Changes to how AFS licensees report breaches

Effective 30 March 2020, there are changes to how Australian financial services licensees submit breach reports to ASIC.

Key points:

  • Australian financial services licensees will need to submit breach reports to us via the ASIC Regulatory Portal from 30 March 2020.
  • The portal will replace existing submission channels.
  • Submitting breach reports via online forms on the portal will feature mandatory fields designed to help licensees comply with their breach reporting obligations.
  • The portal will also feature:
    • A record of previous breach reports.
    • The ability to track the status of submitted breach reports.
    • The ability to correspond with ASIC online about submitted breach reports.
    • There are no changes to the ongoing breach reporting obligations for AFS licensees as a result of this change.

I hold an AFS licence – what do I need to do?

Most AFS licensees have registered on the ASIC Regulatory Portal as part of their annual industry funding obligations.

If you are an AFS licensee with an existing ASIC Regulatory Portal account, two new ‘transactions’ will be available to you in the portal from 30 March. They are named:

  • Submit Australian financial services licensee breach report.
  • Update Australian financial services licensee breach report.

These transactions will continue to allow AFSL holders to notify ASIC of a 'significant' breach (or likely breach) of their obligations under s912A (including license conditions), s912B (compensation arrangements) or financial services laws.

For information about how to find a form or transaction once you are logged in to your portal account, see our FAQ page

I’m not on the portal, how to I register?

Go to the ASIC Regulatory Portal homepage and select the blue 'Register' button.

You can connect using your Australian financial services license number, and your ASIC key. For more information on how to register, see our user guide.

What is an ASIC key?

The ASIC key helps us establish your identity. Find out what to do here if you cannot locate your ASIC Key.

What information will I be required to provide to ASIC as part of the breach report?

There are no changes to the ongoing breach reporting obligations for AFS licensees as a result of this change. Submitting breach reports via online forms on the portal will feature mandatory fields designed to help with compliance and accuracy. ASIC will publish more detail about the new online forms in early March 2020.

Can I arrange for someone else to report a breach to ASIC on my behalf via the portal?

Yes. You can invite trusted representatives to act on your behalf in the portal.

If you would like someone to act on your behalf in the portal, you first need to invite them to connect to your account.

When inviting someone to connect to your account you can define user access levels that control what others can do on your behalf.  For example, you can authorise another user to launch and edit a transaction, but only you can submit.

Only a user with Senior administrator or Administrator Access level for an entity can invite other users to connect to that entity.

For more information, including on how to invite someone to connect to your account and user access levels, see the Administration section on the FAQ page.

I’ve invited someone to connect to my portal account, how do I ensure they don’t see confidential information?

The invitation process involves setting an Access level to determine what someone can and can’t see and do, on your behalf.

There are four Access levels – Senior administrator, Administrator, Approver and Editor.

  • Senior administrator – can launch, edit and submit a transaction, invite other users to the entity and view other administrative details for an entity.
  • Administrator – can launch, edit and submit a transaction and invite other users to the entity.
  • Approver – can launch, edit and submit a form or transaction, and view other administrative details for an entity.
  • Editor – in general, can launch and edit a form and transaction, but they cannot submit it.

You can also restrict access to transactions in portal – refer to the below section for more information about this.

For more information on setting Access levels, see the Administration section on the FAQ page.

Can I restrict access to transactions in the portal?

Yes. Once you launch a form or transaction, the portal will direct you to a transaction settings page. The transaction settings page asks if you want to restrict access to the transaction. To restrict access, click Yes – restrict access. This will take you to a set restrictions page, which allows you to select users who can access the transaction.

Once you have set the restrictions for a form or transaction, you also have the option to add or remove users later.

For more information on restricting access to transactions, see the Forms and transactions section on the FAQ page.

I’ve invited someone to connect, can they see which entities I am connected to?

No. A trusted representative cannot view which entities you are connected to.

What is the ASIC Regulatory Portal?

The ASIC Regulatory Portal will become your central access to ASIC's growing suite of digital regulatory services.

Key features:

  • Allows you to act on behalf of multiple entities (individuals or organisations) – for example, you may be a company officeholder (director or secretary of a company) in which case you can register and claim that entity. You can then invite others to act on your behalf or you may be invited by an entity or an officeholder to act on their behalf.
  • Uses information you have previously supplied to pre-fill applications and transactions.
  • Tracks the status of your applications and transactions.
  • Ensures greater security through use of your own individual portal user account and password.
  • Enables you to define user access levels that control what others can do on behalf of an entity or individual – for example, you can authorise another user to launch and edit a transaction, but only you can submit.

Where do I go if I need help using the portal?

The ASIC Regulatory Portal help page has resources to help you get up to speed with using the portal. These include step-by-step user guides, FAQs and videos to help you – from registering your account to connecting your registration and inviting trusted representatives to act on your behalf

Still have a question?

You can send questions about this change to: feedback.breach@asic.gov.au

What's new

More financial service releases

ASIC industry funding

Last updated: 05/02/2020 12:00