commission required (retail clients, from July 2025) | Informed consent not required |
In insurance broking, most client engagements involve personal advice — you are recommending specific products based on their needs.
Each retail insurance product comes with a product design document prepared by the insurer (formally known as a Target Market Determination, or TMD). When distributing a retail insurance product, you must:
You have an obligation to document your advice and the basis for your recommendations. Each file note should record:
Non-monetary benefits are benefits received from insurers that are not direct cash payments — such as entertainment, hospitality, training, or technology support. These create potential conflicts of interest and must be managed carefully:
Theme: Ongoing obligations, training, monitoring, and administration
All ARs who provide financial services must maintain appropriate competency. This means:
CCX360 is Sirius's compliance management platform and the system of record for all compliance activities. As an AR, you are required to use CCX360 to record:
| What to record in CCX360 | How often |
|---|---|
| CPD hours and training completions | Within 14 days of completing any training activity |
| Complaints – all new complaints and updates to status | Within 1 business day of receipt or update |
| Breaches – any identified breach | As soon as identified |
| Monthly Compliance Declaration | By day 7 of the new month |
| Certificate of completion for each training module | On completion of each module |
| Non-monetary benefits received from insurers | Within 14 days of receipt |
Each month, you must complete a compliance declaration in CCX360. This declaration asks you to confirm:
There are strict limits on what administrative staff can and cannot do.
| Administrative staff CAN do | Administrative staff CANNOT do |
|---|---|
| Answer the phone and take messages | Provide advice on insurance products |
| Prepare invoices and policy documents under direction | Recommend, arrange, or bind insurance cover |
| File and organise client documents | Explain coverage or answer coverage questions |
| Enter data into systems under instruction | Discuss the merits of one policy over another |
| Schedule appointments | Handle claims or complaints without supervision |
| Send pre-approved, templated communications | Make representations about the scope of a client's cover |
Sirius conducts regular activity reviews of ARs to ensure compliance with its policies and the law. These reviews typically examine:
When you receive a request for a file review or compliance activity review, respond promptly and provide all requested documentation. Failure to cooperate with supervision is itself a compliance breach.
INSIGHT is Sirius's and Steadfast's primary filing and compliance database. All client-related activity must be filed in INSIGHT, including:
You must maintain adequate records of all financial services activities. Key requirements include:
Theme: Complaints, breaches, consequence management, and termination
A complaint is any expression of dissatisfaction made to or about Sirius, related to its products, services, staff, or the handling of a complaint, where a response or resolution is implicitly expected.
Under ASIC's Regulatory Guide 271, complaints include dissatisfaction expressed via social media channels, complaints about matters subject to a remediation program, and complaints about the handling of an insurance claim.
When a complaint is received:
When dealing with a complainant:
A breach is any failure to comply with the Corporations Act, Sirius's policies, or your AR Agreement obligations. This includes inadvertent errors. Examples of reportable breaches include:
Record any identified breach in CCX360 immediately and notify the Compliance and Risk Manager.
Sirius has a consequence management framework for ARs who fail to meet their compliance obligations. The escalation process is:
Your authorisation may be revoked by Sirius at any time, with notice, including where:
If Sirius revokes your appointment, it must notify you in writing and notify ASIC within 30 business days via ASIC Connect.
A PI risk can arise from a range of situations — not only when a client's claim is denied. Examples include:
In any of these circumstances: notify the Compliance and Risk Manager immediately, do not make any admissions of liability, and preserve all file notes, correspondence, and documentation.