AFSL – What are my obligations to report breaches to ASIC?


As an Australian Financial Services (‘AFS’) licensee, you are required under s.912D of the Corporations Act 2001 (‘the Act’) to give ASIC written notification of a breach (or likely breach). This correspondence is expected to occur within 10 business days of becoming aware.

To consider whether the licensee is required to report a breach, it has to satisfy the following criteria:

  1. You breach (or are likely to breach) any of the specified obligations; and
  2. That breach (or likely breach) is ‘significant’.

The term ‘significant’ is not defined in the Act. Determining whether or not a breach (or likely breach) is significant will depend on the individual circumstances of the breach (or likely breach). ASIC considers that the nature, scale and complexity of your financial services business might also affect whether a particular breach is significant or not. The licensee will need to decide whether a breach (or likely breach) is significant and thus reportable. When you are not sure whether a breach (or likely breach) is significant, ASIC encourages you to report the breach.

In Regulatory Guide 78, ASIC provide factors to be considered in determining whether a breach (or likely breach) is significant. Table 2 provides the following factors for consideration:

  • The number or frequency of similar previous breaches: s912D(1)(b)(i);
  • The impact of the breach or likely breach on your ability to supply the financial services covered by your licence: s912D(1)(b)(ii);
  • The extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate: s912D(1)(b)(iii);
  • The actual or potential financial loss to your clients, or you, arising from the breach or likely breach: s912D(1)(b)(iv); or
  • Any other matters prescribed by regulations: s912D(1)(b)(v).

Below is an extract from Tables 3 and 4 of Regulatory Guide 78 summarised into one table to provide examples of what may or may not be a significant breach. Also refer to the Regulatory Guide available on the ASIC website for detailed explanations.

Table 3 and 4: Examples

Examples of breaches that may be significant [extract from RG 78 Table 3]Examples of breaches that may not be significant [extract from RG 78 Table 4]
Failure to maintain professional indemnity (PI) insurance, or an appropriate level of PI insurance coverRepresentatives give inappropriate advice with minor or incidental loss to a client
Failure to prepare cash flow projectionsUnit pricing errors, when the licensee makes a unit pricing error of an immaterial amount involving one client only
Previously undetected breaches
Representatives give inappropriate advice which results in a major or substantial loss to a client
Representatives operating outside the scope of your AFS licence authorisations
Fraud in supply of financial services by a representative

Licensees are reminded that omitting to report a significant breach is an offence and may result in penalties.

The maximum penalty for not reporting a significant breach (or likely breach) within 10 business days of becoming aware of the breach (or likely breach) is:

  • for an individual, $8,500 or imprisonment for 1 year, or both; and
  • for a company, $42,500.

In conclusion, licensees are required to apply judgement in determining whether or not a breach (or likely breach) is considered significant, which requires reporting the matter to ASIC. We recommend all licensees to discuss any uncertain matters with their internal compliance officer or seek professional advice.


Reliance Auditing Services is a specialist independent auditing services firm providing quality audits to SMSFs, companies, not-for-profits and AFS licensees all over Australia. Reliance Auditing places a huge emphasis on educating our clients to ensure they fulfil their reporting obligations.

Call: 1300 291 060
or email us at

DISCLAIMER: This information is an interpretation of rules, regulations and standards. It should not be considered as general or specific advice and neither purports, nor is intended to be advice on any particular matter. No responsibility can be accepted for those who act on the contents of this publication without first obtaining specific advice. Liability limited by a scheme approved under Professional Standards Legislation.