Financial Services Regulation
Breach Reporting

The breach reporting reforms seek to address long-standing concerns about inconsistent, inadequate and delayed reporting of breaches by licensees. The reforms will allow ASIC to identify and address emerging trends of non-compliance in industry. Under the new law, industry will be obliged to identify and report breaches and remediate consumers in a more timely manner. The regime is also extended to credit licensees for the first time.


From 1 October 2021 the Corporations Act expands the situations that need to be reported to ASIC by financial services licensees and credit licensees.

The test for when a breach or likely breach is significant will include objectively determinable criteria. These criteria are in addition to the existing subjective significance test.

Licensees must report matters to ASIC within 30 calendar days after the licensee reasonably knows the matter has arisen. Outcomes of investigations will need to be reported within 10 calendar days.

Updated standards and requirements for internal dispute resolution will assist in improving timeliness of complaints handling, clearer messaging to consumers, and consistent recording of complaints. The updates also clarify the enforceability of ASIC's IDR standards and ensure that firms are identifying systemic issues that arise from complaints including:
– investigations about whether a specified breach or likely breach has occurred or will occur, and outcomes of those investigations;
– conduct constituting gross negligence or serious fraud (to the extent this conduct was not previously considered a breach of the financial services law); and
– where there are reasonable grounds to suspect that a reportable situation has arisen in relation to a financial adviser operating under another licence

Credit licensees

The Credit Act has been amended to introduce a comparable breach reporting regime for Australian credit licensees.

It also introduces requirements on credit licensees to report serious compliance concerns about mortgage brokers.

The new reporting obligations in the Credit Act apply to all reportable situations arising on or after 1 October 2021.

Investigating and remediating misconduct

In addition to the current law, the Bill makes Australian financial services licensees and Australian credit licensees subject to a specific obligation to notify clients of suspected misconduct, conduct investigations into suspected misconduct, and remediate affected clients.

About Bright Law


Bright Law helps financial services providers to effectively deal with regulatory changes and pressures and manage risk.

About David Jacobson