Hiring Paraplanners Offshore? What AFSLs Expect in 2025
The Shift from Cost Efficiency to Compliance Maturity
Offshore paraplanning isn’t new in the advice industry. It’s been in practice for over 10 years with the biggest uptake happening around 2020 following the shift of the industry in due to the Financial Services Royal Commission which certainly threw a hammer in the works.
The rapid uptake of offshore paraplanning services is primarily due to lower costs and greater availability of staff compared to Australian local counterparts.
There’s very little reluctance to offshore outsourcing in the market. However, there’s increasing scrutiny on risk management and efficiency that’s creating a differentiating factor for service providers that can yield to the new wave of compliance expectations.
2025 marks a new maturity phase. Cost is becoming a secondary purchasing consideration for AFSLs when evaluating offshore paraplanning services.
The focus has shifted to governance, risk and compliance scrutinising how offshore paraplanning is managed, not where it is located. Further, their evaluation is increasingly subject to how the outsourced model strengthens or endangers an AFSL’s compliance standing.
AFSLs aren’t against outsourcing. They’re against unmanaged risk.
This post will cover:
- Demonstrated data protection, security and confidentiality protocols
- Productivity and workflow reporting
- Comprehensive supervision and QA procedures
- Contractual obligations and governance
The Regulatory Standards Governing Outsourced Functions
Before we get into the emerging AFSL expectations, we should start with the regulatory instruments that govern offshore outsourcing within financial services.
Surprisingly for an industry that has been through so much operational and governance scrutiny, outsourcing is only alluded to within two ASIC regulatory guides:
ASIC RG 104.34 — You remain responsible for outsourced functions
If you outsource functions that relate to your AFS licence, you remain responsible for complying with your obligations as a licensee: see s769B. Under the Superannuation Industry (Supervision) Act 1993, superannuation trustees retain ultimate responsibility for the operation of the superannuation fund. Under s601FB(1) of the Corporations Act, responsible entities retain ultimate responsibility for the operation of a managed investment scheme.
ASIC RG 104.85 — Training Standards of customer service representatives, para-planners and trainee advisers
You remain responsible for all of the financial services provided under your licence, regardless of how, or by whom, those services are provided. If you, or any of your representatives, use customer service representatives, paraplanners and/or trainee advisers who do not meet the RG 146 training standards, you must ensure that they are:
a) trained and competent to perform their role and functions; and
b) supervised by representatives who:
(i) meet the RG 146 training standards; and
(ii) play a material role in the provision of any advice to retail clients.
Just as a comparison, CPA, the regulatory body for public practice accountants, have developed three key guidelines and resources that comprehensively address outsourcing:
- APES 320 Quality Management for Non-Assurance Services
- APES 30 GN Outsourced Services
- Outsourcing Guide: Opportunity or Threat
If we summarise ASIC RG’s, it essentially boils down that there needs to be competency in execution of tasks, regular reporting on risk activities and documentation of procedures.
Demonstrated Data Protection, Security and Confidentiality
In 2025’s Annual Cyber Threat Report published by the Australian Signals Directorate (Australian Government), they ascertain that one of the four ‘big move’ actions that business can undertake to bolster their security is to ‘effectively manage third-party risks’.
The industry trend is moving from stated compliance to demonstrated evidence. Providers who can produce policy documentation, audit reports and certification references are now the becoming the baseline, not the exception.
The onus is on you to protect your data, not the third-party provider. This means that you’ll need the required technical competence to ask the right questions and assess the quality and relevance of IT reports. Ultimately, having an IT security partner will make this process much easier and reduce your risk.
What we suggest you do:
1. Cyber Insurance Policy Qualification
- You must retrieve the Cyber policy certificate of currency as a minimum and determine the policy is in-force. It is also recommended that the cover amount is a minimum $1 million and includes coverage in Australia.
- No claims declaration (NCD). This is a legal declaration that the provider has not claimed on their insurance policy or no known circumstances that may arise to a claim. Always draft a NCD and Material Facts documents prior to engagement. Many examples can be found online.
