Latest Products

Guidance: New Breach Reporting Guidance

Tuesday 7 September 2021





“Compliance breaches happen in all businesses. Breach reporting is integral for Board oversight and risk management by licensees. It is also needed for ASIC’s system wide regulatory oversight.”

This is the message from the Australian Securities and Investments Commission (ASIC) with the release with new guidance on breach reporting and an INFO sheet detailing how businesses should notify customers who would have been affected by the breach. 

This publication comes almost five months consultation paper 340 and more than year since Treasury consultation on royal commission reforms related to breach reporting. 

ASIC commissioner Karen Chester said in official statement, “The new obligations will help firms identify and act swiftly on the breaches that matter, making sure they get the attention they deserve. Licensees and boards will have greater confidence they are doing the right thing by consumers, and ultimately their firm and shareholders.”

Breach reporting is one the reforms of the financial services that the regulator indicated would bring about fairer outcomes for customers. 

The new guidance on breach reporting which will require the Australian financial licensees (AFSL) to report breaches that they discover act 1 October. 

The regulator also highlighted that if licensees discover breaches that occur before the 1 October, they will still have to report them. 

Chester said, “The new reporting obligations address long held concerns on the quality and timeliness of breach reporting. ASIC analysis in 2018 revealed it took more than 4 years (on average) for large financial institutions to identify incidents that proved to be significant breaches. Today’s remediation tally reveals how much consumer harm these delays caused, and ultimately at great cost to those firms.”

Click
here to download RG 78 in Breach Reporting.