1. Which financial firms need to submit IDR reports to ASIC?

Financial firms required to submit an IDR report to ASIC every six months include:

• all Australian financial services (AFS) licensees with a retail authorisation, and
• all Australian credit licensees.

In addition to the above licensees, the IDR data reporting handbook (PDF 1.4 MB) also sets out some other types of firms that are in scope for IDR data reporting (e.g. certain unlicensed entities and certain superannuation trustees). However, the vast majority of in-scope financial firms will be AFS licensees and/or credit licensees.

Licensees are ‘financial firms’ in the IDR data reporting context. The obligation to submit IDR reports is held by the licensee (i.e. the financial firm that directly holds the AFS licence and/or credit licence). If a parent company has multiple subsidiaries that hold separate AFS licences and/or credit licences, each subsidiary licensee must submit a separate IDR report to ASIC.

Note: IDR data reporting to ASIC is commencing in three stages (‘tranches’). During the July-August 2023 submission window, only first tranche and second tranche firms will submit IDR reports to ASIC. First tranche and second tranche firms are set out in ASIC Corporations (Internal Dispute Resolution Data Reporting) Instrument 2022/205, as amended by ASIC Corporations (Amendment) Instrument 2023/282. See IDR data reporting for more information.

2. Can my firm submit IDR data for multiple licensees in one consolidated data file?

The obligation to submit IDR reports is held by individual licensees. If a higher-level entity (e.g. a parent company) has multiple subsidiaries with AFS licences and/or credit licences, the higher-level entity cannot submit a consolidated or aggregated IDR report of complaints related to its subsidiary licensees. Therefore each subsidiary licensee will need to submit a separate IDR report to ASIC.

The only exception to this is that if the financial firm holds both an AFS licence and a credit licence (with the same licence number), they must submit a consolidated report for both licences to ASIC each reporting period. This is the only scenario where a firm will submit a consolidated IDR report.

See the below table for examples:

3. Can my firm submit IDR data for a single licensee split across multiple data files?

A licensee cannot submit IDR data (relating to a single reporting period) split across multiple data files. All IDR data for a licensee must be submitted in a single IDR data file.

For example, if a licensee outsources the management of some of its complaints to an external provider, it would not be possible for the licensee to submit two separate data files (one containing complaints managed directly by the licensee, and the other containing complaints managed by the external provider). Instead, it would be necessary for the licensee to combine the records and submit a single IDR data file for that reporting period.

4. My firm has just commenced or ceased operations. Do I need to submit an IDR report to ASIC?

The obligation to submit an IDR report is held by the licensee and will depend on the licensee’s licence status when the relevant submission window closes, as set out below:

• If a licence will be active or suspended at the time the IDR submission window closes, the licensee is required to submit an IDR report for the relevant reporting period.
• If a licence will be pending, refused or cancelled at the time the IDR submission window closes, the licensee is not required to submit an IDR report for the relevant reporting period.

For the January-June 2023 reporting period, the submission window closes on 31 August 2023. For the July-December 2023 reporting period, the submission window closes on 29 February 2024.

Some firms that have just commenced operations may have had zero complaints in the relevant reporting period. These firms are still required to submit an IDR report if their licence will be active at the time the IDR submission window closes; however, they will not be required to submit an IDR data file, but would instead need to submit a ‘nil submission’ through ASIC’s Regulatory Portal. In this scenario, the firm’s IDR report will simply confirm to ASIC that there were zero IDR complaints for the firm during the reporting period. Please see the IDR data reporting handbook (PDF 1.4 MB) for more information on this process.

Note: IDR data reporting to ASIC is commencing in three stages (‘tranches’). For the submission window that closes on 31 August 2023, only first tranche and second tranche firms will submit IDR data reports to ASIC. See IDR data reporting for more information.

5. How do I lodge IDR data reporting for an unlicensed entity?

Some types of firms (including unlicensed product issuers and secondary sellers) may be required to submit IDR reports to ASIC. See the IDR data reporting handbook (PDF 1.4MB) for more information.

IDR reports are submitted to ASIC via the ASIC Regulatory Portal.

