In December 2017, the ASIC Enforcement Review Taskforce provided its report to Government. The report made 50 recommendations with respect to, among other things, breach reporting under the Corporations Act, industry codes, and ASIC’s licensing, banning, and directions powers. In April 2018 the Government released its response to the report, agreeing, or agreeing in principle, with all of its recommendations. In its response, the Government announced that it agreed with some recommendations, and that it agreed in principle with other recommendations but would defer implementing them to enable it to take account of any findings arising out of this Commission.
I have dealt with the recommendations of the Taskforce relating to industry codes elsewhere in this report – chiefly in the chapter about banking.
One other set of deferred recommendations relates to self-reporting of contraventions by financial and credit services licensees.
The application to AFSL holders and the enforcement of section 912D have formed an important part of the Commission’s work. I support the Taskforce’s recommendations about self‑reporting, which include the following:
- The significance test should be retained but clarified to ensure that the significance of breaches is determined objectively.
- A self‑reporting regime should be introduced for Australian credit licensees, equivalent to the regime for AFSL holders under (the amended) section 912D of the Corporations Act.
- The obligation for licensees to report should expressly apply to misconduct by an employee or representative.
- Significant breaches (and suspected significant breach investigations that are continuing) must be reported within 30 days.
- The required content of breach reports should be prescribed by ASIC and be lodged electronically.
- Criminal penalties should be increased for failure to report as and when required.
- A civil penalty should be introduced in addition to the criminal offence for failure to report as and when required.
- A co–operative approach should be encouraged where licensees report breaches, suspected or potential breaches or employee or representative misconduct at the earliest opportunity.
- The reporting requirements for responsible entities of managed investment schemes should be streamlined by replacing the requirements in section 601FC(1)(l) of the Corporations Act with an expanded requirement in section 912D.
- ASIC should publish breach report data annually.
I make two additional points.
First, although I have no doubt that a co-operative approach is to be encouraged when licensees report breaches, or suspected breaches, it will always be necessary to recognise that making a proper breach report on time is what the law requires.
Second, I think it preferable that ASIC publish breach report data annually not only aggregated by breach type but also by individual licensee. Those who deal with licensees should be able to have access to the reports that the law obliges the licensee to make to the regulator about objectively significant breaches or likely significant breaches of the financial services laws that the licensee has identified.
Recommendation 7.2 – Implementation of recommendations
The recommendations of the ASIC Enforcement Review Taskforce made in December 2017 that relate to self-reporting of contraventions by financial services and credit licensees should be carried into effect.
 ASIC Taskforce Review, Report.
 Australian Government, Australian Government Response to the ASIC Enforcement Review Taskforce Report, April 2018.
 ASIC Taskforce Review, Report, 2–3.