Hacking financial regulation for community mutual aid

Can AI agents make APRA compliance affordable for 50 friends with a spreadsheet?

2026-03-08

cooperation
economics
faster pussycat
incentive mechanisms
institutions
markets
money
straya
wonk
Figure 1

This is a companion to Who wants to found a friendly society?, where I sketch out the pitch for a neo-friendly society—a small mutual that invests in counter-cyclical assets as a hedge against state weakness. That post is the why. This one is the how, or more honestly, the can we?

The question: if a group of 50 people wanted to pool money, invest it in ETFs and catastrophe bonds, and provide mutual aid to members in hard times—what legal structure would they use in Australia, and could AI agents compress the compliance costs enough to make it viable?

I set Claude to work researching this. It is a start. I have stopped here, with some directions for further research, and one worked-out war-game scenario where we go maximally ambitious.

1 What are we in Australian law?

This is the hard part. There are several possible legal structures, each with different trade-offs. I’ll try to sketch the landscape; this is emphatically not legal advice.

1.1 Option 1: APRA-registered friendly society

The purest path. In Australia, friendly societies are regulated under the Life Insurance Act 1995 by APRA. They operate using a “benefit fund” structure—members’ contributions go into a fund that provides defined benefits.

The problems are severe for a small group:

  • You must be a corporation (APRA can’t register partnerships or unincorporated entities).
  • Even using the words “friendly society” in relation to a financial business requires APRA consent under s16E of the Life Insurance Act.
  • The Financial Accountability Regime (FAR), which applies from March 2025, adds accountability, key personnel, and deferred remuneration obligations.
  • APRA compliance is designed for institutions with millions in assets and dedicated compliance teams. It is spectacularly inappropriate for 30 friends with a spreadsheet.

Verdict: Almost certainly not the right path for a small start-up mutual. But worth understanding, because the war-gaming section below asks: what if we tried anyway?

1.2 Option 2: Cooperative under Co-operatives National Law

Australia has harmonised Co-operatives National Law (CNL), adopted by all states and territories between 2012 and 2020. About 1,400 of Australia’s ~1,800 co-ops and mutuals are registered under CNL.

A co-op could collect member contributions and invest them, potentially through a managed fund or ETFs. The Business Council of Co-operatives and Mutuals (BCCM) is a good resource here.

Key features:

  • Democratic governance (one member, one vote) is built in—though notably the CNL is flexible about how that vote is conducted. The model rules are not compulsory; your co-op’s rules could specify preferential voting, STV, approval voting for board elections, or even sortition for committees and advisory panels. You can’t replace the statutory board election with pure sortition, but there’s wide scope for experimental governance below that level.
  • The Treasury Laws Amendment (Mutual Reforms) Act 2019 introduced Mutual Capital Instruments (MCIs) — a bespoke share class for mutual entities that lets them raise capital without demutualising. MCIs require the entity to be a public company, though, so this is more relevant if the model scales up.
  • Registration is with the state Registrar of Co-operatives; costs and complexity are much lower than APRA.

Catch: If the co-op pools member funds for investment, it might constitute a managed investment scheme under the Corporations Act. That triggers ASIC regulation—the responsible entity must be an Australian public company holding an AFSL. Heavy.

1.3 Option 3: Small-scale unregistered managed investment scheme

Here’s where it gets interesting for small groups. ASIC’s rules have a “20/12 rule”: a managed investment scheme doesn’t need to be registered if it has 20 or fewer members (in any 12-month period) and raises no more than $2 million. Alternatively, schemes open only to wholesale clients are exempt from registration.

An unregistered scheme still needs an operator with an AFS licence, generally. But the compliance burden is dramatically lower than a registered scheme. For a group of, say, 20 friends each contributing $200/month into a shared portfolio of ETFs, this might be workable.

This is probably the most promising path for the investment function specifically. But it caps group size at 20, which is tight.

Research direction: How do the wholesale client tests work in practice for this kind of structure? The Law Council of Australia has submissions on reforming wholesale investor tests. Could members qualify as wholesale clients if they individually meet the net assets or income tests?

1.4 Option 4: Incorporated association + individual investments

The lightest-touch option: form an incorporated association under state law to handle governance, meetings, and collective bargaining (e.g. negotiating group rates on health insurance), but don’t pool investment funds directly. Instead, members invest individually in agreed-upon ETFs or funds, with the association providing education, coordination, and mutual support.

The catch is that incorporated associations must be not-for-profit—members can’t receive financial gain from the association’s activities. So the investment coordination would need to be clearly ancillary to the association’s mutual-aid purpose, and actual investment returns would flow to members individually, not through the association.

1.5 Option 5: The Broodfonds dodge—gifts, not insurance

The Dutch Broodfonds model cleverly avoids insurance regulation by structuring payouts as gifts between individuals, not as insurance benefits from a fund. Each member has their own dedicated account; when someone gets sick, other members voluntarily transfer money to them.

