A report on the first nine months of the breach reporting regime released by the corporate regulator on Thursday (27 October) revealed that only 6 per cent of the licensee population lodged a report.
“This is significantly lower than expected, and we will be undertaking a range of activities to strengthen compliance with the regime,” ASIC said.
Moreover, 74 per cent of all reports were lodged by just 23 licensees.
Commenting on the findings, ASIC commissioner Sean Hughes said: “As the regime has been in place for over 12 months, we expect all licensees to be aware of their obligations and comply with the regime.
“ASIC will be undertaking a number of activities to strengthen compliance with the regime.”
Of the 8,829 reports submitted, only 878 were related to financial advice.
The breach reporting regime was first introduced in October last year and obliges Australian Financial Services (AFS) licensees and credit licensees to submit notifications about “reportable situations” to ASIC within 30 calendar days.
But by August, the corporate regulator acknowledged concerns with the regime, with commissioner Hughes conceding at the time that it has led to “a number of implementation challenges”.
“We are aware that the regime has led to a number of implementation challenges,” Mr Hughes said. “However, ASIC remains committed to the successful implementation of this regime, and we have developed a comprehensive plan of work to ensure that it meets its objectives for ASIC, industry and consumers.”
Licensees taking too long, ASIC says
In its nine-month review, the regulator also criticised licensees for “taking too long” to identify and investigate some breaches.
In 18 per cent of the reports received, the corporate regulator said it took the licensee more than one year to identify and commence an investigation into an issue after it had first occurred.
“ASIC’s review of breach reporting in 2018 found that the major banks were taking four and a half years to identify a breach,” said Mr Hughes.
“We recognise the changes to processes that have been implemented following ASIC’s review to truncate these time frames. However, continued efforts are required by all licensees to ensure that issues are rectified and customers are remediated in a timely manner.”
Moreover, the corporate regulator said that as many as 55 per cent of reports identified staff negligence or error as the sole root cause, including where the licensee had reported that there had been previous similar breaches, or multiple breaches were grouped.
As such, ASIC is concerned that licensees may not be adequately identifying and addressing the underlying root causes for breaches.
The requirements are poorly drafted and then poorly implemented but of course that doesn’t rest on ASIC.
There was much talk about reports that went to ASIC about Storm. We wasted 4 hours of our time trying to speak to someone at ASIC about Reseau (which was of similar magnitude to Strom). We now hear whispers of smaller reports going to ASIC which are well past their ‘bedtime’ in terms of having feedback from ASIC. If someone wishes to brandish a big stick, they need to keep their house in order. If some of these other reports turn out to be costly perhaps it is time for heads of ASIC, ministers and the like to fall on their swords. Too often in Australia do the top echelons take responsibility for how things play out.
How does ASIC know how many breach notices it should expect to receive in a period ahead?
Does it have a crystal ball?
It’s never enough
realistically every afls under this dumb regime would have atleast one reportable situation. id say this report points to non compliance in those who have become self licensed. This should be a concern for every RM.
They know that 100% of advisers should breach something…they have made it that complicated that no-one can follow it
ASIC won’t be happy unless every advisers interaction with every client was reported as a breach. Could it be possible that advisers are doing the right thing by clients? What about ASIC putting a bit more effort into investigating product providers and unlicensed advisers who are causing the vast majority of detriment to clients. Stop this continual persecution against advisers who are they only ones who are looking out for the interests of clients.
I haven’t had a breach because I’ve put so many processes and steps in the way to make the cost of advice so expensive but also so I don’t get in any trouble with the licensee or the regulator for tick box nonsense. I am absolutely certain I’m not the only one like this.