Type
Industry

If you thought that breach reporting was tough enough now…

image description
Michael Mavromatis Special Counsel Linkedin

Australia’s dob-yourself-in breach reporting is hard now, but things are about to get a lot harder.

A new Bill (an exposure draft at this stage) seeks to amend the Corporations Act 2001, to expand the number of circumstances in which breaches must be reported.  These changes are likely to result in a lot more breach reporting.

The Bill also proposes changes to the Credit Act, which will require Australian credit licensees to report breaches and other reportable circumstances.

What are the new breach reporting requirements and other reportable circumstances?

The Bill includes new and additional reportable circumstances.  The new requirements as currently drafted, include reporting on the following:

  • investigations into whether a specified breach or likely breach has occurred or will occur and the outcomes of those investigations;
  • the obligation to report breaches of certain “core” obligations.  Core obligations include s912A (general licensee obligations) and s912B (compensation arrangements) obligations; and
  • conduct constituting “gross negligence” or “serious fraud” (bearing in mind that gross negligence does not have a precise meaning under Australian law at present).

The changes also include broadening what is considered to be a significant and reportable breach, to include contraventions of civil penalty provisions.  This means that the significance test is no longer an entirely subjective test.

If you are an AFSL holder or credit licensee, the Bill also proposes that you will have to lodge a report with ASIC, within 30 calendar days after you reasonably know, that there are reasonable grounds to believe a reportable situation has arisen (i.e. no longer 10 business days after becoming aware of the breach or likely breach).  However, you will need to report the outcomes of investigations within 10 calendar days.

When reporting your own breaches just isn’t enough…

We’ve often described the AFSL breach reporting obligation as “un-Australian” because it requires you as a licensee to dob yourself in.  Now AFSL holders will also need to report financial advisers operating under another licensee, when they have reasonable grounds to suspect that a reportable situation has arisen.

This new requirement doesn’t just apply to advice licensees.  If you are a responsible entity, superannuation trustee, platform operator (or any other AFSL licensee) and you have serious compliance concerns in relation to a financial adviser, you will need to report them to ASIC.  You will also have to report those advisers to their own advice licensee (the adviser’s licensee at the time of the relevant incident).  These reports will be due within 30 calendar days.

The method of breach reporting is changing

Other changes will include that reports will need to be lodged in a form prescribed by ASIC.  This is consistent with the process that APRA-regulated entities undertake at present when they report breaches to APRA.

ASIC will name licensees who report breaches

Under the new changes, ASIC will also be required to publish data on reportable situation reports lodged by AFSL holders.  This includes the name of the licensees.

Reference checking and information sharing

The Bill also seeks to introduce reference checking and information sharing requirements. The changes seek to address Royal Commission recommendations 1.6 and 2.7, which called for AFSL holders and Australian credit licensees, to comply with a reference checking and an information sharing protocol in relation to financial advisors and mortgage brokers.

The most common reason that licensees are reluctant to report advisers for poor behaviour to their new licensees at present, is the fear of saying something that may be defamatory.  This is particularly the case where a licensee may form the view that it has enough evidence to cease its relationship with an adviser, but not enough to make statements judging the adviser’s conduct to other parties.

Defamation and the defence of qualified privilege

Based on the current exposure draft, if you are an AFSL holder or credit licensee, you will have a defence of qualified privilege against a defamation action or a breach of confidence action, resulting from information you share as part of the new obligations.

In addition to an AFSL holder’s qualified privilege when acting in compliance with the obligation to provide a reference about a current, former or prospective representative, those AFSL holders will also not be liable for any action based on breach of confidence in relation to that conduct. This provides a protection to the AFSL holder where confidential information is divulged in the course of satisfying the obligation to share information.

From a Privacy perspective, prospective advisers will be required to consent to the sharing of their personal information with their new employers.  The purpose of this inclusion is to ensure that the new requirements are not inconsistent with existing privacy laws.

Other changes

The Financial Sector Reform (Hayne Royal Commission Response—Protecting Consumers (2020 Measures)) Bill 2020 exposure draft seeks to address a number of other recommendations that were made by the Banking Royal Commission.  The Bill also proposes changes to advice fees in superannuation, superannuation regulator roles, ongoing fee arrangements, enforceability of financial services industry codes and limiting avoidance of life insurance contracts.

When will the changes apply?

The proposed changes concerning breach reporting, reference checking and information sharing are new and far reaching. At this stage it is proposed that these changes will be implemented by 1 July 2020, but will be effective from 1 April 2021.  Some other changes will be effective as early as 1 July 2020.

Authors: Paul Derham (Partner) & Michael Mavromatis (Special Counsel)

This article was first published in Money Management on 6 March 2020.