Breach reporting for trustees
From 1 October 2021, as a result of the Financial Sector Reform (Hayne Royal Commission Response) Act 2020, Australian financial services licensees (AFS licensees) are required to lodge reports about reportable situations to ASIC through the ASIC Regulatory Portal by completing the prescribed form. Superannuation trustees that hold AFS licences must comply with these obligations.
- The change in the reporting obligation to ‘reportable situations’ has resulted in a more expansive reporting regime for AFS licensees, including superannuation trustees, and also provides more clarity on reporting obligations.
- Effective 1 July 2021, all superannuation trustees that hold a Registrable Superannuation Entities (RSE) licence with APRA are required to hold an AFS licence that includes an authorisation to provide a superannuation trustee service.
- Effective 1 October 2021, superannuation trustees that hold an AFS licence should lodge reports about reportable situations to ASIC using the prescribed form in the ASIC Regulatory Portal.
- Alternatively, for matters that need to be reported to both APRA and ASIC, superannuation trustees may satisfy their obligations by lodging the one report containing all the required information to APRA under the dual reporting framework.
Some of the new features of the enhanced regime applicable to trustees include:
- the obligation to report to ASIC, using the prescribed form, all reportable situations, including:
- significant breaches or likely breaches of ‘core obligations’
- investigations into whether there is a significant breach or likely breach of a ‘core obligation’ if the investigation continues for more than 30 days
- the outcome of such an investigation including if it discloses there is no significant breach or likely breach of a core obligation
- conduct that constitutes gross negligence or serious fraud
- conduct of representatives of other licensees who provide personal advice in certain prescribed circumstances.
- a number of situations are deemed to be significant and therefore reportable (for example, a contravention of a civil penalty provision that is not excluded from deeming under the regulations), and
- the requirement to report to ASIC all reportable situations within 30 calendar days (no longer 10 business days) after the licensee first knows or is reckless with respect to whether there are reasonable grounds to believe a reportable situation has arisen.
While the regime is likely to result in an increase in volume of reports made to ASIC, there are measures in place that may assist trustees to satisfy their obligations, including:
- where there are multiple reportable situations arising from a single, specific root cause, trustees may be able to report to ASIC multiple reportable situations in one report; and
- if trustees are reporting a reportable situation on behalf of one or more related entities, and provided that the conduct arises from a single, specific root cause, there is an opportunity in the prescribed reportable situations form to identify and list the relevant licensees and their licensee number. The related entities do not need to separately report to ASIC.
Reporting to ASIC and APRA
Superannuation trustees will continue to have obligations to notify APRA of significant breaches of their RSE licence conditions under the Superannuation Industry Supervision Act 1993 (SIS Act).
Reporting timeframes aligned
Superannuation reforms amended the SIS Act to increase the timeframe to report significant breaches to APRA to 30 calendar days. From 1 October 2021, the timeframe to report to both ASIC and APRA reportable situations and significant breaches respectively, is 30 calendar days.
Dual Reporting Framework
Changes to the breach reporting framework means that there are now differences in reporting triggers between reporting to ASIC (under s912DAA of the Corporations Act 2001) and APRA (under s29JA of the SIS Act).
Superannuation trustees that determine they need to report to both ASIC and APRA respectively of a reportable situation, and a significant breach of their RSE licence conditions, can report to both regulators by:
- lodging a report with ASIC through ASIC’s Regulatory Portal and a separate report to APRA, through the APRA Online Breach Reporting System. Lodging separate reports with APRA and ASIC may be the more efficient option if updates to the initial report are required at a later stage; or
- using the existing dual reporting framework which allows trustees to report to both regulators by lodging the one report with APRA. The dual reporting framework is available through APRA’s website.
Superannuation trustees cannot lodge with ASIC to satisfy their reporting obligations to APRA.
Completing the form
The prescribed reportable situations form, located in the ASIC Regulatory Portal, features mandatory fields designed to assist trustees to comply with their reporting obligations. Where trustees are not yet able to provide precise answers to the mandatory questions, best estimates are to be used.
For more information see Reportable situation guidance.
Reporting of investigations
Under the new regime, there are reporting requirements in relation to investigations about whether a significant breach or likely breach of a core obligation arose.
Investigations that continue for more than 30 days
Investigations of this kind that continue for more than 30 days must be reported to ASIC – regardless of whether a determination of a significant breach (or likely breach) has been made.
For all investigations that continue for more than 30 days, trustees must lodge a report with ASIC within 30 calendar days of day 31 of the investigation.
For those investigations that conclude that there is no significant breach or likely breach of a core obligation, trustees must also report this to ASIC within 30 days after this conclusion was reached.
Investigations that conclude within 30 days
Investigations that conclude within 30 days do not need to be reported. A breach may however need to be reported (see below).
If an investigation – at any stage – identifies a significant breach or likely breach of a core obligation, trustees must report the breach to ASIC within 30 days after they first know, or are reckless with respect to whether there are reasonable grounds to believe that a significant breach or likely breach of a core obligation arose.
Where trustees had already commenced investigations into an incident before 1 October 2021, the investigation may have become a reportable situation if:
- the investigation was in progress on or after 1 October 2021 and continued for more than 30 days; and
- the investigation concerned an incident that started before 1 October 2021 and the conduct that was subject of the incident was still continuing.
For more information about reportable investigations, see RG 78.50-RG 78.64.
Further information and resources
For further information see:
- Reportable situations for AFS and credit licensees
- Regulatory Guide 78 Reportable situations for AFS licensees and credit licensees (RG 78)
- Information Sheet 259 Complying with the notify, investigate and remediate obligations (INFO 259).
If trustees have concerns about breach reporting changes, you can email us at the SuperRegRoles@asic.gov.au mailbox address where we may be able to address questions or concerns.