Based on the industry feedback ASIC received on its affordable advice consultation paper – summarised both in response to a Parliamentary committee query and later supplied in infographic form – it appears the regulator is aware of how complexity leads to uncertainty.
If ASIC’s current goal is to make its regulatory framework appear less byzantine, though, the latest guidance on advisers’ new breach reporting obligations isn’t doing the regulator any favours. Set to commence in October, the refreshed obligations expand the definitions of reportable situations, establish a 30-day breach reporting timeframe and require that ASIC be notified of any investigations into whether a breach has occurred if said investigation takes longer than 30 days.
The National Credit Act will also be amended to introduce a comparable set of obligations for mortgage brokers.
Core obligations
The definitions of “reportable situations” are split into four categories. These are:
- significant breaches or likely breaches of core obligations
- investigations into the above
- additional reportable situations
- reportable situations about other licensees
Recursion aside, you might be wondering what constitutes a “significant breach of a core obligation”. Or, in fact, what a core obligation actually is. To find a definition of that, you’ll need to refer to the draft update to RG 78, which is attached to ASIC’s consultation paper on the new breach reporting rules.
However, that draft update doesn’t really define advice licensees’ core obligations. Instead, it refers to a list of definitions contained in sections 912A and 912B of the Corporations Act – although the core obligations in section 912A(1)(c), which refers to compliance with financial services laws as defined in section 761A, only pertain to “those parts of the definition set out in s912D(3)(b).”
Pretty straightforward, right?
Significance
Now, as to what constitutes a significant breach: for advice licensees, significance is determined based on breaches of section 912D(4) of the Corporations Act and can include:
- breaches that constitute committing an offence punishable by three months or more of imprisonment if dishonesty is involved, or 12 months or more in any other case
- breaches of relevant civil penalty provisions
- breaches of section 1014H(1) of the Corporations Act or section s12DA(1) of the ASIC Act
- breaches that result or are likely to result in material loss or damage to clients
On the last point, “material loss or damage” isn’t explicitly defined, but ASIC recommended licensees take heed of the contents of the explanatory memorandum accompanying the Financial Sector Reform (Hayne Royal Commission Response) Bill 2020. This document refers to both financial and non-financial loss or damage, which is dependent on the affected person’s (or group’s) circumstances.
Investigations
As laid out in the four categories above, though, it’s not just significant breaches that need to be reported to ASIC – investigations into potential breaches need to be reported as well if they take longer than 30 days to complete.
What, then, constitutes a reportable investigation? It’s hard to say. ASIC acknowledges that the term “investigation” is not defined within the relevant legislation and, as a result, points to the aforementioned explanatory memorandum.
In turn, this memorandum points to the definition of “investigation” in the Macquarie Dictionary: “a searching inquiry in order to ascertain facts”.
That same document refers to a “relevant factor” for consideration when a licensee is determining whether an investigation is actually taking place: whether or not there is “information-gathering” or “human effort” happening which is directed towards finding out whether a breach has occurred or will occur.
Other reportable situations
There is an additional catch-all category for reportable situations that fall outside of the above. These “additional reportable situations” include circumstances where you or an authorised representative engages in conduct constituting gross negligence in the course of providing a financial service or commits serious fraud.
That list isn’t exhaustive, though: ASIC notes that other reportable situations for advisers may arise in circumstances referred to in section 912D(2)(c) or the Corporations Act and recommends that advisers and licensees “check to see whether the regulations have specified any further additional reportable situations”.
Reporting other licensees
The fourth category of reportable situations specified in the draft RG 78 refers to advisers and licensees’ obligations regarding other licensees. Under the updated rules, you’re now required to report to ASIC if you become aware that a reportable situation – but not an investigation – has occurred at another licensee.
This report, which also needs to be provided to the licensee you’re reporting, has to be submitted within 30 days of your becoming aware of the reportable situation or civil penalties may apply.
However, you won’t be required to report another licensee if there are “reasonable grounds” to believe ASIC is aware of both the reportable situation and all of the information that would be required in your report about it.
As the AFA pointed out in its submission to the breach reporting consultation, the “ASIC is aware” exemption is quite difficult to parse.
The submission posed a question: “In terms of the provision that a licensee doesn’t need to report if there are reasonable grounds to believe that ASIC is already aware, how would one licensee know if another licensee had already reported it?
“In the case of a licensee that has already reported an adviser from another licensee on a specific matter, are they required to report that adviser on another matter in the event that they subsequently become aware of it?”
One rule for thee
Commenting more broadly on the breach reporting guidelines, the AFA also expressed its amazement that their scope was limited to advisers and mortgage brokers.
“If these obligations are appropriate to apply to financial advisers and mortgage brokers,” the submission argued, “then they are equally applicable to product providers. Why is it that the obligation to notify clients is not replicated with product providers?”
The submission continued: “We know that ASIC is not responsible for the law, however this is just one more case where the Banking Royal Commission law reform has focussed on small businesses, as opposed to the large institutions, who were the focus of the Banking Royal Commission.
“The banks were a big part of the Royal Commission hearings, however basic banking products have been excluded from this regime.”
The AFA concluded by expressing its general concern about the complexity of the breach reporting legislation while acknowledging that ASIC was not responsible for its design or creation.
Given that the new laws kick in before the end of 2021, though, one hopes ASIC can provide clearer guidance on them. After all, the average small licensee or self-licensed adviser probably won’t have the time (or resources) to find their way through this maze by October – even if they do have a Macquarie Dictionary on hand.
The opinions expressed in this content are those of the author shown, and do not necessarily represent those of No More Practice Education Pty Ltd or its related entities. All content is intended for a professional financial adviser audience only and does not constitute financial advice. To view our full terms and conditions, click here
