The Australian Securities and Investments Commission (ASIC) is looking to improve the breach reporting regime’s operation after challenges since its introduction, while it has also flagged future consultation on public reporting of licensee-level information.
The regime introduced last October requires Australian Financial Services Licensees to tell ASIC of any significant or likely significant breach of their “core obligations”.
Commissioner Sean Hughes says ASIC is aware that there’s been implementation challenges, but indicated there would be no backing away from the regime, which aims to identify emerging non-compliance trends and to facilitate early detection of issues and prompt responses.
“ASIC remains committed to the successful implementation of this regime and we have developed a comprehensive plan of work to ensure that it meets its objectives for ASIC, industry and consumers,” Mr Hughes said. “We will be working with stakeholders to find common-sense solutions.”
The regulator will consider whether the form on a portal for making reports needs to be improved, whether further practical guidance should be developed, and it will engage with Treasury on how the regime is meeting policy objectives.
“In undertaking this work, ASIC acknowledges the significant investment made across industry in the implementation of the reforms to date and will seek to minimise further impacts,” the regulator says.
A first public report on the regime, due to be published in two months, will include high-level insights into trends seen across lodgements from October 1 to June 30. The information won’t name licensees or refer to the nature or number of reports made by specific firms.
ASIC says its approach on releasing details will evolve as the regime matures and it will consider plans for the 2023 public report early next year, including whether it should contain a list of all licensees who have reported to the regulator during the period.
The regulator says it will further consult stakeholders before starting licensee-level granular public reporting, which is likely in 2024.
Licensees are required to notify ASIC of “reportable situations” within 30 calendar days after the licensee first knows that there are reasonable grounds to believe a situation has arisen.