Breach Reporting for AFSLs
Australian financial services (AFSL) licensees have a “dob yourself in” breach reporting regime for significant breaches or significant likely breaches.
As an AFSL holder, you are required to notify ASIC of any significant breach (or likely breach) of your obligations. It’s vital to have an effective process for identifying, assessing and reporting breaches.
A healthy reporting culture, procedure and process are key. We can assist you to develop, maintain or improve clear and efficient reporting systems and policies to ensure compliance with your reporting obligations. Keep in mind that ASIC will be more suspicious of entities that do not report – it is very rare for a provider to be squeaky clean all the time!
We have developed a Breaches & Incidents Register on our online compliance platform, the HN Hub. The Breaches & Incidents Register allows licensees to record incidents, breaches, likely breaches and reportable situations. It also includes a search tool to identify “Deemed Significant Breaches”, and a cut-down ASIC Breach (Reportable Situation) Draft fields – taken from ASIC’s online form. To purchase the Breaches & Incidents Register, you will need to sign up to the HN Hub by creating a free account, or signing up to one of our subscription options.
Drafting a Breach Report
We regularly advise on the “significance” of a breach, and help licensees report significant breaches to ASIC. Of course, the law places ultimate responsibility on the Licensee to determine whether the breach is significant or not.
ASIC has information-gathering powers whereby it can request information from all entities, including, but not limited to, Australian Financial Services Licensees (AFSL), Australian Credit Licensees (ACL), accountants, market participants, Fintech companies, etc., if there is any reason to suspect misconduct or that the entity is not complying with their legal or regulatory obligations.
In more recent years, ASIC has conducted robust surveillances in the financial services industry, particularly focusing on accountants with limited licensees, and larger financial institutions in relation to its advisers providing personal advice to retail clients.
To prevent, or to be prepared for an ASIC investigation, ensure your business is proactive with updating its compliance procedures and that you schedule in regular licensee reviews to ensure you stay on top of, and address, any concerns as soon as they arise.
If you are an Australian Credit Licensee and have been subject to an ASIC investigation, have identified compliance issues that need further investigation, or have breaches that need to be addressed, we have a dedicated credit team that can assist you with a remediation action plan and liaising with ASIC.
Our lawyers have the expertise in conducting reviews (whether ASIC-initiated or proactively requested by clients) designed to assess how well Australian Credit Licensees and their representatives are meeting their regulatory obligations.
ASIC doesn’t need to go to Court in order to take administrative action. So, it’s an easy regulatory tool at its disposal. Administrative action includes:
- Licence variation
- Licence suspension
- Licence cancellation
- Infringement notices
- Accepting an enforceable undertaking ( see ASIC’s RG 100)
ASIC can take action in the Federal Court against a regulated entity, and can levy fines up to $525M for contravention of a civil penalty provision. This is a drawn out process, and is increasingly popular with ASIC in an era where ASIC first asks “why not litigate” before considering alternative actions.
ASIC may take criminal action for breach of an offence provision – typically where conduct has been dishonest, intentional or highly reckless.