Warning for licensees: ASIC concerned about breach reporting, plans greater scrutiny

10 November 2022

In its first annual report under the new ‘reportable situations regime’ ASIC has observed that: (1) the number of reports it received under the new regime were ‘significantly lower than anticipated’; and (2) it therefore intends to take more direct action to ‘strengthen compliance with the regime’. The message is clear – non-compliant licensees face heightened regulatory scrutiny.

The reportable situations regime: a reminder

The reportable situations regime came into force on 31 October 2021. It requires Australian financial services licensees to self-report to ASIC specific matters defined in s912D of the Corporations Act 2001 (Cth) in a prescribed form and within a prescribed time. Failure to do so may result in enforcement action.

Australian credit licensees face equivalent obligations under section 50B of the National Consumer Credit Protection Act.

ASIC has described the new regime as a ‘cornerstone of the financial services regulatory structure’ and, in common with other global financial regulators, places reliance on full compliance with the self-reporting obligations to enable it to achieve its objectives.

Each financial year, ASIC must publish information regarding the reports it has received, with key trends and analysis.

ASIC’s first reportable situations report – key takeaways

On 27 October 2022, ASIC released its first annual report under the new regime covering the period 31 October 2021 to June 2022. Key takeaways from the report are described below:

  • ASIC considered the number of reports made to be ‘significantly lower than anticipated’. In particular, the data revealed that three quarters of reports were made by just 23 licensees (and generally by larger institutions), giving rise to concerns that small to medium sized institutions may not yet have fully implemented the regime. ASIC has emphasised the importance of all licensees complying with the regime regardless of their size.
  • The most common issues self-reported by licensees during the period related to false and misleading statements about products including statements as to service information, warning statements and fees. A significant number of reports also related to compliance with credit licensees’ responsible lending obligations.
  • The root cause of the reports most commonly identified was staff negligence or error, followed by deficiency in policy or process. ASIC observed inconsistencies in the reporting it received on root causes and has foreshadowed that it will issue further guidance in this regard.
  • Most reports were triggered by escalations from business units (56% of reports) followed by compliance reports (14% of reports). ASIC seem encouraged by these results given the consistency with the three lines of defence model that first line business units ought to have primary responsibility for the identification and management of risks within their business.
  • ASIC were concerned with the excessive number of reports taking more than a year to identify and commence an investigation into a potential breach. ASIC has warned licensees that it expects ‘significantly swifter identification and investigation of non-compliance’.
  • ASIC has reiterated its previous guidance in Regulatory Guidance 277 that remediation of customer harm must be made in a timely manner without sacrificing customer outcomes.

Reporting of minor ‘misleading and deceptive conduct’ events

ASIC’s finding that the most common reported issues relate to false and misleading statements is unsurprising. In our experience, a large volume of submitted reports relate to minor and immediately corrected errors of description which on any objective analysis are not significant.

Will ASIC ‘name and shame’ licensees?

When the reportable situations regime was first introduced, concerns were raised by industry participants as to the possibility of publication by ASIC of the names and numbers of reports made by individual licensees. ASIC eased those concerns in August this year when it confirmed that its first annual report would only contain high level observations. ASIC’s first report has kept to this commitment.

However, ASIC has left the door open to provide further granularity in its reporting in the future, stating: ‘[we] will consider our approach to the 2023 publication early next year, including whether it should include a list of all licensees who have reported to ASIC during the period.’ Publication could be of significant concern to licensees and will be an issue to monitor in the new year, on the release of any further ASIC guidance.


Receipt of timely and accurate self-reporting from regulated entities is a common objective of global financial regulators. Enforcement action against firms that threaten the advancement of this objective is common. In January this year ASIC secured a $4 million fine against a superannuation fund for, amongst other matters, failing to report a breach of the law to ASIC in the time required by the previous self-reporting regime. Moreover, enforcement action by global regulators on this topic is common. For example, in December of 2021, Standard Chartered Bank was fined by the UK prudential regulator for failures in being open and cooperative in the disclosure of regulatory reporting errors. Similar enforcement action has been taken against other firms by Hong Kong’s Securities and Futures Commission, the US Securities Exchange Commission, and the Monetary Authority of Singapore (amongst others).

ASIC’s first annual report on the reportable situations regime serves as a timely reminder to licensees that the transitional period, under which ASIC afforded licensees a period of forbearance for the new regime to be implemented effectively, is now at an end. ASIC has signalled that it will use more intrusive action to achieve its objectives, which may include more direct supervisory engagement and the threat of enforcement action.

How we can help

HWL Ebsworth’s Regulatory Investigations and Disputes team, and Financial Services Advisory team have extensive experience advising businesses on their obligations under relevant financial services laws as well as responding to regulatory enforcement action. Please contact us for further information on how we can assist you.

This article was written by Brenton Pollard, Special Counsel and reviewed by Polat Siva, Partner.


Subscribe to HWL Ebsworth Publications and Events

HWL Ebsworth regularly publishes articles and newsletters to keep our clients up to date on the latest legal developments and what this means for your business.

To receive these updates via email, please complete the subscription form and indicate which areas of law you would like to receive information on.

Contact us