Mike Taylor writes that when the Government introduced the ‘significance test’ to the AFSL breach reporting regime in 2003 it was seen as sensible moderation but all that might be about to change.
Holders of an Australian Financial Services License (AFSL) know only too well the consequences of failing to breach report. Those consequences have been driven home by the largely negative publicity which impacted the Commonwealth Bank, National Australia Bank, and Macquarie Bank over the past five years.
The rule of thumb for highly cautious compliance specialists is that if something looks remotely suspicious it should be breach-reported. But is even that enough? Should licensees be held to an objective standard similar to that which applies in the UK?
Those two questions explain why financial planning licensees and financial planners should take the trouble to follow the debate around the Treasury’s ‘Australian Securities and Investments Commission (ASIC) Enforcement Review – Self-reporting of contraventions by financial services and credit licensees’ consultation process. They should do so, because it is clear that an attempt is being made to make the framework underpinning the breach-reporting regime more prescriptive, removing some of the ambiguity of the so-called “significance test”.
Financial services industry stakeholders have been invited to respond to a position paper on breach-reporting put together by a taskforce with the Treasury explaining that the position paper is proposing reforms which would:
- Clarify when the reporting obligation is triggered – reducing compliance costs and delays in reporting, and removing uncertainty about when and whether a reporting obligation exists in the circumstances;
- Increase accountability for licensees, and their employees and representatives by expanding the class of reports that must be made to expressly include misconduct by individual advisers and employees;
- Introduce new and heightened penalties for non-reporting, giving ASIC greater flexibility to impose a range of penalties in response to a failure to report;
- Require ASIC to publish data on breach reports for major licensees; and
- Introduce an equivalent reporting regime for credit licensees (who are currently subject only to annual compliance reporting).
Importantly, it is not the first time the Government and its regulatory agencies have visited the whole breach-reporting regime, with the current review clearly having been driven by the negative publicity surrounding the financial planning industry and the desire of ASIC to be seen to be addressing not only those issues but its handling of those issues.
Inherent in the discussion paper is the suggestion that a mistake was made nearly 14 years ago when the Government of the day introduced the so-called “significance test”.
It points out that the breach reporting obligations set out in the Corporations Act 2001 came within a broad spectrum of severity – spanning relatively minor contraventions such as a one off failure to supply a customer with a relevant form, at one end, to serious offences such as fraud at the other.
“Originally, AFS licensees were required to report all breaches to ASIC, regardless of severity,” it said. “Such a requirement put a large regulatory burden on licensees, as well as an administrative burden on ASIC in having to deal with an influx of minor and insignificant reports. In that context, in 2003 a ‘significance’ test was introduced to provide a threshold for matters that were required to be reported to ASIC.”
The discussion paper said that the introduction of the significance test, while effective in reducing the regulatory and administrative burdens, had given rise to “ambiguity as to whether the threshold for the obligation to report is triggered in any given circumstance” and suggested this was because the “test has a high degree of subjectivity” and relies on an exercise of judgment by the licensee.
“For example, in deciding whether a breach is significant, a licensee must consider ‘the impact of the breach or likely breach on the licensee’s ability to provide the financial services covered by the licence’,” it said.
The discussion paper then suggested that for a large licensee, “a breach that was serious and therefore significant by objective standards (by what a reasonable person would think), may not be considered by the licensee to be significant in the context of its overall operations, and that consequently, it has no clear obligation to report it to ASIC”.
It said that, by contrast, the UK regime made clear that there was an objective threshold for the obligation to report, requiring that a firm must notify “anything relating to the firm of which that regulator would reasonably expect notice”.
“The Taskforce’s preliminary view is that the significance test should be retained, but that significance should be determined by reference to an objective standard,” the discussion paper said.