Newspaper icon
The latest issue of Financial Standard now available as an e-newspaper

Breach reporting guidance released

ASIC has released more details on how financial advisers providing advice to retail clients can comply with the upcoming breach reporting law.

Information sheet 259 Complying with the notify, investigate and remediate obligations sets out further guidance on how Australian financial services licensees can meet their obligations, set to commence on October 1.

ASIC explains how advisers must notify affected clients of a reportable situation, which has to be done within 30 days.

Advisers must investigate the situation within 30 days and notify clients of the outcome no later than 10 days of the investigation's conclusion.

"We expect that your investigation will be thorough, complete and robust, and that you will make whatever inquiries are reasonably necessary to determine the nature and full extent of the breach of the law," the document reads.

"You must take reasonable steps to pay affected clients an amount equal to their loss or damage, within 30 days after the investigation is completed."

ASIC found that it took more than four years on average for large financial institutions to identify incidents that proved to be significant breaches.

ASIC deputy chair Karen Chester said: "Today's remediation tally reveals how much consumer harm these delays caused, and ultimately at great cost to those firms."

"The new obligations will help firms identify and act swiftly on the breaches that matter, making sure they get the attention they deserve. Licensees and boards will have greater confidence they are doing the right thing by consumers, and ultimately their firm and shareholders," she said.

AFS licensees must report breaches that they discover after 1 October 2021, even if the breach occurred before that date.

However, credit licensees do not have to report breaches that occurred before this date even when identified after 1 October 2021. As a result, credit licensees will have a relatively gradual implementation upon commencement.

"The new obligations also benefit consumers by allowing ASIC to better identify and swiftly address systemic problems. There will be greater transparency for consumers and firms with the publication of breach reporting data by ASIC from late 2022," Chester said.

Read more: ASICKaren Chester