Will the enhanced breach reporting framework be worth it?

8 June 2017

Mike Taylor writes that serious questions are being asked about whether the Government’s proposed enhancements to the AFSL breach reporting regime will be worth the increased time and costs involved.

The Australian financial services industry is unique. There exist few other businesses in Australia which are compelled to report the mere sniff of wrong-doing to the regulator.

Amid all the negative publicity which has surrounded the Australian financial services industry over recent years, one of the things little understood by the public and, indeed, much of the media is that the holders of an Australian Financial Services License (AFSL) are under a legal obligation to not only report breaches but the suspicion of breaches to the regulator, the Australian Securities and Investments Commission (ASIC).

Related News:

And it is this breach reporting regime and the way it is handled by ASIC and licensees which is currently the subject of a major review which has posed some key questions for the industry and identified key differences on major issues.

However the central question being posed as part of the review is: When should a licensee actually feel the need to report a breach? At the time that some sort of wrong-doing is sensed or at the time when wrong-doing is confirmed?

This question has significant implications for financial planners and the licensees under whose license they operate because one person’s minor administrative shortcoming can be another person’s breach.

Would a requirement to report breaches that a reasonable person would regard as significant be an appropriate trigger for the breach reporting obligation?

This has raised concerns about the so-called ‘significance test’ in section 912D of the Corporations Act and whether it should be either strengthened or clarified to ensure that the significance of breaches is determined objectively.

Two schools of thought have emerged on the issue with the industry superannuation funds arguing the tougher line, while many financial services licensees and even the Association of Superannuation Funds of Australia (ASFA) arguing for a more measured approached reflecting the complexities of such issues.

The Financial Planning Association (FPA) has not only pointed to a need to understand the complexities of the issue but also the additional costs which would likely flow to the industry as a result of the increased workload carried by ASIC and the Government’s determination to pursue an industry funding regime for the regulator.

“While monitoring and enforcement is paramount to an effective regulatory system, it is concerning that the breach reporting Consultation Paper is silent on the budget impact the proposals are bound to have for ASIC, be it through additional workload, resource requirements, or the need for enhance technologies,” the FPA said. “For example, will the resulting additional activity be added in the surveillance and enforcement buckets with the cost shared across all sub-sector licensees, even though an increase in self-reporting is anticipated from large licensees in particular; similarly, how will the proposed cooperative approach to breach reporting be funded, including potential additional ASIC resources to approve and oversee breach investigation programs?”

Representing the industry funds, the Australian Institute of Superannuation Trustees (AIST) said it supported clarifying the ‘significance test’ in s 912D [which] requires licensees to determine significance objectively.

“The existing test enables large licensees to form a view that a breach that is objectively serious does not meet the threshold for self-reporting, due to the size of the breach relative to the size of the licensee,” the AIST submission said. “This is a perverse outcome– larger licensees, such as banks, need to report fewer breaches.”

“The role of financial loss to consumers in determining whether a breach is significant is also problematic as it ignores the fact that breaches that do not result in consumer financial loss may nevertheless provide useful intelligence about the risk of non-compliance in and culture of a licensee.”

By comparison ASFA, while generally supporting a clarification of the ‘significance test’ has urged caution and has urged against imposing a regime under which AFSLs are required to notify the regulator of ‘breaches’ which ultimately prove to have little or no substance.

ASFA has also pointed to the need for ASIC to provide greater guidance about what is and is not actually a breach.

“ASFA strongly supports ASIC providing additional regulatory guidance regarding the types of breaches that it considers to be reportable,” it said. “…. it is important that ASIC’s guidance clearly states that there must be a relevant connection between the conduct to be reported and the services provided under the AFS licence.”

“It is also critical that the guidance is consistent with the breach reporting requirements of section 912D, as amended.”

Recommended for you



Add new comment