This article was co-authored with Emily Shaw.
On Thursday 22 April 2021, ASIC released Consultation Paper 340, seeking feedback on its draft guidance to the upcoming breach reporting and remediation reforms which will come into effect on 1 October 2021. The consultation period closes on 3 June 2021, with ASIC intending to publish final guidance and an information sheet later this year.
The reforms strengthen the breach reporting regime for financial services licensees and introduces new obligations for credit licensees. See our insight here for more details.
The consultation paper includes 2 attachments: draft regulatory guide 78 on breach reporting and an information sheet regarding the new notify, investigate and remediate obligations. Read the draft regulatory guide and information sheet here.
The reforms are extensive and onerous in many respects. They are interconnected to each other and other reforms that also land in October 2021. In ASIC’s words, the reforms are designed to strengthen and clarify the breach reporting obligations in order to provide greater certainty for the industry and to ensure that breach reports are timely and consistent. ASIC uses the information provided in breach reports to detect non-compliance and misconduct early - ASIC expects that this will remain a critical feature of the new and improved regime.