The corporate regulator said the reforms, set to commence on 1 October, will “address long-standing concerns” about breach reporting.
The new guidance states that AFS licensees will be required to report breaches found after 1 October 2021 even if they occurred prior to that date.
However, credit licensees do not have to report breaches found prior to 1 October which will allow them to have a “relatively gradual implementation upon commencement”.
Other requirements for AFS licensees include an obligation to report an investigation into whether there is a reportable situation where that investigation continues for more than 30 days and to lodge breach reports with ASIC “after the licensee first knows, or is reckless with respect to whether, there are reasonable grounds to believe a reportable situation has arisen”.
Currently, AFS licensees have 10 business days within which to report.
“ASIC analysis in 2018 revealed it took more than four years (on average) for large financial institutions to identify incidents that proved to be significant breaches. Today’s remediation tally reveals how much consumer harm these delays caused, and ultimately at great cost to those firms,” deputy chair Karen Chester said on Tuesday.
“The government’s new reporting obligations put strong guard rails in place that will benefit firms and consumers alike.
“The new obligations will help firms identify and act swiftly on the breaches that matter, making sure they get the attention they deserve. Licensees and boards will have greater confidence they are doing the right thing by consumers, and ultimately their firm and shareholders.
“The new obligations also benefit consumers by allowing ASIC to better identify and swiftly address systemic problems. There will be greater transparency for consumers and firms with the publication of breach reporting data by ASIC from late 2022.”
Ms Chester’s comments come after ASIC commissioner Danielle Press said that the regulator is aware that the incoming reforms, which also include a new reference-checking regime to vet potential advisers, are complex.
“We understand that there is a confluence of regulation coming into play on the 5th of October, and we are cognisant that industry is struggling to get their heads around some of it and we are working with them pretty closely,” Ms Press said late last month.
Another item for the Licencee to pass down to the Advisers further burden and cost! Justified by the Licencee “keeping us advisers safe”.
You need to change licensees.
You may (or may not) be surprised with how fast a Licensee will/can run and disavow all knowledge of instructions given to Advisers when ASIC come knocking. It’s like the old Mission Impossible days – all knowledge of you will be disavowed and you’ll be on your own. Interestingly though, ASIC seem to have the same opinion – regardless of what you’ve been told to do, how to do it or when to do it by the licensee, it’s your responsibility and it’s you ASIC will ban. Not the Licensee.
A complex set of reforms which ASIC gives its guidance one month from commencement. ASIC really sets the gold standard as a regulator.
Imagine if we all, as the majority of us operate in the same manner, had a mandatory or mandated procedural guide in which to use. Just imagine how much regulatory red tape could be effectively removed…
Very good point. Too many compliance boffins and lawyers throwing their 2 cents in with different interpretations of everything.
Again, we need to highlight the difference between the large organisations and the financial planning practices that are bearing the brunt of negative media, additional compliance costs and ASIC fees and levies.
[i]ASIC analysis in 2018 revealed it took more than 4 years (on average) for large financial institutions to identify incidents that proved to be significant breaches. Today’s remediation tally reveals how much consumer harm these delays caused, and ultimately at great cost to those firms,” deputy chair Karen Chester said on Tuesday.[/i]
“ASIC analysis in 2018 revealed it took more than 4 years (on average) for large financial institutions to identify incidents that proved to be significant breaches.”
Now that the majority of the large financial institutions have sold / offloaded / scaled down their financial planning businesses, this again seems like a look-back at what WAS, not what IS.