ASIC won’t proceed with plans to publish firm-level breach reporting data after industry pushback, citing the maturity of the regime.
The regulator had announced plans to publish two dashboards containing reportable situations (RS) – otherwise known as breach reporting – and internal dispute resolution (IDR) data earlier this year that identifies licensees, with the latter to still go ahead.
ASIC said in an announcement it will instead only publish aggregate-level RS data.
“In making this decision about the RS publication, ASIC sought to balance the benefits of firm-level transparency against concerns around the maturity of the RS regime, particularly following recent changes to firms’ reporting obligations,” ASIC said.
Those recent changes including the broadening of the types of reports that are exempt after a separate consultation was held earlier this year.
If a breach is rectified within 60 days (instead of 30), the number of clients impacted is 10 or less (instead of five or less) and the total loss or damage to consumers is under $1000 (up from $500) a breach won’t need to be reported – but all three conditions need to be met to do so.
ASIC will publish the reportable situations dashboard in October with the IDR dashboard to be published later in the year.
The regulator has made several changes with how the firm-level IDR data will be published, including around complainant privacy, data comparisons and explanatory material to support contextualisation.
ASIC said its approach to the IDR dashboard publication is designed to enhance accountability and transparency, drive firms to improve their practices and provide valuable information to customers.
The approach also aims to align with the work done by the Australian Financial Complaints Authority on their Datacube which collates details of complaints covered by external dispute resolution scheme.
“Most submissions agreed that firm-level data publication could encourage firms to uplift their IDR and breach reporting practices,” ASIC’s report that summarised feedback consultation said.
“Many noted the potential for the increased transparency created by more granular data publication to improve consumer trust and confidence, and ultimately, consumer outcomes. However, many also requested an opportunity to engage with the dashboards or called for a phased implementation before firm-level data publication, particularly for RS.”
Some of the submissions noted the publication of data may release sensitive or personal data, have anti-competitive impacts, or be used to target vulnerable groups.
Others questioned the potential additional regulatory burden on firms or how it contradicts ASIC’s “simplification agenda” but the regulator noted this doesn’t change any reporting obligations from firms.
