ASIC review finds "unacceptable" delays by big banks in reporting breaches
Written on the 25 September 2018 by David Simmons
ASIC is casting light once again on the poor behaviour of Australia's largest financial institutions.
After several controversial issues were uncovered by the royal commission, ASIC has found further "unacceptable" delays by financial institutions in reporting, addressing and remediating significant breaches.
In its latest report, ASIC examined how 12 financial services groups - including the big four banks (ANZ, CBA, NAP, and Westpac) and AMP - were reporting breaches. Bank of Queensland, Bendigo Bank, Credit Union Australia, Greater Bank, Heritage Bank, Macquarie and Suncorp were also investigated.
ASIC says the institutions are taking too long to identify significant breaches, with the major banks taking an average time of 1,726 days (over 4.5 years).
On average, it took the banks 226 days from the end of a financial institution's investigation into a breach to remediate consumer losses. This is on top of the average across all institutions of 1,517 days before the breach is discovered and the time taken to start and complete an investigation.
These breaches investigated by ASIC caused financial losses of approximately $500 million in total, with the watchdog saying millions of dollars in remediation yet to be paid out.
ASIC also says the processes of the financial institutions takes too long, with major banks taking an average of 150 days to lodge reports with ASIC after an investigation has commenced.
The law requires that financial institutions report to ASIC within 10 business days once an investigation has commenced and a breach has been determined to have occurred. One in seven "significant" breaches were reported later than that 10-business day requirement.
ASIC chair James Shipton says the financial institutions' processes are woefully inadequate.
"Many of the delays in breach reporting and compensating consumers were due to the financial institutions' inadequate systems, procedures and governance processes, as well as a lack of consumer oriented culture of escalation," says Shipton.
"Our review found that, on average, it takes over five years from the occurrence of the incident before customers and consumers are remediated, which is a sad indictment on the financial services industry. This must not stand."
Shipton says leadership at the banks needs to address these major failings immediately.
"There is an urgent need for investment by financial services institutions in systems and processes as well as commitment and oversight from boards and senior executives to address these significant failings," says Shipton.
The watchdog says it is considering enforcement action for failures to report breaches on time.
ASIC is now hoping for a review of the law surrounding reporting of breaches to ensure that banks face tougher penalties for non-compliance.
The reforms will take into account three major barriers to enforcement action that currently let the banks get away with the "unacceptable" behaviour, including changing the test for whether a breach is significant from a subjective perspective to an objective one, tightening up the 10-day period for reporting, and toughening penalties which ASIC currently described as "modest".
Business News Australia
Author: David Simmons