Updated breach reporting guidance from ASIC

ASIC has issued updated guidance on the breach reporting regime for credit and financial services licensees. The updates, within ASIC Regulatory Guide 78, aim to simplify reporting obligations for licensees, improve consistency and quality of reporting practices by licensees and reduce regulatory burden for licensees.

The updated guidance reflects many of the recommendations we made in our October 2022 submission to ASIC on this matter.

Updates to the guidance include:

• Grouping multiple reports: Examples of when Licensees can group multiple breaches into one report to ASIC. This includes that reports may be grouped if the root cause is staff negligence or human error.
• Information licensees need to provide as part of a breach report: The guidance now gives licensees more clarity over what information ASIC would expect to see as part of a breach report.
• Requirements to provide updates to breach report: The guidance clearly sets out the types of matters that should be updated and introduces an expectation that licensees should provide updates at least every six months.

ASIC has also flagged that it is making changes to the reporting form to make it easier for licensees to make reports.

The MFAA encourages licensees to review and update their breach reporting policies and procedures to align with the updated guidance.

Breach reporting compliance resources

MFAA members have access to a range of resources on breach reporting.

The following are available on the MFAA Learning Hub:

• Breach Reporting Basics for brokers webinar recording
• Breach Reporting module

Additional resources are available to download from the MFAA member portal. You’ll find them in the Broker toolbox under Legal and Compliance:

• Breach reporting on a page
• Breach reporting case studies

Please contact ua.moc.aafm@ecnailpmoc if you would like further assistance.