ASIC dubs breach reporting delays “unacceptable”

ASIC australian banks amp ASIC policy policy and regulation

25 September 2018
| By Nicholas Grove |
image
image
expand image

A report by the Australian Securities and Investments Commission (ASIC) has identified “serious, unacceptable delays” in the time taken to identify, report and correct significant breaches of the law among 12 of Australia's biggest financial institutions – including the big four banks and AMP – and has said that the time taken for consumers to be remediated for breach incidents “must not stand”.

The regulator said the report found that financial institutions are taking too long to identify significant breaches, with the major banks taking an average time of over 4.5 years.

ASIC also found delays in remediation for consumer loss, with it taking an average of 226 days from the end of a financial institution's investigation into the breach and first payment to impacted consumers.

This is on top of the average across all institutions of 1,517 days before a breach is discovered and the time taken to start and complete an investigation, ASIC said.

The regulator found the significant breaches caused financial losses to consumers of approximately $500 million, with millions of dollars of remediation yet to be provided.

ASIC also said the process from starting an investigation to the lodging of a breach report also takes too long, with major banks taking an average of 150 days.

ASIC pointed out that once a financial institution has investigated and determined that a breach has occurred and that it is significant, the law requires that the breach be then reported within 10 business days. However, one in seven significant breaches were reported later than that 10-business day requirement, it said.

ASIC chair James Shipton said many of the delays in breach reporting and compensating consumers were due to the financial institutions’ inadequate systems, procedures and governance processes, as well as a lack of a consumer-orientated culture of escalation.

“Our review found that, on average, it takes over five years from the occurrence of the incident before customers and consumers are remediated, which is a sad indictment on the financial services industry. This must not stand,” he said.

Shipton said the report highlighted two related problems that ASIC wanted to change, the first being that the industry is taking far too long to identify and investigate potential breaches, the second being that even having identified an issue and concluded following an investigation that it is a breach, institutions are failing to then report it to ASIC within the required 10 business days.

“Accordingly, there is an urgent need for investment by financial services institutions in systems and processes as well as commitment and oversight from boards and senior executives to address these significant failings,” he said.

In response to the findings, ASIC said it will ensure there is a strong focus on compliance with breach reporting requirements in its new Close and Continuous Monitoring approach to supervising major institutions.

ASIC said it is also actively considering enforcement action for failures to report breaches on time.

Read more about:

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry

MARKET INSIGHTS

Completely agree Peter. The definition of 'significant change is circumstances relevant to the scope of the advice' is s...

1 month 3 weeks ago

This verdict highlights something deeply wrong and rotten at the heart of the FSCP. We are witnessing a heavy-handed, op...

2 months ago

Interesting. Would be good to know the details of the StrategyOne deal....

2 months ago

SuperRatings has shared the median estimated return for balanced superannuation funds for the calendar year 2024, finding the year achieved “strong and consistent positiv...

2 weeks 2 days ago

Original bidder Bain Capital, which saw its first offer rejected in December, has returned with a revised bid for Insignia Financial....

1 week 2 days ago

The FAAA has secured CSLR-related documents under the FOI process, after an extended four-month wait, which show little analysis was done on how the scheme’s cost would a...

1 week ago

TOP PERFORMING FUNDS