Category: ausbiz 

Five years ago, we established PX Partners with a clear mission: to provide an alternative to the traditional consulting model by delivering practitioner led, client aligned, practical and sustainable solutions.

What began as a boutique consultancy has since grown into a trusted partner for a diverse portfolio of clients across the financial services landscape and beyond – particularly in funds management, superannuation, and insurance. Because we put our clients and their end-customers at the centre of our work, we’re proud to report that over 90% of our engagements come from our existing clients and referrals by our clients.

Along the way, we’ve navigated a global pandemic, regulatory upheavals and generational changes in technology. While the world around us has changed, our commitment has remained constant.

As we celebrate this milestone, we’re sharing five things we’ve learnt from our first 5 years supporting clients.

You can’t do more with less

One of the classic refrains in corporate life when costs are being cut. The need to do more with less. Which is a complete furphy. You can only do less with less. And that’s okay, as long as it’s transparent.

Cutting budgets for Risk and Compliance teams at a time when the regulatory burden is increasing is a fast track to bad outcomes. If you think compliance is expensive, try non-compliance!

Risk leaders need to be clear that having less means doing less – fewer controls monitored, slower incident response and less proactive risk identification. This isn’t about lowering standards. It’s about recalibrating expectations and being clear about what can realistically be achieved with the resources available.

This is not to say that you can’t find ways to make your processes more efficient and embrace new technologies. We have and continue to iterate and improve how we operate to deliver benefits to our clients and Risk & Compliance teams have a really important role to play here – not just in supporting or challenging business teams with risk-in-change and vendor oversight but also in surfacing solutions that can make risk and compliance processes more efficient.

At PX Partners, we’re lucky to be doing more with more having grown our team from our founding two to a team of twelve today across both Sydney and Melbourne.

Don’t fear the tough decisions

Governance around decision making is a key enabler of business success. We have seen so many examples (usually through court action by Regulators) of firms deferring and delaying making critical business decisions.

Whether it is a decision where to invest resource and effort or to make a difficult decision to exit a product or business line, those who are successful have the structures and governance in place to:

1. Gather the right information
2. Get it to the right people
3. Do it in a timely fashion
4. Commit and execute
5. Learn from the experience.

Don’t let decision making be paralysed by Committees – good governance around decision making means empowered and accountable executives and not deference to Committee structures. Committees have an important role to play but should be used sparingly and not as a default.

In our own business, ensuring we align to our values helps guide our decisions and makes them easier. Our decisions are centred on being fair to ourselves and our clients, making things better, and being real and transparent about the reasons. That doesn’t mean decisions are easy, but anchoring to these values has resulted in fast alignment around difficult decisions.

People over technology every time

Now more than ever before, firms are looking to technology to deliver efficiencies and reduce cost. The advent of Generative Artificial Intelligence has only super charged this shift. The Fear of Missing Out (FOMO) is rife – firms are rushing to do something in the fear of being left behind. Technology is an enabler, not a silver bullet. Because at the end of the day, technology should serve people and strategy and not the other way around.

Take this thought experiment. How would you feel if we offered you a robot to do a bunch of your usual tasks well? Brilliant, we assume, as you could spend time doing more satisfying things. What if we instead offered your boss a robot to do your job well? Threatened or insecure perhaps? At PX Partners, we have been in the fortunate position to start with a blank slate unencumbered by legacy technology and systems. We want technology to serve our team and clients and therefore encourage our team to automate and streamline what they can and do it transparently and with accountability.

We have embraced technology to enable our team in supporting clients. Our Know Your Distributor (KYD) solution is a prime example: designed in collaboration with product issuers and distributors, KYD helps streamline due diligence for the whole industry.

No set and forget

In financial services, there’s often a trigger for refreshing risk frameworks, and most recently, APRA’s CPS 230 has prompted firms to take a hard look at their operational resilience and third-party risk settings. But this shouldn’t be a one-off exercise. Risk management is a verb not a framework.

This takes effort from the Boardroom to the front line. And deliberate focus. The tone from the top matters and sets the standard for the firm.

What does good risk management look like? Don’t overthink it – just start with something. Start measuring things – are they useful? If not, change it. Do you need a forum to discuss key risks? Set it up. If it’s not working, change it. It’s a verb. Just do it. Set a process and repeat it, improve it and reap the benefits.

