Section 912D of the Corporations Act 2001 is an important self reporting obligation that is imposed on all entities that hold an Australian Financial Services Licence (AFSL). ASIC has recently issued a document entitled 'Breach reporting by AFS licensees - An ASIC guide' (Guide), that provides some guidance about how ASIC will administer section 912D and what ASIC expects licensees to do. A number of ASIC's views are likely to be controversial.
Under section 912D, if:
- a licensee breaches (or is likely to breach) an obligation that is imposed on one of those entities as a result of holding its AFSL, and
- that breach (or likely breach) is significant having regard to a number of factors, the licensee must provide a written report to ASIC within five business days of becoming aware of the breach (or the likely breach).
The obligations imposed on an AFSL holder include:
- doing all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly
- complying with a range of financial services laws (including specified parts of the Corporations Act 2001 as well as other legislation relating to banking, insurance and superannuation), and
- taking reasonable steps to ensure that its representatives comply with the financial services laws.
Key points in the Guide include ASIC's views that:
- any breach or likely breach that causes actual or potential financial loss to clients is likely to be significant unless the breach is isolated, the amount of the loss involved is minimal and immaterial, and the breach affects a very small number of clients (for example, a unit pricing error may be significant even if it causes a very small loss if it affects a large number of clients)
- when considering whether a breach (or a likely breach) is significant, one factor that must be considered is the extent to which the breach or likely breach indicates that compliance arrangements are inadequate, that is, even a minor breach may be significant if it has not been detected for some time as it might indicate that compliance arrangements are inadequate
- the licensee should have 'well-understood and documented' processes in place to identify breaches or likely breaches, decide whether they need to be reported, rectify them and ensure that arrangements are in place to prevent their recurrence
- even though such a register is not expressly required by the Corporations Act, licensees should maintain a 'breach register' including information such as how breaches were identified and why it was considered that they were or were not 'significant'
- the information to be provided in a section 912D report includes, where applicable, the section of the law breached and the reasons why the breach is considered 'significant', and
- the five day period for reporting should be adhered to regardless of whether, for example, all avenues of investigation as to whether the breach is substantial are complete, the Board has been briefed or the breach has been considered by internal or external legal advisers
- for the purposes of section 912D, ASIC will consider that a licensee has become 'aware' of a breach (or a likely breach) 'when a person responsible for compliance becomes aware of the breach'.
Some preliminary thoughts
While the Guide gives an insight into ASIC's interpretation of section 912D, it is likely to be controversial in some respects.
For example, while ASIC contends that a report should be provided even if investigations are not complete and internal or external legal advice has not yet been obtained, in many cases AFSL holders might reasonably contend that they cannot be said to know that they have breached a condition of their licence, or that the breach is significant, without the benefit of such investigations or advice.
There must also be some considerable doubt about ASIC's claim that a 'breach register' will be required to demonstrate that a licensee has adequate arrangements in place to comply with its obligation under the Act to identify and report all significant breaches and likely breaches. The key to ensuring compliance with section 912D would appear to be ensuring that all relevant staff (legal and non-legal) are aware of the reporting obligation and know who to approach internally for advice if required.
If a "breach register" is maintained, ASIC is likely to ask to review it in any AFSL compliance audit. Depending on the circumstances in which the register is created it might not be privileged and, even if it is, ASIC apparently still contends that legal professional privilege is not a reasonable excuse for failing to produce a document in response to a notice issued under the ASIC Act (despite the doubt cast upon that contention in the High Court's 2002 decision in Daniels Corporation v ACCC).
Section 912D will remain, therefore, an important yet difficult obligation to satisfy in practice.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.