Poor breach reporting a lead indicator for ASIC embedding
Financial institutions which have proved tardy with breach reporting are more likely than others to find themselves accommodating embedded senior Australian Securities and Investments Commission (ASIC) personnel as part of the regulator’s new close and continuous monitoring regime.
Answering questions on notice from the Parliamentary Joint Committee on Corporations and Financial Services, ASIC has said that while it is still refining its “close and continuous monitoring” strategy approach, breach reporting will be a factor.
“One area that is a lead indicator of institutions’ risk weighting is the way in which they identify customer breaches, report them to ASIC as they are required to do under the law, and then undertake appropriate customer remediation,” the regulator said.
In doing so, ASIC pointed to its Report 594 issued last month which it said detailed its review of breach reporting processes of a number of financial services groups, including the big four banks and AMP.
“The report identified serious, unacceptable delays in the time taken to identify, report and correct significant breaches of the law among Australia's most important financial institutions. The report also highlighted specific failures by individual institutions that informs our ‘risk weighted’, and entity specific, approach,” the ASIC answer said.
“Given the importance of effective breach reporting and customer remediation, this area will form the first part of the risk weight-based methodology used to determine which parts of these large institutions we scrutinise.”
Recommended for you
Financial Services Minister Stephen Jones has shared further details on the second tranche of the Delivering Better Financial Outcomes reforms including modernising best interests duty and reforming Statements of Advice.
The Federal Court has found a company director guilty of operating unregistered managed investment schemes and carrying on a financial services business without holding an AFSL.
The Governance Institute has said ASIC’s governance arrangements are no longer “fit for purpose” in a time when financial markets are quickly innovating and cyber crime becomes a threat.
Compliance professionals working in financial services are facing burnout risk as higher workloads, coupled with the ever-changing regulation, place notable strain on staff.
