ASIC observed that a number of challenges with implementing the Reportable Situations Regime (previously, the ‘Breach Reporting’ regime) were persistent across the industry since its introduction in 2021.
One key area of concern is the inconsistency in the quality of information being derived through the free-text field of the prescribed form, ‘Describe the reportable situation’.
To inform a more consistent standard, ASIC has introduced new practical guidance that encourages Licensees to consider the impact, nature and complexity of the reportable situation when preparing their reports. Presented as a list of key considerations, the guidance is not intended to be imposed as a list of strict ‘minimum standards’ to be reported on, in every situation. In taking this approach, ASIC anticipates that Licensees will be aided to improve the quality of reports received whilst allowing the obligation to remain scalable to businesses, as well as the significance of the reportable situations.
Licensees should consider:
- Details about what happened
- An explanation of how the reportable situation is a breach of your obligations, serious fraud or gross negligence
- Details of how the reportable situation was identified
- Details about why the reportable situation occurred (including the underlying root cause)
- Details about the impact to clients and/or licensees (including non-financial impact)
- Any information about remediation or rectification not otherwise covered by structured data fields
- What steps have been or will be taken to address the underlying root cause and ensure a similar issue does not occur
- Details about anything unusual about the report (e.g. why it took an extended time to identify the issue or commence an investigation)
- Any other relevant context that is not otherwise provided in the structured data fields.
What are your thoughts on the new industry standards?
