ASIC releases guidance on Breach Reporting

AFA News 9 September 2021. The new breach reporting regime commences on 1 October 2021. The legislation was passed in December 2020, with regulations and legislative instruments being released recently to provide exemptions from reporting for some matters.  On 7 September 2021, the final piece of the regime was made available when ASIC released the updated Regulatory Guide 78 on breach reporting.

The new breach reporting regime and related obligations includes a number of important changes:

  • A more prescriptive definition of what amounts to a reportable breach.
  • A new obligation for licensees to report breaches by advisers from other licensees.
  • New obligations with respect to breaches related to client notification, investigation and remediation.

Please click here to see the ASIC media release.

Please click here to see the new ASIC Regulatory Guide 78.

Please click here for ASIC Information Sheet 259 on complying with the notify, investigate and remediate obligations.

The AFA has throughout the debate and implementation of these changes to breach reporting, expressed serious concerns about the complexity of the new regime and the exponential increase in the number of matters that will need to be reported to ASIC. We are particularly concerned about the additional workload that will flow when many of these matters will be minor and administrative. Over the last couple of months, some changes have been made through regulations and ASIC Legislative Instruments to reduce the extent of this impact, however it will undoubtedly have a big impact on licensees.

For any questions on breach reporting, please email

Issued 09.09.2021. AFA Policy & Education Update