Under current law (Corporations Act 2001) financial services licensees are required to report certain significant breaches applicable to ASIC. A task force at ASIC has in recent months completed a review of the self-reporting of the contraventions regime by financial services licensees. ASIC in the Compliance Review adopts certain positions in relation to the matter including:
- retain the ‘significance test’ but make it an objective test
- extend the obligation for licensees to report to include not only breaches by the licensee but also significant breaches by individual employees and representatives
- increase penalties for failure to report as and when required
- introduce a wider range of penalty options available to ASIC when there has been a contravention to add penalties such as civil penalties and infringement notices
- prescribe the contents of breach reports required to be lodged and reports to be submitted in electronic format
- certain other recommendations.
Originally Australian financial licensees were required to report any and all breaches. A number of years ago that requirement was changed to only require reporting of ‘significant breaches’. It is the subjective assessment by licensees of whether or not it is necessary to report a breach that is of concern. The smaller the organisation, the more likely it is that any breach will be regarded as ‘significant’, while the larger the organisation the more likely it is that a breach will not be considered to be ‘significant’ to the organisation as a whole. It will be interesting to see where things go with this ASIC enforcement review.