Sophie Grace is a leading Australian firm specialising in both compliance and legal services to participants within the financial services and credit industries. We have serviced Australian and international clients across the financial sector for over a decade. From obtaining the required licences to operate your business to the provision of ongoing compliance support, many businesses have benefited from Sophie Grace’s extensive knowledge in the financial and credit space.
We take pride in our ability to offer tailored solutions to a broad range of businesses whilst keeping business practicalities and obligations to regulators at the forefront of our minds when delivering services and advice. Our consultancy services can equip you with assistance and clarity in your business endeavours.
ASIC has released its third report into the reportable
situations regime, highlighting some key action items for
Australian Financial Services ("AFS") and credit
licensees ("Licensees").
Key Findings and Observations in report 800
ASIC's key insights, along with Sophie Grace's key
considerations and action items for Licensees, have been summarised
in the table below:
Insight 1: Volume of reports and nature of
lodgers
Key Insights
Considerations
There has been a decrease in the volume of reports received
from the previous reporting period due to:
an increase in Licensees grouping similar, related or identical
breaches in one report; and
a decrease in reportable situations relating to misleading or
deceptive conduct and false and misleading statements as a result
of ASIC Instrument 2023/589.
AFS licensees are reporting more than credit licensees.
Licensees with greater customer impact had higher volumes of
reporting due to the size and scale of their business.
Licensees should have robust systems and processes in place for
identifying and grouping similar, related or identical
breaches.
If there are reasonable grounds to believe that a reportable
situation has arisen, licensees of any size must lodge a report
with ASIC.
Insight 2: Subject of reports and root causes of
breaches
Key Insights
Considerations
82% of reports lodged with ASIC impacted a financial service,
credit activity or product line of the business.
There has been an increase in reports relating to
superannuation products, particularly, breaches of superannuation
accounts.
Staff negligence and error was the most common cause of
breaches.
Licensees should ensure staff are adequately trained and
understand their obligations as an employee of a licensee,
especially in relation to breaches and escalating any
incidents.
Licensees should consider if there are any other underlying
root causes or broader failures in their systems, policies or
processes that may be contributing to staff negligence and
error.
All communications with consumers should accurately represent
the products and services the Licensee offers and must not be
misleading or false in substance, or in the impression the
communication gives. Training on false and misleading conduct
should be provided to staff on a regular basis.
Insight 3: Identification and investigation of
breaches
Key Insights
Considerations
A majority of breaches were identified through staff and
business unit reports as opposed to internal compliance or customer
complaints.
Breaches identified from internal compliance reviews have
decreased by 5%. This means that a greater proportion of reports
were identified from external sources compared to the previous
reporting period.
28% of reports that involved financial loss were identified by
customers through internal and external dispute resolution.
There was an increase in the time taken for Licensees to
identify, commence and investigate breaches. The average time taken
to:
identify the breaches was 415 calendar days; and
investigate breaches was 59 calendar days.
Breaches that impacted a larger number of customers took
Licensees longer to investigate.
Licensees should ensure there are adequate systems in place to
identify breaches and report these internally.
Clear lines of responsibility should be implemented, to ensure
that staff members understand their role in the breach reporting
process.
Licensees should ensure that their risk and compliance function
is adequately resourced to investigate and, where required, report
breaches to ASIC.
Licensees should review and strengthen their internal risk
management activities so that breaches are proactively identified
and reported to ASIC.
Licensees should review their breach identification processes
and take steps to reduce the timeframe to commence an
investigation.
Insight 4: Customer impact, remediation and
rectification
Key Insights
Considerations
There was a decrease in breaches that impacted consumers both
financially and non-financially. 17 million customers were impacted
in the 2023-24 period as opposed to 28 million in the previous
reporting period.
In 25% of reports, customers faced financial loss of $10,000 or
more.
There was a 13% decrease in reports where a single customer was
impacted as a result of ASIC Instrument 2023/589. This removes the
obligation for licensees to report breaches of certain misleading
or deceptive conduct provisions if the breach:
gives rise to one reportable situation:
impacts one person; and
does not result in financial loss or damage.
Licensees are taking less time on average to remediate affected
customers (16 days in comparison to 24 days in the previous
reporting period).
Licensees had rectified significant breaches in 84% of reports
lodged with ASIC.
Staff training on internal policies and procedures was the most
common selection by Licensees in rectifying a breach.
Prompt action should be taken to investigate a breach and
remediate any consumers affected.
Whilst training staff is one effective method of rectifying
breaches, Licensees should also consider putting in place
preventative measures to reduce the likelihood of similar breaches
occurring.
Licensees should rectify breaches effectively and within a
reasonable timeframe to minimise further harm to consumers,
especially where there has been a loss suffered by consumers.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