If you are not registered on the ASIC Regulatory Portal, please refer to our FAQ Question 11: I’m not on the ASIC Regulatory Portal, how do I register?

If you are registered under a different account which is not linked to the unlicensed entity, please refer to our FAQ Question 12:  How do I connect my portal account to a financial firm?

If you are having trouble registering on the ASIC Regulatory Portal, please contact us. You can avoid call wait times by submitting a query using our online enquiry form.

6. Which complaints are in scope for IDR data reporting to ASIC?

A firm’s IDR data report for a particular reporting period must include specified data in relation to each complaint received by the financial firm that:

• is required to be covered, or is covered, by the firm’s IDR procedure, and
• was either:
• made in the reporting period, or
• open at any time during the reporting period.

The data provided to ASIC should reflect the status and progress of the complaint as at the closing date of the relevant reporting period. For example, a complaint that was ‘open’ on 31 December 2023 and then ‘closed’ on 6 January 2024 would be reported to ASIC as ‘open’ for the July-December 2023 reporting period. It would then be reported as ‘closed’ for the January-June 2024 reporting period.

Note 1: Complaints that were first received before the beginning of the firm’s first reporting period should not be included in any IDR data reports to ASIC, even if they were open at the start of the first or subsequent reporting periods. This means that:

• for first tranche firms, complaints that were first received before 1 July 2022 should not be included
• for second tranche firms, complaints that were first received before 1 January 2023 should not be included, and
• for third tranche firms, complaints that were first received before 1 July 2023 should not be included.

Note 2: If the firm had no complaints for the relevant reporting period (i.e. no complaints were received and there were no open complaints at any time during the reporting period) they must submit a ‘nil submission’ through ASIC’s Regulatory Portal. In this scenario, the firm’s IDR report will simply confirm to ASIC that there were zero IDR complaints for the firm during the reporting period.

7. Would a complaint that is re-opened during a reporting period be reportable to ASIC?

Yes, this type of complaint would be reportable to ASIC.

For example, consider a complaint that was received and closed in the first reporting period, then re-opened at IDR during the second reporting period (e.g. due to new information being provided by the complainant).

During the first submission window, the complaint would be reported to ASIC with a ‘closed’ status, and with the original complaint outcome(s) listed.

During the second submission window, the complaint would again be reported to ASIC, with updated information depending on progress in resolving the complaint. For example, the complaint:

• might now be reported with an ‘open’ status, or
• might again have a ‘closed’ status, but with a different complaint outcome listed.

The data provided to ASIC should reflect the status and progress of the complaint as at the closing date of each relevant reporting period.

8. Should my firm’s IDR report include complaints originally made to my firm but referred to another financial firm to resolve?

Yes, this type of complaint is reportable to ASIC.

For example, consider a scenario where FIRM A receives complaints relating to products it distributes, but does not issue (e.g. bundled products such as credit cards with consumer credit insurance), and FIRM A refers the complaint to the product issuer (FIRM B) for resolution.

FIRM A should record and report complaints received and then referred to another financial firm using the outcome type ‘Referred to another financial firm’ (refer to the IDR data reporting handbook (PDF 1.4 MB)).

FIRM B should also record and report the complaint to ASIC, including the final outcome/s of the complaint (and other required information in line with the IDR data reporting handbook (PDF 1.4 MB)).

Note: For complaints about insurance in superannuation, the IDR reporting obligation is held by the trustee. This will be the case even where the trustee uses an outsourced model where the insurer responds ‘on behalf’ of the trustee. In practice, this will require trustees and insurers to share data with one another before the data is reported to ASIC.

9. Should my firm’s IDR data report include information about complaints that have been escalated to the Australian Financial Complaints Authority (AFCA) for external dispute resolution?

Some complaints that are closed at IDR will be subsequently escalated to AFCA for external dispute resolution (EDR). EDR escalation, timeframes and outcomes are out-of-scope for IDR data reporting. This information will instead be reflected in AFCA data.

