Private Credit Under the Microscope: REP 820, REP 823 and the Data Problem AI Is Meant to Solve

Part of the series: How to use AI with client documents in Australian real estate finance

General information, not legal advice. Current as at June 2026.

If you lend in the private credit or non-bank CRE space, ASIC has spent the last eighteen months telling you exactly what it is going to look at - and then it stopped telling and started looking. The reports are not background reading. They are, in one law firm's words, a litigation roadmap.

REP 820: the surveillance that set the standard

In November 2025, ASIC released REP 820, Private credit surveillance report: Retail and wholesale surveillance, based on a review of 28 funds. The findings cluster into a handful of themes, and they are uncomfortably specific to property lending:

• Inconsistent reporting that masks portfolio risk.
• Opaque fee and net-interest-margin structures, with managers retaining a large share of borrower-paid fees without transparent pass-through to investors.
• Weak conflicts governance in related-party lending and inter-fund transfers.
• Weak valuation governance - the one that should make every CRE lender sit up.

On valuations, ASIC flagged inconsistent frequency, limited independence, and LVRs quoted on completion values rather than cost, with particular concern about construction loans and internal-only valuations. This is fundamentally a development-finance issue, so it cuts across both commercial and residential construction lending. If your book is full of construction facilities valued on an as-complete basis by an internal team on an irregular cycle, that paragraph was written about you.

REP 820 also set out a series of expectations spanning governance, organisational capability (explicitly including technological resources), transparency, conflicts management, clear valuation methodologies and standardised credit assessment. Released alongside it, REP 823 signalled tighter data and disclosure obligations to come, potentially modelled on APRA's superannuation-data approach.

From reports to doorsteps

By April 2026, ASIC moved from surveillance to investigation. As Clayton Utz reported, the regulator began on-site visits and compulsory notices for documents - and information produced in response can be used in later civil penalty proceedings. Allens noted that deeper wholesale surveillance is coming, with Commissioner Constant flagging "a particular focus on real estate lending structures, continuation funds, fee and margin structures, and conflicts of interest management." Interim DDO stop orders had already hit four private credit products by late 2025.

The shift in standard is the part to internalise. ASIC is not asking "did you have a valuation policy." It is asking "would the policy have caught the issue, and was it applied correctly." That is an evidentiary test, and you pass or fail it in your documents - not in your intentions. Clayton Utz put the new bar plainly: a static conflicts register reviewed once a year will not meet the standard.

Why this is a data problem - and where AI fits

Strip away the legal framing and what ASIC is demanding is a recordkeeping capability. To clear the new bar, your back office has to be able to produce, on demand and consistently:

• Granular loan-level data.
• Valuation files showing basis, frequency and independence.
• Impairment history.
• Fee-capture detail.
• Conflicts records that are live, not annual.

For most non-bank lenders this is exactly the work that is slow and error-prone today, because it lives across inconsistent credit papers, valuation PDFs, spreadsheets and email threads. When ASIC asks for the LVR basis on every construction loan in the book, reconstructing it can take weeks.

This is where disciplined AI earns its place - and it is worth being precise about how. ASIC did not say "use AI"; the reforms are technology-neutral. But the standard they set is so document-intensive that structured extraction becomes the practical way to meet it. Well-governed AI can read the pile of inconsistent documents and turn it into structured, traceable, queryable data - every figure linked back to its source document and page - so the answer to a regulator's request is minutes of query, not weeks of reconstruction.

The important discipline, covered in the AI credit-paper workflow, is extract, don't decide: AI assembles and structures the evidence, while the credit judgement and its rationale stay with an accountable human. That keeps you inside the governance expectations ASIC and APRA set out - see the AI governance gap - rather than swapping one opacity problem for another.

The bottom line

Private credit is no longer a lightly-watched corner of the market. ASIC has published the standard, started the visits, and aimed its surveillance squarely at real estate lending. The firms that fare well will be the ones whose documents can answer the question on the first ask - clean, consistent, traceable - because the standard is now met in the records, not in the policy on the shelf. That is a data discipline before it is anything else, and it is precisely the discipline good AI extraction is built to deliver.

---

Want to see where you stand? Run through the checklist for using AI legally in Australia - including the recordkeeping and traceability questions ASIC's private-credit surveillance is now testing.

This article is general information about regulatory developments and is not legal or compliance advice. The application of AI to these obligations is our view, not a statement by ASIC. Confirm your obligations with your own advisers.