ASIC publishes guidance on breach reporting

ASIC has released regulatory guidance to help Australian Financial Services (AFS) licensees to meet new breach reporting obligations

Written on 15 September, 2021
Tanaya Das

The Australian Securities and Investment Commission (ASIC) has released regulatory guidance to help credit and Australian Financial Services (AFS) licensees to meet new breach reporting obligations.

The National Insurance Brokers Association (NIBA) CEO Dallas Booth said, “The new breach reporting obligations apply to all insurance brokers and every insurance broking office across Australia. The new regime includes important changes that all senior insurance brokers will need to understand, and apply in their businesses.”

Set to commence on 1 October 2021, the breach reporting reforms address long-standing concerns about breach reporting by making the reporting consistent, clearer and timely across the industry.

Booth has confirmed that NIBA will provide detailed guidance to its members on the Regulatory Guide published by ASIC. He said, “We urge all brokers to carefully review the NIBA guidance and ensure their internal operating procedures are adapted to the new regime.”

ASIC Deputy Chair Karen Chester said, “The new reporting obligations address long held concerns on the quality and timeliness of breach reporting. ASIC analysis in 2018 revealed it took more than 4 years (on average) for large financial institutions to identify incidents that proved to be significant breaches. Today’s remediation tally reveals how much consumer harm these delays caused, and ultimately at great cost to those firms.”

The breach reporting reforms were made law in December 2020, and they are a result of the Financial Services Royal Commission and findings of Treasury’s Enforcement Review Taskforce.

Compliance breaches happen in all businesses. Breach reporting is integral for Board oversight and risk management by licensees. It is also needed for ASIC’s system wide regulatory oversight.

“The Government’s new reporting obligations put strong guard rails in place that will benefit firms and consumers alike,” said Chester.

“The new obligations will help firms identify and act swiftly on the breaches that matter, making sure they get the attention they deserve. Licensees and boards will have greater confidence they are doing the right thing by consumers, and ultimately their firm and shareholders.”

“The new obligations also benefit consumers by allowing ASIC to better identify and swiftly address systemic problems. There will be greater transparency for consumers and firms with the publication of breach reporting data by ASIC from late 2022,” she added.

AFS licensees will have to report breaches that they discover after 1 October 2021, even if the breach occurred before that date. ASIC has also published INFO 259 which sets out actions that must be taken by licensees to notify affected customers of a breach of the law, investigate the breach and remediate impacted customers. This implements a new obligation that applies to licensees of financial advisers and mortgage brokers in certain situations.

You can find more information on the regulatory guide on the ASIC website via the links below: