After acknowledging “implementation challenges”, the financial services regulator has pledged to work with industry to find common-sense solutions to breach reporting.
The Australian Securities & Investments Commission (ASIC) has committed to “improving” the operation of the new reportable situations regime.
To continue reading the rest of this article, please log in.
Looking for more benefits? Become a Premium Member.
Create free account to get unlimited news articles and more!
Looking for more benefits? Become a Premium Member.
The new regime (which commenced on 1 October 2021), applies to Australian Financial Services (AFS) licensees and credit licensees and requires them to write to ASIC to report significant breaches or potential significant breaks of “core obligations”.
The regime aims to provide ASIC with a source of intelligence to better identify developing trends of non-compliance in the industry and help prompt regulatory action, where appropriate.
However, it has been widely panned by members of the financial services industry for being “asinie” and “excessive” – as well as potentially having “gaps” that may result in some breaches not being reported.
For example, the Mortgage and Finance Association of Australia (MFAA) has previously stated that the legislation could be “strengthened” to ensure that aggregators have greater visibility of breaches reported to ASIC on brokers who hold their own licence.
“For transparency we also believe it is important to share breach reports made about a broker with that broker if the sharing of that report does not jeopardise any ongoing investigation,” the association said in its submission to the Australian Law Reform Commission’s (ALRC) review into financial services legislation.
ASIC commissioner Sean Hughes acknowledged earlier this week that the regime has led to “a number of implementation challenges”.
“However, ASIC remains committed to the successful implementation of this regime and we have developed a comprehensive plan of work to ensure that it meets its objectives for ASIC, industry and consumers,” Mr Hughes said on Wednesday (10 August).
The regulator has said it aims to further understand any issues that are placing “unnecessary compliance burdens” on licensees through ongoing engagement with the industry.
It said it also intends to communicate “clear expectations for compliance” under the new regime and design solutions to “ensure the consistency and quality of reporting aligns with the policy objectives of the regime, while improving the efficiency of ASIC’s data collection and analysis”.
Mr Hughes suggested that ASIC would be “working with stakeholders to find common-sense solutions”.
“ASIC will consider whether enhancements are required to the approved form on the Regulatory Portal for lodging reports,” he said.
“We will also consider whether further practical guidance should be developed to assist licensees in meeting their obligations.”
ASIC will reportedly continue its engagement with Treasury on how the regime is meeting its policy objectives, while also acknowledging the significant investments made across the industry in the execution of the reforms to date and will aim to minimise further impacts.
It will then report annually on the information that is provided under the regime and is intended to “assist consumers to identify where major breaches are occurring”.
The first public report is due to be published in October 2022 and will reportedly include “high-level insights” into trends detected across the reports lodged by licensees between 1 October 2021 to 30 June 2022.
Neither the number and nature of reports lodged by specific licensees, nor the names of licensees, will be included in this report.
However, ASIC has said its “approach to reporting will evolve over time” and may move to include a list of licensees in the 2023 report. The regulator said it would consult with stakeholders in advance of the commencement of licensee-level granular public reporting (likely in 2024).
A recent study conducted by CoreData Research and commissioned by legal technology provider Lawcadia and legal firm Gadens looked into the mandatory breach reporting obligations introduced by ASIC in October 2021.
The study warned that the regime took a toll on the financial services sector in the first six months. A survey of 160 staff from financial services organisations found that the sector had low confidence in the new reporting regime.
[RELATED: ‘Asinine’, excessive: Breach reporting regime weighs on industry]
JOIN THE DISCUSSION