Skip to main content

Reporting Form Instruction Guide - Financial Accountability Regime – Breach by Entity

APRA and ASIC letterhead showing the APRA and ASIC logos

Introduction
 

This form applies to all accountable entities and their significant related entities (SREs) as defined in the Financial Accountability Regime Act 2023 (the Act) to notify APRA and ASIC (the Regulators) if an accountable entity has reasonable grounds to believe that it has failed to comply with one or more of its accountability obligations or key personnel obligations under sections 20 and 23 of the Act.

In accordance with subsection 31(1) of the Act, an accountable entity must submit this form within 30 days after the event to meet its notification obligation under subparagraph 32(d)(i) of the Act.

The required information must be submitted in APRA Connect with the completion of the ‘Financial Accountability Regime - Breach by Entity’ form. The form is accompanied by these instructions to assist accountable entities and SREs in completing the required information.

Resubmission
 

An accountable entity should request a resubmission to update this form if it has additional information after the initial submission.

Additional information may include updates to action taken. An accountable entity is also expected to advise the Regulators of the outcomes of its assessment of the root causes or impact of the breach once they become known and resubmit this form to update the Regulators when additional information becomes available.

Financial Accountability Regime - Breach by Entity

Display Only

Entity Name
ABN
Enhanced / Core
Dual / Sole Regulated
Industry

1

Entity breach of obligations 

1.1The accountable entity has reasonable grounds to believe that it has failed to comply with   its accountability obligations or key personnel obligations (the breach). If applicable, make multiple selections.
1.2Obligation
1.3The date of the first instance of the breach
1.4Is the breach continuing?
1.5The date of the last instance of the breach
1.6Date when the breach (or reasonable grounds of breach) was identified 
1.7How did the breach come to the attention of the accountable entity?
1.8Date when the accountable entity commenced investigating the nature and scale of the breach (or reasonable grounds of breach)
1.9Description of the breach (or reasonable grounds of breach) including how the breach was identified
1.10Does this breach relate to another breach(es) that has or will be reported to APRA and/or ASIC? (Either an additional FAR breach by the accountable entity or an accountable person or a material contravention of any of the financial sector laws set out at para 21(1)(d) of the Act.) 
1.11If yes, has the breach or will the breach be reported to APRA, ASIC or both regulators?
1.12If yes, description of related breach(es) that has been or will be reported to APRA and/or ASIC
1.13Does this current breach relate to another breach(es) that has or will be reported to another regulator other than APRA and/or ASIC? 
1.14If yes, who has it been, or who will it be, reported to?
1.15Description of related breach(es) that has been or will be reported to another regulator
1.16Description of the root cause(s) of the breach
1.17Specify the number of previous similar breaches 
1.18What is the impact of the breach?

2

2.1Does the breach relate to the obligation in s 20(e) or 23(1)(d) of the Act?
2.2If yes, select relevant significant related entity from the list 
2.3What is the impact on the accountable entity?

3

Entity action

3.1Has the accountable entity taken action? Indicate action taken only if it is distinct to any action taken against an accountable person as reported via a related FAR Breach by Accountable Person return. 
3.2Description of action taken, action pending or reasons for not taking action

4

Additional information

4.1Additional information
4.2Additional documentation

5

Breach contact person details

Name:
Position title:
Phone:
Email:

6

https://www.apra.gov.au/financial-accountability-regime

7

Declaration

I declare I am authorised to provide this information and that the information is true and correct.
Name:
Title:
Date:

Specific instructions
 

An accountable entity must use this form to notify the Regulators if it has reasonable grounds to believe that it has failed to comply with one or more of its accountability obligations or key personnel obligations under sections 20 and 23 of the Act.

The following data items are mandatory unless stated otherwise. 


1. Entity breach of obligations

1.1 The accountable entity has reasonable grounds to believe that it has failed to comply with its accountability obligations or key personnel obligations (the breach). If applicable, make multiple selections.

