ASIC has released updated guidance for RG 78 on making notifications to the regulator under the reportable situations regime, otherwise known as breach reporting.
The updates to the guidance are intended to support the use of the data for ASIC’s regulatory purposes and public reporting, as well as to reduce regulatory burden on industry where possible by:
- Clarifying the circumstances in which licensees may group multiple reportable situations into one report to ASIC;
- New guidance on the information to include when licensees describe a reportable situation; and
- New guidance for licensees on ASIC’s expectations when licensees are providing updates related to a reported breach.
ASIC is also making minor changes to the prescribed form for lodging reportable situations which is accessed using the Regulatory Portal. These changes will be implemented on 5 May 2023, and will clarify how some questions should be answered and point licensees to guidance available in RG 78.
ASIC updated the guidance following analysis of reports received, and in response to direct feedback from industry and other stakeholders to clarify the requirements for licensees.
This includes targeted consultation that considered feedback from a variety of industry associations from the banking, insurance, superannuation, financial advisers, markets and credit sectors.