Reporting Form Instruction Guide - Financial Accountability Regime – Breach by Entity
Introduction
This form applies to all accountable entities and their significant related entities (SREs) as defined in the Financial Accountability Regime Act 2023 (the Act) to notify APRA and ASIC (the Regulators) if an accountable entity has reasonable grounds to believe that it has failed to comply with one or more of its accountability obligations or key personnel obligations under sections 20 and 23 of the Act.
In accordance with subsection 31(1) of the Act, an accountable entity must submit this form within 30 days after the event to meet its notification obligation under subparagraph 32(d)(i) of the Act.
The required information must be submitted in APRA Connect with the completion of the ‘Financial Accountability Regime - Breach by Entity’ form. The form is accompanied by these instructions to assist accountable entities and SREs in completing the required information.
Resubmission
An accountable entity should request a resubmission to update this form if it has additional information after the initial submission.
Additional information may include updates to action taken. An accountable entity is also expected to advise the Regulators of the outcomes of its assessment of the root causes or impact of the breach once they become known and resubmit this form to update the Regulators when additional information becomes available.
Financial Accountability Regime - Breach by Entity
Display Only |
|---|
| Entity Name |
| ABN |
| Enhanced / Core |
| Dual / Sole Regulated |
| Industry |
1 | Entity breach of obligations |
| 1.1 | The accountable entity has reasonable grounds to believe that it has failed to comply with its accountability obligations or key personnel obligations (the breach). If applicable, make multiple selections. |
| 1.2 | Obligation |
| 1.3 | The date of the first instance of the breach |
| 1.4 | Is the breach continuing? |
| 1.5 | The date of the last instance of the breach |
| 1.6 | Date when the breach (or reasonable grounds of breach) was identified |
| 1.7 | How did the breach come to the attention of the accountable entity? |
| 1.8 | Date when the accountable entity commenced investigating the nature and scale of the breach (or reasonable grounds of breach) |
| 1.9 | Description of the breach (or reasonable grounds of breach) including how the breach was identified |
| 1.10 | Does this breach relate to another breach(es) that has or will be reported to APRA and/or ASIC? (Either an additional FAR breach by the accountable entity or an accountable person or a material contravention of any of the financial sector laws set out at para 21(1)(d) of the Act.) |
| 1.11 | If yes, has the breach or will the breach be reported to APRA, ASIC or both regulators? |
| 1.12 | If yes, description of related breach(es) that has been or will be reported to APRA and/or ASIC |
| 1.13 | Does this current breach relate to another breach(es) that has or will be reported to another regulator other than APRA and/or ASIC? |
| 1.14 | If yes, who has it been, or who will it be, reported to? |
| 1.15 | Description of related breach(es) that has been or will be reported to another regulator |
| 1.16 | Description of the root cause(s) of the breach |
| 1.17 | Specify the number of previous similar breaches |
| 1.18 | What is the impact of the breach? |
2 | Significant related entity impact |
| 2.1 | Does the breach relate to the obligation in s 20(e) or 23(1)(d) of the Act? |
| 2.2 | If yes, select relevant significant related entity from the list |
| 2.3 | What is the impact on the accountable entity? |
3 | Entity action |
| 3.1 | Has the accountable entity taken action? Indicate action taken only if it is distinct to any action taken against an accountable person as reported via a related FAR Breach by Accountable Person return. |
| 3.2 | Description of action taken, action pending or reasons for not taking action |
4 | Additional information |
| 4.1 | Additional information |
| 4.2 | Additional documentation |
5 | Breach contact person details |
| Name: | |
| Position title: | |
| Phone: | |
| Email: | |
6 | To read the Privacy Collection Notice, follow the link below: |
| https://www.apra.gov.au/financial-accountability-regime | |
7 | Declaration |
| I declare I am authorised to provide this information and that the information is true and correct. | |
| Name: | |
| Title: | |
| Date: | |
Specific instructions
An accountable entity must use this form to notify the Regulators if it has reasonable grounds to believe that it has failed to comply with one or more of its accountability obligations or key personnel obligations under sections 20 and 23 of the Act.
The following data items are mandatory unless stated otherwise.
1. Entity breach of obligations
1.1 The accountable entity has reasonable grounds to believe that it has failed to comply with its accountability obligations or key personnel obligations (the breach). If applicable, make multiple selections.
