ASIC releases new relief for reportable situations regime

ASIC has provided AFSLs new reliefs to help them manage the reportable situations regime, which includes extending the length of investigations reportable from 30 days to 60 days.

Also in the relief, ASIC is exempting the reporting of certain breaches in the misleading and deceptive conduct provisions, and certain contraventions of civil penalties.

The new relief clarifies that a report is taken to be lodged with ASIC if a licensee submitted a breach report to APRA that contains all the information APRA has requested.

ASIC said the new relief reduces some of the reporting burden while upholding the objectives of the regime.

"Licensees are reminded to ensure they have the systems and processes in place to identify, escalate, investigate, rectify and capture incidents and breaches as part of their general obligations," ASIC said.

A review on the progress of the regime revealed that AFSLs were generally slow to report to ASIC; the key driver being licensees taking a long time to identify breaches in the first place and begin investigating.

Many AFSLs had gaps in how they monitored their own compliance with the regime, and deficiencies in incident management.

Under Regulatory Guide 78 Breach reporting by AFS licensees and credit licensees, a reportable situation includes significant breaches or likely significant breaches of core obligations, and conduct constituting gross negligence and serious fraud.

In February, ASIC held consultations on providing targeted relief. It received four confidential and nine non-confidential submissions.

ASIC also received one confidential and two non-confidential submissions from individual consumers who were opposed to the relief on the basis that some licensees still engage in misconduct.

In response to feedback, ASIC broadened the types of reports that are exempt by increasing the time allowed for rectification from 30 days to 60 days.

It also increased the number of impacted consumers from five to 10, as well as the total financial loss or damage to consumers from $500 to $1000.

If a breach satisfies all these thresholds, it is not deemed reportable to ASIC.

ASIC plans to publish dashboards containing firm-level reportable situations and internal dispute resolutions (IDR) data later this year.