ASIC Enforcement Review Taskforce Consults on Breach Reporting
On 11 April 2017, Treasury released a consultation paper in relation to proposed reforms to the self-reporting regime for Australian financial services licensees (AFS licensees) under the Corporations Act 2001 (Cth) (Act).
The consultation paper is based on a review of the regime by the ASIC Enforcement Review Taskforce, established by the Federal Government in October 2016 (Taskforce), and sets out a number of preliminary positions to reform that regime.
The current self-reporting regime
Under the current self-reporting regime set out in s912D of the Act, AFS licensees must lodge a written report to ASIC, where:
- the AFS licensee breaches or is likely to breach its relevant obligations; and
- the breach, or likely breach, is "significant".
The threshold for what type of breach is "significant" is determined with regard to the factors set out in section 912D(1)(b) of the Act. This includes for example the number or frequency of similar previous breaches, the impact of the breach on the licensees ability to provide financial services covered by their licence, the extent to which the breach indicates the licensee's compliance arrangements are inadequate, and the actual or potential financial loss to the licensee's client or the licensee itself.
This test has come under criticism from the industry as it has given rise to ambiguity as to whether the threshold for the obligation to report is triggered in any given circumstance.
The key proposed reforms to this regime and the Taskforce's findings and recommendations are outlined below.
The "significance" test
The Taskforce proposes that the significance test is retained. However, considers that "significance" should be determined by reference to an objective standard. This would be achieved by requiring AFS licensees to notify ASIC of breaches or likely breaches that a reasonable person would regard as significant, having regard to the existing factors set out in section 912D(1)(b) of the Act.
Extension of the obligation to report
ASIC has also called for the introduction of the obligation for AFS licensees to report significant breaches or other significant misconduct by an employee or representative.
Extending the obligation to report in this way would allow ASIC to take the necessary steps to remove individuals in a timely fashion in order to protect consumers, and would ensure Australia maintains consistency with other international jurisdictions which require companies to report the misconduct of employees and representatives.
Time periods for reporting a breach
At present an AFS licensee must report a breach as soon as practicable and in any case within 10 business days after becoming aware of the breach or likely breach. This has led to uncertainty regarding from what point in time reporting should commence. ASIC has noted concern that such uncertainty could delay reporting altogether.
The Taskforce considers that the trigger for reporting could be changed to be the time that the AFS licensee “becomes aware or has reason to suspect that a breach has occurred, may have occurred or may occur.”
New penalties for failure to report breach
The current penalties in place for failure to report a breach have been criticised as inflexible. At present, there is only a single criminal pecuniary penalty, with a relatively modest maximum fine.
The Taskforce has adopted a preliminary position that there be an increase to the maximum criminal penalty for this offence, potentially making it an indictable rather than summary offence to reflect the serious position ASIC take in relation to breach.
The consultation paper proposes that a civil penalty be added to give ASIC greater flexibility.
An issue infringement notice regime has also been suggested to allow ASIC to respond to more minor failures to breach report, where there is no deliberate failure to report. The Taskforce have advised that a co-operative approach should be taken in relation to the sanction modifications in order to encourage reporting of events and information at the earliest opportunity.
Submissions regarding this consultation will close on 12 May 2017.
Interested stakeholders have been welcomed to comment on the positions put forward by the Taskforce. If you would like to make a submission, please contact us.