For example, consider a complaint that is closed at IDR on 1 October 2024, with the financial firm offering the outcome ‘Service-based remedy’ to the complainant. The complainant is not satisfied with this outcome and escalates their complaint to AFCA. The complainant ultimately obtains a different outcome at EDR on 1 December 2024.

For IDR data reporting, this financial firm should report the outcome that was offered at IDR (‘Service-based remedy’) and the date closed at IDR (‘01/10/2024’). Any revised outcomes, timeframes or other details about the complaint at EDR are out of scope for IDR data reporting.

Note 1: When a complaint is referred back to a licensee from AFCA (under the 21-day post-IDR ‘refer back’ arrangements, and after the complaint has been closed at IDR), this is the first stage of EDR. As outlined above, EDR escalation, timeframes and outcomes are out-of-scope for IDR data reporting.

Note 2: Complaints referred to financial firms from AFCA because they have not yet been to IDR should be treated as regular IDR complaints. For these complaints, firms should record that they first received the complaint via referral from AFCA at data element 8 ‘Complaint channel’, using code 7 (Referral from AFCA) (see the IDR data reporting handbook (PDF 1.4 MB)).

10. What is the ASIC Regulatory Portal?

The ASIC Regulatory Portal will become your central access to our growing suite of regulatory services, which are being consolidated onto the portal over time. Financial firms already use the portal to submit industry funding metrics, breach reports, applications for relief and other regulatory services.

From the ASIC Regulatory Portal you can:

• search previous submissions made through the portal
• track the status of your submission via your portal account
• invite others to act on your behalf in the portal
• restrict access so only select users can see and access your submissions in the portal.

11. I'm not on the ASIC Regulatory Portal, how do I register?

Anyone required to use the portal to transact with ASIC will need to register their own user account. You can register for access at any time.

To register, go to the ASIC Regulatory Portal homepage and select the blue 'Register' button.

For more information on how to register, see our Regulatory Portal user guide.

12. How do I connect my portal account to a financial firm?

Only an officeholder or someone with the equivalent role (e.g. partner) can claim the financial firm entity in the ASIC Regulatory Portal. Most financial firms will already be registered on the portal to meet their annual industry funding obligations. The individual that performed the initial financial firm registration will be the Senior Administrator by default. They can then invite others to connect and act on their behalf.

Only the Senior Administrator or an Administrator of the account can invite other users to connect to the financial firm. If you need to connect your portal account to a financial firm, you will need to be invited by a Senior Administrator or Administrator.

When inviting someone to connect you can define their access level to control what they can and can’t do on your behalf. For example, you can authorise a trusted representative to launch and edit a transaction, but not submit it.

13. Can I arrange for someone else to submit a form/transaction on my behalf via the Regulatory Portal?

Yes. You can invite trusted representatives to act on your behalf in the portal. If you would like someone to act on your behalf in the portal, you first need to invite them to connect to your entity.

When inviting someone to connect to your entity you can define user access levels that control what others can do on your behalf. For example, you can authorise another user to launch and edit a transaction, but not submit it. Please note that the authorised user will register their own username and password to log in to the portal.

Only a user with Senior Administrator or Administrator access level for an entity can invite other users to connect to that entity.

For more information on how to invite someone to connect to your account, see the Administration section on the ASIC Regulatory Portal FAQs page.

14. I've invited someone to connect to my entity in the Regulatory Portal, how do I ensure they don't see confidential information?

The invitation process involves setting an access level to determine what someone can and can’t see and do, on your behalf.

There are four access levels:

• Senior Administrator – can launch, edit and submit a transaction, invite other users to the entity and view other administrative details for an entity
• Administrator – can launch, edit and submit a transaction and invite other users to the entity
• Approver – can launch, edit and submit a form or transaction, and view other administrative details for an entity, and
• Editor – in general, can launch and edit a form and transaction, but cannot submit it.

Further detail on the four levels is available on the Access levels page.

You can also restrict access to transactions in the portal – refer to the below section for more information about this.

For more information on setting Access levels, see the Administration section on the ASIC Regulatory Portal FAQs page.

