Breach Reporting Regulations
Hon Josh Frydenberg MP
Treasurer
The Treasury
Langton Crescent
PARKES ACT 2600
Email: Josh.Frydenberg@treasury.gov.au
CC: Breach.Reporting@treasury.gov.au
Dear Treasurer
This letter responds to the Treasury consultation paper on Breach Reporting Regulations (the Regulations). The Finance Industry Council of Australia (FICA) brings together the leading financial services industry associations in Australia – Australian Banking Association (ABA), Australian Finance Industry Association (AFIA), Australian Financial Markets Association (AFMA), Australian Securitisation Forum, Customer Owned Banking Association (COBA), Financial Services Council (FSC), and the Insurance Council.
Individual FICA members will have their positions reflected in their own detailed submissions. The purpose of this letter is to outline some key areas of agreement between FICA members, where it will be important to ensure clarity of legal obligations and simplicity of compliance expectations. FICA members generally support the Regulations, and while the reforms do strengthen the regime by expanding the amount of instances in which a breach must be reported, a key objective of an effective breach reporting regime should be to ensure that ASIC is advised of material breaches of important provisions of financial services and credit legislation, and that its intelligence is not diluted by breach reports that lack significance.
We note the ASIC Enforcement Review Taskforce (ASICERT) report, and its recommendation that some civil penalty provisions should be deemed significant. However, there is a likely risk that the deeming of breaches of all civil penalty provisions, or a failure to consider them each individually could potentially undermine the ASICERT recommendation to retain the importance of materiality in the significant test.
Industry members have advised that the current regime, and potential scope of civil penalty provisions in the ‘deemed significance’ test will lead to a substantial increase in reporting levels. The result may be a reduction rather than an improvement in the ability of industry members and regulators to focus on the incidents that really matter, i.e. those causing material customer harm or loss, or those that reflect egregious misconduct by licensees.
The implementation of these Regulations will be important to ensuring balance, evidenced based, legislation that supports growth of financial businesses as well as competition and innovation across the financial services industry, and conversely, does not create barriers of entry.
In our view, the key considerations are as follows:
Civil penalty provisions which could span a broad spectrum for insignificant at one end, to very serious at the other, should be subject to the (new) significance test, and should not be deemed significant.
As part of this, it is critical that civil penalty provisions that are documentary and/or procedural in nature should be excluded from the deeming regime.
These types of provisions have various options available where an error can be easily rectified, and where an isolated inadvertent breach has a low level of likelihood of triggering the materiality threshold by the other limbs of the significant test in subsections 912D(4) and 912D(5) of the Corporations Act.
Civil penalty provisions that contain subjective requirements and can be determined by appropriate external parties should be excluded from the deeming regime.
We note that there are various provisions which are subjective in nature, and therefore have high likelihood of being applied inconsistently across the industry.
Due to the broad and subjective nature, it is critical that contraventions of section 912A(5A) of the Corporations Act and section 47(4) of the Credit Act should not be deemed to be significant.
In particular, we note, Section 912A(1)(a) – the obligation to do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly as key example where it is a highly subjective test and where more material breaches would be covered by other limbs of the Section 912D test.
Further, it will be important that this provision is excluded, as in practice it could mean a large ‘catch all’, as provisions that are excluded from the deeming provision could come back in under the same limb for being a contravention of Section 912A(1)(A). For example, if Subsection 1012A(5) - Obligation to give Product Disclosure Statement - personal advice recommending a particular financial product is excluded from the deeming regime, then it shouldn’t come back as being deemed automatically as significant because it is caught as being a contravention of ‘efficiently, honestly and fairly’.
Civil penalty provisions that already provide for or are accompanied by notification to ASIC should be excluded from the deeming regime.
We note our recommendation above for Section 912A(5A) of the Corporation Act and Section 47(4) of the Credit Act to be excluded. As part of the subparagraph 912(1)(g) of subsection 912(5A) of the Corporations Act on internal dispute resolution (IDR) should be specifically considered. By including this provision, the practical implication would mean that all contraventions of these requirements will become reportable, and require reporting in instances of low-level or no material harm.
Further, under ASIC’s new IDR reporting regime, ASIC will already be required to have IDR data reported from licensees, with AFCA also having the ability to investigate systemic issues and refer licensee conduct to ASIC.
Civil penalty provisions that fall outside the general civil penalty regimes in relevant Acts and attract much lesser maximum penalties should not be deemed significant by reason only of their status as civil penalty provisions.
It will be important that the legislation provides certainty on how the regime will interact with certain regulatory frameworks, such as the Responsible Lending Obligations (RLO). These provisions remain judicially untested, with the courts purposefully allowing these obligations a reasonable degree of subjectivity. We note that AFCA as the external dispute resolution provider has the capability and skills to make an appropriate decision and provides ASIC with data already on a frequent basis.
This will likely cause an overlap of reports being provided to ASIC, and in the majority of cases could mean a significant report is provided even though it is found by AFCA to not be a breach of RLO.
It will be critical to ensure a consistent approach across the industry that there is supplementary guidance providing clarity on the interplay of the Breach Reporting Regime with RLO and AFCA. A carefully structured regime that takes account of the above points would, in our submission, achieve the intent of the Royal Commission while leaving ensuring an efficient breach reporting regime. FICA members would be pleased to continue to engage with Treasury throughout this implementation process, and to meet with officials to discuss the above points in detail. FICA would be happy to arrange such an event at a suitable time.
Thank you for the opportunity to make submissions on the consultation paper.
Yours sincerely
Diane Tate
Chair
Finance Industry Council of Australia