2. Email Security
We recommend for email communications and access into your systems that the outsourced paraplanner uses your designated email address provided by you. This method is preferred as you have greater control on how you ensure organisation-wide security policies as well as reporting procedures.
If the provider uses their own email for communication purposes and where confidential information could be sent, please ensure the following email protocols are enabled:
- TLS Encryption
- DMARC
- DKIM
- SPF
This is certainly not an easy task, however, these protocols are essential as it significantly reduces the risk of impersonation attacks and email interception from cyber criminals. If this is something you are concerned about, please give us a call and we’ll happily guide you through this process.
Checking this isn’t easy however we can give a workaround. Our tip is getting the provider to send an email to Redsift’s free email investigator and sharing the report with you. Redsift is our main email security and deliverability software and is highly recommended.
3. Computers and Devices
If you’re engaging a provider that utilises their own devices and accesses your data, ensure they have endpoint anti-virus security installed on all their devices. Check with the provider what program they utilise and request that security reports sent to you on a quarterly basis.
4. Confidentiality and NDAs
If you’re engaging a provider that provides full time staff, ensure that confidentiality and NDAs are signed by all staff that access your data. In your annual review, review the signed agreements and check for compliance. It’s a quick small step that can protect your and your clients in case of breach.
Performance & KPI Reporting
One of the increasing conversation topics we’re having, is the set up and monitoring of performance standards. These are performance milestones, KPIs and targets that are now being written into our agreements.
For example, a common Service Level Agreement (SLA – a fancy term for performance metric) is turnaround time on an SoA within a specified timeframe. Often the failure to adhere to the target marked as a contract breach.
We welcome these performance benchmarks as we can build out a clear reporting framework that measures our staff success against a pre-determined metric. It’s very easy to track and keep consistent pulse on the outsourcing relationship.
Example: 3 SoAs a day per staff member
One of our high-volume advice practices we onboarded in September 2025, engaged two full time junior paraplanners from us.
They send between 5-7 SoAs a day and expect a 24 hour turnaround time. The advice is straightforward and an average SoA takes 2.5 hours to complete.
It is built into our contract that one staff member finalises 3 SoAs a day, within 24 hours to a 90% compliance benchmark.
Each month, we send a report detailing average SoA times per staff member and also report on our 24-hour turnaround time SLA and how we’ve met the 90% benchmark.
This works very well as it is easy to track. Simply put, if we’re meeting the benchmark, we’re meeting our agreed terms. It serves as a secondary measure for us internally as we can assess staff performance comparatively and can compare monthly performance, hence rectifying anomalies faster.
There’s no downside to performance reporting outside of the initial time requirements of setting up the reporting tool.
What we suggest you do:
- Evaluate what KPIs you can track for a paraplanning service – realistically you can track average SoA time, quality of the advice doc and turnaround times.
- Determine a baseline benchmark or expectation for your KPI – a turnaround time of 3 days for an SoA is a good starting point.
- Work out a system or procedure how you can regularly report on it – weekly or monthly is best.
- Add it to the contract with a set-off clause that if the paraplanning provider fails to meet the benchmark on a monthly review that there is provision for a discount and also grounds for termination if sustained failure.
Comprehensive Supervision and QA
Artificial intelligence is changing how paraplanning teams operate. But the market is telling us clearly: AI cannot replace human experience.
The discussions of pricing are now indeed secondary. The focus is now on generating reliability at scale and how providers can demonstrate a long-term solution that can mitigate risk while achieving quality outcomes.
Specifically, we’re seeing that AFSLs practices and larger dealer groups have an increased appetite for documented peer-review and quality controls performed by experienced QA managers and technical specialist staff.
We estimate that there is a 20% increase in discussions around paraplanning quality controls and specifically how it can work within the AFSL’s compliance framework to increase the overall compliance standing.
Example – Sole Adviser AFSL
As an example, a sole adviser AFSL practice engaged one full time Senior Paraplanner from us in October 2025. As part of the scope of the engagement, they requested that our technical specialist perform a comprehensive client file implementation review that checked that all client implementation activities were completed and the file contained the necessary ID and supporting docs for the advice.
The firm was already using offshore staff in Philippines but acknowledged they lacked experience and expertise to perform the technical paraplanning and compliance-related functions. Hence, they sought our services to satisfy the skill gap.
