Understanding your breach reporting obligations as an AFS Licence Holder

Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on facebook
Facebook

Last month’s wealth management hearings before the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Banking Royal Commission) highlighted the need for AFS licensees to understand and fully comply with their breach reporting obligations in a timely and not overly legalistic way. You can read more about our coverage of the issues coming out of the Banking Royal Commission here https://www.compliancequarter.com.au/tech-lies-and-litigation-asic-reads-the-riot-act-to-the-financial-services-industry/

In our article covering AFSL breach reporting obligations we take a closer look at those obligations and the consequences of non-compliance.

What must an AFS licensee report?

AFS licensees must notify ASIC in writing of any ‘significant’ breach (or likely breach) of their obligations under s912A (including licence conditions), s912B (compensation arrangements) or financial services laws, as soon as possible, and in any event within ten (10) business days of becoming aware of the breach or likely breach. If you don’t tell ASIC about a significant breach (or likely breach) then ASIC will consider that this itself is a significant breach. As such, an AFS licensee should have a clear, well-understood and documented process for identifying and reporting breaches. It is worth noting that, responsible entities are also subject to breach reporting requirements.

AFSL breach reporting obligations – What does ‘significant’ breach mean?

Whether a breach is significant will depend on the individual circumstances – it is a subjective assessment. As such, licensees need to give proper consideration to whether the breach (or likely breach) is significant, and, if so, provide timely notification to ASIC. You will need to decide whether a breach (or likely breach) is significant and therefore, reportable to ASIC.

What factors determine whether is a breach is ‘significant’?

The non-exhaustive list of factors that determine whether a breach (or likely breach) is ‘significant’ include:
• the number or frequency of similar previous breaches;
• the impact of the breach or likely breach on the licensee’s ability to provide the financial services covered by the licence;
• the extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate; and
• the actual or potential loss to clients or the licensee itself.

If you are not sure whether a breach is significant, ASIC has indicated you should err on the side of caution and report the breach. ASIC Regulatory Guide 78 ‘Breach reporting by AFS Licensees’ (RG78) also provides further guidance as to how ASIC interprets and will apply the law.

How do you report a breach?

A breach can be reported to ASIC by completing Form FS80 and/ or written report to ASIC via email at fsr.breach.reporting@asic.gov.au

What are the penalties for non-compliance?

It is important that licensees report significant breaches to ASIC as early as possible, even where you are still gathering further information on the breach. ASIC states in RG78 that a failure to report a significant breach is an offence and may itself result in penalties up to $42,500 for companies.

What are the key takeaways?

The insights that have been emanating from the Banking Royal Commission, it’s coverage and associated regulatory matters, are that breach reporting is an area where there has been significant divergence by AFS licensees in how they are managing that process. The issue of governance internally around the breach reporting process has itself been a matter of considerable focus and debate – the ability of those charged with the responsibility to escalate incidents for consideration within the breach reporting framework and bring those to the attention of the board of licence holders in particular.

If you’re an AFS licence holding entity (or on the board of an entity that is) now is the time to be reviewing your breach reporting and incident management policies and considering the workflows within your organisation for how such matters are to be managed. At the board level, you should also be reflecting on what has been coming through from your audit and risk committee reports and whether there have been any details around incidents or breaches reported recently. If not, it may be worth contemplating a review of that process to ensure that adequate transparency is being afforded internally to such matters. Other matters that AFS licence holders should be reflecting on in this space include, how remuneration is structured for senior management and at the board level when there have been breaches identified and reported and ensuring that remuneration structures align with the obligations of the AFS licensee – for example, clawbacks or bonus ineligibility where there has been a major incident or significant breach. It would also be worth looking at how the organisation is learning from incidents and breaches – are they applying the right tools to identify how and why the incident or breach occurred along with adopting a lessons-learned mindset to avoid any future repeats within the business.

AFSL breach reporting obligations – Need more assistance?

If you would like assistance with better understanding your breach reporting obligations or an assessment of your internal procedures for managing issues in this space, please get in touch with us at Compliance Quarter and one of our regulatory specialists would be pleased to assist you.

More to explorer

Close Up Of Power Cable Charging Electric Car Outdoors In Supermarket Car Park

2022-2023 Compliance and Enforcement Priorities of the AER

The Australian Energy Regulator has published its 2022-2023 Compliance and Enforcement Priorities. The AER will continue to focus its compliance and enforcement activities on how retailers assist customers who are facing financial difficulties and those who are within embedded networks.

Gas stove burner

Who claims and who pays: the administered price cap (APC) compensation process

The APC compensation scheme allows certain entities to claim compensation via AEMO and the AEMC where their total costs exceed their total revenue from the spot market over an eligible period. Entities that may be entitled to claim include scheduled and non-scheduled generators, scheduled network service providers, market participants in respect of a scheduled load, demand response service providers and ancillary service providers.

Live coals

NSW Energy Minister granted emergency powers to direct coal to fuel electricity generators

The NSW Energy Minister, Matt Kean, has been granted emergency powers under the Essential Services Act 1988 to direct coal companies to provide coal to generators. These powers were granted in response to the current energy market crisis.

We haven’t been publishing much about the current energy market crisis as we, like many in the industry, have been in the thick of it. However, from today, we will publish analysis of the regulatory responses of AEMO and state Governments. So, what do the powers allow the Minister to do and do they have any teeth?

Leave a Reply

Your email address will not be published.