Reportable situations for AFS and credit licensees

From 1 October 2021, Australian financial services (AFS) licensees and Australian credit licensees are required to submit notifications about reportable situations (previously breach reports) to ASIC via the ASIC Regulatory Portal. Key points and some frequently asked questions are shown below.

Key points

  • Effective 1 October 2021, AFS and Australian credit licensees will be required to submit reportable situations to us via the approved form available in the ASIC Regulatory Portal.
  • Submitting reportable situation transactions via online forms on the portal will feature mandatory fields designed to help licensees comply with their obligations.

In relation to the reportable situations (previously breach reporting), the main changes are:

  • the regime is extended to Australian credit licensees
  • AFS and credit licensees must report to ASIC in writing all reportable situations, including:
    • significant breaches or likely significant breaches of ‘core obligations’
    •  investigations into whether there is a significant breach or likely breach of a ‘core obligation’ if the investigation continues for more than 30 days
    • the outcome of such an investigation if it discloses there is no significant breach or likely breach of a core obligation
    • conduct that constitutes gross negligence or serious fraud
    • reportable situations about other licensees
  • a number of situations are deemed to be significant and therefore reportable (for example, a contravention of a civil penalty provision), and
  • AFS and credit licensees will be required to notify ASIC of reportable situations within 30 calendar days (no longer 10 business days) after the licensee first knows that there are reasonable grounds to believe a reportable situation has arisen.

RG 78 Reportable situations for AFS licensees and credit licensees provides further guidance as to what licensees must report to ASIC and when to report to ASIC.

The main changes in relation to the ‘notify, investigate and remediate’ obligations are:

  • new obligations for licensees for financial advisers who provide personal advice to retail clients and licensees of mortgage brokers who provide credit assistance in relation to residential mortgages, and
  • the obligations require AFS and credit licensees to notify affected clients of certain breaches of the law, investigate those breaches and remediate customers within prescribed time frames (see INFO 259).

I hold an AFS licence and/or Australian credit licence – what do I need to do?

Most licensees have registered on the ASIC Regulatory Portal as part of their annual industry funding obligations.

If you are an AFS/Australian credit licensee with an existing ASIC Regulatory Portal account, from 1 October 2021, two new 'transactions' will be available to you in the portal.

These transactions allow AFS licensees and Australian credit licensees to notify ASIC of ‘reportable situations’ obligations under Div 3 of Pt 7.6 of the Corporations Act 2001 (Corporations Act) and Div 5 of Pt 2-2 of the National Consumer Credit Protection Act 2009 (National Credit Act).

What information am I required to provide to ASIC as part of a reportable situation?

Two new 'transactions' will be available to you in the portal. Conditional logic in the transactions will generate only relevant questions depending on the nature and type of reportable situation being lodged. We will require minimal free text information and will not require additional attachments.

The 'wireframes' for the two new forms can be accessed below. These wireframes contain all of the questions that appear in the forms together with the conditional logic that will be applied.

Does ASIC expect an increase in the volume of reporting as a result of the reforms?

Yes.  ASIC expects a significant increase in the volume of breach reports.  This is consistent with the legislative intent to expand the types of situations that must be reported to us, for example:

  • the extension of the breach reporting regime to credit licensees;
  • the deemed ‘significance’ provisions; and
  • the obligation to report investigations into possible breaches that continue for more than 30 days.

Will the Regulatory Portal have bulk/batch upload capability?

Bulk uploading capability will not be available on commencement. 

However, ASIC will be enabling Licensees the ability to report multiple instances of relatable Reportable situations in one transaction.

Will ASIC be providing guidance on what some terms mean (for example, the meaning of 'investigation' and 'recklessness'?)

These are new terms under the reforms that are coming into effect from 1 October 2021.  We have provided some guidance and included some examples to illustrate the requirements in RG 78 Breach reporting by AFS licensees and credit licensees.

When does ASIC’s obligation to publish data from breach reporting commence?

As part of the reforms, ASIC has a statutory obligation to publish information about reports lodged with ASIC each financial year, with reports to be published on our website within 4 months after the end of the financial year. This applies in relation to financial years on or after 30 June 2022. It is likely that a separate project will be established to identify our approach to this obligation.

What is the ASIC Regulatory Portal?

