In ASIC’s report, Review of selected financial services groups’ compliance with the breach reporting obligation, it examined the breach reporting processes of 12 financial services groups, which included the big four banks and AMP.
The report found that the major banks took an average of 1,726 days (4.5 years) to identify significant breaches and an average of 226 days on top of that for a first payment to impacted consumers.
The breaches within the scope of the review caused financial losses to consumers of approximately $500 million, with millions of dollars of remediation yet to be provided.
Major banks also took an average of 150 days to report a breach to ASIC after starting an investigation.
Once a financial institution has investigated and determined that a breach has occurred, the law requires it to be reported to ASIC within 10 days.
One in seven significant breaches were reported later than that requirement, with ASIC chair James Shipton saying that time was a breach of legal requirements.
“Institutions are failing to report [breaches] to ASIC within the required 10 business days. The delays here are much shorter (75 per cent were late by one to five days) but this is still a breach of the legal requirements,” Mr Shipton said.
Mr Shipton said breach reporting was a cornerstone of the regulatory structure and many of the delays were due to poor systems.
“Many of the delays in breach reporting and compensating consumers were due to the financial institutions’ inadequate systems, procedures and governance processes, as well as a lack of a consumer orientated culture of escalation,” he said.
ASIC also wanted address with the banks how long they took to identify and investigate breaches and said there was an urgent need to fix it.
“There is an urgent need for investment by financial services institutions in systems and processes as well as commitment and oversight from boards and senior executives to address these significant failings,” Mr Shipton said.
In response to the findings, ASIC will focus on compliance with breach reporting as part of its new monitoring approach.
ASIC also said its review underscored the need for law reform of breach reporting requirements that the government had said they were committed to.
I am thinking of setting up my own AFSL. Does anyone know someone at ASIC who can be the best man at a wedding? Just asking for a friend.
Set the company up to sound like a bank or industry fund so you dont need to play by the rules.
Am I missing something? Is this not James Shipton saying ASIC is horribly negligent in not requiring the AMP and The-Big-Banks-That-Fund-ASIC to lodge breach reports on time, and then failing to penalise them? And failing to change their behaviour?
Bear in mind its a criminal offence to not report a breach inside ten working days?
So what is James Shipton doing about it? He has sacked Peter Kell. Who should he sack next?
ISA REST super delayed breach reporting.
Knobby Kell said there must be an issue with planner’s fee system as clients weren’t lodging complaints or leaving planners since the advent of FDS/Opt In like he had hoped. By that perverse twisted logic which is the trademark of that nasty pretzel-stick man, then ISA not lodging copious breach reports, clearly there is something severely foul at play.
It’s a bit rich ASIC! Small advisers live in fear of ASIC and yet the big rip offs are deemed too big to fail.
I can just see the press release now. “it’s not us it’s planners and we believe the solution is degrees and membership of the FPA”. The FPA no doubt will follow this up with a press release of support in favor of their fee paying puppet masters. The banks will get off, ASIC will be excused as they can’t police 18,000 advisers and the FPA will get more members and we’ll have FASEA Version 2 . A simple strategy of wash, rinse and repeat. FPA members will do nothing & will happy to pay $1,000 for a CFP logo whilst we get drowned in red tape.
All members of a so called professional association. We wonder why we have FASEA, why we have LIF, why we have commissions being banned, why the Government won’t listen. With members like these, and zero self regulation then we deserve over regulation. Boot these bodies out and we instantaneously appear more professional.
ASIC delays acting out their duties, isn’t that a breach in itself?
Cough cough, no report of the REST delay in there ASIC??? I am certain there are issues that never see the light of day in ISA land because they’re safe and secure knowing that they won’t get a biased useless regulator looking their way.
Dover had three breach reports, all reported within ten days. In the same period one of the big banks had 111 breach reports, none reported in ten days.
Its a criminal offence to not report a breach within ten days.
Two sets of rules.
Dover only had 23 lawyers on staff. most of these big institutions have 200 or more and whole legal departments. that’s the difference plus asic staff have to get a job somewhere, after all they have to pay for a mortgage in sydney or melbourne
This is like the police being surprised every criminal doesnt turn themselves in.
Actually make them, and the execs responsible, bleed for their actions. You’ll be shocked just how quick things get better once management have something on the line.
Wow ASIC what amazing news post RC disasters.
And what will ASIC being doing to these Big Banks, AMP etc. who pay most of ASIC’s operational fees these days and effectively own and run ASIC.
Ah that’s right, the same as usual = SWEET F##K ALL !!!!!!!!!!!!!!!!!!!!!!!!!!!!! :shock::roll::shock::roll:
ASIC too interested in putting out the inferno in their own house and banks to busy increasing interest rates to cover their penalties and fines that ASIC probably wont even impose…
Fix the process ASIC. Has anyone ever read a breach notification? It ain’t easy.
Ho hum. So ASIC now covering its own backside. How long did it take ASIC to discover this. Royal Commission has highlighted how lilly livered our regulators are.
Maybe ASIC should be doing its job and doing investigations-hold on that would be to difficult