Breach reporting by AFS licensees
Important notice: AFS licensees are now required to submit breach reports to us via the ASIC Regulatory Portal. The portal will replace existing submission channels. Visit our Changes to how AFS licensees and Australian credit licensees report breaches page for more information.
AFS licensees must notify ASIC in writing of any 'significant' breach (or likely breach) of their obligations under s912A (including licence conditions), s912B (compensation arrangements) or financial services laws, as soon as practicable, and in any event within ten business days of becoming aware of the breach or likely breach.
What does 'significant' breach mean?
Licensees need to give proper consideration to whether the breach (or likely breach) is significant, and, if so, provide timely notification to ASIC. Whether a breach is significant will depend on individual circumstances. You will need to decide whether a breach (or likely breach) is significant and therefore, reportable to ASIC.
Factors that determine whether a breach (or likely breach) is 'significant' include:
- the number or frequency of similar previous breaches
- the impact of the breach or likely breach on the licensee's ability to provide the financial services covered by the licence
- the extent to which the breach or likely breach indicates that the licensee's arrangements to ensure compliance with those obligations is inadequate; and/or
- the actual or potential loss to clients or the licensee itself.
If you are not sure whether a breach is significant, we encourage you to report the breach.
How do you report a breach?
Lodge your breach report with us via our Regulatory Portal at https://regulatoryportal.asic.gov.au/.
It is important that licensees report significant breaches to ASIC as early as possible, even where you are still gathering further information on the breach. Failure to report a significant breach is an offence and may result in penalties.