This statement serves as a reminder that multiple obligations may be selected for item 1.2 if the accountable entity has reasonable grounds to believe that it has failed to comply with multiple obligations under the Act.
Where there are related breaches (refer to items 1.10 to 1.15), a separate breach form must be submitted for each FAR breach by the accountable entity or an accountable person.

1.2 Obligation

Select from the following drop-down options the obligation(s) the accountable entity has reasonable grounds to believe it has failed to comply with:

  • para 20(a) take reasonable steps to conduct its business with honesty and integrity, and with due skill, care and diligence.
  • para 20(b) take reasonable steps to deal with the Regulator in an open, constructive and cooperative way.
  • para 20(c) take reasonable steps in conducting its business to prevent matters from arising that would (or would be likely to) adversely affect its prudential standing or reputation.
  • para 20(d) take reasonable steps to ensure its accountable persons meet their accountability obligations under s.21.
  • para 20(e) take reasonable steps to ensure its significant related entities comply with the relevant accountability obligations.
  • para 23(1)(a) ensure responsibilities of the accountable persons of the accountable entity and its significant related entities cover the matters mentioned in subpara. 23(1)(a)(i)-(iii).
  • para 23(1)(b) ensure none of its or its significant related entities’ accountable persons is prohibited by section 24 from being an accountable person.
  • para 23(1)(c) comply with each direction the Regulator gives to it under section 65.
  • para 23(1)(d) take reasonable steps to ensure its significant related entities comply with paragraphs 23(1)(b) and (c).
  • para 23(3)(a) ensure responsibilities of its accountable persons cover all parts or aspects of operations of each branch operating in Australia.
  • subpara 23(3)(b)(i) for each branch in Australia, ensure responsibilities of its accountable persons cover each responsibility to which subsec. 10(2) applies.
  • subpara 23(3)(b)(ii) for each branch in Australia, ensure responsibilities of its accountable persons cover each responsibility to which subsec. 10(3) applies.

1.3 The date of the first instance of the breach

Report the date of the first instance of the breach.

1.4 Is the breach continuing?

Report ‘Yes’ if the breach is continuing at the time of submission. Otherwise, report ‘No’.

If this information is unknown at the time of initial submission of this form, report ‘Yes’. The form should be resubmitted and this field updated (if relevant) when additional information becomes available.  

1.5 The date of the last instance of the breach

This field is mandatory if ‘No’ is selected to the previous question. Report the date of the last instance of the breach.

1.6 Date when the breach (or reasonable grounds of breach) was identified

Report the date the accountable entity first had reasonable grounds to believe it had failed to comply with the obligation(s) at 1.2 above.  

1.7 How did the breach come to the attention of the accountable entity?

Provide a description of how the breach came to the attention of the accountable entity.

1.8 Date when the entity commenced investigating the nature and scale of the breach (or reasonable grounds of breach)

Report the date the accountable entity commenced investigating the nature and scale of the breach.

 1.9 Description of the breach (or reasonable grounds of breach) including how the breach was identified

Provide a description of the breach, including how the breach was identified, and the nature and scale of the breach.

1.10 Does this breach relate to another breach(es) that has or will be reported to APRA and/or ASIC? (Either an additional FAR breach by the accountable entity or an accountable person or a material contravention of any of the financial sector laws set out at paragraph 21(1)(d) of the Act.)

Report ‘Yes’ if the breach relates to another breach(es) that has or will be reported to APRA and/or ASIC. Otherwise, report ‘No’.

1.11 If yes, has the breach or will the breach be reported to APRA, ASIC or both regulators?

This field is mandatory if ‘Yes’ is reported to the previous question. Select from the following drop-down list which regulator(s) the related breach(es) has or will be reported to: 

  • APRA;
  • ASIC; or
  • Both APRA and ASIC.

This field is mandatory if ‘Yes’ is reported in item 1.10. Provide a description of the related breach(es), including when it was or is expected to be reported to APRA and/or ASIC. If available, please provide the reference numbers of the related breach(es).

The description should also specify whether the related breach is an additional FAR breach by the accountable entity or an accountable person, or if it relates to a breach of the Corporations Act 2001 or the National Consumer Credit Protection Act 2009 or another Act administered by APRA or ASIC.

