Financial Services Royal Commission draft legislation: fundamental changes to breach reporting

Current site :    AU   |   EN
China Hong Kong SAR
United Kingdom
United States

Written by Glenda Hanson and Jim Boynton.

Among the material released for consultation by Treasury on 31 January 2020 to implement the findings of the Royal Commission was an exposure draft Bill which includes fundamental changes to breach reporting for Australian financial services and credit licensee.

It also introduces new obligations in relation to reportable breaches that arise in relation to retail clients who received personal advice and consumers who received credit assistance from mortgage brokers in relation to credit contracts secured by a mortgage over residential property.[1]

Key takeaways

  • More breaches must be reported by Australian financial services licence (AFSL) holders and there will be a new breach reporting regime for credit licensees
  • Changes to the time to report breaches and licensee reporting investigations into reportable situations to ASIC even if the investigation discloses no grounds to believe that a core obligation has been breached
  • Onerous obligations to notify and compensate retail clients/consumers who received personal advice or mortgage related credit assistance
  • Reporting on other licensees who give retail personal advice (or are mortgage brokers)
  • Licensee-level information about reports of breaches of core obligations being published by ASIC each financial year

The proposed changes in detail

More breaches must be reported by AFSL holders:  For Australian financial services licensees a "reportable situation" arises where:

  • there is a significant breach or likely significant breach by the licensee or its representative of a "core obligation",
  • the licensee has commenced an investigation into such a situation, or
  • the licensee or a representative has engaged in serious fraud or in the course of providing a financial service conduct constituting gross negligence. "Gross negligence" is well understood in the United States, but in Australia the courts have not given clear guidance.

The core obligations include compliance with the licensee's section 912A and 912B statutory duties and other financial services laws and, where applicable, the additional statutory duties of the responsible entity of a registered managed investment scheme. The definition of "significant" retains the existing criteria in section 912D(1)(b) of the Corporations Act, and adds breaches which are offences punishable by 12 months' imprisonment (or 3 months if the offence involves dishonesty), breaches of a civil penalty provision and breaches which cause loss or damage to clients (or scheme investors).  The additional current requirement for responsible entities of registered managed investment schemes to report under section 601FC(1)(l) of the Corporations Act will be repealed.

Changes to time to report: The existing requirement is to report to ASIC as soon as possible or within 10 business days after becoming aware of a significant breach or likely breach.  This will be replaced with reporting within 30 days of the time when the licensee "reasonably knows" that a "reportable situation" has arisen even if internal enquiries are ongoing. 

Reporting investigations of reportable breaches:  A report will also be required if a licensee investigates a reportable breach and the investigation discloses either grounds or no grounds to believe that a core obligation has been breached.  There is no definition of what an "investigation" is and so this requirement potentially applies to a broad range of activities conducted by compliance and legal advisers. The report must be lodged with 10 days of the investigation disclosing whether or not there are grounds to believe that a core obligation has been breached.

Penalties increased: Currently failure to report a significant breach is an offence with a maximum penalty for companies of only 250 penalty units ($52,500). The Taskforce Report stated that there had only ever been one such prosecution.  The Bill makes breach reporting requirements civil penalty provisions, for which the penalties were increased substantially in February 2019 (see our earlier update).

A new regime for credit licensees: These breach reporting requirements are extended to entities licensed under the National Consumer Credit Protection Act 2009 in similar circumstances and regarding equivalent core obligations. 

Onerous obligations to notify and compensate retail clients/consumers who received personal advice or mortgage related credit assistance:  In addition to breach reporting, Australian financial services licensees and Australian credit licensees who are mortgage brokers must also:

  • notify clients/consumers of suspected misconduct, conduct investigations into suspected misconduct
  • conduct an investigation and complete it as soon as practicable and again notify affected clients/consumers
  • compensate affected clients/consumers within 30 days
  • keep records to enable compliance to be readily ascertained

Reporting on other licensees who give retail personal advice (or are a mortgage broker): Where an Australian financial services licensee has reasonable grounds to suspect that a reportable situation has arisen in relation to an individual adviser having given personal advice to retail clients under another licensee's authority, the first licensee must report the situation to ASIC within 30 days.  Credit licensees also need to report serious compliance concerns about mortgage brokers giving credit assistance regarding mortgages to ASIC and the relevant licensee.

Annual publication by ASIC: ASIC will be required to publish on its website licensee-level information about reports of breaches of core obligations for each financial year within 4 months of the end of the year.  The publication may include personal information where the licensee is an individual, but won't include information about internal investigations or reports about other licensees. 

Applicable to breaches after 1 April 2021

The amendments are proposed to commence on 1 July 2020 and apply to breaches of financial services laws that occur from 1 April 2021. 

The consultation period for all proposals ends on 28 February 2020. 

Further information

Explore our Royal Commission hub to keep up-to-date, access related content and view additional resources.   

We are happy to assist you in considering the proposals and how it impacts to your business. Please contact your usual KWM contact if you would like to discuss the report further.


[1] The full title of the Bill is Exposure Draft – Financial Sector Reform (Hayne Royal Commission Response – Protecting Consumers (2020 Measures) Bill 2020: FSRC rec 1.6, 2.7, 2.8, 2.9 and 7.2 (Reference checking and information sharing, breach reporting and remediation).

New regulations in China designed to encourage innovation in clinical trials have made it easier to test human samples in a lab setting.

19 May 2022

The 2022-23 Western Australia State Budget was delivered on Thursday 12 May 2022.

17 May 2022

KWM’s newsletter for venture capital backed companies, smart capital and crypto.

16 May 2022