This statement serves as a reminder that multiple obligations may be selected for item 1.2 if the accountable entity has reasonable grounds to believe that it has failed to comply with multiple obligations under the Act.
Where there are related breaches (refer to items 1.10 to 1.15), a separate breach form must be submitted for each FAR breach by the accountable entity or an accountable person.
1.2 Obligation
Select from the following drop-down options the obligation(s) the accountable entity has reasonable grounds to believe it has failed to comply with:
- para 20(a) take reasonable steps to conduct its business with honesty and integrity, and with due skill, care and diligence.
- para 20(b) take reasonable steps to deal with the Regulator in an open, constructive and cooperative way.
- para 20(c) take reasonable steps in conducting its business to prevent matters from arising that would (or would be likely to) adversely affect its prudential standing or reputation.
- para 20(d) take reasonable steps to ensure its accountable persons meet their accountability obligations under s.21.
- para 20(e) take reasonable steps to ensure its significant related entities comply with the relevant accountability obligations.
- para 23(1)(a) ensure responsibilities of the accountable persons of the accountable entity and its significant related entities cover the matters mentioned in subpara. 23(1)(a)(i)-(iii).
- para 23(1)(b) ensure none of its or its significant related entities’ accountable persons is prohibited by section 24 from being an accountable person.
- para 23(1)(c) comply with each direction the Regulator gives to it under section 65.
- para 23(1)(d) take reasonable steps to ensure its significant related entities comply with paragraphs 23(1)(b) and (c).
- para 23(3)(a) ensure responsibilities of its accountable persons cover all parts or aspects of operations of each branch operating in Australia.
- subpara 23(3)(b)(i) for each branch in Australia, ensure responsibilities of its accountable persons cover each responsibility to which subsec. 10(2) applies.
- subpara 23(3)(b)(ii) for each branch in Australia, ensure responsibilities of its accountable persons cover each responsibility to which subsec. 10(3) applies.
1.3 The date of the first instance of the breach
Report the date of the first instance of the breach.
1.4 Is the breach continuing?
Report ‘Yes’ if the breach is continuing at the time of submission. Otherwise, report ‘No’.
If this information is unknown at the time of initial submission of this form, report ‘Yes’. The form should be resubmitted and this field updated (if relevant) when additional information becomes available.
1.5 The date of the last instance of the breach
This field is mandatory if ‘No’ is selected to the previous question. Report the date of the last instance of the breach.
1.6 Date when the breach (or reasonable grounds of breach) was identified
Report the date the accountable entity first had reasonable grounds to believe it had failed to comply with the obligation(s) at 1.2 above.
1.7 How did the breach come to the attention of the accountable entity?
Provide a description of how the breach came to the attention of the accountable entity.
1.8 Date when the entity commenced investigating the nature and scale of the breach (or reasonable grounds of breach)
Report the date the accountable entity commenced investigating the nature and scale of the breach.
1.9 Description of the breach (or reasonable grounds of breach) including how the breach was identified
Provide a description of the breach, including how the breach was identified, and the nature and scale of the breach.
1.10 Does this breach relate to another breach(es) that has or will be reported to APRA and/or ASIC? (Either an additional FAR breach by the accountable entity or an accountable person or a material contravention of any of the financial sector laws set out at paragraph 21(1)(d) of the Act.)
Report ‘Yes’ if the breach relates to another breach(es) that has or will be reported to APRA and/or ASIC. Otherwise, report ‘No’.
1.11 If yes, has the breach or will the breach be reported to APRA, ASIC or both regulators?
This field is mandatory if ‘Yes’ is reported to the previous question. Select from the following drop-down list which regulator(s) the related breach(es) has or will be reported to:
- APRA;
- ASIC; or
- Both APRA and ASIC.
1.12 If yes, description of related breach(es) that has been or will be reported to APRA and/or ASIC
This field is mandatory if ‘Yes’ is reported in item 1.10. Provide a description of the related breach(es), including when it was or is expected to be reported to APRA and/or ASIC. If available, please provide the reference numbers of the related breach(es).
The description should also specify whether the related breach is an additional FAR breach by the accountable entity or an accountable person, or if it relates to a breach of the Corporations Act 2001 or the National Consumer Credit Protection Act 2009 or another Act administered by APRA or ASIC.