At PX Partners, our risk mindset is essential to how we run our business. We take risks. We learn and respond. As a business servicing regulated clients, we have a high bar to meet. In truth, these are no higher than standards we set for ourselves – to keep improving. It underpins how we serve clients, manage our own business and partnerships, and make decisions. By treating risk as a continuous practice, we stay agile, accountable, and aligned with our mission to deliver trusted outcomes in a complex and evolving world.

Compliance does not conflict with customer outcomes

Doing the right thing always wins in the end. It might not always seem that way but it is true.

We see compliance not as a constraint, but as a catalyst for better customer outcomes. In financial services, it can often feel that compliance with regulatory requirements is just that – a tick the box exercise. But it is not just about meeting the regulatory requirements, it’s about building trust, transparency, and resilience. When compliance is embedded thoughtfully into processes, it strengthens the quality and reliability of the products & services. Regulatory enforcement is littered with examples of firms who should have invested early in robust compliance and governance – from fees for no service to recent MIS failures. A commitment to meaningful compliance from all firms in the chain could have avoided these adverse outcomes for clients.

At PX Partners, we are hugely proud of the level of repeat client work. We don’t shy away from telling our clients what we think is right for them and their end customers. These clients are working with our team to invest in governance, risk and compliance to uplift and enhance what they do which ultimately benefits end customers.

• • Roles and responsibilities as an MSP
• • Taking a practical approach to process mapping
• • Establishing effective risk management settings
• • Aligning Business Continuity Plans (BCPs) and Disaster Recovery (DR) strategies
• • Meeting enhanced Due Diligence requirements

In light of the Australian Securities and Investments Commission’s (ASIC) recent review into  compliance plans across the managed investment industry, Responsible Entities (REs) are being urged to move beyond a legalistic, checkbox approach and adopt a more robust, risk-based mindset. The findings, published in ASIC’s media release 25-090MR, reveal systemic deficiencies in Compliance Plans and large scale non-compliance with Regulatory requirements. 

The Compliance Plan Wake-Up Call

ASIC’s review of 50 compliance plans – covering 1,471 funds and nearly $1 trillion in assets – found that most failed to adequately address key Regulatory obligations. These include:

Design and Distribution Obligations (DDO) under Part 7.8A of the Corporations Act;

Internal Dispute Resolution (IDR) systems under s912A(1)(h) and associated regulations; and

Reportable Situations (RS) under Subdivision B, Division 3 of Part 7.6.

Alarmingly, some compliance plans did not address DDO at all, suggesting they had not been meaningfully reviewed since the regime’s introduction in 2021. ASIC Commissioner Alan Kirkland noted, “Failing to plan is planning to fail,” underscoring the critical role compliance plans play in safeguarding retail investors.

From Legal Formalism to Risk Management

Historically, many Responsible Entities have relied heavily on their legal advisers to draft compliance plans. While lawyers play a vital role in identifying and interpreting the relevant legislative obligations, this approach often results in documents that are technically compliant but operationally ineffective.

What’s missing is the practical application of those obligations – how they are controlled, monitored, and assured in day-to-day operations. This is where risk managers must step in. Risk professionals are best placed to:

• Translate legal obligations into operational controls;
• Design assurance mechanisms that test the effectiveness of those controls;
• Identify gaps and emerging risks; and
• Ensure the compliance plan evolves with the business and Regulatory landscape.

This shift aligns with ASIC’s broader Regulatory expectations, particularly those outlined in Regulatory Guide 259 (RG 259), which emphasises the need for Responsible Entities to maintain adequate risk management systems under s912A(1)(h) of the Corporations Act. RG 259 complements RG 132 by reinforcing that compliance is not just about documenting obligations – it’s about embedding risk awareness and control effectiveness into the operational fabric of the organisation.

Tailoring Compliance to Scheme-Specific Risks

A key theme emerging from ASIC’s review is the need for compliance plans to reflect the specific risks of each registered scheme. Too often, REs rely on generic templates that fail to consider the unique features, investment strategies, and operational risks of individual schemes. This undermines the effectiveness of the compliance framework and exposes investors to risk.

To meet ASIC’s expectations, REs must be able to demonstrate that their compliance plans:

• Identify the particular risks associated with each scheme;
• Include controls that are tailored to those risks;
• Provide for regular testing and review of those controls; and
• Are updated in response to changes in the scheme’s structure, strategy, or Regulatory environment.