In Australia, the tax treatment of gifts between individuals is generally favourable (gifts are not income to the recipient unless they’re from an employer or business). But whether APRA or ASIC would accept this framing for a scheme that looks like mutual insurance is an open question. The ATO might also have views.

Research direction: Has anyone tested a Broodfonds-style gift structure against Australian financial services law? What are the ATO implications of regular “gifts” between members of a structured group?

1.6 Summary table

Structure Regulator Min. complexity Can pool investments? Can provide benefits?
APRA friendly society APRA Extreme Yes (benefit funds) Yes (life insurance)
Co-operative (CNL) State registrar Moderate Maybe (MIS risk) Limited
Unregistered MIS (≤20 members) ASIC (light) Moderate Yes Via returns
Incorporated association State Low No (not-for-profit) Mutual aid only
Gift-based (Broodfonds) Unclear Low No Gifts between members

1.7 Hybrid structures

There’s a possible hybrid model worth considering: a cooperative or association handles governance and collective bargaining, while a separate (or connected) unit trust or managed fund handles the investment side. This adds complexity but might give the best of both worlds—democratic mutual-aid governance on top, proper investment infrastructure underneath.

The Mutual Capital Instruments framework from the 2019 reforms is interesting here—it was designed to let mutuals raise external capital. Could it be repurposed for a small mutual wanting to invest member contributions? Unclear, but worth investigating.

2 War-gaming maximum ambition: the APRA path

OK. Let’s stop being sensible for a moment and ask: what if we went all the way? Not “pick the lightest-touch legal structure and hope nobody notices” but “actually register as a proper APRA-regulated friendly society and use AI to make the compliance affordable.” This is the maximally ambitious version. Let’s war-game it.

2.1 The compliance bill, itemised

Here’s what APRA demands of a friendly society, and roughly what it costs if you’re doing it the traditional way. These numbers are rough estimates assembled from publicly-available information on APRA levies, actuarial consulting market rates, and audit fees for small financial institutions. I would love to hear corrections from people with direct experience.

Requirement Traditional cost (annual est.) What it actually involves
APRA supervisory levy ~$22,500 minimum Non-negotiable. This is the floor; paused from increasing in 2024–26 but still brutal for a small org.
Appointed Actuary $30,000–80,000 CPS 320 requires one. Must be FIAA-qualified. Prepares the annual Financial Condition Report. Actuarial consulting runs $200–600/hr; even a minimal engagement is expensive.
Risk Management Framework $10,000–30,000 CPS 220 requires a documented framework, board-approved risk appetite statement, annual review. Usually outsourced to consultants.
Financial Accountability Regime $5,000–15,000 From March 2025: accountability maps, key personnel registration, deferred remuneration arrangements.
Regulatory returns & reporting $10,000–20,000 Quarterly and annual returns to APRA. Financial statements. Benefit fund reporting under LPS 700.
Audit $15,000–30,000 Annual statutory audit by a registered company auditor.
Legal & governance $10,000–20,000 Constitution drafting, board minutes, member communications, AGM, compliance monitoring.
Total traditional ~$100,000–215,000/year

For a group of 50 members each contributing $200/month, that’s $120,000/year in contributions—almost entirely eaten by compliance. This is why nobody does this at small scale. The compliance cost is the moat that keeps friendly societies institutional.

2.2 The AI compression thesis

The question is: how much of that $100k–215k can AI agents compress to near-zero?

I’m going to sort APRA’s requirements into three tiers by how compressible they are with current (early 2026) AI capabilities.

2.2.1 Tier 1: Highly compressible (AI does 80–95% of the work)

Governance documentation. Meeting minutes, board papers, risk appetite statements, compliance policies, member communications. This is where current LLMs already shine. An AI agent can draft board papers from a structured agenda, generate minutes from a recording, maintain a living compliance manual that updates when regulations change, and produce member communications. The human role shrinks to: review, approve, sign. Estimated cost with AI: a few hundred dollars in API costs plus a couple of hours of human review per month. Traditional cost saved: ~$10k–20k.

Regulatory returns and reporting. APRA’s reporting forms (LRF 100 through LRF 800 series) are structured data submissions. An AI agent connected to the fund’s accounting system could generate these automatically, flag anomalies, and prepare them for human sign-off. The XBRL/XML submission formats are well-documented. Estimated cost with AI: mostly engineering time to build the pipeline once, then near-zero marginal cost. Traditional cost saved: ~$10k–20k.

