Go to top of page

Breach notification

Reporting a breach

APRA’s preferred method for entities to report a breach is to use the online system, the APRA Extranet.

What breaches must be reported to APRA?

If an APRA regulated institution becomes aware that it has breached (or will breach) a prudential requirement and that breach is ‘significant’, it must give APRA a written report about the breach. You may use the online breach reporting system to give the report to APRA. For further information refer to the relevant legislation including:

  • s. 29JA of the Superannuation Industry (Supervision) Act 1993
  • s. 132A of the Life Insurance Act 1995
  • s. 38AA of the Insurance Act 1973
  • s. 62A of the Banking Act 1959

IMPORTANT – Superannuation only

Breach forms can only be submitted to APRA using an AUSkey that has been issued to a Trustee (i.e. RSE Licensee) ABN. If you have an AUSkey that has been issued in respect of a Fund ABN, the breach form cannot be submitted to APRA.

When must a breach be notified to APRA?

If the breach relates to the sound financial position or financial obligations of an ADI, life insurer or general insurer, the institution must immediately notify APRA in writing.

In relation to other breaches of the prudential requirement, a breach must be notified within 10 business days after the institution becomes aware a breach has occurred.

Failing to notify a breach of a prudential requirement to APRA

Failure to notify APRA of a breach of a prudential requirement is a strict liability offence and a penalty of 200 units may apply.

Reporting breaches to ASIC

Institutions should determine whether they also should report a breach to the Australian Securities and Investments Commission (ASIC) where the institution holds an AFS licence or the breach relates to a legislative provision administered by ASIC. Refer to www.asic.gov.au for further guidance. If your breach of APRA-administered legislation also breaches ASIC–administered legislation, you may choose to use this form to notify ASIC as well as APRA. APRA will be acting as ASIC’s agent for the purpose of collecting these dual breach reports and forwarding them to ASIC.

If you are required to only report the breach to ASIC, you must report it directly to ASIC (and may not use this form).

How to report a breach to APRA

APRA’s preferred method is to use the online system, the APRA Extranet. If you are unable to use the Extranet, PDF versions of the form are available:

The prudential contact or company secretary is required to have an AUSkey to authorise a breach to be reported using the Extranet. Refer to the Extranet FAQsExtranet help page or go to www.auskey.abr.gov.au for more information.

What’s different with the new online breach reporting?

The new online system was released on 25 August 2011. You need an AUSkey to access the breach online form via the Extranet. Other changes to breach reporting include:

  • the ability to save breach forms in draft;
  • the ability to view previously submitted breaches;
  • a new print option;
  • the ability for prudential contacts or company secretaries with an AUSkey to submit breaches directly; and
  • verification emails will no longer include a copy of the form.

For enquiries regarding breach reporting

Please contact your Responsible Supervisor.