As an outcome to the Hayne Royal Commission, current breach reporting requirements have been strengthened and have also been introduced for credit licensees.
Up until the 1st of October 2021, there have been transitional arrangements for Australian Financial Service Licensees (AFSLs) to update their systems and processes for the new requirements.
AFSLs now have a reporting obligation when it ‘knows’ that there has been, or will be, a significant breach, and where they know that there are reasonable grounds to believe that it is the case or is reckless as to whether there are reasonable grounds to believe that it is the case.
The reporting obligation now extends to the investigation stage if the investigation has continued for more than 30 days. ASIC also requires a report on the outcome of such investigations.
AFSLs will now need to notify clients of reportable breaches involving personal advice to retail clients and must investigate and quantify any loss or damage suffered and compensate the affected clients under this requirement.
The new regime also introduces an obligation for AFSLs to lodge reports in relation to other licensees. AFSLs must lodge a report with ASIC within 30 days after they first know there are reasonable grounds to suspect that an applicable reportable situation has arisen about individual financial advisers.
As an AFSL, you must report to ASIC a range of conduct that the law describes as reportable situations.
Reportable situations include:
- significant or likely significant breaches of core obligations;
- investigations into whether there is a significant or likely breach of a core obligation if the investigation continues for more than 30 days;
- the outcome of such an investigation if it discloses there is no significant or likely breach of a core obligation;
- conduct that constitutes gross negligence or serious fraud; and
- conduct of financial advisers who are representatives of other licensees in certain prescribed circumstances.
Under s912A and s912B of the Corporations Act 2001 (Corps Act), the core obligations are that an AFLS must:
- do all things necessary to ensure that the financial services covered by your AFSL are delivered efficiently, honestly and fairly;
- comply with the conditions of your licence;
- have adequate resources to provide the financial services covered by your licence and to carry out supervisory arrangements;
- be competent to deliver the financial services covered by your licence;
- have trained and competent representatives;
- take reasonable steps to ensure that representatives comply with the financial services laws;
- have dispute resolution systems in place for retail clients;
- have adequate risk management systems; and
- have compensation arrangements for retail clients.
RG78 outlines four types of reportable situations:
- breaches or ‘likely breaches’ of core obligations that are significant;
- investigations into breaches or likely breaches of core obligations that are significant;
- additional reportable situations; and
- reportable situations about other licensees.
A likely breach is referred to as a reportable situation that an AFSL is no longer able to comply with a core obligation and the breach, if it occurs, would be significant.
There are reportable situations that do not require a determination of significance before being reported to ASIC.
- additional reportable situations (gross negligence or serious fraud), which must be reported to ASIC and require no determination of significance;
- deemed significant breaches, which are automatically taken to be significant by law; and
- investigations that continue for more than 30 days, which require consideration of whether there may be a breach (or likely) breach of a core obligation that is significant, but do not require determination of significance before being reported to ASIC.
Other breaches or likely breaches of core obligations will require a determination of significance before being reported to ASIC.
When is a breach significant?
- Deemed significant breaches—In certain situations, a breach or likely breach of a core obligation is taken to be significant.
- Other breaches that may be significant—In other situations, a breach or likely breach of a core obligation will need to be considered against factors to determine whether it is significant.
An accurate and complete breach register can help with timely identification and adequate reporting. For example, if you identify a single, isolated breach which is not significant, it should be recorded in your breach register or in your risk management system. Although a single breach may not be significant, multiple breaches of the same kind may result in a later breach being considered significant.
What are deemed significant breaches?
For a breach of a core obligation to be deemed significant, it will have:
- the obligation breached is an offence that is punishable on conviction by a penalty of 12 months or more, or if the offence involves dishonesty, three months or more;
- the breach is constituted by a contravention of a civil penalty provision, unless excluded by regulation;
- the obligation breached is with regards to misleading or deceptive conduct in relation to a financial product or financial service; or
- the breach results, or is likely to result, in material loss or damage to customers.