As part of their reporting obligations, Licensees are required to provide information on what the ‘root cause’ of a breach or potential breach was.

Likewise in the case of an ongoing investigation, they also have an obligation to indicate what triggered the investigation they are lodging a report for.

To enable them to do so, the prescribed form lists a number of categories which Licensees can choose from to reflect either the root cause or investigation trigger. For example, a root cause category that may be selected include: ‘policy or process deficiencies’, ‘staff negligence’, ‘staff misconduct’, ‘inadequate management controls’ and ‘inadequate financial resources’. On the other hand, some listed categories of investigation triggers include: ‘internal audit’, ‘business unit report’, ‘whistleblower’ and ‘customer complaint’.

Industry consultations revealed, however, that there was irregularity with the interpretation of these categories and the circumstances which fell under each in practice.

To assist, ASIC’s updates to RG78 include new definitional guidance to appropriately clarify the parameters of each category.

“For best practice, Licensees should always aim to be more comprehensive in their reports, rather than conservative. Where it is unclear as to which category best suits the breach, even with consideration to the additional guidance given, Licensees should aim to provide further detail in the free-text field, “Describe the reportable situation” of the prescribed form.” – Connor Barham

For a walk through of the new definitional guidance on the RG78 ‘root cause’ & ‘investigation trigger’ categories, get in touch with the King Irving team today. You can also view the expansive list of categories on asic.gov.au.

Tell us your thoughts!

Does the guidance from ASIC make it clearer or more confusing for Licensees to comply?