AFSL Call Recording Requirements:
The Complete 2026 Guide
Australian Financial Services Licence (AFSL) holders must retain records of personal advice provided to retail clients for a minimum of seven years under ASIC Corporations Instrument 2024/508 and the Corporations Act 2001 (Cth). This obligation extends to phone call recordings. Most firms comply with the storage requirement — but few extract any value from what they're storing.
What This Guide Covers
Most articles about AFSL call recording stop at the checklist. This one goes further. It covers what the law actually requires, what ASIC looks for when it reviews your compliance, where firms commonly get it wrong, and what forward-thinking brokerages and financial planning practices are doing with the call data they are already legally obligated to retain.
If you are an insurance broker, financial planner, or other AFSL holder who records client calls — this is your definitive roadmap for 2026.
The Short Answer
If you provide personal advice to retail clients over the phone, you must:
- Record the conversation (or keep exhaustive contemporaneous notes).
- Retain those records for at least 7 years.
- Ensure the records are accessible and searchable.
- Be able to provide them to ASIC or AFCA upon request.
The Full Legal Framework
Several pieces of legislation operate together. Compliance with one does not guarantee compliance with all of them.
Corporations Act 2001 (Cth)
Section 912G requires AFSL holders to keep records of advice provided to retail clients. This is the foundation of your record-keeping obligations.
ASIC Corporations Instrument 2024/508
Explicitly mandates the 7-year retention period for records of personal advice. This instrument updated and consolidated previous requirements.
ASIC Corporations Instrument 2016/1006
Relates to the record-keeping obligations for financial services licensees, specifically around the provision of personal advice.
Telecommunications Act 1997
Governs the interception and recording of communications. AFSL holders must ensure their recording practices comply with privacy and interception laws.
Privacy Act 1988 (Cth)
The Australian Privacy Principles (APPs) apply to how you collect, use, and store personal information, including voice recordings. You must disclose that calls are being recorded.
The Seven-Year Rule in Practice
The "seven-year rule" is often misunderstood. It doesn't just mean the file must exist on a hard drive somewhere. It means the record must be usable for seven years.
If a client disputes advice given in 2019, and you produce a corrupted file or a proprietary format that no longer has a compatible player, the accessibility requirement has not been met — regardless of whether the file was retained.
ASIC expects firms to have a robust data migration and retention strategy that accounts for technology changes over that seven-year horizon.
Seven years of client calls accumulates fast. For a brokerage handling 30–50 calls per week, that is tens of thousands of recordings over the life of the retention window.
AFS licensees may be requested to provide a specific call recording at any time during the seven-year window, and are obligated to provide it. That means the recordings cannot simply exist in storage — they must be locatable and producible in a reasonable timeframe.
Accessibility means a specific recording can be located and produced if ASIC or AFCA requests it. It does not require every recording to be sitting on someone's desktop — but it absolutely cannot be buried in a legacy system that nobody knows how to navigate.
What ASIC Is Actually Looking For
Understanding the letter of the law is one thing. Understanding what ASIC actively investigates is another.
Efficient, Honest, and Fair (EHF) Obligation
Under s912A(1)(a), licensees must provide services efficiently, honestly, and fairly. ASIC views poor record-keeping as a failure of this core obligation. If you can't prove what was said, you can't prove you acted fairly. In ASIC v Lanterne Fund Services Pty Ltd [2024] FCA 353, the Federal Court imposed a $1.25 million penalty for breaches of section 912A obligations.
Breach Reporting
AFS licensees must report significant breaches to ASIC via the Regulatory Portal within 30 calendar days. ASIC's review found that licensees were generally slow to report — primarily because they took too long to identify breaches in the first place. Firms with a mechanism for proactively reviewing calls are better placed to identify and report issues quickly — which is exactly what ASIC's review identified as best practice.
Enforcement Activity
ASIC has added enforcement priorities relating to insurance claims handling and compliance with the reportable situations regime. In the second half of 2025 alone, ASIC secured a record $350 million in civil penalties. For insurance brokers, claims handling conversations are now squarely in ASIC's sights.
Common Compliance Gaps to Address
Through our work with Australian firms, we've identified three areas where practices can strengthen their compliance position:
1. Storage Without Accessibility
Recordings are retained — but on a legacy or fragmented system that requires significant manual effort to retrieve individual calls. Meeting an urgent AFCA request or an ASIC surveillance review on short notice becomes a serious operational problem. The obligation is not just to store — it is to maintain accessible records throughout the full seven-year window.
2. Authorised Representative Departures
The obligation to retain records applies even where the authorised representative ceases to be an authorised representative of the AFS licensee. Firms that store recordings in systems tied to individual user accounts — rather than centrally at the licensee level — regularly discover this gap only when a complaint arrives.
3. Reactive Rather Than Proactive Monitoring
Storing recordings is passive. Identifying conversations that might constitute a breach requires active review. ASIC's reportable situations review found the longest time taken to commence an investigation into a later-reported breach was 12.5 years. Proactive monitoring — rather than waiting for a complaint — is what closes that gap.
The Opportunity Most Firms Are Missing
If you are legally required to store this data for 7 years, why not use it to drive growth? Forward-thinking firms are moving from "Passive Storage" to "Active Intelligence."
Sales Mastery
Identify the exact phrases and objection-handling techniques used by your top performers to close more business.
Automated QA
Use AI to scan 100% of calls for compliance flags, rather than manually sampling 2% of your recordings.
Client Insights
Surface unaddressed objections or emerging client needs across your entire practice automatically.
That gap is exactly what Callyx.ai closes. Callyx automatically extracts intelligence from every recorded call — transcripts, action items, client sentiment, sales patterns, compliance flags — without anyone needing to manually review a single recording. The same recordings you are already obligated to store for compliance become a window into your frontline performance.
Summary
AFSL holders who provide personal advice to retail clients are legally required to retain records of those interactions — including call recordings — for a minimum of seven years. That obligation is set out in ASIC Corporations Instrument 2024/508 and flows from the EHF obligation under section 912A of the Corporations Act 2001. Records must be accessible and retrievable throughout the retention period. When authorised representatives depart, their records must transfer to the licensee. ASIC can and does request specific recordings during compliance reviews and dispute resolution processes.
Most firms meet the storage requirement. The firms that stand out are those that also have systems in place to proactively monitor what is in those recordings — the area ASIC's enforcement reviews have identified as the biggest opportunity to strengthen compliance. The same recordings that satisfy your legal obligation also contain operational intelligence your competitors are not yet using.
2026 Compliance Checklist
Record Retention
Instrument 2024/508; s.912A
Accessibility and Retrieval
ASIC Corporations (Amendment) Instrument 2016/1006
Monitoring and Breach Identification
ASIC RG 78 — Breach Reporting
Consent and Privacy
Privacy Act 1988; Telecommunications (Interception and Access) Act 1979
Frequently Asked Questions
About the Author
Vincent Keogh
Vincent is a member of the Callyx.ai team. Callyx is an Australian-owned call intelligence platform that helps businesses turn their recorded calls into operational insight.
This article provides general information about AFSL obligations as at March 2026. It is not legal advice. ASIC requirements can change, and the specific obligations applicable to your licence depend on your authorisations, the nature of your client base, and the services you provide. Seek advice from a qualified compliance professional or AFSL lawyer for guidance specific to your situation.
Ready to turn your compliance data into business intelligence?
Your calls are already being stored. Start using them to coach your team and protect your firm.