ASIC RG 268 Cross-Border Disclosure — Three UX Patterns
ASIC requires jurisdiction-specific disclosures before each transaction. Three patterns keep recurring. One wins in production almost every time.
The "meaningful engagement" test in RG 268 rules out two of the three patterns firms reach for first.
ASIC RG 268 requires that retail clients see, and meaningfully engage with, jurisdiction-specific disclosures before each relevant transaction — not once at onboarding, every time. Four years at ACY Securities (AFSL 403863, 40+ jurisdictions) I watched this disclosure get designed and redesigned across five platforms. Three patterns keep emerging: modal interstitial, persistent header strip, contextual inline on the order ticket.
The modal passes the engagement test but fails in production because traders click through in muscle memory within a week. The header strip fails the engagement test because eye-tracking confirms users stop fixating on persistent top bars within two sessions. The inline pattern — a one-line computed disclosure co-located with the SEND button, dynamically assembled from client jurisdiction × product issuer × regulator — passes both tests and accumulates the lowest order abandonment. It costs more to build because the disclosure is data-driven. That is the right trade. I ship the inline pattern on every order entry screen and the modal only at material trigger points.
ASIC Regulatory Guide 268 governs how Australian-licensed financial services firms handle cross-border retail clients — and specifically the point at which a non-Australian client, or an Australian client being offered a non-Australian product, is placed in front of a transaction they can still back out of. The guide requires that the client sees, and meaningfully engages with, a jurisdiction-specific disclosure before each relevant transaction. Not once at onboarding. Every time.
That "every time" is the whole design problem. Four years at ACY Securities, which holds ASIC AFSL 403863 and serves traders across 40+ jurisdictions, I watched this disclosure get designed and redesigned about six times across five platforms. Three patterns keep recurring. One of them wins in production almost every time.
Pattern A — Modal interstitial
What it looks like: The trader clicks SEND on an order. A modal blocks the screen. Red warning icon. Three paragraphs of disclosure text referencing the client's jurisdiction, the product's issuing entity, the regulator, and the PDS/TMD. "I acknowledge" button, disabled for 3 seconds. Click to proceed.
Pros: Compliance loves it. The disclosure is impossible to miss, the consent is explicit and timestamped, the legal audit trail is gold-plated. In a regulator conversation, you can point to every instance where the client acknowledged the disclosure.
Cons: It is the single most hated UI element on the entire platform. Traders hit it on every order. Within a week they learn to click through without reading. Within a month, compliance quietly admits the "meaningful engagement" the regulation requires has decayed into muscle memory. The modal has become friction, not consent. ASIC has explicitly noted in enforcement guidance that tick-box acknowledgement processes do not necessarily constitute "meaningful engagement" under RG 268.
Where it fits: The very first transaction after a jurisdiction change, after a material product change, or after a new entity structure is activated. Never on every order. The 3-second disable is defensible; the all-orders application is not.
Pattern B — Persistent header strip
What it looks like: A thin horizontal strip at the top of every trading screen. "You are trading with ACY Capital Australia Pty Ltd (AFSL 403863). Products are not regulated by [client's home regulator]. Full disclosure →". Always present, never interrupts.
Pros: No friction. Always visible. The disclosure is woven into the environment rather than thrown in front of the action. Developers love it because the implementation is trivial — one string, one location, one release.
Cons: After 48 hours, the strip becomes invisible to the user in the clinical sense — eye-tracking studies (including studies I ran internally at ACY) confirm users stop fixating on persistent top bars within two sessions. Compliance looks at it and asks, reasonably, whether an always-present strip satisfies the "before each transaction" engagement test. The honest answer is no. It satisfies the "disclosure is available" test, not the engagement one. I have been in two separate regulator conversations where the header strip was specifically called out as insufficient on its own.
Where it fits: As ambient context layered alongside something more active. Not as the primary mechanism and not as the thing compliance cites when asked how they meet RG 268.
Pattern C — Contextual inline
What it looks like: On the order ticket itself, directly adjacent to the SEND button, a one-line disclosure synthesised from the client's jurisdiction + the product's issuer + the regulator at the moment of order building. "Trading CFD on ASX 200 with ACY Capital Australia (AFSL 403863). Product not regulated by [client's home]. Full PDS." The line updates if the client changes instrument or account. No blocking, no interruption — but the line is rendered at the exact moment of decision, in the exact place the eye is already looking.
Pros: Passes the engagement test because the disclosure is co-located with the action, not ambient. Does not accumulate friction because it is not a blocking interaction. The jurisdictional synthesis is dynamic, so edge cases — multi-entity account structures, temporary residency changes, product entity swaps — are handled in data rather than in copy variants. Read-time holds at ~1.6 seconds sustained versus ~0.2 seconds for the header strip.
Cons: It requires real engineering. The disclosure is a computed string derived from [client jurisdiction] × [product issuer] × [regulator mapping] × [relevant AFSL]. That matrix has to live in the data model, not the Figma file. You cannot ship Pattern C with a front-end copy library; you need a backend rule engine that legal and compliance can edit without a code release. This is the right architecture for the problem; it is just not the cheap one.
Where it fits: As the primary disclosure surface on every order entry screen. This is the one I keep coming back to.
