I contacted ASIC support with a specific question: does ASIC have guidance for AFSL licensees on how to monitor or respond to AI-generated misrepresentations of their credentials? The reply directed me to the misconduct reporting portal, told me to go through the hundreds of regulatory guides they currently have and seek professional advice:

So I did (except the professional advice part). And we also ran the numbers ourselves through a hallucination audit. What we found explains exactly why there's no guidance yet, and why that matters right now.

LogitRank tested 1,612 ASIC-registered Victorian firms across five AI platforms (OpenAI, Gemini, Perplexity, Google, Copilot) between March and April 2026. When each platform was asked whether a named, location-specific firm held a valid ASIC registration, 33.1% of firms — 533 of 1,612 — had at least one platform tell the user they were not registered with ASIC. Every single firm holds a current, verifiable AFSL licence. Google failed to confirm ASIC registration 46.0% of the time. Gemini returned a fabricated, plausible-but-wrong AFSL licence number in 15.6% of direct number queries — roughly 1 in 6. Across all five platforms, 553 wrong AFSL numbers were generated in response to direct licence queries. These are specific and confident, but ultimately wrong numbers.

What to do right now: Ask Google AI, Gemini, and ChatGPT: "What is the AFSL licence number for [your firm name]?" and "Is [your firm name] in [your suburb] registered with ASIC as an Australian Financial Services Licensee?" Screenshot each response. Compare against your actual ASIC register entry. The test takes under five minutes and will tell you exactly where you stand.

Source: LogitRank AFSL AI Audit, March–April 2026 (1,612 Victorian AFSL-licensed firms, 5 platforms, 16,120 records). Firm list sourced from ASIC AFS Licensees dataset, data.gov.au (export dated 2 April 2026, Victorian subset), licensed CC BY 3.0 AU.

I also did an automated search across 1,856 ASIC regulatory documents from the ASIC website. It reveals that ASIC's AI regulatory posture covers exactly two scenarios. First: AI used by licensees in their own business — REP 798 (October 2024) reviewed how 23 AFS and credit licensees are adopting AI and warned that governance practices are lagging adoption. Second: AI used by scammers against consumers — a media release from 8 April 2026 confirmed ASIC removed 11,964 phishing and investment scam websites in 2025 (a 90% increase on the prior year), with scam tactics including operators falsely claiming to be certified and licensed by ASIC. What exists for neither category: guidance covering what happens when a legitimate AI platform returns incorrect information about a real, licensed firm's credentials. That is a third category. ASIC's Key Issues Outlook 2026 names regulatory gaps related to users of AI as one of its key issues for the year. Specific guidance for this scenario — what a licensee should do when an AI platform misrepresents their credentials without any action by the firm — does not yet exist.

Note: If there’s anything I missed, please let me know.

What to do this week: Three checks, in order. First: go to google.com/alerts and create alerts for your firm name in quotes and your AFSL number separately. Set the “How many” option to "All results," delivered as-it-happens. This is free, takes two minutes, and means you'll know the moment new content mentioning your firm appears anywhere online. Second: search ASIC's media releases at asic.gov.au/news-centre/find-a-media-release for your firm name. If ASIC has issued any enforcement action or scam warning naming your practice, it will appear there. Third: search your firm name and AFSL number on Facebook and Instagram. Most AI-enabled investment fraud campaigns run through social media, not formal registries. If you find impersonation, report to Scamwatch and call ASIC on 1300 300 630.

Source: ASIC REP 798 — Beware the gap (October 2024); ASIC 26-063MR (8 April 2026); ASIC Key Issues Outlook 2026

In November 2025, ASIC announced a review of Regulatory Guide 234, the primary instrument governing financial services advertising, first issued in 2012, before AI search existed. The timing is not coincidental. ASIC's own research published in March 2026 found that 18% of Gen Z respondents (aged 18–28) use AI platforms for financial information. According to AdviserVoice's analysis of the consultation, the definition of "advertising" under RG 234 is broader than most advisers realise, covering not just paid placements but any communication that represents financial products or services to consumers in order to influence their behaviour, including websites, social media posts, and seminars. In its submission to the consultation, ASFA called for guidance on search engines, social media, streaming, podcasts, and influencer-distributed content, signalling that industry is already flagging AI search as the gap ASIC hasn't yet addressed. According to AdviserVoice, RG 234's core test is whether a communication creates a "misleading overall impression." If 18% of your prospective clients are using AI to research your credentials and AI is returning wrong information, the question of who is responsible for that impression is currently unresolved. The regulatory direction, however, is clear.

What to do this week: Open your website's "About" or "Services" page and read it through RG 234's core test: does it accurately represent your authorised service types, your AFSL number, and the nature of advice you provide? These pages are the primary sources AI draws from when describing your practice. Any inaccuracy or ambiguity there becomes an AI accuracy problem downstream and under the updated RG 234, a potential compliance exposure.

Source: AdviserVoice — CPD: ASIC's RG 234 Review (1 April 2026); ASIC 26-049MR — Gen Z Financial Behaviours Report (16 March 2026)

The mechanism behind the errors in our audit isn't random. AI platforms synthesise from the highest-volume signals they find. Search Engine Land puts it plainly: "The most accurate claim doesn't rise to the top. The most repeated claim does." If an outdated directory listing, a stale LinkedIn profile, or a forum post from years ago has more instances than your current ASIC register entry, it shapes what AI returns about your practice. This is why filing a misconduct report doesn't fix the problem: it doesn't touch the underlying signals. The ASIC register is accurate, but the AI is not reading it. Entity signals (schema-marked AFSL numbers, NAP consistency, Wikidata entries, structured directory presence) are the only category of correction that works at the source and requires no client endorsements of any kind.

What to do this week: Search your firm name on site:reddit.com and on ProductReview.com.au. If anything surfaces, even from years ago, note what it says about your credentials. High-interaction old content outweighs correct new content in AI ranking. Then open your Google Business Profile and add your AFSL number and one sentence describing your authorised service types to the business description field.

Source: Search Engine Land

ASIC's Key Issues Outlook 2026 names the gap explicitly: regulatory gaps related to users of AI. But naming a gap isn't the same as closing it. RG 234 is being updated to reflect the digital reality. The enforcement is ramping up on scammers. The governance guidance for AI adoption is in place. The one scenario with no framework is the one that's happening right now: a prospective client using AI to verify your credentials and getting the wrong answer. The only available response is building entity signals accurate enough that AI platforms don't have to guess.