The breach reporting regime that kicks off 1 October, 2021, will allow licensees to batch upload reports where it derives from a single root cause to reduce the reporting burden, the Australian Securities and Investments Commission (ASIC) has announced.
ASIC has released its regulatory guidance to help Australian financial services (AFS) and credit licensees to meet the new obligations.
ASIC deputy chair, Karen Chester, said: “Industry feedback meant we can now accommodate batch uploading of reports where they derive from a single root cause. This will significantly reduce the reporting burden for licensees.
“The new reporting obligations address long held concerns on the quality and timeliness of breach reporting. ASIC analysis in 2018 revealed it took more than four years (on average) for large financial institutions to identify incidents that proved to be significant breaches. Today’s remediation tally reveals how much consumer harm these delays caused, and ultimately at great cost to those firms.
“The new obligations will help firms identify and act swiftly on the breaches that matter, making sure they get the attention they deserve. Licensees and boards will have greater confidence they are doing the right thing by consumers, and ultimately their firm and shareholders.”
ASIC said the guide also included 15 more working examples to help licensees.
“The new obligations also benefit consumers by allowing ASIC to better identify and swiftly address systemic problems. There will be greater transparency for consumers and firms with the publication of breach reporting data by ASIC from late 2022,” she said.