Reportable situations (RG 78): the 30-day breach reporting regime explained

What the regime is

The reportable situations regime mandates that Australian Financial Services (AFS) licensees and credit licensees report specific breaches and potential breaches to the Australian Securities and Investments Commission (ASIC). This obligation ensures that ASIC is informed of significant compliance failures within the financial services and credit industries.

ASIC’s Regulatory Guide RG 78 provides detailed guidance on how the regime functions, outlining the requirements for reporting and the information that should be included in reports. Understanding and adhering to RG 78 is essential for compliance.

Reports are submitted electronically through the ASIC Regulatory Portal.

The 30-day clock

The obligation to report a reportable situation is subject to a strict timeframe. A licensee must report the situation to ASIC within 30 calendar days after the licensee first knows of, or is reckless with respect to, the circumstances giving rise to the reportable situation.

This 30-day period begins when the licensee’s knowledge or recklessness arises. The circumstances that trigger the reporting obligation can include an actual breach of a standard, a likely breach of a standard, or an investigation into whether a significant breach has occurred.

Understanding what constitutes “knowing” or being “reckless” is crucial for determining when the 30-day clock starts.

What counts as significant

Some breaches are automatically recognised as significant. These include breaches of core obligations, conduct that constitutes an offence punishable by a civil penalty, and conduct involving misleading or deceptive conduct. These breaches trigger the 30-day reporting requirement immediately.

Other breaches require assessment to determine if they are significant. This assessment considers factors outlined in the law, including the impact of the breach, its frequency, and the potential harm it caused. A breach is not automatically significant simply because it requires this assessment.

The law provides a framework for determining significance. Factors considered include:

• Impact
• Frequency
• Harm

Why it matters

The 30-day breach reporting regime established under Regulatory Guide 78 (RG 78) is a critical compliance requirement for Australian Financial Services (AFS) licensees and credit licensees. Failure to report a reportable situation is a contravention in itself, meaning it carries legal consequences. Licensees must understand and adhere to this obligation to avoid penalties and maintain regulatory standing. Directors should undertake a director duties self-check to ensure their oversight responsibilities are met.

ASIC actively monitors compliance with the reporting regime. Data derived from reported situations is publicly published and informs ASIC’s surveillance activities. This means that reported breaches can contribute to increased scrutiny and potential investigations of both individual licensees and the broader industry.

To ensure compliance, directors should prioritise the implementation and maintenance of robust breach-identification and reporting processes within their licensee. These processes must be designed to meet the 30-day reporting deadline.