The Royal Commission and Breach Reporting

Amidst the startling revelations emanating from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (‘Royal Commission’) there are the occasional, less sensational disclosures worthy of further comment.

One such disclosure arises from the witness statement of the Deputy Chair of ASIC, Mr Peter Kell, prepared in response to specific questions directed to ASIC by the Royal Commission.

The lengthy 65 page, 241 paragraph witness statement touches on numerous alleged transgressions committed by financial services entities across a range of subject areas, which have ultimately resulted in an alleged failure to act in the best interest of customers.

Towards the end of the witness statement at paragraph 143, Mr Kell refers to an advice obtained by ASIC, from Senior Counsel, seeking clarification as to what ASIC would be required to prove to successfully establish a contravention of the breach reporting obligations identified in s912D of the Corporations Act. The fact that ASIC went to Senior Counsel for clarification not only acknowledges the complexity of the question, but also their acknowledgment of the need for clear industry guidance on the issue.

Senior Counsel’s advice included ‘in substance’ (paragraph 145):

1. The test of “significance” in s 9120(1)(b) was subjective and involved matters of judgment and so gave the licensee a very wide discretion when assessing significance, such that a prosecution for contravention of the section would be highly problematic except in extremely clear factual scenarios;
2. The section required the licensee to be aware that a breach was significant and it was not triggered by awareness that a breach may be significant, or was probably significant, or was suspected to be significant;
3. In order to establish a contravention of the section, it would not be sufficient for ASIC to establish that at a certain point in time, the licensee was aware of the facts and circumstances that established the breach and, in turn, the facts and circumstances that established the significance of the breach. Rather, ASIC would need to establish that the licensee was aware that there was a breach and, in turn, that the breach was significant;
4. In the circumstances described above, the time limit set out in s912D(1B) did not commence until the responsible officer became aware of the breach and that it was significant.

Despite this advice, the past and current ASIC guidance set out in ASIC Regulatory Guide 78 (RG 78), portrays a different view.

RG 78 says: “The reporting period starts on the day you became aware of a breach (or likely breach) that you consider could be significant” (RG 78:28). The language used conflicts with Senior Counsel’s advice, which begs the question as to why ASIC would wait until now to reveal the legal basis for a contrary approach? Was amendment to, or withdrawal of, RG78 not an option back in 2015 when industry would have welcomed legal clarity?

The current government’s acceptance of ASIC’s Enforcement Review Taskforce recommendations to effectively overhaul s912D, will likely render future interpretation issues academic. Having said this, it raises the question as to whether the issues identified by Senior Counsel in early 2015 will have ongoing legacy implications in terms of the outstanding question as to whether s912D is still being contravened now, or in the past?

Comments are closed.