AUSTRALIA: ASIC publishes guidance on breach reporting

Tuesday September 7 2021

ASIC has released regulatory guidance to help credit and Australian Financial Services (AFS) licensees to meet new breach reporting obligations.

Set to commence on 1 October 2021, the breach reporting reforms address long-standing concerns about breach reporting by making the reporting consistent, clearer and timely across the industry.

The breach reporting reforms were made law in December 2020, some 9 months before commencement. They flow from the Financial Services Royal Commission and findings of Treasury’s Enforcement Review Taskforce.

Compliance breaches happen in all businesses. Breach reporting is integral for Board oversight and risk management by licensees. It is also needed for ASIC’s system wide regulatory oversight.

ASIC’s guidance was greatly enhanced by the constructive submissions and valuable insights received from industry through the consultation.

ASIC has also responded to industry feedback by incorporating some 15 more working examples in the guidance.

AFS licensees will have to report breaches that they discover after 1 October 2021, even if the breach occurred before that date.  However, credit licensees do not have to report breaches that occurred before 1 October even when identified after 1 October 2021. As a result, credit licensees will have a relatively gradual implementation upon commencement.

ASIC today also published INFO 259 which sets out actions that must be taken by licensees to notify affected customers of a breach of the law, investigate the breach and remediate impacted customers. This implements a new obligation that applies to licensees of financial advisers and mortgage brokers in certain situations.

Click on the above link for further information.