ASIC dubs breach reporting delays “unacceptable”

25 September 2018
| By Nicholas Grove |
image
image
expand image

A report by the Australian Securities and Investments Commission (ASIC) has identified “serious, unacceptable delays” in the time taken to identify, report and correct significant breaches of the law among 12 of Australia's biggest financial institutions – including the big four banks and AMP – and has said that the time taken for consumers to be remediated for breach incidents “must not stand”.

The regulator said the report found that financial institutions are taking too long to identify significant breaches, with the major banks taking an average time of over 4.5 years.

ASIC also found delays in remediation for consumer loss, with it taking an average of 226 days from the end of a financial institution's investigation into the breach and first payment to impacted consumers.

This is on top of the average across all institutions of 1,517 days before a breach is discovered and the time taken to start and complete an investigation, ASIC said.

The regulator found the significant breaches caused financial losses to consumers of approximately $500 million, with millions of dollars of remediation yet to be provided.

ASIC also said the process from starting an investigation to the lodging of a breach report also takes too long, with major banks taking an average of 150 days.

ASIC pointed out that once a financial institution has investigated and determined that a breach has occurred and that it is significant, the law requires that the breach be then reported within 10 business days. However, one in seven significant breaches were reported later than that 10-business day requirement, it said.

ASIC chair James Shipton said many of the delays in breach reporting and compensating consumers were due to the financial institutions’ inadequate systems, procedures and governance processes, as well as a lack of a consumer-orientated culture of escalation.

“Our review found that, on average, it takes over five years from the occurrence of the incident before customers and consumers are remediated, which is a sad indictment on the financial services industry. This must not stand,” he said.

Shipton said the report highlighted two related problems that ASIC wanted to change, the first being that the industry is taking far too long to identify and investigate potential breaches, the second being that even having identified an issue and concluded following an investigation that it is a breach, institutions are failing to then report it to ASIC within the required 10 business days.

“Accordingly, there is an urgent need for investment by financial services institutions in systems and processes as well as commitment and oversight from boards and senior executives to address these significant failings,” he said.

In response to the findings, ASIC said it will ensure there is a strong focus on compliance with breach reporting requirements in its new Close and Continuous Monitoring approach to supervising major institutions.

ASIC said it is also actively considering enforcement action for failures to report breaches on time.

Read more about:

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry

MARKET INSIGHTS

GG

So shareholders lose a dividend plus have seen the erosion of value. Qantas decides to clawback remuneration from Alan ...

2 months 1 week ago
Denise Baker

This is why I left my last position. There was no interest in giving the client quality time, it was all about bumping ...

2 months 1 week ago
gonski

So the Hayne Royal Commission has left us with this. What a sad day for the financial planning industry. Clearly most ...

2 months 2 weeks ago

A Sydney-based financial adviser has been banned from providing financial services in the interest of consumer protection after failing to act on conduct concerns. ...

3 weeks 6 days ago

Insignia Financial has made four appointments, including three who have joined from TAL, to lead strategy and innovation in its retirement solutions for the MLC brand....

1 day 2 hours ago

ASIC has cancelled the AFSL of a $250 million Sydney fund manager, one of two AFSL cancellations announced by the corporate regulator....

3 weeks 4 days ago