Compliance
The broker website compliance checklist
The plain-English version of what an Australian mortgage and finance broker website needs to get right: where the rules come from, and a checklist to run your own site against.
Compliance on a broker website sounds scary, but most of it is common sense once it's laid out. The catch is that the rules come from a few places at once, so it's easy to miss one. Here's the plain-English version: where the requirements come from, and a checklist to run your own site against.
Read this first
I build broker websites, and I'm a finance broker myself, so I've sat on both sides of this. The good news: you don't need to memorise the legislation. You need a rough sense of where the rules come from, and a checklist you can actually use.
In this note
- Where the rules come from
- The pages most broker sites have
- The disclosures
- The words to be careful with
- The quick self-check
Where the rules come from
Your website sits under a few overlapping sets of rules. None of them is optional, and your compliance support will tell you exactly how each one applies to you:
- Credit law (the NCCP). The rules around credit assistance, advertising, and the Best Interests Duty.
- ASIC. The regulator's advertising guidance, including RG 234, which covers how you present rates and claims.
- AFCA. The external complaints scheme your clients can escalate to.
- The Privacy Act. How you collect, use, and store people's information.
- Your industry body. MFAA or FBAA publish their own marketing and website guidelines on top of the law.
- Your licensee or aggregator. They often add their own requirements, and they're usually the ones who sign off your site.
That last point matters most. If your compliance support has sent you a list of what has to be on your site, follow that. The checklist here is what most broker sites need, so it's a good way to sense-check against it.
The pages most broker sites have
Three pages turn up on nearly every broker site, each on its own link in the footer.
Privacy policy
If your site collects anything at all, an enquiry form, analytics, even a cookie, you'll want one. It explains what you collect, why, who you share it with, and whether any of it goes overseas. If you run Google Analytics, your data goes to the United States, and your policy needs to say so. That one's very commonly missed.
Terms of use
Sets out how people can use your site and how you handle anything submitted through it. Your industry body has a template for this.
Complaints
A short page on how someone raises a concern and what happens next, with your AFCA details as the escalation path. It's a trust page as much as a compliance one. A calm, visible complaints path reassures the people who will never need it.
The disclosures
These are the lines that live inside your pages.
A footer that says who you are
Your credit authorisation, ABN, AFCA membership, and your MFAA or FBAA membership. It's standard on broker sites, it builds trust, and your licensee will usually want it there.
A caveat next to every number
This is the big one. Any repayment estimate, borrowing figure, or worked example needs a caveat right beside it, along the lines of "estimate only, subject to lender criteria and a full assessment, not a credit offer." If you show a rate, the comparison rate has to sit right next to it with equal prominence. A disclaimer hidden in the footer doesn't cover a number three screens up.
Calculators especially
A collection notice on your forms
At the point someone hands over their details, a short line telling them what you'll do with the information, linked to your privacy policy. And keep first-touch forms short: name, email, phone, a message. No income or date of birth on a first enquiry.
Cookie consent, if you track
If you run analytics, a consent banner that holds those scripts until someone agrees. It pairs with the overseas note in your privacy policy: same data, same trip to the United States.
Testimonials that hold up
Genuine, attributed, and no promised outcomes. "They made refinancing painless" is fine. "They'll get anyone approved" is not. Date them where you can, and don't let one client's result stand in for the typical one.
The honest claim next to the number always beats the clever claim with a caveat hidden underneath.
The words to be careful with
A few words carry specific legal meaning in credit, and they're often the ones marketing reaches for first.
- "Independent", "impartial", "unbiased". Off the table unless you take no commissions at all, which almost no broker can say.
- "Guaranteed" approval or outcomes. You can't promise a lender's decision.
- "Best" or "lowest" rate. A claim you'd have to prove, and generally can't.
- "Free", where there's a catch. If a condition applies, it isn't free.
- Protected titles. "Financial adviser", "financial planner", and "bank" are restricted. You're a broker, so say broker.
And one that isn't a word: only show lender logos you're allowed to use.
The quick self-check
Run your own site against this. Tick all of it and you're in good shape, then confirm anything you're unsure of with your compliance support.
- Privacy policy, terms, and complaints pages: each on its own link in the footer
- Overseas note in your privacy policy: naming the United States, if you run Google Analytics or a US-hosted tool
- Footer with your credentials: credit authorisation, ABN, AFCA, and your MFAA or FBAA membership
- A caveat next to every number: repayments, borrowing figures, examples, and inside calculator outputs
- Comparison rate next to any advertised rate: with equal prominence, not buried
- A collection notice on every form: plus short first-touch fields, no income or date of birth up front
- Cookie consent that holds tracking: until the visitor agrees
- Testimonials genuine, attributed, no promised outcomes: and dated where you can
- No restricted words: no "independent", "guaranteed", "best or lowest rate", or protected titles
- Only lender logos you can use: and real photos of you and your team, never stock
Want a second set of eyes
The short version
Three pages, a few honest disclosures, and a short list of words to avoid. Good compliance isn't about burying the page in fine print. It's about making every claim one you'd happily stand behind, and putting the caveat where the reader actually is. Then let your compliance support confirm the details for your situation.
We build this in from day one on every broker site we make, so it's handled rather than retrofitted. If that's useful, see how we build, or book a call.
General information only, current as at June 2026. It isn't legal or compliance advice, and what applies to you depends on your credit authorisation, your aggregator, and your circumstances. Always confirm with your licensee or compliance support before relying on it.
Common questions
Where do broker website compliance rules actually come from?
From several places at once: credit law (the NCCP), ASIC's advertising guidance, AFCA for complaints, the Privacy Act, and your industry body (MFAA or FBAA), which add their own guidelines on top. Your licensee, aggregator or compliance support will tell you exactly how each applies to your situation, so confirm the specifics with them.
What words should a broker avoid on their website?
Be careful with 'independent', 'impartial' or 'unbiased' (off the table unless you take no commissions, which almost no broker can say), 'guaranteed' approval or outcomes, 'best' or 'lowest' rate, and 'free' where a condition applies. Protected titles like 'financial adviser', 'financial planner' and 'bank' are restricted too. The safest framing describes what you do, not what the lender will decide.
Do I need a disclaimer on a borrowing or repayment calculator?
It's standard practice. Any calculator or numerical example usually carries an 'estimate only, subject to lender criteria and a full assessment, not a credit offer' style line, kept close to the figure. Where you show a rate, the comparison rate generally sits right next to it with equal prominence. Confirm the exact wording with your compliance support.
Does the Best Interests Duty need to be on my website?
The Best Interests Duty is mainly about the credit assistance and advice you give, not a line on a web page. Many brokers still acknowledge it on their site because it reassures clients. If you reference it, use your industry body's pre-approved wording, and check with your compliance support on how to present it.
What pages should a broker website have?
Most broker sites have three, each linked from the footer: a privacy policy, a terms of use page, and a complaints page. A privacy policy matters most if you collect any information at all. Your licensee or compliance support will confirm exactly what you need for your situation.