Considering asking your employees about their vaccination status?

Learn about our confidential and secure Back2workplace survey

ASIC Breach Reporting obligations. Are you set up for sustained success?

EVP

New ASIC Breach Reporting Obligations

As with any regulatory change, there is a lifecycle – Design, Development, Implementation, and Transition to BAU. The time is nearly over for the first three stages… but it is the fourth that history suggests is often the time when things go wrong.

Below are 3 things to consider – as the “project” transitions to BAU:

1. Accountability

Have roles from Executive to the Frontline been articulated and assigned including the delineation of responsibilities between those who make findings of fact (Reporting), and those who have authority to assess whether there has been a breach (Governance)?

2. Enablement

  • Have policies, processes, procedures been updated or documented?
  • Training – have you included an assessment of understanding and kept records?

3. Management

  • Monitoring – observations of what is happening – many of the obligations span wide areas of businesses. Are all the bases covered? Is there the capacity to measure what is happening across that span?
  • Reporting – an assessment/analysis of what is happening + recommendations for action as required.
    Are the means to detect each of the required breaches set up including the means of recording the necessary data? Have sufficient resources been allocated to undertake necessary analysis within the timeframe needed to meet the overall reporting timeline? Are those resources aware of how to determine what is significant and what is not? Some of which is ‘automatically considered significant’ by its nature – such as gross negligence and serious fraud; and
  • Governance – decision making and oversight to ensure that what needs to be done is in fact done.
    Breach reporting is much more than telling the regulator you made a mistake or have an issue. You must also explain how it happened and what is being done or will be done about it… and all that needs to be done in a challenging timeframe. Are those charged with oversight clearly aware of their duties, and the timeframes? And are they comfortable all that is needed to support them is in place and sufficiently resourced (in terms of both skills and quantity), required to operate within the timeframes?

Remembering you need records to prove things are okay, you can’t rely on just saying we have no records of breaches therefore we are compliant. There is a requirement to have evidence of compliance… evidence of all the above in place and functioning effectively.

Key timeframes

  • Extended reporting period – reports must be lodged within 30 calendar days (compared to 10 business days); but
  • The clock starts ticking earlier – 30 days will commence when you know, (or should know) whether a reportable situation has arisen.

We have also provided insight and assessments on the below topics:

Key Contacts

Michael Hartman

Senior Manager - Risk & Compliance

Read Bio

Jodie Winks

Senior Consultant

Read Bio

Want to learn more?

Subscribe to receive our latest Risk and Compliance Insights and Research as they become available.

Related insights

New financial regulations are here. Are you set up for sustained success?

New Financial Design and Distribution Obligations are approaching. It's not only important to be prepared but to also have in place the ongoing management and ...

ASIC Anti-Hawking obligations. Are you set up for sustained success?

Anti-hawking obligations are in the spotlight. Here are the key things financial service providers should consider to meet these obligations. Also included is a free ...

Are you set up for sustained success in managing the updated Internal Dispute Resolution Obligations?

New Internal Dispute Resolution regulation now applies to any complaints received by financial firms. Here are the key considerations for financial organisations. ...

5 issues to consider in relation to the new Financial Services Design and Distribution Obligations

With new Financial Services Design and Distribution Obligations due 5th of October 2021 there are 5 important issues to consider in preparation.