Incoming changes to breach reporting obligations for licensees has been described as “onerous” by financial services lawyers, with Allens partner James Campbell saying the new regime – including what’s known as the ‘dobbing provision’ – will add further cost and complexity to the sector.
The new obligations, due to start October 1, were outlined by ASIC in a draft regulatory guide (RG 78) and put to market together with a consultation paper (CP 340) in April.
In short, it increases the amount of scenarios whereby a licensee needs to report a breach of the Corporations Act by an adviser to ASIC. Instead of notifying the regulator only when a “significant breach” occurs, more breaches of core obligations are now deemed “reportable situations”.
(There are approximately 14 core obligations for licensees as per s912D of the Corporations Act , including the catch-all requirement to act “efficiently, honestly and fairly”.)
According to James Campbell, a partner at top legal firm Allens, breaches still need to be significant but the deeming element is new.
The irony, he says, is that it’s the insignificant breaches that are being deemed significant regardless of circumstances. “Some of them are really very minor and procedural breaches that cause no loss to clients,” he says.
In a blog posting on the Allens website he explains the “long list of provisions” which are now deemed significant and automatically reportable to ASIC “irrespective of whether there are any similar beaches, the breach reflects the adequacy of monitoring and supervision, or the actual or potential financial loss to clients”.
The upshot for licensees, he says, will be a likely upgrade to back office processes and an ongoing increase in workload.
“The people we’re talking to have real concerns that it’s going to become a mammoth project,” he says, noting that licensees must also now use ASIC’s prescribed notice form.
“There’s going to be a huge number of reports – even the fact that someone is investigating if a breach is being reported needs to be reported.”
Campbell provides an example of how reporting around best interests duty might be altered: “Previously if a licensee was doing a regulatory audit and identified that a financial adviser had potentially given inappropriate advice, one instance would typically not trigger a breach reporting obligation… but now every instance will trigger a breach reporting obligation.”
Campbell’s colleague, managing associate Alexandra McCaughan, says licensees are facing a lot of extra work, resourcing demands and a much heavier risk burden.
“The longer list of situations that will need to be reported, combined with fact that the clock will start ticking earlier for a licensee to submit a report, means this will be heightened risk area and focus for licensees,” she tells Professional Planner.
Caps on the amount of time a licensee has to report possible breach will force much tighter controls, Campbell says.
“The time trigger for making a breach report has changed so licensees are needing to rethink how their reporting processes operate from the ground up,” Campbell says. “The thing that’s causing anxiety is… how do you know when that is? What’s the concrete trigger point?”
ASIC has already acknowledged the changes should result in a “significant increase in the volume of reports received”.
The regulator was the primary instigator for reform after its Enforcement Review Taskforce recommended changes in 2017, which was followed by its Report 594 into breach reporting. Momentum carried over into recommendations 1.6, 2.8, 2.9 and 7.2 of the Hayne royal commission, which resulted in those reforms being included in the Financial Sector Reform (Hayne Royal Commission Response) Act 2020.
The stringent regulation is, however, combined with a somewhat baffling reassurance that it doesn’t always need to be adhered to. Licensees are “not required to report every instance of non-compliance or trivial breaches,” ASIC states, only a “targeted set” of situations.
According to McCaughan, this amounts to mixed messaging.
“ASIC has openly said that licensees don’t have to report every instance of non-compliance, which seems inconsistent with the long list of provisions which will be automatically reportable, some of which are trivial or technical in nature,” she says.
McCaughan notes that ASIC will now publish an annual register of licensee level breach report data, which provide a level of transparency. ASIC has discretion but this may include name of licensee, volume of reported breaches, and number of breaches compared to size and activity or volume of licensee’s business.
Licensees will be monitoring that data closely, McCaughan says, and will be concerned about either being at the top or bottom of what will effectively be a ‘league table’.
The dobbing provision
One of the other provisions being introduced in the suite of reforms has the potential to cause a certain amount of suspicion and enmity between licensees.
In what is being dubbed the “dobbing provision”, licensees are being asked to let ASIC know if they suspect another licensee is not meeting the new breach reporting requirements.
“For financial advisers and mortgage brokers, if another licensee forms a suspicion or has grounds to believe advice given was inappropriately then the other licensee has to report it,” Campbell says. “Most of us are calling it the dobbing provision.”