How many client complaints have you received about this matter?

This relates to complaints known at the time of lodging this breach.

Specify the date or estimated date for when you will complete your investigation

We acknowledge it may not be possible to provide us with a precise date when an investigation is likely to be completed; however, we expect licensees to set a timeframe that is reasonable, having regard to the following factors:

• the age of the potential breach
• the period it occurred over
• the number of consumers, products and systems affected
• the records available, and
• the nature of the potential breach.

Note: Information about your plans for remediation and/or rectification will be requested in the ‘Remediation and Rectification Section’ of the form.

Have any similar reportable situations (that do not form part of this report) previously occurred?

We consider similar reportable situations to include all similar reportable situations, not just those reported to ASIC. They should, however, be limited to reportable situations that are of a similar category/issue.

Remediation and rectification of the breach

We expect the licensee to provide us with the following information:

• Rectification – steps the licensee has taken to ensure the breach, or likely breach, is not still occurring
• Preventative measures – steps the licensee has taken to prevent future occurrences of the reported breach.
• Remediation – steps the licensee has taken to ensure that anybody affected by the breach, or likely breach, is put back into the same position they were prior to the breach occurring (i.e. paid back monies charged or taken inappropriately).

We are looking for separate pieces of information here.

Have you completed your investigation of the matter?

An investigation is complete when you have determined the root cause(s) of the reportable situation and you are satisfied that you have identified all affected clients and all instances of the reportable situation.