“Humans are pattern-seeking story-telling animals, and we are quite adept at telling stories about patterns, whether they exist or not.”
— Michael Shermer
How to identify a significant breach of a core obligation
“If a licensee does not report all “reportable situations” to ASIC, they may be subject to both civil and criminal penalties for every instance of failed reporting”
— Lawcadia/Gadens “State of Financial Services Breach Reporting in Australia”
If you’re unsure about the new breach reporting regime under the Corporations Act 2001 (Cth) (Corporations Act), you’re not alone.
The legislation is head-spinning in its complexity.
A recent report published by Gadens, Lawcadia and CoreData – ‘State of Financial Services Breach Reporting in Australia’ – offered some insights into the first six months of the breach reporting regime including their observation that only 24 percent of advisors believed they are adequately trained by their licensee to monitor for breaches.
ASIC chair Joseph Longo described the legislation as “quite an ambitious” piece of law reform while he spoke at the Stockbrokers and Investment Adviser Association conference in May and admitted there have been “some teething issues” administrating the new regime.
This article is the first part of a four-part series in which we’ll endeavour to unpack some of the operative nuances to breach reporting.
- In Part 1 we’ll explore how to identify a ‘significant breach of a core obligation’ and how to recognise whether you’re ‘unable to comply with a core obligation’,
- In Part 2 we’ll tackle ‘reportable investigations’, reporting ‘gross negligence or serious fraud’ and ‘reporting other licensees’
- In Part 3 we’ll explore the obligation to notify affected clients, commence investigations and conduct remediation.
- In Part 4 we’ll deal with reporting to ASIC and the publication of breach data.
What is a reportable situation?
Licensee’s must lodge a report with ASIC when there are reasonable grounds to believe a ‘reportable situation’ has arisen under the regime. A failure to report a reportable situation is in itself a reportable situation.
‘Reasonable grounds to believe’
The threshold of ‘reasonable grounds to believe’ creates an objective test. If there are facts or evidence that would lead a reasonable person to believe that there is a reportable situation, then this test is satisfied.
We found it easiest to categorise reportable situations as five (5) types. We will cover reportable situation type 1 and 2 in this article, and the others across this series.
Reportable situation one: significant breach of a core obligation
First, a reportable situation arises when:
- a licensee breaches a core obligation, and
- that breach is significant.
To make sense of this requirement, it helps to understand what a “core obligation” is and how significance is determined.
Section 912A & 912B of the Corporations Act provide that the licensee must:
- Do all things necessary to ensure that the financial services covered by the license are provided efficiently, honestly and fairly,
- Have in place adequate arrangements for the management of conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by the licensee or a representative in the provision of financial services as part of the financial services business,
- Comply with the conditions on the license,
- Take reasonable steps to ensure its representatives comply with the financial services laws (exception for insurance fulfilment providers handling claims),
- If the licensee is the operator of an Australian passport fund, or a person with responsibilities in relation to an Australian passport fund, comply with each law of each host economy for the fund,
- Have available adequate resources (including financial, technological and human resources) to provide the financial services covered by the license and to carry out supervisory arrangements – unless you are a body regulated by APRA (RG 79.151-78.152),
- Maintain the competence to provide those financial services,
- Ensure that its representatives are adequately trained, and are competent, to provide those financial services,
- If those services are provided to retail clients, have a compliant dispute resolution system.
- Have compliant arrangements for compensating retail clients
The following financial service laws are also core obligations:
- Division 2 of Part 2 of the ASIC Act,
- Passport Rules,
- Any financial service law specified in regulations for the purpose of this section, including those specified in Corporations Regulation 7.6.02A (Exposure Draft), which are as follows:
- Australian National Registry of Emissions Units Act 2011
- Banking Act 1959,
- Carbon Credits (Carbon Farming Initiative Act) 2011,
- Financial Sector (Collection of Data) Act 2001,
- Financial Sector (Shareholdings) Act 1998,
- Financial Sector (Transfer of Business) Act 1999,
- Insurance Acquisitions and Takeovers Act 1991,
- Insurance Act 1973,
- Legislation, rules or common law or equity in relation to traditional trustee company services provided by a licensed trust
When is a breach of a core obligation significant?
To determine whether a breach of a core obligation is significant we must apply the tests for significance as provided by the legislation. We found it easiest (again) to break down this aspect of the regime into 5 tests.
Exceptions to significance test 2
Certain breaches of core obligations that are civil penalty provisions are excluded from being deemed significant by way of the Corporations Regulations 2001 (Cth) (CR).
Breaches of civil penalty provisions that are excluded from being deemed to be significant by way of CR 7.6.02A are:
- Section 798H – Not complying with Market Integrity Rules.
- Section 901E – Not complying with Derivative Transaction Rules.
- Section 922M – Not lodging a notice in compliance with section 922L.
