APP 1.7 in force since 10 June 2025 OAIC enforcement begins 10 Dec 2026223 days away Penalties up to $2.5M for small firms — not just ASX companies Xero auto-categorisation triggers APP 1.7 disclosure obligations PI insurance may not cover ungoverned AI use OAIC reviewed 23 organisations in Jan 2026 — not one was compliant Scorecard delivered in 48 hours · Fixed fee · $497 credited to full assessment APP 1.7 in force since 10 June 2025 OAIC enforcement begins 10 Dec 2026223 days away Penalties up to $2.5M for small firms — not just ASX companies Xero auto-categorisation triggers APP 1.7 disclosure obligations PI insurance may not cover ungoverned AI use OAIC reviewed 23 organisations in Jan 2026 — not one was compliant Scorecard delivered in 48 hours · Fixed fee · $497 credited to full assessment
For CPA and CA ANZ registered practices

You enrolled with AUSTRAC.
Nobody told you that made your
Xero a compliance risk.

Your firm already runs on Xero. Your juniors are already using ChatGPT. Your AUSTRAC enrolment already made you an APP entity. You need to know exactly what your exposure is — and what it costs if you ignore it.

Your PI insurer will ask about this at renewal. The Scorecard is the document you attach.

Get the document I attach to my PI renewal — $497 →

A signed PDF report with your specific penalty exposure figure, every AI tool in your practice mapped against APP 1.7, and a prioritised list of exactly what to do next.

Fixed fee. No retainer. No billable hours.
01 — The trigger

AUSTRAC enrolment made you an APP entity

That obligation is automatic and immediate. Most practices were never told a privacy compliance chain existed behind their enrolment.

02 — The exposure

Your PI insurance may not cover undisclosed AI use

Xero, MYOB, and your staff's ChatGPT use can void a claim if none of it was inventoried, disclosed, or governed at the time of the engagement.

03 — The fix

A scorecard tells you exactly where you stand

Your personalised exposure score, your realistic penalty figure, and a minimum-action roadmap. $497. Delivered in 48 hours by a compliance practitioner.

Your PI renewal

Your PI renewal is coming.
Here is all you need.

Your AUSTRAC enrolment made you an APP entity under the Privacy Act. That means every AI tool in your practice — Xero, ChatGPT, MYOB — must be disclosed and governed. Most practices don't know this. Now you do.

Your PI renewal form will ask about AI tools. You use Xero. The answer is Yes — and they will want documentation.

But before you can answer your broker, you need to know your own position. Which of your tools are triggering obligations. What your actual exposure is. What documentation looks like for a practice your size.

That is what the Scorecard tells you. $497. 48 hours. Ready to file. Ready to show your broker.

You tick Yes. You attach this. Renewal proceeds.

The regulatory blindside

You are not running nine AI systems. You are running Xero.

When your practice enrolled with AUSTRAC, it automatically became an APP entity under the Privacy Act 1988. That triggered mandatory APP 1.7 compliance — a requirement to document every system that uses AI to process client personal information.

Nobody from AUSTRAC, CPA Australia, or CA ANZ sent a circular about this. You just became responsible.

The tools you use every day — Xero, MYOB, and your junior's ChatGPT tab — already trigger these obligations. Without a governance record, you are exposed right now.

"If you had told me that merely using Xero puts my practice in breach of APP 1.7, you would have had my undivided attention."

Practice principal, 8-person accounting firm, Sydney
AI tools active in your practice Disclosure required
XRO
Xero
Auto-categorises transactions using ML
UNDISCLOSED
APP 1.7 breach
GPT
ChatGPT (staff use)
Correspondence, drafting, research
UNGOVERNED
PI risk
MYOB
MYOB (client systems)
Predictive invoicing, smart matching
REVIEW
Disclosure likely
M365
Microsoft 365 Copilot
Monitor — not yet rolled out in most practices
NOT ACTIVE
Monitor
Each row is a separate disclosure obligation under APP 1.7. The Scorecard maps exactly which ones apply to your practice.
0/23
Organisations compliant in the OAIC's January 2026 sample audit. Not one.
$2.5M
Maximum penalty for small firms — not just ASX companies
223 days
Until OAIC enforcement begins 10 December 2026
$497
Fixed fee. Fully credited if you proceed to the full governance record
One product. One job.

Know exactly where you stand.
Know exactly what to do.

Delivered as a completed PDF assessment — not a template, not a form for you to fill in.

Risk Exposure Scorecard Delivered in 48 hours · Fixed fee
$497
Fixed fee · inc. GST
Risk Exposure Scorecard
Delivered by Rae Dev — 18 years in Australian financial services and professional services compliance
What you receive

Answer 12 questions about your practice. Attesta maps every AI obligation triggered by your AUSTRAC enrolment, scores your exposure across 10 legal dimensions, and delivers a completed PDF assessment — written by a practitioner, with their name on it. It is not a template. It is not a form to fill in. It is a document about your practice, ready to file.

Your PDF assessment contains

APP 1.7 Exposure Score — your specific risk percentage across all 10 legal dimensions

Your Penalty Exposure Figure — not a generic $50M. A $6M firm faces $1.8M. A $10M firm: $3M. Your number.

PI Insurance Gap Flag — the specific exclusion risks your insurer will ask about at renewal

CPA / CA ANZ Readiness — what your professional body would ask for if they knocked tomorrow

Prioritised Remediation Roadmap — the minimum you need to do, in order

Completed PDF Report — file it, send it to your insurer, show it to your professional body

$497 fully credited if you proceed to the Full Governance Record ($2,497 total) — where Rae delivers all five compliance documents for your practice within 48 hours.
Get the document I attach at renewal — $497 →

A signed PDF report — your specific penalty figure, every AI tool mapped against APP 1.7, and a prioritised remediation roadmap. Delivered by Rae Dev within 48 hours of your intake.

Who delivers your assessment
R
Rae Dev
Compliance Lead · Attesta
18 years as a compliance practitioner inside Australian financial services and professional services firms. Rae personally delivers every Attesta assessment. Her name is on every report. Not a template engine — a practitioner.
The document you need

Your PI renewal is coming.
Your broker will ask.
You attach this.

$497. Fixed fee. 48-hour delivery. A completed PDF assessment with Rae Dev's name on it — ready to file in your practice records and show your insurer.

Get the document I attach at renewal — $497 →
Fixed fee · $497 inc. GST Delivered in 48 hours $497 credited to Full Assessment Attesta delivers documents. This is not legal advice.