AFSL holders will be subject to the new breach reporting regime from 1 October 2021. The new laws are more onerous and wide-ranging than the existing breach reporting laws and ASIC has said that it expects a ‘significant increase’ in the volume of breach reports that it will receive as a result of the reforms.
The new regime significantly broadens the circumstances in which breaches will need to be reported to ASIC. This is achieved through the introduction of new reportable events, including ‘deemed significant breaches’ and the requirement to notify ASIC of investigations that continue for more than 30 days.
The decision tree below sets out when events must be reported to ASIC.
AFSL holders should be well advanced in amending their compliance framework and procedures to ensure they can comply with the new requirements from 1 October 2021.