- Section 941A-941B – Not providing a financial Services Guide in compliance with Part 7.7 Division 2.
- Section 962G – Not providing annual fee disclosure statements for ongoing fee arrangements.
- Section 962S – Fee recipient arranging for ongoing fee deduction without account holder acceptance or consent.
- Section 962U – No confirmation provided where fee recipient withdraws or varies fee deduction.
- Section 962V – Failed to notify account holder that the fee recipient’s consent to fee deductions has ceased.
- Section 981B – Failed to pay money into an account.
- Section 981C – Failed to maintain accounts relating to s981B in a manner required by the Regulations.
- Section 1012A-1012C – Not providing Product Disclosure Statement.
- Section 1017BA-1017BB – Trustee of SuperFund failed to make a product dashboard and asset investment information publicly available:
- Section 1021E – Provided defective disclosure document or statement.
- All civil penalty provisions of legislation listed in CR 7.6.02A(1).
Furthermore, breaches of the enforceable paragraphs of ASIC Regulatory Guide 271 are excluded from being deemed to be significant by way of ASIC Corporations and Credit (Breach Reporting—Reportable Situations) Instrument 2021/716
Importantly, this does not mean that breaches that are excluded from being deemed significant are never significant. Breaches that are excluded from being deemed significant must be assessed by applying significance test 5, as detailed below.
In all other cases, we must revert to significance test 5 to determine whether the breach is significant.
Assessing “Significance” in practice
So, how do we assess whether an incident is a significant breach of a core obligation?
Let’s unpack some examples of reportable situation 1.
Magic Financial (Magic) audited ten (10) client files of a servicing advisor that acts as their authorised representative.
They identified contraventions of the ‘Best Interests Duty’ (BID) in two (2) out of the ten (10) audited client files (BID Files) and remediated the fees.
The servicing advisor states that the contraventions are historical and did not cause any material damage to the affected clients.
Does this constitute a reportable situation?
The Best Interest Duty arises from 961B of the Corporations Act which is a core obligation and a civil penalty provision.
Once a breach of section 961B is established, it is deemed to be significant under significance test 2 and therefore must be reported to ASIC.
Finally, and for clarity, any breaches that a licensee was unaware of by 1 October 2021 must now be assessed under the current breach reporting regime.
We will analyse whether breaches such as example 1 trigger the obligation to investigate in Part 2 of this series.
Magic audited ten 10 client files of a servicing advisor that acts as their authorised representative.
They identified that in one (1) client file the advisor did not deliver an annual review in accordance with the terms of an ongoing fee arrangement with that client in one servicing period.
The client was overseas during the material servicing period and the advisor made multiple attempts to deliver the review by attempting to contact the client across all the mediums they had previously communicated across. Ultimately, the advisor was unable to make contact in the servicing period.
Does this constitute a reportable situation?
Subject to the licensee remediating the fees paid for the advice in the material servicing period, this example is not a reportable situation.
“Fees for no service” generally constitute a breach of the obligation to provide financial services efficiently, honestly and fairly under section 912A(1)(a) of the Corporations Act.
Section 912A(1)(a) of the Corporations Act is a core obligation and a civil penalty provision. However, based upon the circumstances described in example 2 it is unlikely the non-delivery of services constitutes a breach of section 912A(1)(a).
We included this example to highlight the fact that assessing whether an incident is a significant breach of a core obligation begins with an assessment of whether there is a breach. Following this first step we must then determine whether the breached provision is a core obligation, then whether the breach is significant.
A client lodges a complaint with Magic because their servicing advisor failed to provide an annual fee disclosure statement (FDS) for an ongoing fee arrangement.
Does this constitute a reportable situation?
A failure to provide an FDS is a breach of section 962G of the Corporations Act which is a core obligation and a civil penalty provision.
However, regulation 7.6.02A excludes breaches of section 962G from being deemed to be significant. Therefore, we must assess example 3 using significance test 5 to determine whether it is a reportable situation.
Reportable situation two: unable to comply with a core obligation
If you are unable to comply with a core obligation, and the breach, if it occurs, will be significant, then this will constitute a reportable situation.
Per the Explanatory Memorandum to the Financial Sector Reform (Hayne Royal Commission Response) Act 2020 (the FSR Act), the reportable situation that arises when a licensee is no longer able to comply with a core obligation reflects the previous meaning of a ‘likely breach’ in section 912D of the Corporations Act. The Explanatory Memorandum provides the following example:
A licensee becomes aware that on a future date, its overdraft facility will be closed, and it will no longer be able to comply with its base level financial requirements. The licensee is aware that it does not have other means of meeting the financial requirements at that time, which is required under section 912A (financial resourcing obligation).
There is a reportable situation in the example in relation to the licensee because a breach of 912A(1)(d) constitutes a contravention of a core obligation that is a civil penalty provision.