ASIC Compliance for Performance Marketing — Operator's Handbook

Most performance marketers treat compliance as friction. ASIC treats your advertising as evidence. Both are correct. This brief is the practitioner's handbook to the second view — what your paid-acquisition stack must look like when ASIC, AFCA or an internal compliance committee opens a file. It is not legal advice.

The four documents that govern your ad copy

• ASIC Regulatory Guide 234 (Advertising financial products and advice services): the core ad copy rule book. Sets the standard for "clear, balanced and accurate".
• ASIC Regulatory Guide 158 (Marketing managed investments): applies whenever a managed scheme is involved — including most platform-style products.
• The Australian Consumer Law (ACL), s18: misleading or deceptive conduct in trade or commerce. Strict liability — intent doesn't save you.
• Your AFSL holder's compliance manual: often more conservative than ASIC's baseline, and the manual you will actually be measured against.

What this means for paid social

Meta and Google already restrict financial-services advertising under their own policies, but platform approval is not regulatory approval. If a Meta ad is approved by Meta but breaches RG 234, you have a problem. The platform's job is brand safety; your job is statutory compliance.

The most common breaches we see in AU paid-social campaigns:

• Past performance presented as a forecast. "Returned 12% last year" used in a forward-looking context is a breach.
• Risk warnings legible only on hover. RG 234 expects warnings to be as prominent as the claim. Mobile creative often fails this test.
• "Free" or "guaranteed" used loosely. Both words have specific regulatory meaning when paired with a financial product.
• Influencer / partnership disclosures absent. Even an unpaid mention by a public figure can drag the AFSL holder into a finfluencer review.

What this means for landing pages

Treat the landing page as part of the ad — because regulators do. Three operational rules we apply to every regulated landing page we build:

• Risk warnings appear above the form. Not in the footer. Not behind a tab.
• Target Market Determinations (TMDs) are linked from the page. One click, not three.
• The data capture flow honours the consent it claimed. If the form said "we'll only use this to follow up", that limit must be enforced in the CRM, not just on the page.

What this means for retargeting

Retargeting is the single largest blind spot. A user who abandoned a wealth application is being shown ads tuned to their funnel position — and those ads can drift away from the original TMD. The compliance-clean way to retarget regulated audiences: keep the same approval gate as the original creative, do not "personalise" toward the abandoned product, and exclude retargeting cohorts from any creative that has not been pre-cleared.

Operator's checklist

If you can answer "yes" to all of these, you are in defensible shape:

• Every live creative has a sign-off audit trail tied to a named compliance reviewer.
• Every landing page links to the TMD and product disclosure documents above the fold.
• Retargeting audiences inherit the approval status of the originating cohort.
• You can produce, on 24-hour notice, every variant served in the last 90 days.
• Creative iteration cadence does not outrun your compliance review SLA.

This brief is general information, not legal or compliance advice. Speak to your AFSL holder's compliance team or an Australian financial services lawyer before relying on any of the above for a live campaign.