Security | December 14, 2016
Australian Financial Services Breach Reporting
AFS licensees must notify ASIC in writing of any ‘significant’ breach (or likely breach) as soon as practicable, and in any event within ten business days of becoming aware of the breach or likely breach.
Factors that determine whether a breach (or likely breach) is ‘significant’ include:
- the number or frequency of similar previous breaches
- the impact of the breach or likely breach on the licensee’s ability to provide the financial services covered by the licence
- the extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate; and/or
- the actual or potential loss to clients or the licensee itself
How do you report a breach?
It is important that licensees report significant breaches to ASIC as early as possible, even where you are still gathering further information on the breach. Failure to report a significant breach is an offence and may result in penalties.