1.13 Does this current breach relate to another breach(es) that has or will be reported to another regulator other than APRA and/or ASIC?

Report ‘Yes’ if this breach relates to another breach(es) that has or will be reported to a Commonwealth, state or territory regulator other than APRA and/or ASIC. Otherwise, report ‘No’.

1.14 If yes, who has it been, or who will it be, reported to?

This field is mandatory if ‘Yes’ is selected to the previous question. State the regulator(s) to which the related breach(es) has or will be reported to.

This field is mandatory if ‘Yes’ is reported in item 1.13. Provide a description of the related breach(es), including any reference numbers and the date it was or is expected to be reported to the regulator(s) stated in item 1.14. The description should also specify the legislation or requirement that is the subject of the report.

1.16 Description of the root cause(s) of the breach

Provide a description of the root cause(s) of the breach.

If the root cause analysis has not been completed at the time of submission of this form, the accountable entity should provide the estimated date of completion here. The form should be resubmitted once the root cause(s) has been determined.

1.17    Specify the number of previous similar breaches

Report the number of previous similar breaches.

1.18    What is the impact of the breach?

Provide a description of the impact of the breach on the accountable entity because of its failure to comply with its accountability obligations or key personnel obligations reported in item 1.2. This may include the financial impact and the number of investors or consumers impacted.

If the impact is not yet known at the time of submission of this form, the accountable entity should provide an estimated date when the analysis will be completed and resubmit the form once the full impact is determined.

2.1 Does the breach relate to the obligation in s 20(e) or 23(1)(d) of the Act?

Report ‘Yes’ if the breach relates to an SRE of the accountable entity. Otherwise, report ‘No’.

‘Yes’ should be selected if a breach of paragraph 20(e) and/or 23(1)(d) of the Act is reported in item 1.2.

This field is only mandatory if ‘Yes’ is reported to the previous question. Select the SRE(s) from the drop-down list to which the breach relates. The list of SREs available for selection is pre-populated based on the accountable entity’s prior submission(s) of the ‘Financial Accountability Regime - Entity Profile’ form. 
Where the breach relates to multiple SREs, add a separate record in the table and complete item 2.3 for each SRE.

2.3 What is the impact on the accountable entity?

This field is only mandatory if ‘Yes’ is reported in item 2.1. Describe the impact on the accountable entity because of its failure to take reasonable steps to ensure that its SREs comply with the relevant accountability and/or key personnel obligations.

If the impact is not yet known at the time of submission of this form, the accountable entity should provide an estimated date when the analysis will be completed and resubmit the form once the full impact is determined.

3. Entity action

Select from the following drop-down list whether the accountable entity has taken action in response to the breach:

  • Action taken;
  • Pending; or
  • No action taken.

3.2 Description of action taken, action pending or reasons for not taking action

Based on the selection in item 3.1, provide a description of the action taken, action pending or reasons for not taking action. If action is pending, indicate when action to address the breach is expected to occur.

If the accountable entity takes action to address the breach after the initial submission of this form, the entity should request a resubmission to update this form with additional information about the action taken or provide any additional details about the breach.

4. Additional information

4.1 Additional information

Provide any other information that the accountable entity considers relevant to the breach reported in this form.

4.2 Additional documentation

Attach any additional documents in PDF format that the accountable entity considers relevant to the breach reported in this form.

5. Breach contact person details

Report the name and position title of the contact person for the breach reported in this form. Provide the contact person’s direct business phone number and email address.


https://www.apra.gov.au/financial-accountability-regime

When the user clicks on this link, they can access the FAR Privacy Collection Notice available on APRA’s website.

7. Declaration

Complete the declaration that the person making the declaration is authorised to do so and has undertaken reasonable enquiries to confirm that the information provided in this form is true and correct. The Regulators’ expectation is that this declaration would be completed by a person authorised or delegated to complete on behalf of the accountable entity.

Report the name and title of the signatory and provide the date of declaration. The completion of section 7 is taken as equivalent to providing a signed declaration.