Breach reporting: ASIC insights

ASIC’s REP 740 Insights from the reportable situations regime: October 2021 to June 2022 is its first report on breach reporting under the changes for financial services licensees and credit licensees which commenced on 1 October 2021. Background.

ASIC says that in the 9 month period 8,829 initial reports and 2,530 updates were submitted to ASIC by financial services and credit licensees.

74% of all reports were lodged by just 23 (mainly larger) licensees.

Types of breaches
38% of reports were about credit product lines, followed by general insurance (19%) and deposit taking (10%).

34% of reports were about issues of false or misleading statements about a product, regarding service information or in warning statements, followed by lending (21%), general licensee obligations (19%) and fees and costs (14%).

60% of reports specified a root cause of staff negligence or error, followed by policy or process deficiencies (9%) and system deficiencies (6%).

The main driver for the significant volume of reports by credit providers was the lodgement of separate reports about one-off breaches of specific responsible lending obligations, where those breaches were reported as the result of staff negligence or error.

The reports that did not relate to a financial service, credit activity or product line related to a
breach of general licensee level obligations, rather than a specific product or service.

The products most commonly the subject of a report were home loans (25%) and motor vehicle
insurance (13%), which were the primary drivers of credit and general insurance reports respectively.

ASIC’s conclusions
ASIC says that:

  • a much smaller proportion of licensees have reported under the regime than anticipated (Only 6% of the licensee population lodged a report during the first nine months of the regime);
  • licensees are still taking too long to identify and investigate some breaches (In 18% of the reports received, it took the licensee more than one year to identify and commence an investigation into an issue after it had first occurred.);
  • more work needs to be done to appropriately identify and report the root cause of breaches (55% of reports identified staff negligence or error as the sole root cause, including where the licensee had reported that there had been previous similar breaches, or multiple breaches were grouped together.); and
  • further improvements are needed to licensees’ practices towards remediating impacted customers (licensees indicated that they did not intend to compensate impacted customers in 4% of reports that had identified customer financial loss.)

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.