The breach reporting obligations address from the Banking Royal Commission Recommendations 1.6, 2.8, 2.9 and 7.2 (Strengthening breach reporting) and are contained in the Financial sector reform (Hayne Royal Commission Response Act 2020.
Non-compliance is a strict liability criminal offence and a civil penalty provision.
Licensees must report to ASIC within 30 days after it first knows that, or should have known, whether there are reasonable grounds to believe a reportable situation has arisen. Reportable situations are summarised below:
Core obligations include:
- A breach of a licensee’s general obligations, as defined in s912A and 912B
- Certain sections of the Corporations Act, including Chapter 7
- A breach in Division 2 of Part 2 of the ASIC Act, which relates to unconscionable conduct and consumer protection
- A Other specified Commonwealth legislation
Deemed significant breaches
Reporting other representatives
Client notify, investigate and remediate obligations