The ASIC Regulatory Portal will become your central access to ASIC's growing suite of digital regulatory services.

The portal will also feature:

  • a record of previous reportable situations transactions
  • the ability to track the status of submitted reportable situation transactions reports.
  • the ability to correspond with ASIC online about submitted reportable situations.

Key features

  • allows you to act on behalf of multiple entities (individuals or organisations) – for example, you may be a company officeholder (director or secretary of a company) in which case you can register and claim that entity. You can then invite others to act on your behalf or you may be invited by an entity or an officeholder to act on their behalf.
  • uses information you have previously supplied to pre-fill applications and transactions.
  • tracks the status of your applications and transactions.
  • ensures greater security through use of your own individual portal user account and password.
  • enables you to define user access levels that control what others can do on behalf of an entity or individual – for example, you can authorise another user to launch and edit a transaction, but only you can submit.

Where do I go if I need help registering for or using the portal?

The ASIC Regulatory Portal help page has resources to help you get up to speed with using the portal. These include step-by-step user guides, FAQs and videos to help you – from registering your account to connecting your registration and inviting trusted representatives to act on your behalf

Can I group similar core obligations into one notification?

Where there are multiple reportable situations arising from a single, specific root cause, you may be able to notify us of these multiple reportable situations in one report and meet your reporting obligations under the law. Licensees must exercise judgement on what is appropriate to group together in these circumstances.

Can I submit one report regarding multiple licensees in the group?

If you are reporting a reportable situation on behalf of one or more related entities, and provided that the conduct arises from a single, specific root cause, there is an opportunity in the reportable situation form to identify and list the relevant licensees and their licensee number. The related entities do not need to separately report to us. Similarly, if you are reporting for both a credit and AFS licensee, this can be specified in the form and two separate reports are not required.

Transitional Breach reports

The previous reporting provisions will continue to apply to AFS licensees where the previous breach reporting obligation (as in force immediately before 1 October 2021):

  1. is breached or is likely to be breached before 1 October 2021; and
  2. before 1 October 2021, the licensee knows that the obligation has been breached or is likely to be breached.

For more information see RG 78.17- RG 78.22 Breach Reporting by AFS licensees and credit licensees.

Are there any changes to the regulatory portal?

Yes, ASIC has made changes to the way that licensees submit reportable situations with ASIC. To view details on how to submit reportable situations with ASIC in the regulatory portal see our guidance on 'how to submit a reportable situations'.

ASIC has also created a new status in the regulatory portal called 'Event Status'. This event status will show you what steps are remaining before the event is completed.

These include:

Draft – No transactions have been submitted yet for the reportable situation event.

Investigation incomplete – Your responses in the latest transaction submitted for the reportable situation event indicate that your investigation is not yet complete. You will need to notify ASIC once the investigation is complete. Note that you should submit updates on this reportable situation event when there are material changes, for example, providing updates to estimates reported in previous submissions and providing updates where additional instances of similar or related reportable situations have arisen from the same root cause.

Remediation and rectification incomplete – Your responses in the latest transaction submitted for the reportable situation event indicate that you are compensating or intend to compensate clients who have suffered a financial loss because of the reportable situation and one of the following applies:

  • you are rectifying the breach or intend to rectify the breach; or
  • you are taking measures or intend to take measures to address your inability to comply with the core obligation.

You will need to notify ASIC once the remediation and/or rectification is complete.

Remediation incomplete – Your responses in the latest transaction submitted for the reportable situation event indicate that you are compensating or intend to compensate clients who have suffered a financial loss because of the reportable situation. You will need to notify ASIC once the remediation is complete.

Rectification incomplete – Your responses in the latest transaction submitted for the reportable situation event indicate that:

  • you are rectifying the breach or intend to rectify the breach; or
  • you are taking measures or intend to take measures to address your inability to comply with the core obligation.

You will need to notify ASIC once the rectification is complete.

Complete – We do not need you to submit any further transactions about the reportable situation event. You therefore cannot launch a new transaction for the event.

If the event status is not Complete after you have submitted the first transaction for a reportable situation event, we expect you to submit one or more further transactions for that event over time until the event status changes to Complete.

Still have a question?

You can send questions about this change to: feedback.breach@asic.gov.au

What's new

More financial service releases

ASIC industry funding

Last updated: 05/02/2020 12:00