Why is there so much ‘human error’ in breaches?

ASIC breach

31 October 2022
| By Laura Dew |
image
image
expand image

There is over-reliance by licensees on ‘human error’ with over 5,000 reports stating that as a cause of a breach when the fault may lie in their systems and processes, according to a legal expert.

Last week, the Australian Securities and Investments Commission (ASIC) announced the first results of its reportable situations regime data from 1 October, 2021 to 30 June, 2022 which found there had been over 8,000 breaches reported.

This was a smaller number than the regulator had expected and it questioned if licensees understood the nature of the legislation and whether it had the right systems and processes in place to identify breaches.

Felicity Healy, partner and financial services litigator at Corrs Chambers Westgarth, agreed that the law firm had also expected to see a “huge influx” of breach reports made but this had failed to appear.

She noted over 5,000 of reports specified a root cause of the problem as being staff negligence or error and Healy said this was an overuse of the term.

In contrast to human error root causes, just 9% of reports were described as a policy or process deficiency and 6% were described as a system deficiency.

The ASIC report stated: “Staff negligence or error was selected as the sole root cause category in 55% of reports where the licensee had reported that there had been previous similar breaches and/or there were multiple breaches grouped into the relevant report. This raises some concerns as to whether licensees are consistently identifying and addressing the underlying root causes for breaches (e.g. by determining the underlying reasons, such as systems or process issues, for repeated staff negligence or error).

“In response to this, we intend to provide guidance to licensees on the circumstances in which it is appropriate for licensees to select ‘staff negligence or error’ as the root cause (e.g. only when it has determined there are no other underlying root causes).”

Healy said: “There was an overuse of the term ‘human error’ and that doesn’t match up when the the most-common reports were about false or misleading information and it doesn’t match with the understanding of compliance.

“Some breaches may have been caused by human error but that’s caused by a weakness in the system which has then led to an error.”

When this was identified as the cause, ASIC found the most-common rectification method was staff training on internal policy and procedures, cited by 41% of reports.

However, she praised efforts by firms to remediate quickly once a breach was identified.

In 18% of reports received, ASIC said it had taken the licensee more than one year to identify and commence an investigation into an issue after it had first occurred. However, only 0.6% of the reports had taken longer than a year to rectify with most being rectified before the investigation commenced or within seven days.

“This is the good news part, people are finding and fixing these breaches quickly but they can be hard to find, it is hard to be critical of them to taking too long to identify. It takes time to do it properly.

“In particular, customers are very wary of scammers nowadays so contacting them is getting harder, it is not as simple as it used to be to.”

She also pointed out that it was difficult to re-open cases after they had finished so firms were erring on the side of caution and allowing long lead times to complete investigations or customer remediations.

Read more about:

AUTHOR

Submitted by Walker on Mon, 2022-10-31 09:48

Like most service providers these days, the financial services industry is filled with people who aspire to mediocrity, but expect top dollar.

It is a scourge and no amount of systems and processes will prevent these errors occurring because put simply, many employees are lazy and just don't care.

Bring on a recession because the service industry needs a good clean out.

Submitted by Louis Leahy on Mon, 2022-10-31 19:11

It’s quite comical to hear lawyers, politicians and regulators making outrageous claims that their new sets of rules will stop the breaches of wide area networks when what is required is the implementation of new code. The Government has failed to assist developers of new code to have the updates implemented to protect the community. Until such time as Government and Industry start to support Developers with new code they will continue to suffer these horrendous losses.

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry

MARKET INSIGHTS

Interesting. Would be good to know the details of the StrategyOne deal....

3 days 2 hours ago

It’s astonishing to see the FAAA now pushing for more advisers by courting "career changers" and international recruits,...

3 weeks 1 day ago

increased professionalism within the industry - shouldn't that say, FAR register almost halving in the last 24 months he...

4 weeks ago

Insignia Financial has made four appointments, including three who have joined from TAL, to lead strategy and innovation in its retirement solutions for the MLC brand....

2 weeks 3 days ago

A former Brisbane financial adviser has been charged with 26 counts of dishonest conduct regarding a failure to disclose he would receive substantial commission payments ...

2 days ago

Pinnacle Investment Management has announced it will acquire strategic interests in two international fund managers for $142 million....

1 day 3 hours ago