ASIC proposes sensible changes to breach reporting

Mike Taylor

Managing Editor and Publisher

19 February 2025

ANALYSIS

It has taken more than four years but, finally, the Australian Securities and Investments Commission (ASIC) has started to sensibly wind back the breach reporting regime by proposing to eliminate what are arguably minor matters.

ASIC is proposing the following key changes which will be welcomed by financial services licensees, providing relief from reporting breaches where:

• the breach has been rectified within 30 days from when it first occurred (this includes paying any necessary remediation), and
• the number of impacted consumers is not more than five, and
• the total financial loss or damage to all impacted consumers resulting from the breach is not more than $500 (including where the loss has been remediated), and
• the breach is not a contravention of the client money reporting rules, and clearing and settlement rules.

In a very real sense, this is where the breach reporting regime may have landed four years’ ago if the Government and the Treasury had been willing to take heed of the warnings of the financial services sector.

The bottom line is that the breach reporting regime was always yet another over-reaction to the recommendations of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.

It is now history that former Coalition Treasurer, Josh Frydenberg opted to implement the recommendations of the Royal Commission virtually unchanged and the breach reporting regime flowed from the Financial Sector Reform (Hayne Royal Commission Response) Bill 2020.

That legislation was almost immediately subject to a number of technical amendments in response to stakeholder feedback, but the regime has imposed significant costs on licensees and has also burdened the regulatory system.

The Financial Services Council (FSC) is therefore right to have opportunistically pointed to ASIC’s proposed changes to call on both sides of politics to cut red tape to boost productivity in the financial services sector.

“The breach reporting regime is emblematic of the sort of regulatory simplification opportunities that whoever forms the next Government should be identifying. It is welcome news the regulator has moved ahead of the Government on this,” the FSC statement.

FSC chief executive, Blake Briggs pointed to the burden the breach reporting regime has imposed on the sector, outlining a survey which found unnecessary regulation in the financial services breach reporting regime has resulted in almost $4000 wasted every time a minor breach is reported, or $24 million annually,