ASIC expands reportable situations relief following industry feedback

The Australian Securities and Investments Commission (ASIC) has announced additional targeted relief under the reportable situations regime following feedback from the financial services industry.

According to ASIC, the relief “reduces some of the reporting burden on industry while upholding the objectives of the regime”.

The new relief now exempts industry from reporting certain breaches of the misleading and deceptive conduct provisions, and certain contraventions of civil penalties.

It also extends the length of investigations that are reportable to ASIC from 30 days to 60 days and clarifies that a report is taken to be lodged with ASIC if a licensee has submitted a breach report to the Australian Prudential Regulation Authority (APRA) that contains all the information APRA has requested.

“More substantial changes to the legislative framework are a matter for government,” it added.

“Licensees are reminded to ensure they have the systems and processes in place to identify, escalate, investigate, rectify and capture incidents and breaches as part of their general obligations.”

In February, the regulator launched a consultation aiming to reduce the burden on licensees but ensured the “high regulatory value” of reports.

It had proposed that relief from reporting certain breaches of the misleading and deceptive conduct provisions, and certain contraventions of civil penalties where:

• The breach has been rectified within 30 days from when it first occurred (this includes paying any necessary remediation).
• The number of impacted consumers is not more than five.
• The total financial loss or damage to all impacted consumers resulting from the breach is not more than $500 (including where the loss has been remediated).
• The breach is not a contravention of the client money reporting rules and clearing and settlement rules.

The financial services industry, as ASIC has noted, “broadly welcomed the relief” but suggested that some changes could be made to further enhance the measures.

Notably, a joint submission from the Financial Advice Association Australia (FAAA), the SMSF Association, Chartered Accountants Australia and New Zealand, CPA Australia, and the Institute of Public Accountants argued that the increase in time and money spent on immaterial matters that ASIC would be uninterested in pursuing is a “significant waste” for businesses.

“To better achieve a sensible balance between the cost of the process and access to meaningful information for ASIC, we recommend the first proposed parameter is amended to the breach has been rectified within 30 days from when it is first identified, not when the breach occurred,” the submission said.

This would be of particular benefit to the financial advice sector, the submission added, given non-compliance with the law is often discovered as a result of a complaint or a client file audit.

“Rarely is it discovered at the time the advice is delivered. This would mean that the benefit to the financial advice sector would likely be limited to administrative matters and licensee level breaches,” the joint bodies said.

“We believe this change is needed, or the proposed relief will likely be ineffective in reducing the actual quantum of breaches reported that provide very little intelligence, but consumes ASIC’s time and resources, and arguably, wastes AFS licensee resources.”

Among ASIC’s proposed relief measures was exempting breaches where the total financial loss or damage to all impacted consumers is not more than $500 (including where the loss has been remediated).

This number should be increased to $1,000, according to the joint bodies, while the maximum number of clients impacted to avoid a report should move from five to 10.

ASIC’s updated relief largely adopted these recommendations, broadening the types of reports that are exempt by increasing:

• The time allowed for rectification (from when the breach first occurred) from 30 days to 60 days.
• The number of impacted consumers from five to 10.
• The total financial loss or damage to consumers from $500 to $1,000.

“If a breach satisfies all these thresholds, it is not deemed reportable to ASIC,” the regulator said.

It added: “In response to submissions about the time it takes to complete investigations and with some input from the ASIC Simplification Consultative Group, we decided to give relief so that only investigations ongoing for more than 60 days, instead of 30 days, are reportable to ASIC.

“This relief will reduce the reporting burden on industry so that if an investigation is completed within 60 days and no reportable situation is identified, a report does not have to be submitted, while still incentivising licensees to undertake timely investigations.”