The Australian Securities and Investments Commission (ASIC) is reminding Australian Financial Services (AFS) licensees that significant or likely breaches of their obligations must be notified within 10 days.
Managing Director of The Fold Legal (The Fold), Claire Wivell Plater says in ASIC’s view, AFS licensees become aware of a breach when the person responsible for compliance becomes aware of it. “However, they are often reluctant to report breaches until they have been considered by their directors or lawyers; they have rectified the breach; or, in the case of likely breaches, the breach has actually occurred.”
Ms Wivell Plater says ASIC is concerned that lengthy efforts to rectify a breach, even if well-intentioned, can compromise the regulator’s ability to take action. “Licensees should not panic when faced with a breach, because ASIC has indicated a strong willingness to work with licensees who take their breach reporting obligations seriously,” she says.
The industry received a heads up that ASIC is reviewing breach reports and licensees considered to be at high risk of non-compliance, in a speech made by ASIC Deputy Chairman Peter Kell to the Risk Management Association of Australia CRO Forum this week.
Ms Wivell Plater says ASIC makes decisions about what matters to prioritise for investigation from industry intelligence. “ASIC does not take action in relation to every breach but does look for patterns of misconduct within individual firms or across a market sector. ASIC also considers whether AFS licensees have robust systems for identifying and reporting problems.”
ASIC may consider an inadequate or late notification to mean that breach identification and reporting systems of the AFS licensee are not robust and/or that they have poor compliance culture, she says. “Failure to report a significant breach in itself is a breach. Not reporting until the problem is fixed can get licensees into more trouble than the underlying breach.”
If a licensee is already working on or has rectified a breach and it’s not serious or systemic, ASIC may decide not to make any further enquiries. “If the breach has not negatively impacted a consumer and no market harm has been done, ASIC may be willing to provide technical relief from the law or a no-action position. But the bottom line is, when in doubt, report.”
The Fold has extensive experience and a good track record in working with licensees and ASIC to efficiently minimise the impact of breaches.
Leave a Comment
You must be logged in to post a comment.