Breach reporting, investigation and compensation

The breach reporting obligations address from the Banking Royal Commission Recommendations 1.6, 2.8, 2.9 and 7.2 (Strengthening breach reporting) and are contained in the Financial sector reform (Hayne Royal Commission Response Act 2020.

Non-compliance is a strict liability criminal offence and a civil penalty provision.

REPORTABLE SITUATIONS

Licensees must report to ASIC within 30 days after it first knows that, or should have known, whether there are reasonable grounds to believe a reportable situation has arisen. Reportable situations are summarised below:

Core obligations include:

A breach of a licensee’s general obligations, as defined in s912A and 912B
Certain sections of the Corporations Act, including Chapter 7
A breach in Division 2 of Part 2 of the ASIC Act, which relates to unconscionable conduct and consumer protection
A Other specified Commonwealth legislation

DEEMED SIGNIFICANT BREACHES

A breach or likely breach is automatically deemed to be significant and hence classed as a reportable situation:

Where the particular provision that is breached is classed as a civil penalty provision, unless it has been specifically excluded
where the breach is of an offence provision under any law that has a maximum imprisonment penalty of 3 months or more for dishonesty, or otherwise for 12 months or more
A breach of the misleading and deceptive conduct obligations
The breach results in or is likely to result in material loss or damage and the financial product or service is provided to a client (wholesale or retail client

Where a breach of a core obligation is not ‘deemed significant’, as outlined above, the breach must then be assessed by the licensee to determine if it is significant, and if so, a reportable situation arises.

REPORTABLE INVESTIGATIONS

REPORTING OTHER REPRESENTATIVES

Where the licensee has reasonable grounds to believe that a reportable situation (excluding an investigation) has arisen in relation to a financial adviser (relating to the provision of personal advice to retail clients about financial products) from a third party licensee, the licensee must report this to ASIC and the third party licensee within 30 days.

In addition, the reporting licensee must provide a copy of the report lodged with ASIC to the relevant licensee identified in the report.

CLIENT NOTIFY, INVESTIGATE AND REMEDIATE OBLIGATIONS

Licensees must investigate, notify and remediate clients in certain circumstances when personal financial advice has been provided.

These obligations apply when:

there has been a significant breach of a ‘core obligation’, gross negligence or serious fraud
the affected client has suffered, or will suffer, loss or damage as a result, and
the affected client has a legally enforceable right to recover the loss or damage from the licensee.

These obligations are summarised in the following table:

Action	Licensee requirement	When
Action 1: Notify affected clients of the breach of the law	Take reasonable steps to notify affected clients in writing of the breach	Within 30 days of knowing or becoming aware of required circumstances
Action 2: Investigate the breach	Start an investigation into the nature and full extent of the breach	Within 30 days of knowing or becoming aware of required circumstances
Action 3: Notify affected clients of the outcome of the investigation	Take reasonable steps to notify affected clients in writing of the outcome of the investigation	Within 10 days of completion of investigation
Action 4: Remediate affected clients for the breach	If there is loss or damage and an enforceable right to recover, take reasonable steps to pay affected clients’ remediation of an amount equal to the loss or damage	Within 30 days of the investigation concluding

GUIDANCE AND RESOURCES

FAAA member’s Best Practice Guidance video series to assist members with the breach reporting regime – FPA Guidance – Breach Reporting | Policy Feedback
ASIC RG 78 Breach reporting by AFS licensees and credit licensees details the breach reporting obligations, including what constitutes a ‘reportable situation’ and when and how these must be reported to ASIC by the licensee
ASIC’s information sheet (INFO 259) outlines the obligations for licensees to investigate certain breaches of the law and to notify and remediate consumers in certain circumstances and within prescribed time frames, and clarifies the meaning of key terminology.
ASIC’s summary of changes and FAQ

LEGISLATED CODE OF ETHICS AND SINGLE DISCIPLINARY BODY

The breach reporting requirements include reporting breaches (or likely breaches) of the Legislated Code of Ethics.

Rather than capturing all breaches, failing to comply with the Code of Ethics is reportable to ASIC under the new breach reporting regime only if the breach is serious or the ‘deemed significant’ test applies. This is to reduce the number of minor breaches being reported.

A breach is serious if it results in:

material loss or damage to a client

material benefit to the financial adviser
or involves dishonesty or fraud.

Determining whether a breach results, or is likely to result, in material loss or damage to a client depends on the client’s circumstances, including their financial circumstances.

The single disciplinary body may consider breaches or likely breaches that are reported under the breach reporting requirements, received through complaints handling mechanisms, or identified through an ASIC investigation.

Guidance and resources

FAAA member’s Best Practice Guidance video series to assist members with the breach reporting regime – FPA Guidance – Breach Reporting | Policy Feedback

Any questions?

We are always keen to hear your valuable feedback and suggestions. Please let us know if there are any policy issues or concerns that affect you.

Join the discussion on FPA Community.