1.13 Does this current breach relate to another breach(es) that has or will be reported to another regulator other than APRA and/or ASIC?
Report ‘Yes’ if this breach relates to another breach(es) that has or will be reported to a Commonwealth, state or territory regulator other than APRA and/or ASIC. Otherwise, report ‘No’.
1.14 If yes, who has it been, or who will it be, reported to?
This field is mandatory if ‘Yes’ is selected to the previous question. State the regulator(s) to which the related breach(es) has or will be reported to.
1.15 Description of related breach(es) that has been or will be reported to another regulator
This field is mandatory if ‘Yes’ is reported in item 1.13. Provide a description of the related breach(es), including any reference numbers and the date it was or is expected to be reported to the regulator(s) stated in item 1.14. The description should also specify the legislation or requirement that is the subject of the report.
1.16 Description of the root cause(s) of the breach
Provide a description of the root cause(s) of the breach.
If the root cause analysis has not been completed at the time of submission of this form, the accountable entity should provide the estimated date of completion here. The form should be resubmitted once the root cause(s) has been determined.
1.17 Specify the number of previous similar breaches
Report the number of previous similar breaches.
1.18 What is the impact of the breach?
Provide a description of the impact of the breach on the accountable entity because of its failure to comply with its accountability obligations or key personnel obligations reported in item 1.2. This may include the financial impact and the number of investors or consumers impacted.
If the impact is not yet known at the time of submission of this form, the accountable entity should provide an estimated date when the analysis will be completed and resubmit the form once the full impact is determined.
2. Significant related entity impact
2.1 Does the breach relate to the obligation in s 20(e) or 23(1)(d) of the Act?
Report ‘Yes’ if the breach relates to an SRE of the accountable entity. Otherwise, report ‘No’.
‘Yes’ should be selected if a breach of paragraph 20(e) and/or 23(1)(d) of the Act is reported in item 1.2.
2.2 If yes, select relevant significant related entity from the list
This field is only mandatory if ‘Yes’ is reported to the previous question. Select the SRE(s) from the drop-down list to which the breach relates. The list of SREs available for selection is pre-populated based on the accountable entity’s prior submission(s) of the ‘Financial Accountability Regime - Entity Profile’ form.
Where the breach relates to multiple SREs, add a separate record in the table and complete item 2.3 for each SRE.
2.3 What is the impact on the accountable entity?
This field is only mandatory if ‘Yes’ is reported in item 2.1. Describe the impact on the accountable entity because of its failure to take reasonable steps to ensure that its SREs comply with the relevant accountability and/or key personnel obligations.
If the impact is not yet known at the time of submission of this form, the accountable entity should provide an estimated date when the analysis will be completed and resubmit the form once the full impact is determined.
3. Entity action
3.1 Has the accountable entity taken action? Indicate action taken only if it is distinct to any action taken against an accountable person as reported via a related FAR Breach by Accountable Person return.
Select from the following drop-down list whether the accountable entity has taken action in response to the breach:
- Action taken;
- Pending; or
- No action taken.
3.2 Description of action taken, action pending or reasons for not taking action
Based on the selection in item 3.1, provide a description of the action taken, action pending or reasons for not taking action. If action is pending, indicate when action to address the breach is expected to occur.
If the accountable entity takes action to address the breach after the initial submission of this form, the entity should request a resubmission to update this form with additional information about the action taken or provide any additional details about the breach.
4. Additional information
4.1 Additional information
Provide any other information that the accountable entity considers relevant to the breach reported in this form.
4.2 Additional documentation
Attach any additional documents in PDF format that the accountable entity considers relevant to the breach reported in this form.
5. Breach contact person details
Report the name and position title of the contact person for the breach reported in this form. Provide the contact person’s direct business phone number and email address.
6. To read the Privacy Collection Notice, follow the link below:
https://www.apra.gov.au/financial-accountability-regime
When the user clicks on this link, they can access the FAR Privacy Collection Notice available on APRA’s website.
7. Declaration
Complete the declaration that the person making the declaration is authorised to do so and has undertaken reasonable enquiries to confirm that the information provided in this form is true and correct. The Regulators’ expectation is that this declaration would be completed by a person authorised or delegated to complete on behalf of the accountable entity.
Report the name and title of the signatory and provide the date of declaration. The completion of section 7 is taken as equivalent to providing a signed declaration.