This was reinforced in ASIC’s recent correspondence with Responsible Entities, where the Regulator raised concerns that some compliance plans did not adequately identify relevant obligations or appropriate controls, and that the same plan was being used across multiple schemes without sufficient customisation.

ASIC’s Direct Engagement with REs

In a clear signal of its intent to drive reform, ASIC has begun writing directly to Responsible Entities whose compliance plans were found wanting. These letters have urged REs to review and modify their compliance plans in line with RG 132 and the findings of the review. ASIC has also reminded REs of their obligation to lodge modified plans under s601HE(3) and to consider their breach reporting duties under the Corporations Act.

What This Means for Responsible Entities

The message is clear: REs must treat compliance plans as living documents that reflect a genuine understanding of their Regulatory obligations and the risks inherent in their operations. This means:

• Moving beyond generic templates;
• Embedding compliance into operational processes;
• Ensuring board and senior management oversight;
• Tailoring controls to scheme-specific risks; and
• Being proactive in identifying and addressing gaps.

ASIC has signalled that it will continue to monitor compliance plans and may take enforcement action where deficiencies persist.

What to do?

For Responsible Entities, the time to act is now. Drafting, reviewing and approving takes time. ASIC is expecting industry to act quickly given the issues highlighted in their review. 

PX Partners works with REs to draft fit for purpose and pragmatic Compliance Plans which align with Regulatory requirements and expectations. 

Jon O’Keeffe is the author of this article. Jon provides regulated entities with pragmatic advice on governance anchored in more than 20 years of practitioner experience.

Depending who you ask, definitions of Governance vary wildly. Some see governance as something that Boards do, others as reporting or even as an administrative function that adds no value. To us at PX Partners, governance is at the heart of the organisation. It as is the linchpin that connects strategy with planning with risk management, obligations, reporting, and accountability. It is the mechanism through which organisations demonstrate their integrity, resilience, and compliance – especially under the weight of new regulatory expectations like APRA’s CPS 230 and the Financial Accountability Regime (FAR).

The Australian Institute of Company Directors (AICD) defines governance as “the systems that direct and control – or govern – an organisation.” It is fundamentally about relationships between the board, management, and stakeholders and the mechanisms by which authority is exercised and accountability is enforced. As the Hon. Justice Neville Owen described during the HIH Royal Commission, governance is “the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations”.

This framing is particularly relevant in the current regulatory environment, where governance is not just a structural concept but a dynamic enabler of compliance, performance, and trust. Whether through formal board oversight or embedded operational controls, governance is the thread that weaves together the obligations and expectations placed on financial services entities.

Licensing Obligations: The Foundation of Governance

At its core, governance ensures that entities meet their general licensing obligations under the Corporations Act and ASIC’s Regulatory Guides. These obligations require financial services providers to:

• • Maintain adequate risk and compliance frameworks.
• • Deliver services efficiently, honestly, and fairly.
• • Manage conflicts of interest and ensure appropriate oversight of representatives.

Governance is the structure that ensures these obligations are not only met but embedded in day-to-day operations. It defines who is responsible, how oversight is exercised, and how breaches are identified and addressed. As noted in governance also plays a critical role in how entities assess and report on their service providers, particularly in the context of due diligence and ongoing monitoring.

CPS 230: Governance in Operational Resilience

CPS 230 elevates governance from a compliance function to a strategic imperative. It requires regulated entities to:

• • Map critical operations and define tolerances for disruption.
• • Establish governance frameworks that ensure Board and Executive oversight of operational resilience.
• • Formalise service provider arrangements with clear performance metrics, audit rights, and remediation protocols.

Governance under CPS 230 is not just about structure—it’s about action. Boards must receive regular reporting on risk exposure, service performance, and compliance. Executives must ensure that SLAs, risk assessments, and control testing are not only in place but actively monitored.

FAR: Personal Accountability in Focus

The Financial Accountability Regime (FAR) introduces a new layer of governance by making accountability personal. It requires entities to:

• • Identify Accountable Persons and assign clear responsibilities.
• • Maintain accountability maps and statements.
• • Ensure that governance frameworks support the oversight of these responsibilities.

This means that governance is no longer just about committees and policies—it’s about traceability. As seen in State Super CPS 230 Support – PX Partners – v1.0 – 310125, aligning reporting lines from General Managers to Board Committees is now a regulatory expectation, not a best practice.

