Since the new breach reporting regime commenced on 1 October 2021, ASIC has been monitoring its effective implementation. ASIC has developed a comprehensive plan to ensure the new regime meets the objectives for consumers, industry and ASIC. Among other things, Australian financial services licensees and Australian credit licensees (together “Licensees”) should pay close attention to the annual public report that ASIC is required to publish as part of the new regime.
What Information Will ASIC Publish in The Report?
The public reports are intended to help Licensees identify where significant breaches are occurring and target their efforts to deliver best practice compliance outcomes in those areas. They will be available on ASIC’s website within 4 months of the end of each financial year.
ASIC has a statutory obligation to publish information about:
- Reports of breaches and likely breaches of core obligations lodged with ASIC and APRA for the relevant financial year;
- information about the Licensees that have lodged these reports.
ASIC may include the following kinds of information:
- the name of the Licensee;
- volume of reported breaches;
- breakdown of breach reports by corporate group; and
- the number of breaches compared to the size, activity or volume of the Licensee’s business.
Report 740 – ASIC’s First Public Report
ASIC has just released its first report into this new breach reporting regime, providing ASIC’s insights from the reports lodged by Licensees from 1 October 2021 to 30 June 2022. Considering the reporting obligation is still new and likely inconsistency in reporting practices, this report does not name the Licensees nor provide detailed data. You can read further information about Report 740 at our blog here.
ASIC will update their approach to the public reports over time. For the future reports, a list of all Licensees who have reported to ASIC and other more detailed information may be included, pending consultation with stakeholders.