Security | December 14, 2016

Australian Financial Services Breach Reporting

AFS licensees must notify ASIC in writing of any ‘significant’ breach (or likely breach) as soon as practicable, and in any event within ten business days of becoming aware of the breach or likely breach.

Factors that determine whether a breach (or likely breach) is ‘significant’ include:

  • the number or frequency of similar previous breaches
  • the impact of the breach or likely breach on the licensee’s ability to provide the financial services covered by the licence
  • the extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate; and/or
  • the actual or potential loss to clients or the licensee itself

How do you report a breach?

Email your completed Form FS80 or written report to ASIC at


It is important that licensees report significant breaches to ASIC as early as possible, even where you are still gathering further information on the breach. Failure to report a significant breach is an offence and may result in penalties.

You May Also Like...


Get the Latest tech News

Subscribe to our newsletter to get the latest tech and security news