Just days after an Association of Financial Advisers (AFA) submission warned of a compliance tsunami resulting from planned new breach reporting arrangements, the Australian Securities and Investments Commission (ASIC) has released a draft regulatory guide that has done little to allay concerns.
What is more, the regulatory guide makes clear that financial services licensees will have to be conscious that events which occurred before the new regime even came into force will become reportable.
The draft guide said that licensees “must report to ASIC all ‘reportable situations’ in : s912DAA of the Corporations Act, s50B of the National Credit Act.”.
In doing so, the guide specifies that “this term has a specific meaning under the law and includes a range of conduct”
“In this guide, we refer to four types of reportable situations:
(a) breaches or ‘likely breaches’ of core obligations that are significant;
(b) investigations into breaches or likely breaches of core obligations that are significant;
(c) additional reportable situations;
and (d) reportable situations about other licensees.”
In explaining a “reportable likely breach”, the ASIC guide referenced the following example:
“You may become aware that on a future date your overdraft facility will be closed and you will no longer be able to comply with your base level financial requirements. If you do not have other means of meeting the financial requirements at this time, you will no longer be able to comply with your obligations and must report to ASIC.”
In its preamble to the guide, ASIC states that “the regulatory regime acknowledges that, despite an expectation of compliance, breaches will occur and licensees then have an obligation to report these to ASIC”.
“Licensees have a clear role in lifting industry standards as a whole, and part of this is timely identification of their own problems,” it said.
“We consider that a licensee’s experience with incident and issues management, including breaches, should be a vital source of learning to both reinforce and improve an entity’s compliance framework and overall function. Instances of non-compliance highlight a weakness to be understood, so improvements can be made to prevent the recurrence of the breach in the future.”