Risk Management Framework. CPS 220 requires documentation, not headcount. An AI agent can maintain the framework document, update it when APRA issues new guidance, run scenario analyses on the fund’s (tiny, simple) portfolio, and generate the annual board risk report. The substance of risk management for a small, simple fund—50 members, index ETFs, maybe a catastrophe bond allocation, no exotic instruments—is genuinely not complex. It’s the documentation overhead that kills you. Traditional cost saved: ~$10k–30k.

FAR compliance. Accountability maps and key personnel documentation are essentially structured data problems. An AI agent can maintain the accountability map, track personnel changes, generate the required notifications to APRA. Traditional cost saved: ~$5k–15k.

2.2.2 Tier 2: Partially compressible (AI does 40–60%, human expert still needed)

Actuarial work. This is the hard one. APRA requires an Appointed Actuary who is a Fellow of the Actuaries Institute. You cannot replace this person with an AI—they must be a named, qualified individual who takes personal responsibility.

But you can radically reduce their billable hours. The Financial Condition Report for a simple friendly society (one benefit fund, index ETF investments, 50 members) is a constrained problem. An AI agent could prepare the entire draft FCR with all quantitative analysis done, run the liability projections, stress tests, and sensitivity analyses, produce the tables and charts, and draft the narrative sections. The Appointed Actuary then reviews, adjusts, and signs. Instead of 80–120 hours of actuarial time, maybe 10–20 hours of review. At $400/hr, that’s $4k–8k instead of $30k–80k.

Audit. You still need a registered company auditor. But AI can prepare audit-ready financials, reconciliations, supporting schedules, and a complete audit file. If the auditor’s engagement is “review a clean, well-documented set of books” rather than “reconstruct what happened from a box of receipts,” the hours drop dramatically. Maybe $8k–12k instead of $15k–30k.

2.2.3 Tier 3: Incompressible

APRA supervisory levy: ~$22,500. You pay this. There’s no way around it. It’s calculated on assets with a minimum floor, and no amount of automation changes it.

The Appointed Actuary exists. Someone must hold this role. Even if their hours are minimal, they need professional indemnity insurance and will charge a retainer.

The auditor exists. Same logic.

ASIC fees. AFS licence application ($1,485), annual ASIC industry funding levy (variable but typically a few thousand), company registration and annual review fees.

2.3 The compressed budget

Requirement AI-compressed cost (annual est.) Notes
APRA supervisory levy $22,500 Fixed floor
Appointed Actuary (review only) $4,000–8,000 AI prepares everything, actuary reviews + signs
Risk Management Framework $500–1,000 AI-maintained, human review quarterly
FAR compliance $500–1,000 AI-maintained accountability maps
Regulatory returns $500–1,000 Automated pipeline, human sign-off
Audit (clean books) $8,000–12,000 AI-prepared audit file
Legal & governance $1,000–2,000 AI drafts, humans review
ASIC fees & levies $2,000–4,000 AFS licence costs, industry funding
AI infrastructure $2,000–5,000 API costs, hosting, tooling
Total compressed ~$41,000–56,000/year

That’s roughly half to a quarter of the traditional cost. For 50 members at $200/month ($120k/year income), you’d spend 35–45% on compliance, leaving $65k–80k for actual investment and mutual aid. Not great, but not impossible—especially if the point isn’t to maximise returns in good times but to have assets that hold value in bad times.

At 100 members, you’re at $240k/year income with the same ~$50k compliance cost—now it’s about 20%, which starts to look viable. At 200 members, the compliance cost is noise.

The $22,500 APRA levy is doing most of the damage at small scale. If a dozen neo-friendly-societies all registered and started lobbying for a proportionate micro-entity levy, that floor might eventually move. Unlikely, but stranger things have happened.

2.4 The shoestring team

Who do you actually need?

Paid roles (part-time/fractional):

  • Appointed Actuary (fractional, ~20–40 hrs/year): Reviews AI-generated FCR, signs off. You’d want someone sympathetic to the project—perhaps a recently-retired actuary, or one who works with multiple small funds. This is the hardest role to fill cheaply.
  • Auditor (engagement, ~40–60 hrs/year): Annual statutory audit. A smaller firm or sole practitioner who’s comfortable with well-automated books.
  • Responsible Manager (for AFS licence): ASIC requires at least one “responsible manager” with relevant qualifications and experience. This person oversees the financial services. Could be a member with the right background.

Volunteer/member roles (AI-assisted):

  • Treasurer/Secretary: Runs the AI compliance pipeline day-to-day. Reviews AI outputs before submission. Doesn’t need to be an accountant—needs to be detail-oriented and willing to learn. The AI does the technical work; this person does quality control.
  • Board (3–5 members): Meets quarterly. Reviews AI-prepared board papers. Makes actual decisions (investment policy, benefit design, member applications). Could be done in 2–3 hours per quarter if the papers are good.
  • Tech lead: Maintains the AI agent infrastructure. Keeps the regulatory reporting pipeline working. Updates the compliance system when APRA changes its standards. This is probably the most important volunteer role—the whole model depends on the automation working.

