Attention AFS and Credit Licensees – Changes are Coming to your Breach Reporting obligations

Share on facebook
Share on twitter
Share on linkedin

New changes to breach reporting commence from 1 October 2021. The changes are significantly more onerous on Australian Financial Services (“AFS”) and Credit Licensees than the previous breach reporting regime.

The New ‘Reportable Situations’

The new legislation prescribes a list of reportable situations which apply to AFS and credit licensees, these include:

  • a core obligation has been breached by the licensee (or its representative) and the breach is significant;
  • the licensee (or its representative) is no longer able to comply with a core obligation and the breach, if it occurs, will be significant;
  • an investigation is conducted into whether there is a breach (or possible breach) of a core obligation and the investigation continues for more than 30 days; or
  • the licensee (or its representative) has engaged in gross negligence or committed serious fraud.

The core obligations in the new provisions cover the same provisions as the current breach regime. For AFS licensees, these are the obligations under Sections 912A or 912B of the Corporations Act and for credit licensees, the obligations included under section 47 of the National Consumer Credit Protection Act.

When is a Breach ‘Significant’?

The test for significance has changed and now includes an objective test. The circumstances where a breach of a core obligation is deemed to be significant are prescribed as follows:

  • the breach is the commission of an offence which is punishable by imprisonment for 12 months or more (or 3 months where the offence involves dishonesty);
  • the breach is the contravention of a civil penalty provision under any law;
  • the breach is the contravention of provisions of the Corporations Act and ASIC Act relating to misleading or deceptive conduct;
  • the breach results in, or is likely to result in, material loss or damage to clients or members.

The current subjective factors still apply, including:

  • the number or frequency of similar breaches;
  • the impact of the breach on the licensee’s ability to provide services covered by the licence;
  • the extent to which the breach indicates that the licensee’s arrangements to ensure compliance are inadequate; and
  • any other matters prescribed by regulations.

Notification to ASIC and Clients – Breach Reporting Process

The Act introduces a new breach reporting process all licensees must adhere to, including a 30-day timeframe to report breaches to ASIC and in some cases, to retail clients.

Investigations

From 1 October 2021, the following investigations will be required

  • AFS licensees must conduct investigations into breaches where financial product advice has been provided to retail clients; and
  • Credit licensees must conduct investigation into breaches where credit assistance has been provided by a mortgage broker in relation to a credit contract secured by a mortgage over residential property.

Investigations must commence within 30 days of the licensee having knowledge of circumstances involving a significant breach of a core obligation, gross negligence or serious fraud.

ASIC Publication

Reminiscent of the introduction of AFCA’s Datacube, the new provisions include a requirement for ASIC to report on their website within 4 months of the end of the financial year the details of certain breach reports received.

What Next?

AFS and credit licensees need to ensure their breach reporting procedures are up to date and all team members are aware of the new obligations. As there will be more breach reports being lodged with ASIC, your systems and controls for identifying, investigating and reporting breaches will need to be appropriately modified and enhanced.

ASIC has released the final guidance ahead of the new obligations commencing in October 2021.

Further Reading

If you would like to speak to us about how the breach reporting obligations affect your business, or if you require assistance updating your breach reporting procedures, please contact us.

About The Author

Alicia Pevely

Alicia Pevely

An integral member of the Sophie Grace team since 2012, Alicia has extensive experience in relation to financial services law, consumer credit law, regulatory matters and ASIC investigations. Working closely with her clients, Alicia has maintained a significant emphasis on AFS and credit licensing and liaising with ASIC. As General Manager, Alicia has oversight of all licence applications and provides advice and support in relation to more complex applications.