A key difference between the ACL and AFSL regime has been that credit licensees have no obligation to report breaches, according to law firm Dentons.
In a recent update, Dentons explained that the absence of breach reporting was an intentional feature of the ACL regime, as during the process of drafting the legislation an ASIC representative stated that ASIC did not want to receive breach reports as it did not have the resources to investigate them.
However, Treasury has now released a consultation paper on breach reporting by financial services and credit licensees, which includes the recommendation that credit licensees also be subject to mandatory breach reporting to ASIC.
“The paper recognises the current practice of ACL holders reporting significant breaches. In addition, ASIC receives information about misconduct from ACL holder competitors and EDR schemes. However, in order to ensure that ASIC is notified of breaches in a timely manner and there is consistency among the industry, it is proposed that ACL holders be subject to the same, or a similar regime as AFSL holders,” Dentons explained in the update.
Speaking to The Adviser, Dentons partner Elise Ivory emphasised that at this point, Treasury’s recommendation is at the consultation paper stage, and does not refer to a particular legislation or say which sections would be amended and what be inserted.
However, she said: “There is a strong possibility that it could be adopted because ASIC is holding a lot of investigations into credit licensees at the moment, and is very interested in what the credit licensees are doing, and wants to ensure they're compliant, so this would be a logical step.”
Ms Ivory explained that for brokers with an ACL, such a change would “certainly add an extra step” to their compliance measures.
“They would have to be very watchful of what they were doing, watchful of what is actually a breach and making sure they report it, so they would have to have a strong compliance culture,” she said.
“It is a bit harder if you're only a one-man band; you've only got one person and it is more of an administrative burden for smaller licensees.
“However, for any broker who is already trying to do their best, it is only one extra step.”
Ms Ivory pointed out that if the proposed changes were to be adopted, regulators would try and offset any extra administrative burden by reducing the content of the annual compliance certificate that has to be completed by licensees.
“At the moment that compliance certificate is quite lengthy, and so if this goes through, what they would look to do is reduce the length of time that it takes licensees, to try and offset some of the burden of having to report,” she said.
Brokers should have a breach register and systems in place to ensure they are following their own internal policies and documenting any breaches, according to Ms Ivory.
“At the moment if they are to notice a breach, then they would need to rectify that breach if possible, with the consumer, whether that's giving them a document or refunding a fee or something like that, they would need to rectify it with the consumer and then pop it into their breach register,” Ms Ivory explained.
“Depending on the wording of the new legislation if and when it comes out, they may also have to fill a form in to tell ASIC that this has happened. So that may lead ASIC to come and have a talk to them and have a look at their systems.
“However, if somebody is already compliant, they have the right systems in place, they do their own little internal audits and they spot check that they're doing the right things, then that shouldn't be too much of a burden because they already have the systems in place necessary to comply with the law.”