Changes to how AFS licensees report breaches

Australian financial services licensees are now required to submit breach reports to ASIC via the ASIC Regulatory Portal. The portal has replaced previous submission channels. Key points and some frequently asked questions are shown below.

We have recently published more detail about the breach report transactions and how these work in the ASIC Regulatory Portal.

Key points:

  • Effective 30 March 2020, AFS licensees are now required to submit breach reports to us via the ASIC Regulatory Portal from 30 March 2020.
  • The portal has replaced previous submission channels.
  • Submitting breach reports via online forms on the portal will feature mandatory fields designed to help licensees comply with their breach reporting obligations. There are no changes to the ongoing breach reporting obligations for AFS licensees as a result of this change.
  • The portal will also feature:
    • A record of previous breach reports.
    • The ability to track the status of submitted breach reports.
    • The ability to correspond with ASIC online about submitted breach reports.

I hold an AFS licence – what do I need to do?

Most AFS licensees have registered on the ASIC Regulatory Portal as part of their annual industry funding obligations.

If you are an AFS licensee with an existing ASIC Regulatory Portal account, two new 'transactions' are now available to you in the portal. They are named:

  • Submit Australian financial services licensee breach report.
  • Update Australian financial services licensee breach report.

These transactions continue to allow AFSL holders to notify ASIC of a 'significant' breach (or likely breach) of their obligations under s912A (including license conditions), s912B (compensation arrangements) or financial services laws.

For information about how to find a form or transaction once you are logged in to your portal account, see our FAQ page.

What information am I required to provide to ASIC as part of the breach report?

We have recently published more detail about the breach report transactions and how these work in the ASIC Regulatory Portal.

Additional information and guidance on some specific questions within the online breach transaction are on our website.

There are no changes to the ongoing breach reporting obligations for AFS licensees as a result of this change. Submitting breach reports via online forms on the portal will feature mandatory fields designed to help with compliance and accuracy.

Can I arrange for someone else to report a breach to ASIC on my behalf via the portal?

Yes. You can invite trusted representatives to act on your behalf in the portal.

If you would like someone to act on your behalf in the portal, you first need to invite them to connect to your account.

When inviting someone to connect to your account you can define user access levels that control what others can do on your behalf. For example, you can authorise another user to launch and edit a transaction, but only you can submit.

Only a user with Senior administrator or Administrator Access level for an entity can invite other users to connect to that entity.

For more information, including on how to invite someone to connect to your account and user access levels, see the Administration section on the FAQ page.

I've invited someone to connect to my portal account, how do I ensure they don't see confidential information?

The invitation process involves setting an Access level to determine what someone can and can't see and do, on your behalf.

There are four Access levels – Senior administrator, Administrator, Approver and Editor.

  • Senior administrator – can launch, edit and submit a transaction, invite other users to the entity and view other administrative details for an entity.
  • Administrator – can launch, edit and submit a transaction and invite other users to the entity.
  • Approver – can launch, edit and submit a form or transaction, and view other administrative details for an entity.
  • Editor – in general, can launch and edit a form and transaction, but they cannot submit it.

You can also restrict access to transactions in portal – refer to the below section for more information about this.

For more information on setting Access levels, see the Administration section on the FAQ page.

Can I restrict access to transactions in the portal?

Yes. Once you launch a form or transaction, the portal will direct you to a transaction settings page. The transaction settings page asks if you want to restrict access to the transaction. To restrict access, click Yes – restrict access. This will take you to a set restrictions page, which allows you to select users who can access the transaction.

Once you have set the restrictions for a form or transaction, you also have the option to add or remove users later.

For more information on restricting access to transactions, see the Forms and transactions section on the FAQ page.

I've invited someone to connect, can they see which entities I am connected to?

No. A trusted representative cannot view which entities you are connected to.

I'm not on the portal, how to I register?

Go to the ASIC Regulatory Portal homepage and select the blue 'Register' button.

You can connect using your Australian financial services license number, and your ASIC key. For more information on how to register, see our user guide.

What is an ASIC key?

The ASIC key helps us establish your identity. Find out what to do here if you cannot locate your ASIC Key.

What is the ASIC Regulatory Portal?

The ASIC Regulatory Portal will become your central access to ASIC's growing suite of digital regulatory services.

Key features:

  • Allows you to act on behalf of multiple entities (individuals or organisations) – for example, you may be a company officeholder (director or secretary of a company) in which case you can register and claim that entity. You can then invite others to act on your behalf or you may be invited by an entity or an officeholder to act on their behalf.
  • Uses information you have previously supplied to pre-fill applications and transactions.
  • Tracks the status of your applications and transactions.
  • Ensures greater security through use of your own individual portal user account and password.
  • Enables you to define user access levels that control what others can do on behalf of an entity or individual – for example, you can authorise another user to launch and edit a transaction, but only you can submit.

Where do I go if I need help using the portal?

The ASIC Regulatory Portal help page has resources to help you get up to speed with using the portal. These include step-by-step user guides, FAQs and videos to help you – from registering your account to connecting your registration and inviting trusted representatives to act on your behalf

Still have a question?

You can send questions about this change to: feedback.breach@asic.gov.au

What's new

More financial service releases

ASIC industry funding

Last updated: 05/02/2020 12:00