Advice firm governance: how growth changes risk and responsibility

Many advice firm principals think about governance the way they think about insurance. Something to have in place, mostly for the moments when something goes wrong.

That instinct is understandable. It is also increasingly costly.

Governance in a financial advice firm is a living system. It expands and contracts with the firm itself. What works at five staff and two advisers becomes inadequate at fifteen staff and six. The processes that serve a sole operator with a single licensee relationship do not scale automatically into a multi-adviser practice with oversight obligations, employment risk, and a broader client base to protect.

Growth, in other words, changes the nature of governance entirely.

The AFSL obligation does not stay still

For any firm operating under an Australian Financial Services Licence, the regulatory baseline is non-negotiable. ASIC is explicit that AFS licensees carry ongoing obligations around adviser registration, professional indemnity insurance, breach reporting, and the supervision of all relevant providers operating under the licence.

These are not set-and-forget obligations.

When a firm adds advisers, the licensee’s obligation to verify that each registered provider meets the education and training standard sits squarely with the practice. When staff change licensees, registration gaps become the licensee’s liability. ASIC has issued warnings and reprimands for exactly these failures, and the consequences sit with the firm, not the individual adviser.

Supervision scales with headcount

A principal who personally reviews every piece of advice, knows every client, and sits across every material decision is operating an oversight model suited to a boutique practice. It works until it does not.

Larger firms require formalised supervision frameworks. Who reviews whose advice? What triggers an escalation? What records are kept, and for how long? How does the firm evidence that its supervision is active rather than nominal?

These questions feel bureaucratic when a firm is small. They become critical when ASIC conducts a surveillance review, or when a client complaint surfaces years after advice was given and the supervising principal has no documented trail to demonstrate adequate oversight.

Risk governance needs a clear owner

In a small practice, the principal holds risk by default. They know the clients, the advisers, and the decisions. That knowledge is the governance system.

It is not scalable.

Growing firms need explicit ownership of key risk functions: someone responsible for compliance monitoring, someone accountable for breach identification, someone who maintains the relationship with the licensee and tracks regulatory updates. These do not all need to be separate roles, particularly in mid-sized firms. But they need to be assigned, documented, and reviewed.

Ambiguity about who owns a governance function is itself a governance failure.

Technology is now a governance matter

This is an area where many advice firms are behind, and regulators have noticed.

ASIC’s Report 798, released in October 2024, reviewed AI adoption across 23 AFS and credit licensees and found a clear pattern: firms were implementing new technology faster than they were updating their risk and compliance frameworks to govern it. ASIC described this as a governance gap and framed it as a direct risk to consumer outcomes.

The lesson extends well beyond AI. Any technology that touches advice generation, client records, or risk scoring carries governance implications. A firm that uses a platform tool to support advice but has not considered how that tool is monitored, what happens when it produces an unexpected output, and who holds accountability for the result, has a governance gap whether or not it recognises it.

Conflicts of interest require formal management

Smaller practices often manage conflicts of interest informally, through the principal’s own judgment and the relatively simple structure of the business. Growth introduces complexity that informal management cannot contain.

Multiple advisers mean multiple potential conflicts. Referral arrangements, platform relationships, and product preferences that exist across a team require documented conflict management frameworks. ASIC’s approach to conflicted remuneration and related conduct obligations has hardened considerably since the Royal Commission, and the expectation is that licensees can demonstrate active management, not simply awareness.

The board and leadership question

At a certain scale, the governance demands on a principal begin to exceed what a single individual can credibly manage alongside running an active advice practice.

Some firms respond to this by formalising their leadership structure: bringing in a dedicated compliance manager, establishing an advisory board, or appointing an external compliance consultant. None of these steps is mandated at a specific headcount, but each one represents a deliberate decision to match the governance capability of the firm to its actual size and risk profile.

The firms that delay this reckoning tend to discover its cost at an inconvenient moment, during an ASIC review, an M&A due diligence process, or a client dispute that exposes weaknesses no one had formally addressed.

Governance as a business asset

The shift worth making is conceptual.

Governance is not simply a cost of operating under an AFSL. In a well-run firm, it is a competitive asset. It supports better client outcomes, reduces the risk of enforcement action, strengthens the firm’s position in any future sale or merger process, and enables confident, sustainable growth.

Firms that treat governance as a burden tend to do the minimum. Firms that treat it as infrastructure tend to build something worth protecting.

The distinction matters more as the firm grows. The governance model that got a practice to its current size is rarely the one that will carry it safely to the next stage.