Changes to Breach Reporting Regime

Changes to Breach Reporting Regime

What is it?

ASIC has made significant changes to the way breaches will be reported to it from 1 October 2021. It applies to all AFS Licensees whether wholesale or retail.

What will OIG be doing?

OIG will be rewriting its policies and procedures that relate to the reporting of breaches. This may require changes to its compliance plan for registered schemes and, for both wholesale and registered schemes, changes to the Investment Management Agreements (‘IMA’) with managers including the breach reporting template.

What OIG expects its managers to do?

Most OIG’s managers have their own AFSL and will be aware of their own changed obligations with respect to reporting breaches. As manager of the Fund, you are obligated under the IMA to inform OIG in respect of breaches that may be relevant to the Fund or to OIG as an AFS licensee. OIG expects its managers to work collaboratively with it to implement the necessary changes to comply with the law. If you are an authorised representative, changes may be required to the deed appointing you.

Summary

The changes to the Breach Reporting regime include:

1. The significance test has been expanded to require reports in a broader range of circumstances.

2. The reporting obligation will apply not only when the licensee ‘knows’ there has been or will be a significant breach, but also where the licensee:

    • knows there are reasonable grounds to believe that is the case; or
    • is reckless as to whether there are reasonable grounds to believe that is the case.

3. Reports must be lodged within 30 days rather than 10 days.

4. New requirements to report at the investigation stage, if the investigation has continued for more than 30 days, and to report on the outcome of investigations.

5. New requirements to report breaches by other licensees in certain circumstances (targeted at misconduct by mortgage brokers or individual financial advisers).

The potential consequences of non-compliance are significant as the legislation introduces several
new civil penalty provisions, which carry significant financial penalties.

Reportable Breaches

Under the new regime, reports must be lodged within 30 days after the AFS Licensee first knows, or is reckless with respect to whether, there are reasonable grounds to believe a reportable situation has arisen.

A reportable situation arises when:

a. the licensee or its representative has breached a core obligation¹ and the breach is significant;

b. the licensee or its representative is no longer able to comply with a core obligation and the breach, if it occurs, will be significant;

c. the licensee or its representative has commenced an investigation into whether (a) or (b) applies and the investigation has continued for more than 30 days; or

d. an investigation described in (c) above discloses that there is no reportable situation of the kind mentioned in (a) or (b); or

e. the licensee or its representative has engaged in gross negligence² or serious fraud³.

The test for significance has changed markedly. For AFS Licensees, a breach of a core obligation is deemed to be significant if:

i. the provision breached is an offence that may involve imprisonment (3+ months for dishonesty offences, 12+ months for others);

ii. the provision breached is a civil penalty provision, or s 1041H(1) of the Corporations Act or s12DA(1) of the ASIC Act (misleading or deceptive conduct in relation to a financial product or service); or

iii. the breach results, or is likely to result, in material loss or damage to clients or members.

In addition, AFS Licensees must still assess any other breaches for significance having regard to the number or frequency of similar breaches, the impact of the breach on the licensee’s ability to provide the services covered by its licence, the extent to which the breach indicates the licensee’s compliance arrangements are inadequate, and any other matters prescribed by regulation.

We expect that breach reports will be required in a much wider variety of circumstances because many of the financial services laws that constitute core obligations are civil penalty provisions (including, since 13 March 2019, s912A(1)(a) of the Corporations Act (the obligation to do all things necessary to ensure financial services are provided efficiently, honestly and fairly). In practice, there may be limited scenarios when the deemed significant test is not met and it is necessary to subjectively consider significance. ASIC is aware of this and has reserved to itself the power to adjust what constitutes a reportable breach in circumstances where it determines it is getting too many reports of insignificant breaches.

Obligation to report on other licensees

The legislation also introduces a requirement to lodge a report with ASIC in respect of conduct involving a financial adviser or mortgage broker in certain circumstances. This report must be lodged in the prescribed form within 30 days after the AFS Licensee first knows, or is reckless with respect to [whether there are reasonable grounds to suspect certain conduct], the circumstances described above. A copy of the report must also be given to the other licensee within the same 30-day time period. Failure to lodge such a report with ASIC and share it with the other licensee is a civil penalty provision.

 


¹The core obligations are specified in the Act and are the same legislative provisions that currently attract the breach reporting regime. They include s 912A(1)(a) of the Corporations Act (the “efficiently, honestly and fairly” obligation) and the prohibitions on unconscionable conduct and misleading or deceptive conduct in the ASIC Act.
²Gross negligence is not defined in the Act, and not addressed in the Explanatory Memorandum. Its natural meaning, having regard to the common law, will apply: essentially carelessness to an extreme degree.
³Serious fraud is defined in s 9 of the Corporations Act 2001 and means an offence involving fraud or dishonesty, against any law, that is punishable by imprisonment for a period of at least 3 months