A key difference between the ACL and AFSL regime has been that credit licensees have no obligation to report breaches.  The absence of breach reporting was an intentional feature of the ACL regime. During the process of drafting the legislation an ASIC representative stated that ASIC did not want to receive breach reports because it must investigate reports and it didn’t have the resources.

ACL holders and in particular lenders often identify minor breaches and rarely, if ever, report these minor breaches. On the other hand, responsible credit licensees will report any material breach and in particular any systemic breach in order to demonstrate compliance culture and to avoid ASIC discovering those breaches during an audit. Licensees should also keep a breach register in which all breaches are recorded together with details of the rectification steps taken and of any consumer compensation paid.

All that may be about to change because Treasury has released a consultation paper on breach reporting by financial services and credit licensees. Included in the recommendations made in Position and Consultation Paper 1 Self-reporting of contraventions by financial services and credit licensees is a proposal that credit licensees be subject to mandatory breach reporting to ASIC.

The paper recognises the current practice of ACL holders reporting significant breaches.  In addition, ASIC receives information about misconduct from ACL holder competitors and EDR schemes. However, in order to ensure that ASIC is notified of breaches in a timely manner and there is consistency among the industry, it is proposed that ACL holders be subject to the same, or a similar regime as AFSL holders.

Currently, AFSL holders are obliged to report themselves to ASIC if they contravene, or are likely to contravene in the future one or more of their general obligations and the contravention is significant.  However the paper recognises that the current AFSL reporting regime has a number of deficiencies including that the test for whether a breach should be reported is a subjective one leading to inconsistencies in industry about what is reported and what is considered ‘significant’. A large organisation will have a different interpretation of ‘significant’ to a smaller organisation. Further currently, only proven breaches need to be reported, rather than merely suspected breaches. 

The report proposes that the current test for reporting be changed to a more objective test, namely that actual or suspected breaches (or potential breaches) must be reported if a reasonable person would consider the breach to be significant. This change is an attempt to level the playing field so that the significance test relates to what a reasonable person would believe to be significant as opposed to what is considered significant to the licensee which may vary depending on the size and complexity of the business.

Due to the large number of small, single person operator’s holding an ACL, if this change is implemented, the compliance burden of mandatory reporting could be quite burdensome. As such, any new regulation seeking to mandate breach reporting would need to ensure that it did not operate unfairly for smaller players. Further, while some breaches of the National Consumer Credit Protection Act will be obvious (for example, dealing with an unlicensed entity, charging an undisclosed fee etc.) some breaches, particularly in the area of responsible lending, will be less clear due to the scalable nature of the responsible lending obligations. Indeed what may be a responsible lending breach with respect to one consumer, will not be a breach for another consumer. 

Careful consideration need to be given to the wording of the reporting requirement for ACL holders so that licensees are not having to report constantly and for things that may not even be breaches as this would waste the time and resources of both the ACL holder and ASIC. The change may, however, encourage businesses to enhance their compliance culture and have a collaborative with ASIC when dealing with issues impacting consumers.

The report asks for submissions with respect to the proposal and Dentons is currently working on a submission.