APRA’s Governance Review: Raising the Bar

In March 2025, APRA released a discussion paper  proposing eight key reforms to its core governance standards (CPS 510, SPS 510, CPS 520, SPS 520, and SPS 521). The review reflects APRA’s view that while governance practices have improved, significant weaknesses remain—particularly in areas such as director capability, board performance assessment, and conflict management.

The proposals aim to:

• • Strengthen expectations around board skills, tenure, and independence.
• • Introduce more prescriptive requirements for fitness and propriety assessments.
• • Improve transparency and rigour in board performance evaluations.
• • Clarify and tighten rules around conflicts of interest.

APRA’s message is clear: governance is not a “tick-the-box” exercise. It is a live, evolving discipline that must be embedded in the culture and operations of every prudentially regulated entity.

Governance as the Integrator

Governance connects the dots between:

• • Risk Management: Ensuring that risk frameworks are embedded and aligned with Board and Executive oversight.
• • Reporting and Oversight: Defining the cadence, content, and escalation pathways for risk and compliance reporting.
• • Accountability: Mapping responsibilities under FAR and ensuring traceability of decisions and actions.

The Governance Imperative

In our work with clients across the financial services industry, we’ve seen that the most successful CPS 230 and FAR programs are those that treat governance not as a compliance obligation, but as a strategic enabler. Governance is what allows organisations to:

• • Translate regulatory expectations into operational reality.
• • Connect Board-level oversight with frontline execution.
• • Demonstrate resilience, transparency, and accountability to regulators, customers, and stakeholders.

As the regulatory bar continues to rise, governance is no longer optional—it is the key that unlocks sustainable compliance and long-term trust.

Jon O’Keeffe is the author of this article. Jon provides regulated entities with pragmatic advice on governance anchored in more than 20 years of practitioner experience.

Following ASIC report 795, PX Partners hosted a webinar to share insights on distributor oversight and explored:

• What can reasonably be achieved in the context of the Issuer – Distributor relationship.
• The experience of a large scale product Issuer (Phil Blackmore from Perpetual Corporate Trust).
• The KYD RegTech Solution – Supporting Issuers and Distributors with efficient and effective oversight

September 2024, Sydney Australia: Jon O’Keeffe, Managing Director of PX Partners, has been appointed to the Board of the Alliance for Gambling Reform, an organization committed to advocating for significant reforms in gambling policies and reducing harm in the community.

Jon brings his extensive experience in risk management, compliance, and governance—skills that will be crucial in supporting the Alliance’s mission to drive meaningful change. His expertise in these areas will help the organisation ensure effective oversight and contribute to shaping strategies that uphold the highest standards of accountability and transparency.

With a deep understanding of financial systems and a strong background in risk, Jon is uniquely positioned to provide the board with valuable insights to guide the Alliance in its pursuit of sensible reforms that are supported by the overwhelming majority of Australians.

Tanushree Dabral, Managing Director of PX Partners, commented on Jon’s appointment:
“We are incredibly proud of Jon’s new role on the Board of the Alliance for Gambling Reform. His extensive experience in risk, compliance, and governance will be instrumental in helping the Alliance achieve its goals. Through our PX for Good program, we are committed to supporting employees in pro bono activities which align with our common values. Jon’s appointment to the Board of the Alliance reflects our dedication to supporting organisations that drive positive societal impact.”

Jon O’Keeffe added: “I am honored to join the Alliance for Gambling Reform. I look forward to contributing to their efforts in reducing the harm caused by gambling through strong governance and strategic oversight. This is an important opportunity to make a difference in the lives of vulnerable individuals and communities.”

– ENDS – 

For more information on this story, or the opportunity to interview the co-founders, please contact Mithila Jayaratne on mithila@px.partners or +61 421 797 147.

Hear Tanushree Dabral of PX Partners talk to ausbiz about the Design and Distribution Obligations and how financial services firms are taking forward the learnings from 2020.

In 2020, the Australian government and regulators gave the industry more room to breathe due to COVID-19. It’s a new year, and Tanushree Dabral of PX Partners says the foot is back on the accelerator.

2021 will be a huge year in consumer protection, particularly when it comes to design and distribution. It’s no longer about simply providing disclosures and technical compliance, industry will be expected to show decision-making processes.

Watch the full interview here for more details!