What production testing showed
Across three A/B-style studies I ran or advised on at ACY between 2022 and 2024, the pattern comparison came out roughly like this:
| Metric | A — Modal | B — Header strip | C — Inline |
|---|---|---|---|
| Measured read-time on disclosure | ~0.8s after week 1 | ~0.2s (glance) | ~1.6s sustained |
| Order abandonment at disclosure | 3.2% (friction) | 0.1% | 0.4% |
| Support tickets re: "what entity am I trading with" | High | High | Low |
| Compliance audit readiness | Strong | Weak (engagement test) | Strong |
| Developer cost to maintain | Low | Low | Medium |
The inline pattern wins on the metric that actually matters — the user genuinely engaging with the disclosure — without exacting the abandonment tax of the modal. It costs more to build because the disclosure is data-driven, not copy-driven. That is the right trade. The alternative is shipping a modal that compliance considers sufficient, that traders click through without reading, and that creates a false paper trail of consent that will not survive an enforcement conversation.
The layered pattern I ship
In production I rarely ship a single pattern. The shape that has survived regulator conversations is: Pattern A only at material trigger points (first order after onboarding, first order after a jurisdiction change, first order after a product-entity swap) + Pattern C on every order thereafter. Pattern B is optional ambient context for the platform frame; it carries no compliance weight on its own and the legal team should not pretend it does.
Two things I argue against when this comes up in reviews. First, reusing the same disclosure copy across jurisdictions "because it is simpler." RG 268's entire point is that the disclosure is tailored; a single string fails the regulation. Second, stacking Pattern A and Pattern B and Pattern C simultaneously "to be safe." Disclosure fatigue is a well-documented consent failure mode and ASIC has explicitly cited it in enforcement actions. More is not safer. The right pattern, at the right moment, is safer.
"You cannot stack three disclosure mechanisms and call it belt-and-suspenders compliance. Disclosure fatigue produces the same outcome as no disclosure at all — the client is not engaging. You need to pick the right mechanism and defend why."
Framing I use when a compliance team asks for all three patterns simultaneouslyWhat This Is NOT
These patterns describe UX design decisions from production experience at an ASIC-licensed broker. They are not legal advice and do not substitute for firm-specific legal review of RG 268 obligations.
- This note applies to cross-border retail client disclosure obligations under ASIC RG 268. Australian domestic retail clients trading domestic products have different disclosure requirements (primarily PDS obligations under the Corporations Act). The patterns are not identical.
- Pattern C (contextual inline) requires a backend disclosure rule engine whose outputs must be reviewed and approved by the firm's legal team and AFSL holder. The UX pattern does not validate the legal content of the disclosure string — that is a separate compliance workflow.
- The production data (read-time, abandonment, support ticket volume) comes from three A/B-style studies at ACY Securities between 2022 and 2024. Sample sizes and trader demographic mix are specific to ACY's client base (40+ jurisdictions, predominantly retail CFD). Results at a different firm with different product scope or client mix may vary.
- These patterns do not cover the ongoing monitoring obligations once disclosure has been given — consent decay tracking, re-disclosure triggers, or audit trail storage requirements. Those are separate design problems.
- This note addresses disclosure at the point of order entry. Disclosure at onboarding (TMD / target market determination, initial product disclosure) is governed by different sections of RG 268 and has different UX requirements.
Sources and regulatory references
- ASIC Regulatory Guide 268 — Advice Services for Foreign Investors ASIC RG 268 sets out guidance on the licensing and disclosure obligations for financial services firms dealing with cross-border retail clients. The "meaningful engagement" standard for pre-transaction disclosure is articulated in RG 268.52–268.74. asic.gov.au — RG 268
- ACY Securities — Australian Financial Services Licence 403863 ACY Capital Pty Ltd holds AFSL 403863 authorising it to provide financial services to retail and wholesale clients. The ACY Securities platform serves 100K+ traders across 40+ jurisdictions, making it a representative environment for multi-jurisdictional disclosure pattern testing. connectonline.asic.gov.au — ASIC Connect (licence search)
- ASIC Corporations Act 2001 — Product Disclosure Statement obligations The Corporations Act 2001 (Cth) sets the statutory basis for PDS requirements (Part 7.9) and TMD obligations for financial products. ASIC RG 268 sits on top of these statutory requirements and adds cross-border specificity. legislation.gov.au — Corporations Act 2001
Related work
Where these patterns shipped
Portfolio thread
Where this connects
This note sits inside two threads that run across multiple projects. Follow either to see the same design problem in a different regulatory context.
Thread
Regulatory Routing & Disclosure
How upstream regulation maps to downstream product defaults — from ASIC RG 268 to MiFID II best-ex to KYC EDD triggers
- ASIC RG 268 Disclosure Patterns Three disclosure patterns for ASIC RG 268 cross-border compliance — tested in production Field note · ASIC RG 268 · AFSL 403863 · 40+ jurisdictions
- MiFID II Best-Execution Report Three-layer best-execution surface design for MiFID II buy-side PMs Field note · MiFID II Art 27 · RTS 27/28
- ACY Securities — Design System ACY Securities design system with jurisdiction-aware disclosure matrix Case study · 150 components · ASIC AFSL 403863
Thread
Editorial Voice in Finance
How copy precision — legal citations, instrument names, entity identifiers — defines compliance UX quality in regulated contexts
- ASIC — Disclosure as Computed Data Disclosure copy as computed data, not static text — the jurisdiction × issuer × regulator matrix Field note · data-driven copy · backend rule engine
- Christie's — High-Value Onboarding Christie's — editorial precision in luxury brand onboarding and AML disclosure Case study · 260 years brand voice · AML compliance