ASIC has issued Consultation Paper 340, seeking stakeholder feedback on proposed updates to its draft guidance on upcoming breach reporting reforms.

ASIC’s draft regulatory guide reflects reforms made to the breach reporting regime under the Financial Sector Reform (Hayne Royal Commission Response) Act 2020. These reforms clarify and strengthen the existing obligation on AFS licensees to self-report certain breaches of the law to ASIC and extend the obligation to credit licensees.

Set to commence on 1 October 2021, these key Government reforms flow from the Financial Services Royal Commission and findings from the ASIC Enforcement Review Taskforce.

Announcing the consultation, ASIC Deputy Chair Karen Chester said, ‘We support the reform goals to promote consistent, timely and high-quality reports. The Financial Services Royal Commission expressed concern about prolonged and repeated failures by large entities to make breach reports required by the law.

‘Breach reporting is a core component of Australia’s financial services and credit regulatory framework. The reforms will better position us to act decisively to disrupt misconduct and escalating harms and identify patterns of non-compliance across industry.’

ASIC expects a significant increase in the volume of reports received as a wider range of entities will be required to report and a wider range of breaches will be subject to reporting. Entities are not required to report every instance of non-compliance or trivial breaches, but a targeted set of ‘reportable situations’ defined under the law. 

ASIC is also seeking feedback on a draft information sheet on the new notify, investigate and remediate obligations set to apply to AFS licensees who are financial advisers and credit licensees who are mortgage brokers.

ASIC seeks public comment on the draft guidance and information sheet by 3 June 2021.

ASIC will publish final guidance before the obligations commence on 1 October 2021.

Download

• Consultation Paper 340 Breach reporting and related obligations
• Draft Regulatory Guide 000 Breach reporting by AFS licensees and credit licensees
• Draft Information Sheet 000 Complying with the notify, investigate and remediate obligations

All interested stakeholders have until 3 June to provide feedback on CP 340.

Background

The reforms implement Recommendations 1.6, 2.8, 2.9 and 7.2 of the Financial Services Royal Commission, and are set out in Schedule 11 of the Financial Sector Reform (Hayne Royal Commission Response) Act 2020.

Key features of the reforms include:

• expanding and clarifying the types of situation that must be reported to ASIC, including when determining whether a breach or likely breach is significant;
• requiring licensees to lodge breach reports with ASIC in a prescribed form within 30 calendar days after the licensee first knows that, or is reckless with respect to whether, there are reasonable grounds to believe a reportable situation has arisen;
• creating an obligation to report an investigation into whether there is a reportable situation where that investigation continues for more than 30 days;
• requiring ASIC to publish data about breach reports annually on our website; and
• amending the National Consumer Credit Protection Act to introduce a comparable breach reporting regime for credit licensees.

ASIC Report 594 Review of selected financial services groups’ compliance with the breach reporting obligation sets out compliance of 12 entities including the big four banks with their existing breach reporting obligation under s912D of the Corporations Act.