On 11 April 2017, Treasury has released a consultation paper on breach reporting by financial services and credit licensees.

For AFS licensees, the view is that self-reporting of breaches of the Corporations Act should still be limited to significant breaches, but that significance should be determined by reference to an objective standard.

There is also a proposal to make the 10 business day timeframe for reporting of a breach commence from when the AFS licensee becomes aware or has reason to suspect that a breach has occurred, may have occurred or may occur rather than when the licensee determines that the relevant breach has occurred and is significant (for example, after an investigation).

For credit licensees, the Review recommends that a regime for breach reporting equivalent to that for financial services licensees be introduced. It is not clear how the proposal would relate to the penalty cap given to credit providers who make an application for a penalty before a borrower under section 116 of the National Credit Code (NCC).

Read the ASIC Enforcement Review: Breach reporting