15. Where do I submit an IDR report on the Regulatory Portal?

To start the transaction, log in to the ASIC Regulatory Portal and select the entity required to submit an IDR report from your list of current connections. This will open the entity’s dashboard.

Click on ‘Transactions’ in the top navigation bar to reveal a drop-down menu. Click on ‘Start a new transaction’. This will take you to a list of transactions you can select from. Within the list you will find a section titled ‘Internal dispute resolution data’. Open this section and click the transaction titled ‘Submit Internal Dispute Resolution data report’ to submit your IDR report.

The transaction will be available during submission windows only.

16. I still can’t see where to submit an IDR report on the Regulatory Portal. Why is this, and what can I do?

If the ‘Submit Internal Dispute Resolution data report’ transaction is not showing on screen once you log into the ASIC Regulatory Portal, consider the following:

• The transaction will only be visible during the two-month submission windows in January-February and July-August each year.
• IDR data reporting to ASIC is rolling out in tranches. During the July-August 2023 submission window, the transaction will only be visible for first tranche and second tranche firms. See IDR data reporting for more information on the roll-out schedule.
• You may need to scroll further down the page. This transaction may be one of many listed for your firm on the Regulatory Portal.

17. Can I restrict access to transactions in the Regulatory Portal?

Yes. Once you launch a transaction, the portal will direct you to a transaction settings page. The transaction settings page asks if you want to restrict access to the transaction. To restrict access, click ‘Yes – restrict access’. This will take you to a set restrictions page, which allows you to select users who can access the transaction.

Once you have set the restrictions for a transaction, you also have the option to add or remove users later.

More information on restricting access to transactions is on the ASIC Regulatory Portal FAQs page.

18. Can I submit a test IDR data file to ASIC via the Regulatory Portal?

No, there is currently no testing functionality for IDR data reporting. However, there is no limit to the number of times you can resubmit your IDR data file during the submission window.

The IDR data reporting handbook (PDF 1.4 MB) sets out the rules for basic and deep validation. If your data file fails either basic or deep validation, you can make the necessary corrections and resubmit your data file as many times as necessary during the submission window.

The two-month submission window is intended to provide time for firms to fix any potential validation errors and successfully resubmit before the submission window closes.

19. Where do I go if I need help using the Regulatory Portal?

The ASIC Regulatory Portal FAQs page has resources to help you use the portal including step-by-step user guides, FAQs and videos. The topics covered include registering your account, connecting your registration, and inviting trusted representatives to act on your behalf.

20. What are basic and deep validation?

Basic and deep validation are ASIC’s automatic data validation processes. An IDR data file is only successfully submitted when the data file has successfully passed both basic and deep validation. While basic validation occurs instantly, deep validation occurs up to 48 hours after the data file has been submitted on the ASIC Regulatory Portal. If an IDR data file fails either basic or deep validation, the financial firm must fix the relevant errors and resubmit their data file before the submission window closes.

When submitting an IDR data file, ensure you do so well before the closing date of the submission window. You will need to allow enough time for deep validation to be completed and to receive any failure notification (if applicable), fix the errors and resubmit your IDR data file for further deep validation.

The IDR data reporting handbook (PDF 1.4 MB) sets out the rules for basic and deep validation. The requirements are summarised in the submission checklist (Appendix 3).

Note: Financial firms with no complaints in the relevant reporting period are not required to submit an IDR data file, but are instead required to submit a ‘nil submission’ through ASIC’s Regulatory Portal. In this scenario, the firm’s IDR report will simply confirm to ASIC that there were zero IDR complaints for the firm during the reporting period. Basic and deep validation are not conducted for nil submissions.

21. What happens if my firm’s IDR data file does not pass basic or deep validation?

If your IDR data file fails either basic or deep validation, you must fix the relevant errors and resubmit the data file before the submission window closes. There is no limit to the number of times you can resubmit during a submission window.

If your file fails basic validation, you will be notified on screen as to what the error is. If your file fails deep validation, you will be notified via email, and will also receive a message in the ASIC Regulatory Portal containing an attached error file. This error file will contain detailed line-item information that identifies each individual error.

