Capital Guardians has implemented banking-grade security to protect it users and assets.

Bank grade, security steps voluntarily taken on include:

ISO 27001 ISMS (Cybersecurity Framework)
Australian Financial Services Licence # 446920
The Australian Financial Complaints Authority (AFCA)
Information Technology
Regular Audit
Lockouts and timeouts
Two-factor authentication (2FA)
Public Indemnity

ISO 27001 Information Security Management System (ISO 27001)

ISO 27001 Cybersecurity Certified Icon



Click the image above
to view our ISO 27001 certificate

ISO 27001 is the international standard for best-practice information security management systems (ISMS). It is a rigorous and comprehensive specification for protecting and preserving information under the principles of confidentiality, integrity, and availability.

The Standard offers a set of best-practice controls that must be applied to an organisation based on the risks faced and implemented in a structured manner to achieve externally assessed and certified compliance.

Australian Financial Services Licence (“AFSL”)

An AFSL is a licence for businesses involved in the provision of financial services. It is issued by the Australian Securities and Investments Commission (“ASIC”) as required by the Corporations Act (2001). ASIC has responsibility for market integrity and consumer protection and the regulation of investment banks and finance companies.

The Corporations Act provides for a uniform approach to the regulation of financial services through a uniform licensing and disclosure regime. The general regulatory position is that a person carrying on a financial services business in Australia must either hold an AFSL issued to that person by ASIC or fall within a licensing exemption. Holding an AFSL demonstrates that Capital Guardians has met or exceeded the qualification and competency standards necessary to hold such a license.

The regulated financial services for which an Australian financial service license is required are:

  • dealing in a financial product;
  • the provision of advice;
  • making a market for a financial product;
  • operating a registered managed investment scheme;
  • providing a custodial or depository service in respect of financial products.

Once granted an AFSL, there are conditions that set obligations under the Corporations Act, its Regulations, ASIC’s regulatory guides and industry best practice.

These conditions include:

  • Compliance with licence conditions;
  • Outsourcing arrangements;
  • Compliance arrangements;
  • Risk management;
  • Responsible managers;
  • Appointing, supervising and training representatives;
  • Giving advice;
  • IT resources;
  • Human resources;
  • Dispute resolution procedures;
  • Conflicts of interest;
  • Breach reporting;
  • Promotional material; and
  • Insurance (public liability and fidelity)

As an AFSL holder, Capital Guardians is subject to both financial and compliance audits annually to ensure continuing compliance to all licence conditions. Companies or individuals not holding an AFSL in their own right are not subject to the same scrutiny by ASIC and thus may not meet educational, financial or general competency standards necessary to legally provide financial advice in Australia. This includes Authorised Representatives and or Proper Authority holders who do not hold an ASFL in their own right. Anyone found to be giving managing without the proper licence to do so may be acting illegally. Capital Guardians operates under AFSL 504332.

The Australian Financial Complaints Authority (AFCA)

Capital Guardians is a member of the AFCA along with institutions including banks, credit unions and building societies (Member 33719). The AFCA provides specialised services in dispute resolution, systemic issues management and code monitoring. The AFCA external dispute resolution scheme is a free, fair and accessible services to consumers (including some small businesses) who are unable to resolve disputes with financial services providers that are members of the AFCA.

AFCA is funded by its members, which are financial services providers that have chosen us as their external dispute resolution scheme.

The AFCA home page provides a list of AFCA members, including Capital Guardians.

Financial Ombudsman Service
Phone: 1800 931 678
Postal: GPO Box 3, Melbourne, Victoria 3001

Information Technology

Capital Guardians benefits from world-class IT infrastructure provided by AWS (Amazon). We have implemented robust firewalls and anti-virus applications, which put strong safeguards in place so that all data is stored in highly secure AWS data centres. We also conduct hourly backups to a geographically different location so that clients’ data will never be lost.


Capital Guardians provides real-time expenditure reviews across all platforms. Account holders and guardians obligations only reflect fully delivered service and products from their chosen vendors. Failure of fully delivered service or products can take a dispute process, however, never used considering the strong relationship with vendors to care organisations in ensuring every account holder is happy.

The applications have restrictions on “authorised” vendors and their limits by approved representatives, either care organisation or individual representative. If monitoring detects any irregular activities. If a suspicious transaction is identified, our fraud specialists will call the client to verify it.

Regular Audit

In addition to financial audits with Nexia Australia, and ISO 27001 Audits by Global Compliance Certification Pty Ltd, Capital Guardians performs monthly penetration tests on its systems.

We have a contract with a leading penetration testing security firm to verify the security of our systems including reviews of system architecture, firewall configurations and web application security that pushes the limits of the web services access resulting in enhanced robustness of online applications.

The findings from the monthly penetration testing are then independently reviewed by weekly management meeting with a dedicated security organisation who oversees and implements security updates, independent of business demands outside security and the organisation’s day to day development team.

Lockouts and timeouts

Capital Guardians adopts lockouts and timeouts rules. A client’s account will be temporarily locked after a number of unsuccessful login attempts. Capital Guardians will also log clients out if they stop using online applications.

Two-factor authentication (2FA)

Two-factor authentication is an extra layer of security for logging in and designed to make sure that you’re the only one who can access your services — even if someone else knows your password.

2FA is compulsory for some types of Capital Guardians access, and maybe turned on for any user, at their request or the request of organisations licencing Capital Guardians.

If 2FA is turned on, when a user signs in with your email for the first time on a new device or on the web, you need both your password and the six-digit verification code that’s automatically displayed on their trusted device’s Google Authenticator App.


Capital Guardians implements advanced encryption. All data sent and received from clients to Capital Guardians’ secure systems is encrypted using 256-bit SSL encryption technology to ensure confidentiality.

Public Indemnity

Capital Guardians has professional indemnity (“PI”) insurance at levels far exceeding the value of money held. The insurance is provided by APRA approved insurer W.R.Berkley, covering Public Liability and Fidelity cover.

Amongst other things, the cover provided by this policy extends to any claim brought about, or contributed to, by the dishonest, fraudulent, criminal or malicious act or omission of a director or principal of the insured, or any person at any time employed by the insured.

Skip to content