Enforcement of the reportable situations regime – Are you ready?
28 November 2023
28 November 2023
ASIC has announced that one of its key enforcement priorities for 2024 is compliance with the reportable situations regime, previously known as the breach reporting regime.
Introduced in October 2021, the reportable situations regime requires financial services and credit licensees to notify ASIC of potential misconduct by licensees, including significant breaches or likely significant breaches of core obligations, or investigations of the same. The regime is intended to promote the early detection and reporting of significant and/or non-compliant behaviour by licensees.
ASIC considers the regime to be a cornerstone of an effective financial services regulatory structure. The reports are a critical source of regulatory intelligence.
ASIC has observed that compliance with the reportable situation regime is currently too low, with 89% of licensees not reporting against the regime at all. This is despite the bar for reporting now being set very low for certain types of breaches such as those that are 'deemed significant'. As a result, ASIC has signalled an intention in 2024 to adopt a stronger approach to compliance in this area, directing its resources and expertise to ensuring that licensees are complying with their obligations under the regime and enforcing the law where they are not.
Under its 'proactive, strategic and bold' enforcement approach, ASIC has recently commenced a targeted surveillance of those licensees who are not reporting to ASIC as it would expect.
With the reportable situations regime being a key priority, areas of the reportable situation regime that ASIC is likely to focus on include:
It will be interesting to see whether ASIC seek to use enforcement action to clarify licensees' obligations in these areas. ASIC may be particularly interested in testing how licensees have applied the recent changes to RG 78, which sought to clarify ASIC's expectations on the operational application of the reportable situations regime and promote greater consistency in reporting.
Any such action will be taken in a new era of transparency and accountability under the Financial Accountability Regime for banks, super funds and insurers. In the future, we expect ASIC reporting to publicly name outlier licensees across industry, and by or within sectors, particularly where they are unable to demonstrate benchmarked improvement in the time taken from the first instance of an event to:
"ASIC's approach to reporting will evolve over time, as implementation of the regime matures and allows for greater granularity of reporting", ASIC, 10 August 2022.
As ASIC shifts from a facilitative to an enforcement-focused approach to the reportable situations regime, now is the time for licensees to undertake a health check of their reporting processes and consider whether any uplift and improvement is required.
Ensuring you have a comprehensive and robust reporting framework in place will help mitigate the risk of being targeted by ASIC as an outlier.
In particular, consider:
Reportable situations are—and will remain—a critical source of intelligence for ASIC as a leading indicator of emerging systemic industry risk. Coupled with increasing maturity of ASIC's data analytics capability (including the ability to link reportable situations datasets with datasets such as internal and external dispute resolution), together with a renewed focus on accountability in banking, superannuation and insurance through the incoming Financial Accountability Regime from March 2024, more targeted and precise ASIC supervision and enforcement action in the future is inevitable.
Through close collaboration between Ashurst's legal and risk advisory services, we help our clients navigate the reportable situations regime, providing advice ranging from the establishment of a comprehensive reportable situations framework and a register of core obligations applicable to your business activities, to assist in assessing, investigating and reporting events to ASIC. To learn more about what you can do today to ensure you are ready, please reach out to the key contacts below or your usual Ashurst contact.
Authors: Mark Bradley, Partner; Chris Baker, Partner; Samantha Carroll, Partner; Lucinda Hill, Partner; Elizabeth Hristoforidis, Director; Morgan Spain, Partner; and Jennifer Chen, Lawyer
This publication is a joint publication from Ashurst Australia and Ashurst Risk Advisory Pty Ltd, which are part of the Ashurst Group.
The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.
The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.
For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com
This material is current as at 28 November 2023 but does not take into account any developments to the law after that date. It is not intended to be a comprehensive review of all developments in the law and in practice, or to cover all aspects of those referred to, and does not constitute legal advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent legal advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.