In FY25 two incidences of financial advice fraud were reported to ASIC under mandatory breach reporting requirements, resulting in $1.5 million of compensation being paid to more than 500 affected clients.
One incident involved staff misconduct, and the other staff negligence or error; specifically, the situations involved “fraud or forgery”. One breach report was triggered when an adviser assurance program uncovered it; the other was found by the licensee’s business unit or staff member.
All of this information – and a trove of other information besides – can be gleaned from the new ASIC reportable situations data dashboard, released to the public last month. Insights such as this are interesting as far as they go, and the dashboard is a clear improvement on the sometimes-impenetrable reports the regulator has previously published, but in this first dashboard iteration at least, they do not go far enough.
What the dashboard doesn’t reveal is which licensees lodged breach reports – so we don’t know if the incidences of fraud referred to above happened in two separate licensees or both occurred in the same one. One incidence of fraud might be regarded as misfortune; two looks like carelessness.
The dashboard reveals there were 66 breach reports relating to false or misleading statements, but we have no idea which licensees were affected. There were 216 breaches reported relating to fees and charges or account administration – again, we have no idea which licensees reported these breaches.
This is information that clients and potential clients of advice firms arguably need to know. When a licensee reports a breach it is not necessarily a sign there’s something serious going on. But it depends, and it’s that nuance that spooked the industry.
The public’s presumed inability to correctly interpret the data and the possibility of a licensee’s unscrupulous competitors using its breach reports against it were central to industry opposition to naming licensees in the dashboard data.
Avoiding having data used to “name and shame” licensees came up over and over as a reason not to do it.
On one level that is understandable. On another level – but one which, admittedly, credits consumers with the brains to interpret the data, and trusts licensees not to use the data against each other – it could be seen as an opportunity missed.
What breach reports are for certain, though, are signs of compliance systems working, of the machinery doing what it’s supposed to do to protect clients, and of licensees fulfilling their legal, professional and ethical obligations to clients.
We already know from prior years of reporting by ASIC that large licensees are the main reporters of breaches simply because they have the most advisers and possibly the best compliance systems, and that ASIC is well aware of the fact that the smaller end of town is shirking its responsibilities in this respect.
If a licensee reports no breaches at all it means either it is not looking for breaches (and hence has “nothing” to report); or that it is looking for breaches and finding them but not reporting them; or that it is searching for breaches and not finding any.
It’s not completely surprising to overhear licensee heads discussing the issue of “gaming” the system: reporting just enough breaches so the licensee looks like it’s on top of things and doing its job, but not so many that the regulator is provoked into taking a closer look.
Name and shame concerns
The reportable situations data dashboard shows that in total there were only 826 breaches concerning financial advice reported to ASIC. There are about 2300 licensees on ASIC’s database. Clearly – and this is the point ASIC has made before – there are licensees committing breaches and not reporting them.
A spokesperson for the regulator tells Professional Planner that the dashboard is designed to “give Australians insights into the type and impact of breaches being reported by the financial and credit sectors”.
“By encouraging transparency and accountability, the reportable situations dashboard will support improvements to customer outcomes and uplift the compliance and reporting practices of licensees across the financial services and credit sectors.”
But ASIC opted to withhold the identities of the licensees submitting breach reports based on submissions in response to a consultation paper CP 383 Reportable situations and internal dispute resolution data publication.
The spokesperson says that following its consultation it “considered all feedback, including concerns around size and sector comparisons” and ultimately decided “not to name licensees, in recognition of concerns around the maturity of the reportable situations regime, particularly following changes to firms’ reporting obligations in mid-2025”.
Among associations opposing the exposure of individual licensees, the Financial Advice Association Australia argued that licensees should not be the target audience of the publication and that the dashboard should not be used as a “name-and-shame” tool.
It said publishing names could disadvantage firms that are already doing the right thing by reporting breaches, and that the data in the dashboard could be misinterpreted or used for “for competitive marketing purposes, given the reality that it is not particularly reliable in terms of the underlying message”.
“We are also concerned that it could be used to target the clients of licensees who demonstrate higher numbers of complaints and reportable situations and generate inappropriate concern and confusion,” its submission said.
The Stockbrokers and Investment Advisers Association said ASIC does not have “the legislative authority to publicly name and shame licensees in this way as regards their reportable situations data”.
It argued that the purposes of the reportable situations regime is “intended to facilitate ASIC’s supervisory and enforcement role – not publicly name and shame licensees”, and that the data in the dashboard would be difficult for consumers to interpret and “not allow for meaningful comparisons across firms”.
And the Financial Services Council said publication of firm‐level (named) data could incentivise under-reporting, lead to reputational consequences for the industry, and impose regulatory burden/cost that may not translate into consumer benefit.
But maybe it’s worth also hearing the voices of those consumers on this issue. One individual submission to the ASIC consultation said: “I wholly support the proposal to publish additional data on complaints and incidents.”
“I would use this as part of my decision making in which firm to be a customer of,” it said.
“I support this disclosure being on the most granular detail available. There are no appropriate reasons to not provide this information to the public.”
And another noted that “publishing complaints, breach, and dispute data is about restoring fairness and rebuilding public trust”.
“The data is already collected. Now it must be used. ASIC’s proposed dashboards are a welcome step, but they must become a tool for structural change – not just an optics exercise. Transparency is only the beginning. The test is what you do with it.”