It will be necessary to fix the errors by referring to the IDR data reporting handbook (PDF 1.4 MB), which sets out the rules for basic and deep validation. The requirements are summarised in the submission checklist (Appendix 3).

The two-month submission window is intended to provide time for firms to fix any potential validation errors and successfully resubmit before the submission window closes.

22. If my firm’s IDR data file fails deep validation, how do I resubmit corrected data to ASIC?

If your firm’s IDR data file fails deep validation, you must fix the relevant errors and resubmit the data file before the submission window closes. To do this, you will need to start a new ASIC Regulatory Portal transaction and upload the corrected data file. You can do this as many times as necessary during the submission window until the data file passes deep validation.

23. How can I tell if my firm’s IDR report with an IDR data file has been submitted successfully?

If your firm submits an IDR data file through ASIC’s Regulatory Portal, then the data file will need to pass deep validation before it can be considered successfully submitted. Deep validation occurs up to 48 hours after the data file has been submitted on the Regulatory Portal. If and when the IDR data file passes deep validation, your IDR report will be considered to be successfully submitted. You can confirm this by checking that:

• the submitting user and Senior Administrator(s) for the entity have received a confirmation email from ASIC stating that the file passed deep validation and that ‘This means that your IDR data report has been successfully submitted’, and
• on the Regulatory Portal dashboard, your IDR data report status is listed as ‘Completed’.

If your data file has failed deep validation, the submitting user and Senior Administrator(s) will have instead received an email stating that the file failed deep validation and that ‘This means that your IDR data report has not been successfully submitted’. It will be necessary to fix the errors and resubmit your IDR report. An IDR data file is only successfully submitted when the data file has successfully passed both basic and deep validation.

24. How do I update, correct, or add to my firm’s IDR data for the current submission window?

If you need to update, correct, or add to your firm’s IDR data already submitted in the current submission window, you must submit a new data file containing the updated data together with all the IDR data you wish to submit for the current submission window.

For example, if you have already lodged an IDR data file containing 100 complaints and wish to correct data elements for 6 of those complaints, then all 100 complaints, including those with updated data elements, must be submitted to ASIC in a new IDR data file.

Note: During a submission window, ASIC will take a financial firm’s latest successful data file as its final data file submission.

25. How do I update, correct, or add to my firm’s IDR data reported in a past submission window?

During a submission window, firms may add to IDR data, or submit updated IDR data, for previous reporting periods.

To update IDR data already reported in a previous submission window:

• For the complaint data to be updated, ensure data element 1, financial firm’s complaint unique identifier (ComplaintUniqueID), matches the previous IDR data report.
• The updated complaint data must be in a single IDR data file together with all the IDR data your firm wishes to lodge for the current submission window.

To add to IDR data reported in a previous submission window, include the complaint data to be added in a single IDR data file together with all the IDR data your firm wishes to lodge for the current submission window.

Note: During a submission window, ASIC will take a financial firm’s latest successful data file as its final data file submission.

26. Are there penalties for not submitting an IDR report to ASIC?

Failure to submit a compliant IDR report during the submission window means you will be in breach of the IDR reporting requirements set out in ASIC Corporations (Internal Dispute Resolution Data Reporting) Instrument 2022/205, as amended by ASIC Corporations (Amendment) Instrument 2023/282, and may involve penalties. More information on penalties is available on ASIC’s Fines and penalties webpage.

27. Will I receive email reminders or notifications from ASIC about IDR reporting?

ASIC will send general emails about IDR data reporting, e.g. to notify all firms that the submission window has opened for a particular reporting period. These emails will be sent to the Senior Administrator(s) for the entity, as listed on the ASIC Regulatory Portal. You can review the list of individuals connected to your firm and their access levels on the Administration > Users page in the Regulatory Portal.

ASIC will also send more specific emails about IDR data reporting, e.g. to notify an individual firm that a submitted data file has passed or failed deep validation. These emails will be sent to the portal user who submitted the IDR report and the Senior Administrator(s).

28. Where can I find more information on IDR data reporting?

More information on IDR reporting is available on the IDR data reporting page.