As an Australian Financial Services (‘AFS’) licensee, you are required under s.912D of the Corporations Act 2001 (‘the Act’) to give ASIC written notification of a breach (or likely breach). This correspondence is expected to occur within 10 business days of becoming aware.
To consider whether the licensee is required to report a breach, it has to satisfy the following criteria:
- You breach (or are likely to breach) any of the specified obligations; and
- That breach (or likely breach) is ‘significant’.
The term ‘significant’ is not defined in the Act. Determining whether or not a breach (or likely breach) is significant will depend on the individual circumstances of the breach (or likely breach). ASIC considers that the nature, scale and complexity of your financial services business might also affect whether a particular breach is significant or not. The licensee will need to decide whether a breach (or likely breach) is significant and thus reportable. When you are not sure whether a breach (or likely breach) is significant, ASIC encourages you to report the breach.
In Regulatory Guide 78, ASIC provide factors to be considered in determining whether a breach (or likely breach) is significant. Table 2 provides the following factors for consideration:
- The number or frequency of similar previous breaches: s912D(1)(b)(i);
- The impact of the breach or likely breach on your ability to supply the financial services covered by your licence: s912D(1)(b)(ii);
- The extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate: s912D(1)(b)(iii);
- The actual or potential financial loss to your clients, or you, arising from the breach or likely breach: s912D(1)(b)(iv); or
- Any other matters prescribed by regulations: s912D(1)(b)(v).
Below is an extract from Tables 3 and 4 of Regulatory Guide 78 summarised into one table to provide examples of what may or may not be a significant breach. Also refer to the Regulatory Guide available on the ASIC website for detailed explanations.
Table 3 and 4: Examples
|Examples of breaches that may be significant [extract from RG 78 Table 3]||Examples of breaches that may not be significant [extract from RG 78 Table 4]|
|Failure to maintain professional indemnity (PI) insurance, or an appropriate level of PI insurance cover||Representatives give inappropriate advice with minor or incidental loss to a client|
|Failure to prepare cash flow projections||Unit pricing errors, when the licensee makes a unit pricing error of an immaterial amount involving one client only|
|Previously undetected breaches|
|Representatives give inappropriate advice which results in a major or substantial loss to a client|
|Representatives operating outside the scope of your AFS licence authorisations|
|Fraud in supply of financial services by a representative|
Licensees are reminded that omitting to report a significant breach is an offence and may result in penalties.
The maximum penalty for not reporting a significant breach (or likely breach) within 10 business days of becoming aware of the breach (or likely breach) is:
- for an individual, $8,500 or imprisonment for 1 year, or both; and
- for a company, $42,500.
In conclusion, licensees are required to apply judgement in determining whether or not a breach (or likely breach) is considered significant, which requires reporting the matter to ASIC. We recommend all licensees to discuss any uncertain matters with their internal compliance officer or seek professional advice.