ASIC's new breach reporting requirements introduced by the Financial Sector Reform (Hayne Royal Commission Response) Act 2020 will commence 1 October 2021. The changes strengthen the existing obligation on Australian financial services licensees to self-report certain breaches to ASIC. They also extend the obligation to credit licensees.

Key changes in the new breach reporting requirements

Breach reporting is a key element of an organisation's regulatory framework and underpins effective risk and compliance management.

Key changes in the new requirements include:

• extending and clarifying the types of situation that must be reported to ASIC and changing the timelines for reporting breaches
• requiring AFS and credit licensees to report serious compliance concerns about financial advisers and mortgage brokers respectively
• imposing a new obligation on financial advisers and mortgage brokers to investigate misconduct and remediate affected clients.

Licensees will need to significantly update their processes to comply with the new requirements. Licensees require certainty around the gaps that exist within current processes and have a disciplined approach to addressing these gaps in a short timeframe.

A guide to compliance

When risk and compliance foundations are strong, fit-for-purpose and well-integrated into operational practices and culture, organisations are well positioned to succeed with a clear understanding of the key risks related to its purpose and objectives.

We have developed the RG78 Breach Reporting Readiness Guide and a Breach Reporting Toolkit (which is available for purchase) to assist organisations on this compliance pathway.

Please reach out to the contacts below if you are interested in the guide and toolkit or if you have any other questions about the reporting requirements.