Latest Products

AISC Review on Breach Reporting

Friday 28 October 2022

The Australian Securities and Investments Commission (ASIC) has done a review of its regulated entities and their compliance with the breach reporting laws that took effect just over a year ago. 

Commissioner Karen Chester said at the release of RG 78 last year, “The new reporting obligations address long-held concerns on the quality and timeliness of breach reporting. ASIC analysis in 2018 revealed it took more than 4 years (on average) for large financial institutions to identify incidents that proved to be significant breaches. Today's remediation tally reveals how much consumer harm these delays caused, and ultimately at great cost to those firms."

 A year on,  for the period 1 October 2021 to 30 June 2022, the regulator has found that only six per cent of licensees reported in the first nine months of the regime,  12 per cent of the almost 2000 reports is estimated to take more than one year,  55 per cent of the reports found that staff negligence is the root cause of the beach. 

ASIC Commissioner Sean Hughes said in a formal statement at the release of
Report 740 Insights from the reportable situations regime: October 2021 to June 2022, “As part of its 2022-23 priorities, ASIC is focussing on improving the operation of the reportable situation’s regime. We will continue to work with stakeholders to address issues that have arisen from the implementation of the regime, including by providing additional guidance where needed. Greater alignment of reporting practices by licensees will facilitate the publication of more comparative data at the licensee level in coming years.”