What is interesting about this engagement, is that it reflects the changing mindset that compliance yields efficiency not another burden to overcome. The integration of paraplanning with quality control steps in the SoA preparation and implementation stage is improving compliance.
What we suggest you do:
- Evaluate the provider’s procedures for peer-review and approval process.
- Set up a process so that the provider can supply you with approval reports that validates peer reviews have been completed.
- Request regular productivity reporting and detailed job breakdowns with a quarterly review meeting with paraplanning service to analyse the trends and make improvements.
Contractual Obligations and Governance
AFSLs are increasing concerned about work-from-home arrangements and the overall governance of operations (especially for offshore teams).
AFSLs are significantly more comfortable with dedicated office operations. Felcorp works under this arrangement.
In our experience, it is now the AFSL expectation that offshore operations are exclusively dedicated on-site in the office with full-time management supervision.
In compliance discussions we’ve had, WFH arrangements is now seen as unacceptable risk. Their main concerns are:
- Increases exposure to data security risk given that WFH has more variables that need to be controlled by the IT team, hence amplifying greater vulnerabilities.
- Increased likelihood of poor workflow habits that increases risk as management team cannot easily spot them.
- Absence of in-person supervision which makes management review and training less efficient.
Interestingly, we come back to cost again. The larger AFSLs have determined that they are not comfortable with WFH providers despite there being a cost saving compared to a provider such as us. This reinforces that cost is secondary consideration and that risk is a key deciding factor in choice.
ASIC’s RG into Offshore Outsourcing expected in 2026 (tentative)
In April 2025, ASIC contacted us as part of a market initiative to gather information and assess risks of offshore outsourcing in financial planning. They contacted and provided S33 notices to the top providers of the industry providing paraplanning and admin support.
They requested all our operational policies, our contractual terms, insurance policies, indemnity and advice liability terms as well as our internal governance policies including our local employment agreements and policies.
From what we gathered, there have been some incidents with regional AFSLs that have directly engaged offshore staff, working from home, that were found to be complicit in data security breaches. It was ASIC’s view that there is not enough governance around offshore staff and how practices are mitigating risks.
In the little information ASIC has given us, but in consultation with compliance leader’s such as Sean Graham at Assured Support, there is a high likelihood that there will be a new RG or at the least an Info Guide on outsourcing and offshore staffing.
What we suggest you do:
- Frankly, we suggest you avoid providers with WFH. In our experience, WFH is a clear signal that the provider is on a cost saving initiative. Choose a provider with on-site working arrangements. Outside of the data security benefits, teams are more efficient and accountable.
- In terms of governance, always request their internal governance procedures into their review processes, their handling of data and supervision.
Bringing it all together
Overall, we are seeing AFSLs assess demonstrated evidence rather than stated compliance for offshore paraplanning providers.
We think this is a good push by the market. Ultimately, we want AFSLs to take a greater interest in compliance as it protects us and you as well.
Our firm view is that strong compliance generates higher profits and a higher business valuation. It all comes down to risk. With less risk, there’s greater confidence to grow.
Find out more about our offshore paraplanning services.
FAQs
Q: Has ASIC given any guidance on offshore paraplanners?
A: No. Surprisingly, ASIC has given very little guidance in this respect. However, it is anticipated that in mid 2026 there will be a new RG or IG on offshore outsourcing.
Q: What are the most common red flags for licensees?
A: WFH is the biggest red flag. This is followed by absence of formal supervision and review mechanisms.
Q: Is AI-assisted paraplanning compliant?
A: It can be if its reviewed by humans. However, in our experience it contributes to over-reliance by the paraplanner that can cause more issues. Secondly, if a paraplanner needs AI to write an advice recommendation we do question their skillset as an experienced paraplanner has no need to use AI.
Q: How can I demonstrate offshore outsourcing compliance to my licensee?
A: At the minimum, conduct an annual agreement review with the provider and collect all of their documents, procedures, insurance policies as well as any performance reports. This is evidence that shows that you’ve taken a considered and active approach to risk assessment and competency in line with the expectations of ASIC RG 104.