Breach reporting, investigation and compensation

The breach reporting obligations address from the Banking Royal Commission Recommendations 1.6, 2.8, 2.9 and 7.2 (Strengthening breach reporting) and are contained in the Financial sector reform (Hayne Royal Commission Response Act 2020.

Non-compliance is a strict liability criminal offence and a civil penalty provision.


Licensees must report to ASIC within 30 days after it first knows that, or should have known, whether there are reasonable grounds to believe a reportable situation has arisen. Reportable situations are summarised below:

Core obligations include:


The breach reporting requirements include reporting breaches (or likely breaches) of the Legislated Code of Ethics.

Rather than capturing all breaches, failing to comply with the Code of Ethics is reportable to ASIC under the new breach reporting regime only if the breach is serious or the ‘deemed significant’ test applies. This is to reduce the number of minor breaches being reported. 

A breach is serious if it results in: 

Determining whether a breach results, or is likely to result, in material loss or damage to a client depends on the client’s circumstances, including their financial circumstances. 

The single disciplinary body may consider breaches or likely breaches that are reported under the breach reporting requirements, received through complaints handling mechanisms, or identified through an ASIC investigation. 

Guidance and resources 

Any questions?

We are always keen to hear your valuable feedback and suggestions. Please let us know if there are any policy issues or concerns that affect you.

Join the discussion on FPA Community.