2.5 The AI stack

You’d build a system something like: accounting software (Xero or similar, ~$50/month) as the source of truth for financials, connected to an AI agent layer that:

  • Ingests APRA’s prudential standards and reporting requirements
  • Generates all compliance documentation
  • Prepares regulatory returns in the required XBRL/XML formats
  • Maintains the risk management framework as a living document
  • Drafts board papers and member communications
  • Monitors for regulatory changes (new APRA guidance, amended standards)
  • Alerts the human team when something needs attention or sign-off

This is a purpose-built system, not an off-the-shelf product. The RegTech industry has enterprise products that do pieces of this, but they’re priced for institutions. Our approach would be more DIY—AI coding agents building custom tools against one specific regulatory regime, iterated and debugged against real APRA requirements.

The upfront engineering investment is significant—maybe 200–400 hours to build the initial stack. But it only needs building once. Every subsequent friendly society that uses the same toolkit gets it for free (modulo customisation).

2.6 Why bother going full APRA?

Three reasons, given the framing from the parent post:

  1. Benefit funds. Only an APRA-registered friendly society can operate benefit funds that provide defined benefits to members—sickness, disability, death. This is the actual thing that makes it a crisis instrument rather than just an investment club. Without it, you can invest together, but you can’t promise members specific support when they need it.
  2. Trust and legitimacy. “We’re APRA-regulated” means something. Members can trust that there’s real prudential oversight. Potential partner organisations (health insurers, employers, other mutuals) take you seriously.
  3. The replication play. If you build the AI compliance stack for one friendly society and it works, you’ve built it for all of them. The marginal cost of spinning up society #2, #3, #N is dramatically lower. The compliance infrastructure becomes a platform. This is where the shoestring investment pays off—not within a single society, but across a network of many.

2.7 What could go wrong

Plenty. This is the “maximally ambitious” scenario, after all.

  • APRA might say no. They have discretion over licensing. A group of 50 friends proposing to run a friendly society on AI agents and vibes might not inspire confidence. You’d need a very good application and probably some pre-engagement with APRA to test the waters.
  • The actuary problem. Finding a qualified actuary willing to put their name on a tiny, AI-assisted fund for a modest fee is non-trivial. Professional indemnity insurance alone might make it uneconomic for them.
  • Regulatory change risk. APRA could tighten requirements in ways that break the automation. New reporting standards, new prudential rules, new interpretation of existing rules—all could spike costs unpredictably.
  • Single point of failure. If the tech lead burns out or the AI stack breaks, you’re suddenly trying to do manual compliance on a volunteer budget. This needs redundancy and good documentation.
  • The $22,500 problem. That minimum levy is the real killer. Until APRA introduces a genuinely proportionate levy for micro-entities (unlikely but not impossible, especially if there are enough of them lobbying for it), this floor sets a hard minimum on viable fund size.

2.8 The staged approach

Maybe you don’t start at APRA. Maybe the play is:

Year 0–1: Incorporate as an association or small co-op. Pool knowledge, not money. Build the AI compliance toolkit against APRA’s actual standards, as if you were regulated, but without the cost. Test it. Break it. Fix it. Invest in the counter-cyclical portfolio individually, coordinated by the association.

Year 1–2: Operate as an unregistered MIS (≤20 members, ≤$2M) to test the investment function with real money. Get real experience with ASIC’s lighter-touch regime. Keep building and refining the compliance stack.

Year 2–3: If the model works and membership demand is there, apply for APRA registration. By this point you have a working compliance system, a track record, audited financials, and a demonstrated member base. The application is much stronger than “we have an idea and some code.”

Year 3+: Publish the toolkit. Help others replicate. Lobby APRA for proportionate regulation of micro-friendly-societies.

This staged approach means you never spend money you don’t have, you build capability incrementally, and you only take on APRA’s compliance burden when you’re confident you can handle it. It also means the crisis-hedge portfolio is running from Year 1—the APRA registration is about adding the formal benefit structure on top, not about starting the investment.

3 What I still don’t know

  • Whether the Broodfonds gift-based model survives contact with Australian financial services law and ATO scrutiny.
  • The practical costs of running an unregistered MIS with ≤20 members—I have estimates above but no real-world data.
  • Whether any FIAA-qualified actuary would actually take on a tiny fund at the rates I’m projecting, or whether professional indemnity makes it uneconomic.
  • Whether APRA would even entertain a licence application from a micro-entity with this profile.
  • How to structure the investment function in a way that’s both legally sound and actually useful as a crisis hedge.
  • What existing Australian co-ops or mutuals are doing that’s close to this vision—and what we can learn from them.

If you know about any of this, I’d love to hear from you.