Print this page

CS 16 Reportable situations – additional relief

Released 18 February 2025. Comments close 11 March 2025.

We are inviting feedback on a proposal to provide additional relief under the reportable situations regime.

A consultation paper was not issued for this consultation.

Our proposal

ASIC proposes relief from reporting certain breaches of the misleading and deceptive conduct (MDC) provisions and certain contraventions of civil penalty provisions (CPPs).

We propose to provide relief from reporting breaches of the MDC provisions and CPPs when: 

  • the breach has been rectified within 30 days from when it first occurred (this includes paying any necessary remediation), and
  • the number of impacted consumers does not exceed five, and
  • the total financial loss or damage to all impacted consumers resulting from the breach does not exceed $500 (including where the loss has been remediated), and
  • the breach is not a contravention of the client money reporting rules and clearing and settlement rules.

We propose to consolidate this additional relief and the relief in ASIC Corporations and Credit (Breach Reporting—Reportable Situations) Instrument 2024/620 (ASIC Instrument 2024/620) into a new instrument.

Please refer to the draft ASIC Corporations and Credit (Breach Reporting—Reportable Situations) Instrument 2025/XX under Related links.

Why we are proposing to give this additional relief

Under the reportable situations regime, licensees are automatically required to submit notifications to ASIC about any breach of MDC provisions or CPPs (if the provision is not exempted under regulations or section 6 of ASIC Instrument 2024/620). Breaches of these provisions are deemed ‘significant’ breaches of ‘core obligations’ under section 912D(4)(b) and (c) of the Corporations Act 2001 (Corporations Act) and section 50A(4)(b) and (d) of the National Consumer Credit Protection Act 2009 (National Credit Act).

This has led to some reports of MDC and CPP breaches to ASIC that have very little intelligence value. This reporting also involves a cost for licensees. Therefore, in addition to the current relief in ASIC Instrument 2024/620, we propose to provide further relief from the automatic reporting of certain MDC and CPP breaches. Our proposal seeks to strike a balance between reducing the reporting burden on licensees, while upholding the objectives of the reportable situations regime.

The requirement that the breach is rectified (including any necessary remediation) within 30 days from when it first occurred (i.e. from the first instance) encourages licensees to have good internal systems that quickly detect and rectify problems. The prescribed form, available from the ASIC Regulatory Portal, and Regulatory Guide 78 Breach reporting by AFS licensees and credit licensees (RG 78) provide guidance on ways licensees may rectify the root cause or causes of a breach.

Breaches covered by the criteria of our proposal may still be reportable under other circumstances in section 912D of the Corporations Act and section 50A of the National Credit Act. For example, these breaches may satisfy the ‘significance test’ regarding the number and frequency of similar breaches under section 912D(5)(a) of the Corporations Act and section 50A(5)(a) of the National Credit Act. This means that licensees should record these breaches in a breach register to ensure that they comply with their obligation to report all reportable situations: see RG 78 at RG 78.144.

More broadly, licensees are required to have systems and processes in place to identify, escalate, investigate, rectify and capture incidents and breaches as part of their general obligations to maintain adequate risk management systems and to ensure compliance with their licensee obligations: see section 912A(1) of the Corporations Act, section 47(1) of the National Credit Act and RG 78.132. The proposed relief does not affect these obligations. 

Regulatory and financial impact

Before settling on a final policy, we will comply with the Australian Government’s Policy Impact Analysis (PIA) requirements.

To ensure that we are able to properly complete any required impact analysis (IA) or IA equivalent, please give us as much information as you can about our proposals or any alternative approaches, including:

  • the likely compliance costs
  • the likely effect on competition, and
  • other impacts, costs and benefits.

Providing feedback

Send your feedback by 5 pm AEDST on Tuesday 11 March 2025 to rri.consultation@asic.gov.au with the subject line: ‘Feedback on CS 16’.

You may choose to remain anonymous or use an alias when providing feedback. However, we will not be able to contact you to discuss your feedback if you submitted it in this manner.

Your feedback will not be treated as confidential unless you specifically request that we treat whole or part of it (such as any personal or financial information) as confidential.

Please see ASIC’s privacy policy for more information about how we handle personal information, your rights to seek access to and correct personal information, and the right to complain about breaches of privacy by ASIC.

Background

The reportable situations regime is a key component of the financial services and credit regulatory regimes.

The reportable situations regime requires licensees to promptly identify, fix and report their own problems. Compliance with the regime can help lift industry standards and in turn improve consumer outcomes. A key objective of the regime is to also increase regulatory intelligence for ASIC.

ASIC has undertaken extensive work to strengthen the operation of the reportable situations regime since its introduction in October 2021:

As foreshadowed in our news item of 4 December 2024, we have considered how best to ensure we receive the reports that have the most intelligence value, while managing industry’s reporting burden.

Related links

 

 

 

Last updated: 17/02/2025 10:27