The ASIC Enforcement Review Taskforce has published a consultation paper that examines proposed changes to self-reporting breaches or misconduct in financial services businesses to the 'name and shame' model. The taskforce has rejected the idea that individual licensee breaches should be reported, however a licensee-based annual report for broader data collection was favoured.
The taskforce commented that the 'significance' test is too subjective, and also stated that it would prefer that breach reporting be extended to credit licensees as well as AFS licences. ASIC, it says, should also have more flexibility with its determination of penalties.
The term 'obligations' is broad in financial services - this can range from a customer not being provided a specific document or form, varying forms of remuneration (commissions, etc.) and extends far beyond administrative tasks into the realm of fraud.
Currently, a licensee can ignore any breach it decides is 'insignificant'. To determine significance, the impact of the breach or possible breach 'must impact the licensee's ability to provide the financial services covered by the licence'. The taskforce suggests that the significance test should be kept, but an objective standard must be the reference point.
Some breaches would be mandatorily reported upon, such as those that would cause someone to lose their job. When it comes to transparency of the individuals involved, the taskforce was less excited about naming and shaming, and more concerned with ASIC's intelligence and data collection. Annual breach reporting at the licensee level was suggested.