ASIC dubs breach reporting delays “unacceptable”

ASIC australian banks amp ASIC policy policy and regulation

25 September 2018
| By Nicholas Grove |
image
image
expand image

A report by the Australian Securities and Investments Commission (ASIC) has identified “serious, unacceptable delays” in the time taken to identify, report and correct significant breaches of the law among 12 of Australia's biggest financial institutions – including the big four banks and AMP – and has said that the time taken for consumers to be remediated for breach incidents “must not stand”.

The regulator said the report found that financial institutions are taking too long to identify significant breaches, with the major banks taking an average time of over 4.5 years.

ASIC also found delays in remediation for consumer loss, with it taking an average of 226 days from the end of a financial institution's investigation into the breach and first payment to impacted consumers.

This is on top of the average across all institutions of 1,517 days before a breach is discovered and the time taken to start and complete an investigation, ASIC said.

The regulator found the significant breaches caused financial losses to consumers of approximately $500 million, with millions of dollars of remediation yet to be provided.

ASIC also said the process from starting an investigation to the lodging of a breach report also takes too long, with major banks taking an average of 150 days.

ASIC pointed out that once a financial institution has investigated and determined that a breach has occurred and that it is significant, the law requires that the breach be then reported within 10 business days. However, one in seven significant breaches were reported later than that 10-business day requirement, it said.

ASIC chair James Shipton said many of the delays in breach reporting and compensating consumers were due to the financial institutions’ inadequate systems, procedures and governance processes, as well as a lack of a consumer-orientated culture of escalation.

“Our review found that, on average, it takes over five years from the occurrence of the incident before customers and consumers are remediated, which is a sad indictment on the financial services industry. This must not stand,” he said.

Shipton said the report highlighted two related problems that ASIC wanted to change, the first being that the industry is taking far too long to identify and investigate potential breaches, the second being that even having identified an issue and concluded following an investigation that it is a breach, institutions are failing to then report it to ASIC within the required 10 business days.

“Accordingly, there is an urgent need for investment by financial services institutions in systems and processes as well as commitment and oversight from boards and senior executives to address these significant failings,” he said.

In response to the findings, ASIC said it will ensure there is a strong focus on compliance with breach reporting requirements in its new Close and Continuous Monitoring approach to supervising major institutions.

ASIC said it is also actively considering enforcement action for failures to report breaches on time.

Read more about:

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry

MARKET INSIGHTS

Completely agree Peter. The definition of 'significant change is circumstances relevant to the scope of the advice' is s...

3 weeks 4 days ago

This verdict highlights something deeply wrong and rotten at the heart of the FSCP. We are witnessing a heavy-handed, op...

1 month ago

Interesting. Would be good to know the details of the StrategyOne deal....

1 month ago

Insignia Financial has confirmed it is considering a preliminary non-binding proposal received from a US private equity giant to acquire the firm. ...

1 week 3 days ago

Six of the seven listed financial advice licensees have reported positive share price growth in 2024, with AMP and Insignia successfully reversing earlier losses. ...

5 days 19 hours ago

Specialist wealth platform provider Mason Stevens has become the latest target of an acquisition as it enters a binding agreement with a leading Sydney-based private equi...

4 days 23 hours ago