Module

Breach & Incident Reporting

Lodge every reportable situation on time, with the evidence ASIC expects.

Purpose-built breach reporting for Australian AFS licensees. A guided significance wizard, automated 30-day clock, pre-populated ASIC prescribed form, and an immutable audit trail that holds up in an external review.

Start free trial Book a demo

BR-2026-0042

Misstatement in PDS — distributed 12 March 2026

12 days remaining

Status

Investigating

Significance

Likely Significant

Core obligation

s912A(1)(c) — financial services laws

Clients affected

Sarah from Compliance: 12 days remaining to lodge with ASIC.

Capabilities

Designed against the regime that actually applies to you.

Not a generic ticket tracker bent to fit AFSL breaches — every workflow follows Corporations Act s912DAA, ASIC RG 78, and the way compliance committees expect a breach register to behave.

Significance assessment wizard

A guided questionnaire walks you through the s912D(5) factors — previous breaches, impact on services, compliance arrangements, clients affected, financial loss, duration — and recommends Likely / Possibly / Not Significant. The Compliance Officer's reasoning is recorded alongside the recommendation.

Automated 30-day clock

From the moment a breach is classified as Investigating, the 30-day ASIC lodgement clock starts. The platform sends countdown warnings at 5 and 2 days, escalates to the Responsible Manager, and auto-flags overdue items in red.

ASIC prescribed form pre-population

When you're ready to lodge, the system pre-populates the ASIC prescribed form from the incident, investigation and remediation records. Export as PDF for committee packs, structured JSON for portal integration, or copy-by-field for manual lodgement.

Immutable audit trail

Every status change, field update, evidence upload, comment and sign-off is captured with timestamp, attribution and (where applicable) reason. Breach records are retained for 7 years across all plans — overriding the default plan retention to align with ASIC record-keeping expectations.

Linked across modules

Breaches connect to the obligation that was missed in the AFSL Calendar, the risk and controls in the Risk Register, the policy that was breached in the Policy Library, and any remediation training assigned through the Training module.

AI Coach guidance

An optional AI assistant suggests core obligations involved, drafts root-cause and remediation language in regulatory-appropriate prose, and surfaces ASIC guidance like INFO 259. It never makes significance determinations — that judgement stays with the Compliance Officer.

Lifecycle

Every incident follows the same defensible path.

Enforced status transitions, clear ownership, and sign-off where it matters. Closure requires a Responsible Manager attestation — recorded in the audit trail.

Logged

Incident recorded. Clock starts.

Triaging

Compliance Officer assesses core obligation and likely significance.

Investigating

Formal investigation underway. 30-day ASIC clock begins.

Reported

ASIC prescribed form generated and lodgement recorded.

Remediating

Client compensation, control and policy fixes underway.

Closed

Sign-off attestation recorded; audit trail sealed.

Significance assessment

s912D(5) factors, in plain English.

The wizard asks the right questions, in the order ASIC expects them, and shows the Compliance Officer where their answers sit against the statutory thresholds. The recommendation is advisory — your CO records their determination and reasoning in the same record.

Number and frequency of similar previous breaches — s912D(5)(a)

Impact on the licensee's ability to provide financial services — s912D(5)(b)

Adequacy of compliance arrangements — s912D(5)(c)

Number of clients affected — s912D(5)(d)

Financial loss or damage to clients — s912D(5)(e)

Duration of the breach (additional factor)

Significance assessment — BR-2026-0042

Likely Significant

Previous similar breaches (12 mo)

3–5

Impact on services

Moderate

Compliance arrangements

Partially adequate

Clients affected

Financial loss (AUD)

$48,200

Duration

1–6 months

Recommendation: Likely Significant

37 clients affected, >$10k loss, multiple prior similar breaches, partially adequate arrangements. Strong indicators under s912D(5).

Deadline engine

Never miss a 30-day clock again.

The single most important feature of the module. Every reminder, escalation and auto-escalation is wired against the statutory timelines.

Trigger	Deadline	Action
Incident logged	+3 business days	Triage reminder to Compliance Officer
Status moves to Investigating	+30 calendar days	Hard deadline — ASIC report must be lodged
25 days into investigation	5 days remaining	Email + in-app warning to Compliance Officer
28 days into investigation	2 days remaining	Escalation email to Responsible Manager
30 days reached	Overdue	Critical alert to CO + RM. Dashboard turns red.
60+ days without determination	Auto-escalation	Investigation becomes a reportable situation under s912DAA
Similar breach (same root cause)	+90 calendar days	Extended window per ASIC's 2023 modification

ASIC prescribed form

Lodgement, without the re-keying.

Click Prepare ASIC Report and the system generates a structured export that mirrors the ASIC Regulatory Portal prescribed form. Every field is pre-populated from the incident, investigation, and remediation records — no copy-paste from your case file.

PDF

CSV / JSON

Copy-by-field

ASIC Report — BR-2026-0042

ASIC field	Source
Licensee name and AFSL number	Workspace settings (entity)
Date breach discovered	incident.date_discovered
Date breach occurred	incident.date_occurred
Nature of the breach	category + core obligation
Description of the conduct	description + investigation root cause
Number of affected clients	investigation.affected_clients_count
Total financial loss	investigation.estimated_financial_loss
Whether loss is legally enforceable	investigation.loss_legally_enforceable
Remediation program details	remediation.remediation_plan
Remediation start and target dates	remediation.remediation_start_date / target_date
Whether the breach is ongoing	Derived from investigation outcome
Compliance arrangements in place	Linked Risk Register controls

Cross-module integration

Breaches don’t live in isolation.

Every breach is connected to the obligation it relates to, the risks and controls it exposes, the policy it implicates, and the training that may need to be assigned as remediation.

AFSL Calendar

Lodgement deadlines auto-create as calendar obligations; closing a breach auto-completes the obligation.

Risk Register

Breaches link to risks and controls. Patterns trigger risk-score re-assessment; remediation control updates flow back.

Policy Library

Breaches link to the policy that was breached; remediation that requires a policy update creates a review task.

Training Modules

Remediation training becomes a training assignment linked to the breach record and reported in completion analytics.

Regulatory grounding

Aligned to the regime you’re actually licensed under.

Corporations Act s912DAA — reportable situations regime
Corporations Act s912D(5) — significance factors codified in the wizard
ASIC Regulatory Guide 78 — content, format and timing of breach reports
ASIC Information Sheet 259 — additional ASIC guidance surfaced by the AI Coach
ASIC record-keeping expectations under s988A — 7-year retention enforced for breach data

Reportable situations, handled before the clock runs out.

Significance wizard, automated 30-day deadlines, pre-populated ASIC form, and an audit trail that holds up. 7-day free trial.

Start free trial Request a demo