The corporate regulator expects licensees to report breaches related to a minor change in law over the addition of client account numbers to fee consent forms.
Communication to its members by the Financial Advice Association Australia, seen by Professional Planner, says the regulator confirmed to the association that any consent forms previously signed without an account number must be reported to ASIC as a breach.
This was due to a law change via Tranche 1 of the Delivering Better Financial Outcomes legislation which made it necessary to include an account number in new fee consent arrangements from 10 January 2025.
ASIC granted a limited no-action enforcement position in June this year due to issues with account numbers – the unique identifier used by a product provider – being omitted from a client’s written consent for the deduction of ongoing advice fees.
A statement from ASIC to Professional Planner confirmed the regulator’s no-action position does not extend to an AFS licensee’s obligations to lodge breach reports but that it is up to AFSLs to determinate if they have breached the law and if they need to report it.
“ASIC has not stated that all fee consent forms missing an account number must be reported as breaches,” an ASIC spokesperson said.
“Whether a breach has occurred – and whether it is reportable under the breach reporting regime – is a matter for AFS licensees to assess based on the specific facts and their legal obligations.”
The FAAA member communication said ASIC had confirmed that any consent forms previously signed without an account number were required to be reported to ASIC as a breach.
But this wouldn’t need to be done individually as ASIC Regulatory Guide 98 allows group reporting of breaches if there is “similar, related or identical conduct”.
“Importantly, it is your licensee who is responsible for reviewing, assessing, and lodging breach reports,” the communication said.
“Ensure you notify your licensee immediately if any platforms provide client data to you (the adviser) directly.”
The association believes thousands may be caught up in the change. “It’s not just isolated, there’s a number of cases,” FAAA policy general manager Phil Anderson told Professional Planner.
The no-action period will only apply as long as advisers enter into a new ongoing fee arrangement (OFA) with clients and receive an updated written consent, which must cover the period where any fees were deducted under a “non-compliant” written consent.
ASIC won’t act on a breach if an account number was not included in the written consent that was given between 10 January 2025 – when the change was due to commence – and 5 September 2025, even though it still expects the breach to be reported.
Superannuation trustees have also been instructed by the regulator to review their processes for the oversight of advice fee deductions and ensure that any written consents comply with all legal requirements.
The FAAA said both they and the Financial Services Council had advocated for an exemption from the breach reporting obligations for fee consents without an account number.
“We understand the frustration that ASIC’s decision may cause members and will continue to provide support to assist you,” the FAAA said.
In February, ASIC launched a consultation that aimed to tighten the threshold for what breaches needed to be reported.
The changes were finalised in June, which meant a breach didn’t need to be reported if it was rectified within 60 days, the number of affected consumers was less than 10 or the total financial damage or loss to consumers was less than $1000.
However, all three conditions need to be satisfied for a breach to not be reportable.
Anderson said the fee consent account number change wouldn’t count, because the refreshed threshold only came into place after June.
“Most of these breaches happened earlier in the year, when we were less aware of the issue,” Anderson said.
A survey of FSC members earlier this year found it costs $3800 – estimated as $24 million annually – in extensive documentation, senior executive time and auditor reviews every time a minor breach is reported to the ASIC portal.
ASIC has also expressed continued concern over the lack of breaches reported by smaller licensees, which has only improved slightly over the past few years.
