"Unacceptable delays" in financial breach reporting, says ASIC

Australia’s financial institutions are in the wrong, as ASIC cites “serious and unacceptable delays” for identifying, reporting, and correcting breaches of the law.

When a bank or other major financial institution does something wrong, most eventually own up to it. Unfortunately, the time it takes to make that happen can be a problem, and it’s one Australia’s Securities & Investments Commission (ASIC) is taking aim at.

In a recently released report, ASIC took a hard look at the breach reporting processes of 12 financial services groups, including that of the big four banks: ANZ, CBA, Westpac, and NAB, as well as other smaller financial institutions, including AMP. Bank of Queensland, Bendigo Bank, Credit Union Australia, Greater Bank, Heritage Bank, Macquarie, and Suncorp.

The report follows on from the federal government’s April 2016 announcement of new measures to protect the Australian people by improving outcomes in financial services, and the resulting news isn’t good for the banks, with the findings signalling breach reporting and correction was taking more time than should be acceptable.

According to ASIC, major banks take an average time of over four years (1,726 days) to identify significant breaches, with significant breaches causing financial losses to the tune of approximately $500 million, without the millions of dollars in remediation being returned to customers.

In Australia, the law states that a breach needs to be reported to ASIC within ten business days, but one in seven in the ASIC study were reported later than that.

“Breach reporting is a cornerstone of Australia’s financial services regulatory structure,” said ASIC Chair, James Shipton.

“Many of the delays in breach reporting and compensating consumers were due to the financial institutions’ inadequate systems, procedures and governance processes, as well as a lack of a consumer orientated culture of escalation.

“Our review found that, on average, it takes over 5 years from the occurrence of the incident before customers and consumers are remediated, which is a sad indictment on the financial services industry. This must not stand.”

The report comes amidst increased scrutiny of banking institutions following a royal commission into the activities of financial organisations, and it’s one that the Australian Banking Association (ABA) has even responded to, adding that the efforts currently delivered by banks weren’t good enough.

“This investigation shows that banks efforts to identify issues, report them to ASIC and compensate customers is not good enough,” said ABA CEO Anna Bligh.

“Customers expect these problems to be identified and fixed as soon as possible. Clearly this report shows there’s a lot of work to be done,” she said.

Compare bank accounts