The Fold Legal managing director Claire Wivell Plater said that in ASIC’s view, AFS licensees become aware of a breach when the person responsible for compliance becomes aware of it.
“However, they are often reluctant to report breaches until they have been considered by their directors or lawyers, they have rectified the breach, or in the case of likely breaches, the breach has actually occurred,” said Ms Wivell Plater.
While ASIC encourages firms to consider what must be done to rectify a breach, she said they should not wait until then to report it to the regulator.
She said ASIC is concerned that AFS licensees who postpone reporting a breach to ASIC until lengthy processes to rectify it are completed are compromising the regulator’s ability to take action.
“Licensees should not panic when faced with a breach, because ASIC has indicated a strong willingness to work with licensees who take their breach reporting obligations seriously,” she said.
Ms Wivell Plater said ASIC does not take action in relation to every breach, but does look for patterns of misconduct within individual firms or across a market sector.
“ASIC also considers whether AFS licensees have robust systems for identifying and reporting problems,” she said.
“ASIC may consider an inadequate or late notification to mean that breach identification and reporting systems of the AFS licensee are not robust or that they have a poor compliance culture.”
Ms Wivell Plater said AFS licensees should remember that failure to report a significant breach is in itself a breach.
