Let me try with my take on it.

Currently, all the logic related to Master and Child Authorisation sits inside Asset Management but Is it correct?

There is no single "correct" way :) Every organization has their own sets of complexities and challenges, so engineering teams need to make relevant trade-offs to have a successful implementation.

Asset Management Domain

This is your decision point for business policy, where you decide to approve or not.

Without much knowledge of your systems, what you have seems reasonable to me. A subdomain in asset management, to coordainate approvals/declines might be good. E.g. kick off the approval process when all relveant approvals have been obtained.

If another child or main domain is introduced, policy can be updated in that one place to edit this business policy approvals